- //BRMS Param
- else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.BRMS_PARAM)){
- if(policyParameters.getConfigBody()!=null){
-
- /* public String createUpdateBRMSParamPolicy(String policyName, String policyDescription, Map<AttributeType, Map<String, String>> dyanamicFieldConfigAttributes,
- String brmsRawBody, String policyScope, Boolean isEdit,
- UUID requestID,Map<String,String> drlRuleAndUIParams)*/
- response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(),
- policyParameters.getConfigBody(),scope, true,
- policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date));
- }else{
- response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(),
- null,scope, true,
- policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date));
- }
- }
- // Micro Services Policy
- else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.MicroService)){
- if(policyParameters.getConfigBody()!=null){
- JsonObject json = null;
- try{
- json = stringToJsonObject(policyParameters.getConfigBody());
- }catch(Exception e){
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody();
- logger.error(message);
- throw new Exception(message);
- }
- //call Micro Services Create API here
- response.setResponseMessage(createUpdateMicroServicesPolicy(plainName, json, policyParameters.getEcompName(),
- scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date));
-
- }else{
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Micro Service or Attributes Config Body Present";
- logger.error(message);
- throw new Exception(message);
- }
- }
- // ClosedLoop_Fault Policy
- else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_Fault)){
- if(policyParameters.getConfigBody()!=null){
- JsonObject json = null;
- try{
- if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){
- json = stringToJsonObject(policyParameters.getConfigBody());
- } else {
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop JSON Contains Non ASCII Characters.";
- logger.error(message);
- response.setResponseMessage(message);
- return response;
- }
-
- }catch(Exception e){
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody();
- logger.error(message);
- response.setResponseMessage(message);
- return response;
- }
- //call ClosedLoop_Fault Create API here
- response.setResponseMessage(createUpdateClosedLoopPolicy(plainName, json, policyParameters.getPolicyDescription(),
- scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date));
-
- }else{
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present";
- logger.error(message);
- response.setResponseMessage(message);
- }
- }
- // ClosedLoop_PM Policy
- else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_PM)){
- if(policyParameters.getConfigBody()!=null){
- JsonObject json = null;
- try{
- if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){
- json = stringToJsonObject(policyParameters.getConfigBody());
- } else {
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop PM JSON Contains Non ASCII Characters.";
- logger.error(message);
- response.setResponseMessage(message);
- return response;
- }
-
- }catch(Exception e){
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody();
- logger.error(message);
- response.setResponseMessage(message);
- return response;
- }
- //call ClosedLoop_Fault Create API here
- response.setResponseMessage(createUpdateClosedLoopPmPolicy(plainName, json, policyParameters.getPolicyDescription(),
- scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(),
- String.valueOf(policyParameters.getGuard()), date));
-
- }else{
- String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present";
- logger.error(message);
- response.setResponseMessage(message);
- }
- }
-
- }else{
-
- if(policyParameters.getPolicyClass().equals(PolicyClass.Action)){
- // call Action Update API here.
- response.setResponseMessage(createUpdateActionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getAttributes().get(AttributeType.MATCHING),
- policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(),
- policyParameters.getActionPerformer(), policyParameters.getActionAttribute(), scope, true, policyParameters.getRequestID()));
-
- }else if(policyParameters.getPolicyClass().equals(PolicyClass.Decision)){
- // Call Decision Create API here.
- if (policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)) {
- response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(),
- policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(),
- policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(),
- scope, true, policyParameters.getRequestID()));
- }else if(policyParameters.getAttributes()!=null && !policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){
- response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(),
- null, policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(),
- policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(),
- scope, true, policyParameters.getRequestID()));
- }else if(policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && !policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){
- response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(),
- policyParameters.getAttributes().get(AttributeType.MATCHING), null, policyParameters.getDynamicRuleAlgorithmLabels(),
- policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(),
- scope, true, policyParameters.getRequestID()));
- }else{
- response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(),
- null, null, policyParameters.getDynamicRuleAlgorithmLabels(),
- policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(),
- scope, true, policyParameters.getRequestID()));
- }
- }
- }
- response.setResponseCode(responseCode);
- return response;
- }
-
- public DecisionResponse policyDecide(String eCOMPComponentName,
- Map<String, String> decisionAttributes, UUID requestID, String userID, String passcode)
- throws PolicyDecisionException {
- String resource= "getDecision";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyDecisionException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- DecisionResponse policyDecision;
- if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName);
- throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given.");
- }
- if (decisionAttributes != null && !decisionAttributes.isEmpty()) {
- JsonArrayBuilder resourceArray = Json.createArrayBuilder();
- for (String key : decisionAttributes.keySet()) {
- if (key.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an Empty Key");
- throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key");
- }
- JsonObjectBuilder resourceBuilder = Json.createObjectBuilder();
- if (decisionAttributes.get(key).matches("[0-9]+")) {
- int val = Integer.parseInt(decisionAttributes.get(key));
- resourceBuilder.add("Value", val);
- } else {
- resourceBuilder.add("Value", decisionAttributes.get(key));
- }
- resourceBuilder.add("AttributeId", key);
- resourceArray.add(resourceBuilder);
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- eCOMPComponentName)
- .add("AttributeId",
- "ECOMPName")))
- .add("Resource",
- Json.createObjectBuilder().add(
- "Attribute", resourceArray))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "DECIDE")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id"))))
- .build();
- try {
- decide = true;
- policyDecision = decisionResult(generateRequest(model
- .toString(), requestID));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- decide = false;
- throw new PolicyDecisionException(e);
- }
- } else {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Decision Attributes Given. ");
- throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No DecisionAttributes Given.");
- }
- decide = false;
- return policyDecision;
- }
-
- public Collection<PolicyConfig> configPolicyName(String policyName, UUID requestID, String userID, String passcode)
- throws PolicyConfigException {
- String resource= "getConfigByPolicyName";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- if (policyName == null || policyName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Policy FileName specified!! : " + policyName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE+"No Policy FileName specified!!");
- }
- if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){
- policyName = policyName + ".[\\d].*";
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder().add(
- "Attribute",
- Json.createObjectBuilder()
- .add("Value",
- policyName)
- .add("AttributeId",
- "PolicyName")))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))
- .build();
- try {
- policyConfig = configResult(generateRequest(model.toString(), requestID));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- return policyConfig;
- }
-
- public Collection<PolicyConfig> config(String eCOMPComponentName, UUID requestID, String userID, String passcode)
- throws PolicyConfigException {
- String resource= "getConfig";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given.");
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- eCOMPComponentName)
- .add("AttributeId",
- "ECOMPName")))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))
- .build();
- try {
- policyConfig = configResult(generateRequest(model.toString(), requestID));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- return policyConfig;
- }
-
- public Collection<PolicyConfig> config(String eCOMPComponentName,
- String configName, UUID requestID, String userID, String passcode) throws PolicyConfigException {
- String resource= "getConfig";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given.");
- }
- if (configName == null || configName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No configName given : " + configName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No configName given.");
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createArrayBuilder()
- .add(Json
- .createObjectBuilder()
- .add("Value",
- eCOMPComponentName)
- .add("AttributeId",
- "ECOMPName"))
- .add(Json
- .createObjectBuilder()
- .add("Value",
- configName)
- .add("AttributeId",
- "ConfigName"))))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))
- .build();
- try {
- policyConfig = configResult(generateRequest(model.toString(), requestID));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
-
- return policyConfig;
- }
-
- public Collection<PolicyConfig> config(String eCOMPComponentName,
- String configName, Map<String, String> configAttributes, UUID requestID, String userID, String passcode)
- throws PolicyConfigException {
- String resource= "getConfig";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given.");
- }
- if (configName == null || configName.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No configName given : " + configName);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No configName given.");
- }
- if (configAttributes != null && !configAttributes.isEmpty()) {
- if(!configAttributes.containsKey("RiskType")){
- configAttributes.put("RiskType", ".*");
- }
- if(!configAttributes.containsKey("RiskLevel")){
- configAttributes.put("RiskLevel", ".*");
- }
- if(!configAttributes.containsKey("guard")){
- configAttributes.put("guard", ".*");
- }
- if(!configAttributes.containsKey("TTLDate")){
- configAttributes.put("TTLDate", ".*");
- }
- }else{
- // ConfigAttributes is Null. So add basic values.
- configAttributes = new HashMap<String,String>();
- configAttributes.put("RiskType", ".*");
- configAttributes.put("RiskLevel", ".*");
- configAttributes.put("guard", ".*");
- configAttributes.put("TTLDate", ".*");
- }
- JsonArrayBuilder resourceArray = Json.createArrayBuilder();
- for (String key : configAttributes.keySet()) {
- if (key.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key");
- }
- JsonObjectBuilder resourceBuilder = Json.createObjectBuilder();
- /*if (configAttributes.get(key).matches("[0-9]+")) {
- int val = Integer.parseInt(configAttributes.get(key));
- resourceBuilder.add("Value", val);
- } else {*/
- resourceBuilder.add("Value", configAttributes.get(key));
- resourceBuilder.add("AttributeId", key);
- resourceArray.add(resourceBuilder);
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createArrayBuilder()
- .add(Json
- .createObjectBuilder()
- .add("Value",
- eCOMPComponentName)
- .add("AttributeId",
- "ECOMPName"))
- .add(Json
- .createObjectBuilder()
- .add("Value",
- configName)
- .add("AttributeId",
- "ConfigName"))))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- resourceArray
- .add(Json.createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))))
- .build();
- try {
- policyConfig = configResult(generateRequest(model.toString(), requestID));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- return policyConfig;
- }
-
- public Collection<PolicyConfig> configRequest(ConfigRequestParameters configRequestParameters, String userID, String passcode) throws PolicyConfigException{
- String resource= "getConfig";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- unique = false;
- if(configRequestParameters==null){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No config Request Parameters given ");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No config Request Parameters given.");
- }
- if(configRequestParameters.getEcompName() == null && configRequestParameters.getPolicyName() == null){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot proceed without eCOMPComponentName or PolicyName");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName or PolicyName given.");
- }
- String policyName = configRequestParameters.getPolicyName();
- if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){
- policyName = policyName + ".[\\d].*";
- }
- JsonArrayBuilder subjectArray = Json.createArrayBuilder();
- JsonArrayBuilder resourceArray = Json.createArrayBuilder();
- if(configRequestParameters.getPolicyName()!=null){
- JsonObjectBuilder subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", policyName);
- subjectBuilder.add("AttributeId", "PolicyName");
- subjectArray.add(subjectBuilder);
- }else{
- logger.info("PolicyName values are not given. ");
- }
- if(configRequestParameters.getEcompName()!=null){
- JsonObjectBuilder subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", configRequestParameters.getEcompName());
- subjectBuilder.add("AttributeId", "ECOMPName");
- subjectArray.add(subjectBuilder);
- if(configRequestParameters.getConfigName()!=null){
- subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", configRequestParameters.getConfigName());
- subjectBuilder.add("AttributeId", "ConfigName");
- subjectArray.add(subjectBuilder);
- Map<String,String> configAttributes = configRequestParameters.getConfigAttributes();
- if (configAttributes != null && !configAttributes.isEmpty()) {
- if(!configAttributes.containsKey("RiskType")){
- configAttributes.put("RiskType", ".*");
- }
- if(!configAttributes.containsKey("RiskLevel")){
- configAttributes.put("RiskLevel", ".*");
- }
- if(!configAttributes.containsKey("guard")){
- configAttributes.put("guard", ".*");
- }
- if(!configAttributes.containsKey("TTLDate")){
- configAttributes.put("TTLDate", ".*");
- }
- }else{
- // ConfigAttributes is Null. So add basic values.
