/*- * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= */ package org.onap.policy.pap.xacml.rest.components; import com.att.research.xacml.api.pap.PAPException; import com.att.research.xacml.api.pap.PDPPolicy; import com.att.research.xacml.util.XACMLProperties; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.net.URI; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedList; import java.util.List; import java.util.Set; import javax.persistence.PersistenceException; import org.apache.commons.io.FilenameUtils; import org.hibernate.Criteria; import org.hibernate.LockMode; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.criterion.Restrictions; import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XacmlRestProperties; import org.onap.policy.rest.adapter.PolicyRestAdapter; import org.onap.policy.rest.dao.PolicyDbException; import org.onap.policy.rest.jpa.ActionBodyEntity; import org.onap.policy.rest.jpa.ConfigurationDataEntity; import org.onap.policy.rest.jpa.DatabaseLockEntity; import org.onap.policy.rest.jpa.GroupEntity; import org.onap.policy.rest.jpa.PdpEntity; import org.onap.policy.rest.jpa.PolicyDbDaoEntity; import org.onap.policy.rest.jpa.PolicyEntity; import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; import org.onap.policy.xacml.std.pap.StdPDPGroup; import org.onap.policy.xacml.std.pap.StdPDPPolicy; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; /** * The Class PolicyDbDao. */ @Component public class PolicyDbDao { private static final Logger logger = FlexLogger.getLogger(PolicyDbDao.class); public static final String JSON_CONFIG = "JSON"; public static final String XML_CONFIG = "XML"; public static final String PROPERTIES_CONFIG = "PROPERTIES"; public static final String OTHER_CONFIG = "OTHER"; public static final String AUDIT_USER = "audit"; public static final String CONFIG = "Config"; public static final String ACTION = "Action"; public static final String GROUP_ID = "groupId"; public static final String DELETED = "deleted"; public static final String GROUPENTITY_SELECT = "SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"; public static final String PDPENTITY_SELECT = "SELECT p FROM PdpEntity p WHERE p.pdpId=:pdpId AND p.deleted=:deleted"; public static final String GROUP_NOT_FOUND = "The group could not be found with id "; public static final String FOUND_IN_DB_NOT_DEL = " were found in the database that are not deleted"; public static final String MORE_THAN_ONE_PDP = "Somehow, more than one pdp with the same id "; public static final String DELETED_STATUS_FOUND = " and deleted status were found in the database"; public static final String DUPLICATE_GROUPID = "Somehow, more than one group with the same id "; public static final String PDP_ID = "pdpId"; public static final String QUERY_FAILED_FOR_GROUP = "Query failed trying to check for existing group"; public static final String QUERY_FAILED_GET_GROUP = "Query failed trying to get group "; public static final String SCOPE = "scope"; public static final String POLICYDBDAO_VAR = "PolicyDBDao"; public static final String DUP_POLICYID = "Somehow, more than one policy with the id "; public static final String FOUND_IN_DB = " were found in the database"; private static final String AUDIT_STR = "Audit"; private static PolicyDbDao currentInstance = null; private static boolean isJunit = false; private static SessionFactory sessionfactory; private List> otherServers; private PAPPolicyEngine papEngine; /** * Gets the current instance of PolicyDBDao. * * @return The instance of PolicyDBDao or throws exception if the given instance is null. * @throws IllegalStateException if a PolicyDBDao instance is null. Call createPolicyDBDaoInstance * (EntityManagerFactory emf) to get this. */ public static PolicyDbDao getPolicyDbDaoInstance() { logger.debug("getPolicyDBDaoInstance() as getPolicyDBDaoInstance() called"); if (currentInstance != null) { return currentInstance; } else { currentInstance = new PolicyDbDao("init"); } return currentInstance; } /** * Sets the pap engine. * * @param papEngine2 the new pap engine */ public void setPapEngine(PAPPolicyEngine papEngine2) { this.papEngine = papEngine2; } /** * Instantiates a new policy db dao. * * @param sessionFactory the session factory */ @Autowired public PolicyDbDao(SessionFactory sessionFactory) { PolicyDbDao.sessionfactory = sessionFactory; } /** * Instantiates a new policy db dao. */ public PolicyDbDao() { // Default Constructor } /** * Initialize the DAO. * * @param init initiation parameters */ public PolicyDbDao(String init) { // not needed in this release if (!register()) { PolicyLogger .error("This server's PolicyDBDao instance could not be registered and may not reveive updates"); } otherServers = getRemotePolicyDbDaoList(); if (logger.isDebugEnabled()) { logger.debug("Number of remote PolicyDBDao instances: " + otherServers.size()); } if (otherServers.isEmpty()) { logger.warn("List of PolicyDBDao servers is empty or could not be retrieved"); } } /** * Start a synchronized transaction. * *
