1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.authz.cm.service;
\r
26 import java.lang.reflect.Constructor;
\r
27 import java.util.ArrayList;
\r
28 import java.util.EnumSet;
\r
29 import java.util.List;
\r
30 import java.util.Map;
\r
31 import java.util.Properties;
\r
32 import java.util.TreeMap;
\r
34 import com.att.aft.dme2.api.DME2Exception;
\r
35 //import com.att.aft.dme2.api.DME2FilterHolder;
\r
36 //import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType;
\r
37 import com.att.aft.dme2.api.DME2Manager;
\r
38 import com.att.aft.dme2.api.DME2Server;
\r
39 import com.att.aft.dme2.api.DME2ServerProperties;
\r
40 import com.att.aft.dme2.api.DME2ServiceHolder;
\r
41 import com.att.aft.dme2.api.util.DME2FilterHolder;
\r
42 import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
\r
43 import com.att.aft.dme2.api.util.DME2ServletHolder;
\r
44 //import com.att.aft.dme2.api.DME2ServletHolder;
\r
45 import com.att.authz.cm.api.API_Artifact;
\r
46 import com.att.authz.cm.api.API_Cert;
\r
47 import com.att.authz.cm.ca.CA;
\r
48 import com.att.authz.cm.facade.Facade1_0;
\r
49 import com.att.authz.cm.facade.FacadeFactory;
\r
50 import com.att.authz.cm.mapper.Mapper.API;
\r
51 import com.att.authz.env.AuthzEnv;
\r
52 import com.att.authz.env.AuthzTrans;
\r
53 import com.att.authz.env.AuthzTransFilter;
\r
54 import com.att.authz.server.AbsServer;
\r
55 import com.att.cache.Cache;
\r
56 import com.att.cache.Cache.Dated;
\r
57 import com.att.cadi.Access;
\r
58 import com.att.cadi.Access.Level;
\r
59 import com.att.cadi.CadiException;
\r
60 import com.att.cadi.TrustChecker;
\r
61 import com.att.cadi.aaf.v2_0.AAFAuthn;
\r
62 import com.att.cadi.aaf.v2_0.AAFCon;
\r
63 import com.att.cadi.aaf.v2_0.AAFConHttp;
\r
64 import com.att.cadi.aaf.v2_0.AAFLurPerm;
\r
65 import com.att.cadi.aaf.v2_0.AAFTrustChecker;
\r
66 import com.att.cadi.config.Config;
\r
67 import com.att.cssa.rserv.HttpMethods;
\r
68 import com.att.inno.env.APIException;
\r
69 import com.att.inno.env.Data;
\r
70 import com.att.inno.env.Env;
\r
71 import com.att.inno.env.Trans;
\r
72 import com.att.inno.env.util.Split;
\r
74 public class CertManAPI extends AbsServer {
\r
76 private static final String USER_PERMS = "userPerms";
\r
77 private static final Map<String,CA> certAuths = new TreeMap<String,CA>();
\r
78 private static final String AAF_CERTMAN_CA_PREFIX = null;
\r
79 public Facade1_0 facade1_0; // this is the default Facade
\r
80 public Facade1_0 facade1_0_XML; // this is the XML Facade
\r
81 public Map<String, Dated> cacheUser;
\r
82 public AAFAuthn<?> aafAuthn;
\r
83 public AAFLurPerm aafLurPerm;
\r
85 private String[] EMPTY;
\r
86 private AAFCon<?> aafcon;
\r
89 * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
\r
95 * @throws APIException
\r
97 public CertManAPI(AuthzEnv env) throws Exception {
\r
98 super(env,"CertMan");
\r
99 env.setLog4JNames("log4j.properties","authz","cm","audit","init","trace");
\r
101 //aafcon = new AAFConHttp(env);
\r
103 aafLurPerm = aafcon.newLur();
\r
104 // Note: If you need both Authn and Authz construct the following:
\r
105 aafAuthn = aafcon.newAuthn(aafLurPerm);
\r
107 String aaf_env = env.getProperty(Config.AAF_ENV);
\r
108 if(aaf_env==null) {
\r
109 throw new APIException("aaf_env needs to be set");
\r
112 // Initialize Facade for all uses
\r
113 AuthzTrans trans = env.newTrans();
\r
115 // Load Supported Certificate Authorities by property
\r
116 for(String key : env.existingStaticSlotNames()) {
\r
117 if(key.startsWith(AAF_CERTMAN_CA_PREFIX)) {
\r
118 int idx = key.indexOf('.');
\r
119 String[] params = Split.split(';', env.getProperty(key));
\r
120 if(params.length>1) {
\r
121 @SuppressWarnings("unchecked")
\r
122 Class<CA> cac = (Class<CA>)Class.forName((String)params[0]);
\r
123 Class<?> ptype[] = new Class<?>[params.length+1];
\r
124 ptype[0]=Trans.class;
\r
125 ptype[1]=String.class;
\r
126 Object pinst[] = new Object[params.length+1];
\r
128 pinst[1]= key.substring(idx+1);
\r
129 for(int i=1;i<params.length;++i) {
\r
131 ptype[idx]=String.class;
\r
132 pinst[idx]=params[i];
\r
134 Constructor<CA> cons = cac.getConstructor(ptype);
\r
135 CA ca = cons.newInstance(pinst);
\r
136 certAuths.put(ca.getName(),ca);
\r
140 if(certAuths.size()==0) {
\r