- configAttributes = new HashMap<String,String>();
- configAttributes.put("RiskType", ".*");
- configAttributes.put("RiskLevel", ".*");
- configAttributes.put("guard", ".*");
- configAttributes.put("TTLDate", ".*");
- }
- for (String key : configAttributes.keySet()) {
- if (key.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key");
- }
- JsonObjectBuilder resourceBuilder = Json.createObjectBuilder();
- /*if (configAttributes.get(key).matches("[0-9]+")) {
- int val = Integer.parseInt(configAttributes.get(key));
- resourceBuilder.add("Value", val);
- } else {*/
- resourceBuilder.add("Value", configAttributes.get(key));
- resourceBuilder.add("AttributeId", key);
- resourceArray.add(resourceBuilder);
- }
- }else{
- logger.info("Config Name is not given. ");
- }
- }else{
- logger.info("Ecomp Name is not given. ");
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",subjectArray))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- resourceArray
- .add(Json
- .createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))))
- .build();
- logger.debug("Generated JSON Request is: " + model.toString());
- if(configRequestParameters.getUnique()){
- logger.info("Requested for Unique Result only. ");
- unique = true;
- }
- try {
- policyConfig = configResult(generateRequest(model.toString(), configRequestParameters.getRequestID()));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- return policyConfig;
- }
-
- public Collection<String> listConfigRequest(ConfigRequestParameters listRequestParameters, String userID, String passcode) throws PolicyConfigException{
- String resource= "listConfig";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyConfig> policyConfig = null;
- Collection<String> policyList = new ArrayList<String>();
-
- unique = false;
- if(listRequestParameters==null){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Request Parameters given ");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Request Parameters given.");
- }
-
- if (junit){
- policyList.add("Policy Name: listConfigTest");
- return policyList;
- }
-
- String policyName = listRequestParameters.getPolicyName();
- if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){
- policyName = policyName + ".[\\d].*";
- }
- JsonArrayBuilder subjectArray = Json.createArrayBuilder();
- JsonArrayBuilder resourceArray = Json.createArrayBuilder();
- if(listRequestParameters.getPolicyName()!=null){
- JsonObjectBuilder subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", policyName);
- subjectBuilder.add("AttributeId", "PolicyName");
- subjectArray.add(subjectBuilder);
- }else{
- logger.info("PolicyName values are not given. ");
- }
- if(listRequestParameters.getEcompName()!=null){
- JsonObjectBuilder subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", listRequestParameters.getEcompName());
- subjectBuilder.add("AttributeId", "ECOMPName");
- subjectArray.add(subjectBuilder);
- if(listRequestParameters.getConfigName()!=null){
- subjectBuilder = Json.createObjectBuilder();
- subjectBuilder.add("Value", listRequestParameters.getConfigName());
- subjectBuilder.add("AttributeId", "ConfigName");
- subjectArray.add(subjectBuilder);
- Map<String,String> configAttributes = listRequestParameters.getConfigAttributes();
- if (configAttributes != null && !configAttributes.isEmpty()) {
- if(!configAttributes.containsKey("RiskType")){
- configAttributes.put("RiskType", ".*");
- }
- if(!configAttributes.containsKey("RiskLevel")){
- configAttributes.put("RiskLevel", ".*");
- }
- if(!configAttributes.containsKey("guard")){
- configAttributes.put("guard", ".*");
- }
- if(!configAttributes.containsKey("TTLDate")){
- configAttributes.put("TTLDate", ".*");
- }
- }else{
- // ConfigAttributes is Null. So add basic values.
- configAttributes = new HashMap<String,String>();
- configAttributes.put("RiskType", ".*");
- configAttributes.put("RiskLevel", ".*");
- configAttributes.put("guard", ".*");
- configAttributes.put("TTLDate", ".*");
- }
- for (String key : configAttributes.keySet()) {
- if (key.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key");
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key");
- }
- JsonObjectBuilder resourceBuilder = Json.createObjectBuilder();
- /*if (configAttributes.get(key).matches("[0-9]+")) {
- int val = Integer.parseInt(configAttributes.get(key));
- resourceBuilder.add("Value", val);
- } else {*/
- resourceBuilder.add("Value", configAttributes.get(key));
- resourceBuilder.add("AttributeId", key);
- resourceArray.add(resourceBuilder);
- }
- }else{
- logger.info("Config Name is not given. ");
- }
- }else{
- logger.info("Ecomp Name is not given. ");
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder()
- .add("AccessSubject",
- Json.createObjectBuilder()
- .add("Attribute",subjectArray))
- .add("Action",
- Json.createObjectBuilder()
- .add("Attribute",
- Json.createObjectBuilder()
- .add("Value",
- "ACCESS")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:action:action-id")))
- .add("Resource",
- Json.createObjectBuilder()
- .add("Attribute",
- resourceArray
- .add(Json
- .createObjectBuilder()
- .add("Value",
- "Config")
- .add("AttributeId",
- "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))))
- .build();
- logger.debug("Generated JSON Request is: " + model.toString());
- if(listRequestParameters.getUnique()){
- logger.info("Requested for Unique Result only. ");
- unique = true;
- }
- try {
- policyConfig = configResult(generateRequest(model.toString(), listRequestParameters.getRequestID()));
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- for(PolicyConfig policy : policyConfig){
- if(policy.getPolicyConfigMessage()!=null && policy.getPolicyConfigMessage().contains("PE300")){
- policyList.add(policy.getPolicyConfigMessage());
- } else {
- policyList.add("Policy Name: " + policy.getPolicyName());
- }
- }
- return policyList;
- }
-
-
-
- public Collection<PolicyResponse> event(Map<String, String> eventAttributes, UUID requestID, String userID, String passcode)
- throws PolicyEventException {
- String resource= "sendEvent";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- throw new PolicyEventException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- Collection<PolicyResponse> policyResponse = null;
- if (eventAttributes != null && !eventAttributes.isEmpty()) {
- JsonArrayBuilder resourceArray = Json.createArrayBuilder();
- for (String key : eventAttributes.keySet()) {
- if (key.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an Empty Key");
- throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key");
- }
- JsonObjectBuilder resourceBuilder = Json.createObjectBuilder();
- if (eventAttributes.get(key).matches("[0-9]+")) {
- int val = Integer.parseInt(eventAttributes.get(key));
- resourceBuilder.add("Value", val);
- } else {
- resourceBuilder.add("Value", eventAttributes.get(key));
- }
- resourceBuilder.add("AttributeId", key);
- resourceArray.add(resourceBuilder);
- }
- JsonObject model = Json
- .createObjectBuilder()
- .add("Request",
- Json.createObjectBuilder().add(
- "Resource",
- Json.createObjectBuilder().add("Attribute",
- resourceArray))).build();
- // Removed Part can be Useful in Future.