Not static because we are going to be using the instance's emf waitTime in ms to wait for lock, or -1 to wait * forever (no) * * @param session the session * @param waitTime the wait time */ @SuppressWarnings("deprecation") public void startTransactionSynced(Session session, int waitTime) { logger.debug("\n\nstartTransactionSynced(Hibernate Session,int waitTime) as " + "\n startTransactionSynced(" + session + "," + waitTime + ") called\n\n"); DatabaseLockEntity lock = null; session.beginTransaction(); try { if (logger.isDebugEnabled()) { logger.debug("\n\nstartTransactionSynced():" + "\n ATTEMPT to get the DB lock" + "\n\n"); } lock = (DatabaseLockEntity) session.get(DatabaseLockEntity.class, 1, LockMode.PESSIMISTIC_WRITE); if (logger.isDebugEnabled()) { logger.debug("\n\nstartTransactionSynced():" + "\n GOT the DB lock" + "\n\n"); } } catch (Exception e) { logger.error("Exception Occured" + e); } if (lock == null) { throw new IllegalStateException( "The lock row does not exist in the table. Please create a primary key with value = 1."); } } /** * Gets the list of other registered PolicyDBDaos from the database. * * @return List (type PolicyDbDaoEntity) of other PolicyDBDaos */ private List> getRemotePolicyDbDaoList() { logger.debug("getRemotePolicyDBDaoList() as getRemotePolicyDBDaoList() called"); List> policyDbDaoEntityList = new LinkedList<>(); Session session = sessionfactory.openSession(); try { Criteria cr = session.createCriteria(PolicyDbDaoEntity.class); policyDbDaoEntityList = cr.list(); } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, POLICYDBDAO_VAR, "Exception querying for other registered PolicyDBDaos"); logger.warn("List of remote PolicyDBDaos will be empty", e); } finally { try { session.close(); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error While Closing Connection/Statement" + e); } } return policyDbDaoEntityList; } /** * Gets the new transaction. * * @return the new transaction */ public PolicyDbDaoTransaction getNewTransaction() { logger.debug("getNewTransaction() as getNewTransaction() called"); return new PolicyDbDaoTransactionInstance("init"); } /** * Get a new audit transaction. * *
Because the normal transactions are not used in audits, we can use the same transaction mechanism to get a * transaction and obtain the emlock and the DB lock. We just need to provide different transaction timeout values * in ms because the audit will run longer than normal transactions. * * @return the new audit transaction */ public PolicyDbDaoTransaction getNewAuditTransaction() { logger.debug("getNewAuditTransaction() as getNewAuditTransaction() called"); // Use the standard transaction wait time in ms int auditWaitMs = Integer.parseInt(XACMLProperties.getProperty(XacmlRestProperties.PROP_PAP_TRANS_WAIT)); // Use the (extended) audit timeout time in ms int auditTimeoutMs = Integer.parseInt(XACMLProperties.getProperty(XacmlRestProperties.PROP_PAP_AUDIT_TIMEOUT)); return new PolicyDbDaoTransactionInstance(auditTimeoutMs, auditWaitMs); } /** * Checks if two strings are equal. Null strings ARE allowed. * * @param one A String or null to compare * @param two A String or null to compare * @return true, if successful */ public static boolean stringEquals(String one, String two) { logger.debug("stringEquals(String one, String two) as stringEquals(" + one + ", " + two + ") called"); if (one == null && two == null) { return true; } if (one == null || two == null) { return false; } return one.equals(two); } /** * Returns the url of this local pap server, removing the username and password, if they are present. * * @return The url of this local pap server */ public String[] getPapUrlUserPass() { logger.debug("getPapUrl() as getPapUrl() called"); String url = XACMLProperties.getProperty(XacmlRestProperties.PROP_PAP_URL); if (url == null) { return null; } return splitPapUrlUserPass(url); } /** * Split the user and password of a PAP URL. * * @param url the URL * @return the user and password */ public String[] splitPapUrlUserPass(String url) { String[] urlUserPass = new String[3]; String[] commaSplit = url.split(","); urlUserPass[0] = commaSplit[0]; if (commaSplit.length > 2) { urlUserPass[1] = commaSplit[1]; urlUserPass[2] = commaSplit[2]; } if (urlUserPass[1] == null || "".equals(urlUserPass[1])) { String usernamePropertyValue = XACMLProperties.getProperty(XacmlRestProperties.PROP_PAP_USERID); if (usernamePropertyValue != null) { urlUserPass[1] = usernamePropertyValue; } } if (urlUserPass[2] == null || "".equals(urlUserPass[2])) { String passwordPropertyValue = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XacmlRestProperties.PROP_PAP_PASS)); if (passwordPropertyValue != null) { urlUserPass[2] = passwordPropertyValue; } } // if there is no comma, for some reason there is no user name and // password, so don't try to cut them off return urlUserPass; } /** * Register the PolicyDBDao instance in the PolicyDbDaoEntity table. * * @return Boolean, were we able to register? */ private boolean register() { logger.debug("register() as register() called"); String[] url = getPapUrlUserPass(); // --- check URL length if (url == null || url.length < 3) { return false; } Session session = sessionfactory.openSession(); try { startTransactionSynced(session, 1000); } catch (IllegalStateException e) { logger.debug("\nPolicyDBDao.register() caught an IllegalStateException: \n" + e + "\n"); DatabaseLockEntity lock; lock = (DatabaseLockEntity) session.get(DatabaseLockEntity.class, 1); if (lock == null) { lock = new DatabaseLockEntity(); lock.setKey(1); try { session.persist(lock); session.flush(); session.getTransaction().commit(); session.close(); } catch (Exception e2) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, POLICYDBDAO_VAR, "COULD NOT CREATE DATABASELOCK ROW. WILL TRY ONE MORE TIME"); } session = sessionfactory.openSession(); try { startTransactionSynced(session, 1000); } catch (Exception e3) { String msg = "DATABASE LOCKING NOT WORKING. CONCURRENCY CONTROL NOT WORKING"; PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e3, POLICYDBDAO_VAR, msg); throw new IllegalStateException("msg" + "\n" + e3); } } } logger.debug("\nPolicyDBDao.register. Database locking and concurrency control is initialized\n"); PolicyDbDaoEntity foundPolicyDbDaoEntity = null; Criteria cr = session.createCriteria(PolicyDbDaoEntity.class); cr.add(Restrictions.eq("policyDbDaoUrl", url[0])); List> data = cr.list(); if (!data.isEmpty()) { foundPolicyDbDaoEntity = (PolicyDbDaoEntity) data.get(0); } // encrypt the password String txt = PeCryptoUtils.encrypt(url[2]); if (foundPolicyDbDaoEntity == null) { PolicyDbDaoEntity newPolicyDbDaoEntity = new PolicyDbDaoEntity(); newPolicyDbDaoEntity.setPolicyDbDaoUrl(url[0]); newPolicyDbDaoEntity.setDescription("PAP server at " + url[0]); newPolicyDbDaoEntity.setUsername(url[1]); newPolicyDbDaoEntity.setPassword(txt); try { session.persist(newPolicyDbDaoEntity); session.getTransaction().commit(); } catch (Exception e) { logger.debug(e); try { session.getTransaction().rollback(); } catch (Exception e2) { logger.debug(e2); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, POLICYDBDAO_VAR, "Could not add new PolicyDBDao to the database"); } } } else { // just want to update in order to change modified date if (url[1] != null && !stringEquals(url[1], foundPolicyDbDaoEntity.getUsername())) { foundPolicyDbDaoEntity.setUsername(url[1]); } if (txt != null && !stringEquals(txt, foundPolicyDbDaoEntity.getPassword())) { foundPolicyDbDaoEntity.setPassword(txt); } foundPolicyDbDaoEntity.preUpdate(); try { session.getTransaction().commit(); } catch (Exception e) { logger.debug(e); try { session.getTransaction().rollback(); } catch (Exception e2) { logger.debug(e2); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, POLICYDBDAO_VAR, "Could not update PolicyDBDao in the database"); } } } session.close(); logger.debug("\nPolicyDBDao.register(). Success!!\n"); return true; } /** * Synchronize group policies in the fuile system. * *
This method is called during all pushPolicy transactions and makes sure the file system group is in sync with
* the database group entity
*
* @param pdpGroup the pdp group
* @param groupentity the groupentity
* @return the std PDP group
* @throws PAPException the PAP exception
* @throws PolicyDbException the policy db exception
*/
public StdPDPGroup synchronizeGroupPoliciesInFileSystem(StdPDPGroup pdpGroup, GroupEntity groupentity)
throws PAPException, PolicyDbException {
HashMap