141 throw new APIException("No Certificate Authorities have been configured in CertMan");
\r
144 CMService service = new CMService(trans, this);
\r
145 // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor
\r
146 facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade
\r
147 facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML);
\r
150 synchronized(env) {
\r
151 if(cacheUser == null) {
\r
152 cacheUser = Cache.obtain(USER_PERMS);
\r
153 Cache.startCleansing(env, USER_PERMS);
\r
154 Cache.addShutdownHook(); // Setup Shutdown Hook to close cache
\r
158 ////////////////////////////////////////////////////////////////////////////
\r
160 ////////////////////////////////////////////////////////////////////////
\r
161 API_Cert.init(this);
\r
162 API_Artifact.init(this);
\r
164 StringBuilder sb = new StringBuilder();
\r
165 trans.auditTrail(2, sb);
\r
166 trans.init().log(sb);
\r
169 public CA getCA(String key) {
\r
170 return certAuths.get(key);
\r
173 public String[] getTrustChain(String key) {
\r
174 CA ca = certAuths.get(key);
\r
178 return ca.getTrustChain();
\r
183 * Setup XML and JSON implementations for each supported Version type
\r
185 * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
\r
186 * to do Versions and Content switches
\r
189 public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
\r
190 String version = "1.0";
\r
191 // Get Correct API Class from Mapper
\r
192 Class<?> respCls = facade1_0.mapper().getClass(api);
\r
193 if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
\r
194 // setup Application API HTML ContentTypes for JSON and Route
\r
195 String application = applicationJSON(respCls, version);
\r
196 route(env,meth,path,code,application,"application/json;version="+version,"*/*");
\r
198 // setup Application API HTML ContentTypes for XML and Route
\r
199 application = applicationXML(respCls, version);
\r
200 route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
\r
202 // Add other Supported APIs here as created
\r
205 public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {
\r
206 route(env,meth,path,code,""); // this will always match
\r
211 * Start up AuthzAPI as DME2 Service
\r
214 * @throws DME2Exception
\r
215 * @throws CadiException
\r
217 public void startDME2(Properties props) throws DME2Exception, CadiException {
\r
218 DME2Manager dme2 = new DME2Manager("AAF Certman DME2Manager", props);
\r
221 DME2ServiceHolder svcHolder;
\r
222 List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
\r
223 svcHolder = new DME2ServiceHolder();
\r
224 String serviceName = env.getProperty("DMEServiceName",null);
\r
225 if(serviceName!=null) {
\r
226 svcHolder.setServiceURI(serviceName);
\r
227 svcHolder.setManager(dme2);
\r
228 svcHolder.setContext("/");
\r
232 DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/cert"});
\r
233 srvHolder.setContextPath("/*");
\r
234 slist.add(srvHolder);
\r
236 EnumSet<RequestDispatcherType> edlist = EnumSet.of(
\r
237 RequestDispatcherType.REQUEST,
\r
238 RequestDispatcherType.FORWARD,
\r
239 RequestDispatcherType.ASYNC
\r
242 ///////////////////////
\r
244 ///////////////////////
\r
245 List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
\r
247 // Secure all GUI interactions with AuthzTransFilter
\r
248 flist.add(new DME2FilterHolder(
\r
249 new AuthzTransFilter(env,aafcon,TrustChecker.NOTRUST),
\r
253 svcHolder.setFilters(flist);
\r
254 svcHolder.setServletHolders(slist);
\r
256 DME2Server dme2svr = dme2.getServer();
\r
257 DME2ServerProperties dsprops = dme2svr.getServerProperties();
\r
258 dsprops.setGracefulShutdownTimeMs(1000);
\r
260 env.init().log("Starting AAF Certman Jetty/DME2 server...");
\r
263 // if(env.getProperty("NO_REGISTER",null)!=null)
\r
264 dme2.bindService(svcHolder);
\r
265 env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
\r
266 while(true) { // Per DME2 Examples...
\r
267 Thread.sleep(5000);
\r
269 } catch(InterruptedException e) {
\r
270 env.init().log("AAF Jetty Server interrupted!");
\r
271 } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
\r
272 env.init().log(e,"DME2 Initialization Error");
\r
277 env.init().log("Properties must contain DMEServiceName");
\r
281 public static void main(String[] args) {
\r
282 setup(CertManAPI.class, "certman.props");
\r
Code Review / aaf / authz.git / blob