- /*
- * .add("AccessSubject",Json.createObjectBuilder() .add("Attribute",
- * subjectArray)) .add("Action", Json.createObjectBuilder()
- * .add("Attribute", actionArray))
- */
- // System.out.println(model.toString());
- try {
- // StdPolicyResponse stdPolicyResponse =
- // generateRequest(model.toString());
- // stdPolicyResponse.setRequestAttributes(eventAttributes);
- policyResponse = eventResult(generateRequest(model.toString(), requestID),
- eventAttributes);
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +e);
- }
- } else {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No event Attributes Given. ");
- throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No EventAttributes Given.");
- }
- return policyResponse;
- }
-
- private Collection<StdStatus> generateRequest(String Json, UUID requestID) throws Exception {
- Collection<StdStatus> results = null;
-
- Response response = null;
- // Create Request. We need XACML API here.
- try {
- Request request = JSONRequest.load(Json);
- String jRequest = JSONRequest.toString(request);
-
- // Call the PDP
- logger.debug("--- Generating Request: ---\n" + jRequest );
- response = callPDP(new ByteArrayInputStream(jRequest.getBytes()), requestID);
-
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e);
- StdStatus stdStatus = new StdStatus();
- results = new HashSet<StdStatus>();
- stdStatus.setStatus("Unable to Call PDP. Error with the URL",
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_NOT_FOUND);
- results.add(stdStatus);
- throw new Exception(e);
- }
-
- if(this.UEBThread){
- this.UEBThread = registerUEBThread.isAlive();
- }
- if (response != null) {
- results = checkResponse(response);
- // TODO Starting Auto Client Here.
- if (notificationType.get(0).equals("ueb") && !this.UEBThread){
- this.UEBClientThread = new AutoClientUEB(pdps.get(0), uebURLList);
- this.registerUEBThread = new Thread(this.UEBClientThread);
- this.registerUEBThread.start();
- this.UEBThread = true;
-
- }else {
- if(AutoClientEnd.getURL()==null){
- AutoClientEnd.start(pdps.get(0));
- }else if(AutoClientEnd.getURL()!=pdps.get(0)){
- AutoClientEnd.stop();
- AutoClientEnd.start(pdps.get(0));
- }
- }
- } else {
- logger.debug("No Response Received from PDP");
- StdStatus stdStatus = new StdStatus();
- results = new HashSet<StdStatus>();
- stdStatus.setStatus("No Response Received",
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_NOT_FOUND);
- results.add(stdStatus);
- }
-
- return results;
- }
-
- private Response callPDP(ByteArrayInputStream input, UUID requestID) throws Exception {
- Response response = null;
- HttpURLConnection connection = null;
- responseCode = 0;
- // Checking for the available PDPs is done during the first Request and
- // the List is going to have the connected PDP as first element.
- // This makes it Real-Time to change the list depending on their
- // availability.
- if (pdps == null || pdps.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDPs List is Empty.");
- throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PDPs List is empty.");
- } else {
- int pdpsCount = 0;
- boolean connected = false;
- while (pdpsCount < pdps.size()) {
- input.reset();
- try {
- String urlValue = pdps.get(0);
- URL url = new URL(urlValue);
- logger.debug("--- Sending Request to PDP : "+ url.toString() + " ---");
- connection = (HttpURLConnection) url.openConnection();
- // Setting Content-Type
- connection.setRequestProperty("Content-Type","application/json");
- // Adding Authorization
- connection.setRequestProperty("Authorization", "Basic " + encoding.get(0));
- // Adding Environment.
- connection.setRequestProperty("Environment", environment);
- // Adding RequestID
- if (requestID == null) {
- requestID = UUID.randomUUID();
- logger.info("No request ID provided, sending generated ID: " + requestID.toString());
- } else {
- logger.info("Using provided request ID: " + requestID.toString());
- }
- connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString());
- // Setting up connection method and headers.
- connection.setRequestMethod("POST");
- connection.setUseCaches(false);
- connection.setInstanceFollowRedirects(false);
- connection.setDoOutput(true);
- connection.setDoInput(true);
- OutputStream os = connection.getOutputStream();
- IOUtils.copy(input, os);
-
-
- connection.connect();
- responseCode = connection.getResponseCode();
- // If Connected to a PDP Then break from the loop and
- // continue with the Request.
- if (connection.getResponseCode() == 200 || junit) {
- connected = true;
- break;
- } else {
- logger.debug(XACMLErrorConstants.ERROR_PERMISSIONS+ "PDP Response Code : " + connection.getResponseCode());
- Collections.rotate(pdps, -1);
- Collections.rotate(encoding, -1);
- }
- } catch (Exception e) {
- // This means that the PDP is not working and needs to
- // Re-Order our List and Connect to the next one.
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PDP connection Error : " + e);
- Collections.rotate(pdps, -1);
- Collections.rotate(encoding, -1);
- }
- pdpsCount++;
- }
- if (connected) {
- // Read the Response
- // System.out.println("connected to PDP : " + pdps.get(0));
- logger.debug("connected to PDP : " + pdps.get(0));
- logger.debug("--- Response: ---");
- Map<String,List<String>> headers = connection.getHeaderFields();
- for(String key : headers.keySet()){
- logger.debug("Header : " + key + " Value: " + headers.get(key));
- }
- try {
- if (connection.getResponseCode() == 200 || junit) {
- // Read the Response
- ContentType contentType = null;
- try {
- contentType = ContentType.parse(connection
- .getContentType());
- if (contentType.getMimeType().equalsIgnoreCase(
- ContentType.APPLICATION_JSON.getMimeType())) {
- if(junit){
- response = JSONResponse.load(getJsonResponseString());
- } else {
- response = JSONResponse.load(connection.getInputStream());
- }
- logger.debug(response + "\n---");
- } else {
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unknown Content-Type: "
- + contentType);
- throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unknown Content-Type: "
- + contentType);
- }
- } catch (Exception e) {
- String message = XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Parsing Content-Type: "
- + connection.getContentType() + ", error="
- + e;
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e);
- throw new Exception(message, e);
- }
- } else {
- throw new Exception(XACMLErrorConstants.ERROR_PERMISSIONS+ "ERROR response code of the URL " + pdps.get(0) + " is "
- + connection.getResponseCode());
- }
- } catch (IOException e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"Error in Connecting to the PDP ", e);
- }
- return response;
- } else {
- if(junit){
- response = JSONResponse.load(getJsonResponseString());
- return response;
- }
- throw new Exception(XACMLErrorConstants.ERROR_PERMISSIONS+ "Unable to get valid Response from PDP(s) " + pdps);
- }
- }
- }
-
- private Collection<StdStatus> checkResponse(Response response)
- throws Exception {
-
- String pdpConfigURL = null;
-
- Collection<StdStatus> combinedResult = new HashSet<StdStatus>();
- int priority = defaultPriority;
- Map<Integer, StdStatus> uniqueResult = new HashMap<Integer, StdStatus>();
- for (Result result : response.getResults()) {
- if (!result.getDecision().equals(Decision.PERMIT)) {
- logger.debug("Decision not a Permit. " + result.getDecision().toString());
- StdStatus stdStatus = new StdStatus();
- if (decide) {
- stdStatus.setDecision(PolicyDecision.DENY);
- for(Advice advice: result.getAssociatedAdvice()){
- for(AttributeAssignment attribute: advice.getAttributeAssignments()){
- stdStatus.setDetails(attribute.getAttributeValue().getValue().toString());
- break;
- }
- }
- combinedResult.add(stdStatus);
- return combinedResult;
- }
- stdStatus.setStatus(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Params passed: Decision not a Permit.",PolicyResponseStatus.NO_ACTION_REQUIRED,PolicyConfigStatus.CONFIG_NOT_FOUND);
- combinedResult.add(stdStatus);
- return combinedResult;
- } else {
- if (decide) {
- // check for Decision for decision based calls.
- StdStatus stdStatus = new StdStatus();
- stdStatus.setDecision(PolicyDecision.PERMIT);
- stdStatus.setDetails("Decision Permit. OK!");
- combinedResult.add(stdStatus);
- return combinedResult;
- }
- if (!result.getAssociatedAdvice().isEmpty()) {
- // @ TODO Add advice actions
- // Configurations should be in advice. + Also PDP took
- // actions could be here.
- for (Advice advice : result.getAssociatedAdvice()) {
- int config = 0, uri = 0;
- String configURL = null;
- String policyName = null;
- String policyVersion = null;
- Map<String, String> matchingConditions = new HashMap<String, String>();
- match = new Matches();
- Map<String, String> configAttributes = new HashMap<String, String>();
- Map<String, String> responseAttributes = new HashMap<String,String>();
- Map<String, String> actionTaken = new HashMap<String, String>();
- StdStatus stdStatus = new StdStatus();
- Map<String, String> adviseAttributes = new HashMap<String, String>();
- for (AttributeAssignment attribute : advice.getAttributeAssignments()) {
- adviseAttributes.put(attribute.getAttributeId().stringValue(), attribute.getAttributeValue().getValue().toString());
- if (attribute.getAttributeValue().getValue().toString().equalsIgnoreCase("CONFIGURATION")) {
- config++;
- } else if (attribute.getDataTypeId().stringValue().endsWith("anyURI")) {
- uri++;
- if (uri == 1) {
- configURL = attribute.getAttributeValue().getValue().toString();
- String currentUsedPDP = pdps.get(0);
- int pos = (pdps.get(0)).lastIndexOf("/");
- String configURLPath = currentUsedPDP.substring(0, pos);
- int pos1 = configURLPath.lastIndexOf("/");
- String pdpConfigURLPath = configURLPath.substring(0, pos1 + 1);
- pdpConfigURL = configURL.replace("$URL", pdpConfigURLPath);
- } else {
- if (!(attribute.getIssuer().equalsIgnoreCase("PDP"))) {
- throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error having multiple URI in the Policy");
- }
- }
- } else if (attribute.getAttributeId().stringValue()
- .equalsIgnoreCase("PolicyName")) {
- policyName = attribute.getAttributeValue()
- .getValue().toString();
- } else if (attribute.getAttributeId().stringValue()
- .equalsIgnoreCase("VersionNumber")) {
- policyVersion = attribute.getAttributeValue()
- .getValue().toString();
- } else if (attribute.getAttributeId().stringValue().equalsIgnoreCase("Priority")){
- try{
- priority = Integer.parseInt(attribute.getAttributeValue().getValue().toString());
- } catch(Exception e){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE+ "Unable to Parse Integer for Priority. Setting to default value");
- priority = defaultPriority;
- }
- } else if (attribute.getAttributeId().stringValue()
- .startsWith("matching")) {
- matchingConditions.put(attribute
- .getAttributeId().stringValue()
- .replaceFirst("(matching).", ""),
- attribute.getAttributeValue()
- .getValue().toString());
- if (attribute.getAttributeId().stringValue()
- .replaceFirst("(matching).", "")
- .equals("ECOMPName")) {
- match.setEcompName(attribute
- .getAttributeValue().getValue()
- .toString());
- } else if (attribute.getAttributeId()
- .stringValue()
- .replaceFirst("(matching).", "")
- .equals("ConfigName")) {
- match.setConfigName(attribute
- .getAttributeValue().getValue()
- .toString());
- } else {
- configAttributes.put(attribute
- .getAttributeId().stringValue()
- .replaceFirst("(matching).", ""),
- attribute.getAttributeValue()
- .getValue().toString());
- }
- } else if (attribute.getAttributeId().stringValue().startsWith("key:")) {
- responseAttributes.put(attribute
- .getAttributeId().stringValue()
- .replaceFirst("(key).", ""),
- attribute.getAttributeValue()
- .getValue().toString());
- }
- }
- if (!configAttributes.isEmpty()) {
- match.setConfigAttributes(configAttributes);
- }
- if ((config == 1) && (uri == 1)) {
- // If there is a configuration.
- try {
- logger.debug("Configuration Call to : "
- + configURL);
- stdStatus = ConfigCall(pdpConfigURL);
- } catch (Exception e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW+ e);
- stdStatus
- .setStatus(
- "Error in Calling the Configuration URL "
- + e,
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_NOT_FOUND);
- }
- stdStatus.setPolicyName(policyName);
- stdStatus.setPolicyVersion(policyVersion);
- stdStatus.setMatchingConditions(matchingConditions);
- stdStatus.setResposneAttributes(responseAttributes);
- if(!unique){
- combinedResult.add(stdStatus);
- }else{
- if(!uniqueResult.isEmpty()){
- if(uniqueResult.containsKey(priority)){
- // Not any more unique, check the matching conditions size
- int oldSize = uniqueResult.get(priority).getMatchingConditions().size();
- int newSize = matchingConditions.size();
- if(oldSize < newSize){
- uniqueResult.put(priority, stdStatus);
- }else if(oldSize == newSize){
- stdStatus = new StdStatus();
- stdStatus.setStatus("Two/more Policies have Same Priority and matching conditions, Please correct your policies.", PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_NOT_FOUND);
- combinedResult.add(stdStatus);
- unique = false;
- return combinedResult;
- }
- }else{
- uniqueResult.put(priority, stdStatus);
- }
- }else{
- uniqueResult.put(priority, stdStatus);
- }
- }
- } else {
- // Else it is Action Taken.
- logger.info("Action Taken by PDP. ");
- actionTaken.putAll(adviseAttributes);
- stdStatus.setActionTaken(actionTaken);
- stdStatus.setPolicyResponseStatus(
- "Action Taken by the PDP",
- PolicyResponseStatus.ACTION_TAKEN);
- combinedResult.add(stdStatus);
- }
- }
- }
- if (!result.getObligations().isEmpty()) {
- // @ TODO add Obligation actions
- // Action advised should be in obligations.
- for (Obligation obligation : result.getObligations()) {
- Map<String, String> actionAdvised = new HashMap<String, String>();
- StdStatus stdStatus = new StdStatus();
- for (AttributeAssignment attribute : obligation
- .getAttributeAssignments()) {
- actionAdvised.put(attribute.getAttributeId()
- .stringValue(), attribute
- .getAttributeValue().getValue().toString());
- }
- stdStatus.setActionAdvised(actionAdvised);
- stdStatus.setPolicyResponseStatus(
- "Action has been Advised ",
- PolicyResponseStatus.ACTION_ADVISED);
- combinedResult.add(stdStatus);
- }
- }
- }
- }
- if(unique){
- // Select Unique policy.
- int minNum = defaultPriority;
- for(int num: uniqueResult.keySet()){
- if(num < minNum){
- minNum = num;
- }
- }
- combinedResult.add(uniqueResult.get(minNum));
- // Turn off Unique
- unique = false;
- }
-
- return combinedResult;
- }
-
- private StdStatus ConfigCall(String stringURL) throws Exception {
- StdStatus stdStatus = new StdStatus();
- try {
- URL configURL = new URL(stringURL);
- URLConnection connection = null;
- try {
- connection = configURL.openConnection();
- if (stringURL.endsWith("json")) {
- stdStatus.setPolicyType(PolicyType.JSON);
- JsonReader jsonReader = Json.createReader(connection
- .getInputStream());
- stdStatus.setJsonObject(jsonReader.readObject());
- jsonReader.close();
- logger.info("config Retrieved ");
- stdStatus.setStatus("Config Retrieved from: " + configURL,
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_RETRIEVED);
- try {
- MatchStore.storeMatch(match);
- } catch (Exception e) {
- logger.info("StoreMatch failed for Ecomp:"
- + match.getEcompName() + " Config: "
- + match.getConfigName());
- }
- return stdStatus;
- } else if (stringURL.endsWith("xml")) {
- stdStatus.setPolicyType(PolicyType.XML);
- DocumentBuilderFactory dbf = DocumentBuilderFactory
- .newInstance();
- DocumentBuilder db = null;
- try {
- db = dbf.newDocumentBuilder();
- Document config = db.parse(connection.getInputStream());
- stdStatus.setDocument(config);
- } catch (ParserConfigurationException e) {
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e);
- throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unable to create Document Object",
- e);
- } catch (SAXException e) {
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID+ e);
- throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID+ "Unable to parse the XML config", e);
- }
- logger.info("config Retrieved ");
- stdStatus.setStatus("Config Retrieved from: " + configURL,
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_RETRIEVED);
- try {
- MatchStore.storeMatch(match);
- } catch (Exception e) {
- logger.info("StoreMatch failed for Ecomp:"
- + match.getEcompName() + " Config: "
- + match.getConfigName());
- }
- return stdStatus;
- } else if (stringURL.endsWith("properties")) {
- stdStatus.setPolicyType(PolicyType.PROPERTIES);
- Properties configProp = new Properties();
- configProp.load(connection.getInputStream());
- stdStatus.setProperties(configProp);
- logger.info("config Retrieved ");
- stdStatus.setStatus("Config Retrieved from: " + configURL,
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_RETRIEVED);
- try {
- MatchStore.storeMatch(match);
- } catch (Exception e) {
- logger.info("StoreMatch failed for Ecomp:"
- + match.getEcompName() + " Config: "
- + match.getConfigName());
- }
- return stdStatus;
- } else if (stringURL.endsWith("txt")) {
- stdStatus.setPolicyType(PolicyType.OTHER);
- InputStream in = connection.getInputStream();
- String other = IOUtils.toString(in);
- IOUtils.closeQuietly(in);
- stdStatus.setOther(other);
- logger.info("config Retrieved ");
- stdStatus.setStatus("Config Retrieved from: " + configURL,
- PolicyResponseStatus.NO_ACTION_REQUIRED,
- PolicyConfigStatus.CONFIG_RETRIEVED);
- try {
- MatchStore.storeMatch(match);
- } catch (Exception e) {
- logger.info("StoreMatch failed for Ecomp:"
- + match.getEcompName() + " Config: "
- + match.getConfigName());
- }
- return stdStatus;
- } else {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Config Not Found");
- stdStatus
- .setPolicyConfigStatus(PolicyConfigStatus.CONFIG_NOT_FOUND);
- stdStatus
- .setConfigStatus("Illegal form of Configuration Type Found.");
- return stdStatus;
- }
- } catch (IOException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e);
- throw new Exception(XACMLErrorConstants.ERROR_PROCESS_FLOW +
- "Cannot open a connection to the configURL", e);
- }
- } catch (MalformedURLException e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error in ConfigURL", e);
- }
- }
-
- private void setProperty(String propertyFilePath)
- throws PolicyEngineException {
- this.propertyFilePath = propertyFilePath;
- if (this.propertyFilePath == null) {
- // This is only for testing purpose. Or We will add a default PDP
- // address here.
- // url_default = "http://localhost:8080/pdp/";
- // The General Error Message is Below.
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error NO PropertyFile Path provided");
- } else {
- // Adding logic for remote Properties file.
- Properties prop = new Properties();
- if (propertyFilePath.startsWith("http")) {
- URL configURL;
- try {
- configURL = new URL(propertyFilePath);
- URLConnection connection = null;
- connection = configURL.openConnection();
- prop.load(connection.getInputStream());
- } catch (IOException e) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Maformed property URL "+ e.getMessage());
- }
- } else {
- Path file = Paths.get(propertyFilePath);
- if (Files.notExists(file)) {
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "File doesn't exist in the specified Path " + file.toString());
- }
- if (file.toString().endsWith(".properties")) {
- InputStream in;
- prop = new Properties();
- try {
- in = new FileInputStream(file.toFile());
- prop.load(in);
- } catch (IOException e) {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Cannot Load the Properties file", e);
- }
- } else {
- logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Not a .properties file " + propertyFilePath);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Not a .properties file");
- }
- }
- // UEB Settings
- String check_type = prop.getProperty("NOTIFICATION_TYPE");
- String serverList = prop.getProperty("NOTIFICATION_UEB_SERVERS");
- if(check_type==null) {
- notificationType.add("websocket");
- logger.info("Properties file doesn't have the NOTIFICATION_TYPE parameter system will use defualt websockets");
- }else{
- if(check_type.contains(",")) {
- type_default = new ArrayList<String>(Arrays.asList(prop.getProperty("NOTIFICATION_TYPE").split(",")));
- notificationType = type_default;
- } else {
- notificationType = new ArrayList<String>();
- notificationType.add(check_type);
- }
- }
- if(serverList==null) {
- notificationType.clear();
- notificationType.add("websocket");
- logger.info("Properties file doesn't have the NOTIFICATION_UEB_SERVERS parameter system will use defualt websockets");
- }else{
- if(serverList.contains(",")) {
- uebURLList = new ArrayList<String>(Arrays.asList(prop.getProperty("NOTIFICATION_UEB_SERVERS").split(",")));
- } else {
- uebURLList = new ArrayList<String>();
- uebURLList.add(serverList);
- }
- }
- // Client ID Authorization Settings.
- String clientID = prop.getProperty("CLIENT_ID");
- String clientKey = prop.getProperty("CLIENT_KEY");
- userName = clientID;
- pass = clientKey;
- pyPDPClientFile = prop.getProperty("CLIENT_FILE");
- environment = prop.getProperty("ENVIRONMENT", "DEVL");
- /*try {
- aafClient = AAFPolicyClient.getInstance(prop);
- } catch (AAFPolicyException e) {
- logger.error(XACMLErrorConstants.ERROR_UNKNOWN + e.getMessage());
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_UNKNOWN + e);
- }*/
- // Initializing the values.
- pdps = new ArrayList<String>();
- paps = new ArrayList<String>();
- encoding = new ArrayList<String>();
- encodingPAP = new ArrayList<String>();
- // Check the Keys for PDP_URLs
- Collection<Object> unsorted = prop.keySet();
- @SuppressWarnings({ "rawtypes", "unchecked" })
- List<String> sorted = new ArrayList(unsorted);
- Collections.sort(sorted);
- for (String propKey : sorted) {
- if (propKey.startsWith("PDP_URL")) {
- String check_val = prop.getProperty(propKey);
- if (check_val == null) {
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Properties file doesn't have the PDP_URL parameter");
- }
- if (check_val.contains(";")) {
- pdp_default = new ArrayList<String>(Arrays.asList(check_val.split("\\s*;\\s*")));
- int pdpCount = 0;
- while (pdpCount < pdp_default.size()) {
- String pdpVal = pdp_default.get(pdpCount);
- readPDPParam(pdpVal);
- pdpCount++;
- }
- } else {
- readPDPParam(check_val);
- }
- } else if (propKey.startsWith("PAP_URL")) {
- String check_val = prop.getProperty(propKey);
- if (check_val == null) {
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Properties file doesn't have the PAP_URL parameter");
- }
- if (check_val.contains(";")) {
- pap_default = new ArrayList<String>(Arrays.asList(check_val.split("\\s*;\\s*")));
- int papCount = 0;
- while (papCount < pap_default.size()) {
- String papVal = pap_default.get(papCount);
- readPAPParam(papVal);
- papCount++;
- }
- } else {
- readPAPParam(check_val);
- }
- }
- }
- if (pdps == null || pdps.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PDP_URLs");
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PDP_URLs");
- }
-
- if (paps == null || paps.isEmpty()) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PAP_URLs");
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed with out PAP_URLs");
- }
-
- // Get JUNIT property from properties file when running tests
- String junit = prop.getProperty("JUNIT");
- if(junit == null || junit.isEmpty()){
- logger.info("No JUNIT property provided, this will not be executed as a test.");
- }else{
- if(junit.equals("test")){
- this.junit = true;
- } else {
- this.junit = false;
- }
- }
- }
- }
-
- /*
- * Read the PDP_URL parameter
- */
- private void readPDPParam(String pdpVal) throws PolicyEngineException{
- if(pdpVal.contains(",")){
- List<String> pdpValues = new ArrayList<String>(Arrays.asList(pdpVal.split("\\s*,\\s*")));
- if(pdpValues.size()==3){
- // 0 - PDPURL
- pdps.add(pdpValues.get(0));
- // 1:2 will be UserID:Password
- String userID = pdpValues.get(1);
- String pass = pdpValues.get(2);
- Base64.Encoder encoder = Base64.getEncoder();
- encoding.add(encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8)));
- }else{
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + pdpValues);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request. " + pdpValues);
- }
- }else{
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP value is improper/missing required values: " + pdpVal);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP value is improper/missing required values.");
- }
- }
-
- /*
- * Read the PAP_URL parameter
- */
- private void readPAPParam(String papVal) throws PolicyEngineException{
- if(papVal.contains(",")){
- List<String> papValues = new ArrayList<String>(Arrays.asList(papVal.split("\\s*,\\s*")));
- if(papValues.size()==3){
- // 0 - PAPURL
- paps.add(papValues.get(0));
- // 1:2 will be UserID:Password
- String userID = papValues.get(1);
- String pass = papValues.get(2);
- Base64.Encoder encoder = Base64.getEncoder();
- encodingPAP.add(encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8)));
- }else{
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + papValues);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request. " + papValues);
- }
- }else{
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + papVal);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request.");
- }
- }
- /*
- * Allowing changes to the scheme and Handler.
- */
- public void notification(NotificationScheme scheme, NotificationHandler handler) {
- this.scheme = scheme;
- this.handler = handler;
- logger.debug("Scheme is : " + scheme.toString());
- logger.debug("Handler is : " + handler.getClass().getName());
- if (!notificationType.get(0).equals("ueb")){
- AutoClientEnd.setAuto(scheme, handler);
- }else {
- if (this.UEBThread){
- UEBClientThread.setAuto(scheme, handler);
- this.UEBThread = registerUEBThread.isAlive();
- }
- }
-
- //TODO This could also be a Start point for Auto Notifications..
- if(pdps!=null){
- if (notificationType.get(0).equals("ueb") && !this.UEBThread){
- this.UEBClientThread = new AutoClientUEB(pdps.get(0), uebURLList);
- this.UEBClientThread.setAuto(scheme, handler);
- this.registerUEBThread = new Thread(this.UEBClientThread);
- this.registerUEBThread.start();
- this.UEBThread = true;
- }
- if (!notificationType.get(0).equals("ueb")){
- if(pdps.get(0)!=null){
- if(AutoClientEnd.getURL()==null){
- AutoClientEnd.start(pdps.get(0));
- }else {
- AutoClientEnd.stop();
- AutoClientEnd.start(pdps.get(0));
- }
- }
- }
- }
- }
-
- /*
- * Gets the Notification if one exists. Used only for Manual Polling
- * purposes.
- */
- public PDPNotification getNotification(){
- //TODO manual Polling
- //Check if there is proper scheme..
- PDPNotification notification = null;
- if(this.scheme.equals(NotificationScheme.MANUAL_ALL_NOTIFICATIONS) || this.scheme.equals(NotificationScheme.MANUAL_NOTIFICATIONS)) {
- if (notificationType.get(0).equals("ueb")){
- ManualClientEndUEB.start(pdps.get(0), uebURLList, uniqueID);
- notification = ManualClientEndUEB.result(scheme);
- }else{
- ManualClientEnd.start(pdps.get(0));
- logger.debug("manual notification requested.. : " + scheme.toString());
- notification = ManualClientEnd.result(scheme);
- }
-
- if (notification == null){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Notification yet..");
- return null;
- } else {
- return notification;
- }
-
- }else {
- return null;
- }
- }
-
- /*
- * Setting the Scheme.
- */
- public void setScheme(NotificationScheme scheme) {
- this.scheme = scheme;
- if (notificationType.get(0).equals("ueb")){
- AutoClientUEB.setScheme(this.scheme);
- if (this.scheme.equals(NotificationScheme.MANUAL_ALL_NOTIFICATIONS)){
- ManualClientEndUEB.createTopic(pdps.get(0), uniqueID, uebURLList);
- }
- }else{
- AutoClientEnd.setScheme(this.scheme);
- }
- }
-
- /*
- * Returns the Scheme
- */
- public NotificationScheme getScheme() {
- return this.scheme;
- }
-
- /*
- * Returns the NotificationHandler
- */
- public NotificationHandler getNotificationHandler() {
- return this.handler;
- }
-
- private Collection<PolicyConfig> configResult(
- Collection<StdStatus> generateRequest) {
- Collection<PolicyConfig> result = new HashSet<PolicyConfig>();
- if (generateRequest == null) {
- return null;
- }
- if (!generateRequest.isEmpty()) {
- for (StdStatus stdStatus : generateRequest) {
- PolicyConfig policyConfig = new StdPolicyConfig();
- policyConfig = stdStatus;
- result.add(policyConfig);
- }
- }
- return result;
- }
-
- private Collection<PolicyResponse> eventResult(
- Collection<StdStatus> generateRequest,
- Map<String, String> eventAttributes) {
- Collection<PolicyResponse> result = new HashSet<PolicyResponse>();
- if (generateRequest == null) {
- return null;
- }
- if (!generateRequest.isEmpty()) {
- for (StdStatus stdStatus : generateRequest) {
- StdPolicyResponse policyResponse = new StdPolicyResponse();
- policyResponse = stdStatus;
- policyResponse.setRequestAttributes(eventAttributes);
- result.add(policyResponse);
- }
- }
- return result;
- }
-
- private DecisionResponse decisionResult(Collection<StdStatus> generateRequest) {
- StdDecisionResponse policyDecision = new StdDecisionResponse();
- if (generateRequest == null) {
- return policyDecision;
- }
- if (!generateRequest.isEmpty()) {
- for (StdStatus stdStatus : generateRequest) {
- policyDecision.setDecision(stdStatus.getDecision());
- policyDecision.setDetails(stdStatus.getDetails());
- }
- }
- return policyDecision;
- }
-
- /*
- * Stop the Notification Service if its running.
- */
- public void stopNotification() {
- if (this.scheme != null && this.handler != null) {
- if (this.scheme.equals(NotificationScheme.AUTO_ALL_NOTIFICATIONS)
- || this.scheme
- .equals(NotificationScheme.AUTO_NOTIFICATIONS)) {
- logger.info("Clear Notification called.. ");
- if (notificationType.get(0).equals("ueb")){
- this.UEBClientThread.terminate();
- this.UEBThread = false;
- }else{
- AutoClientEnd.stop();
- }
- }
- }
- }
-
- /*
- * Create Config Policy API Implementation
- */
- public String createConfigPolicy(String policyName, String policyDescription, String ecompName, String configName,
- Map<String, String> configAttributes, String configType, String body, String policyScope, UUID requestID,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
- return createConfigPolicy(policyName,policyDescription, ecompName, configName,
- configAttributes, configType, body, policyScope, requestID, userName , pass, riskLevel, riskType, guard, ttlDate);
- }
-
- public String createConfigPolicy(String policyName, String policyDescription, String ecompName, String configName,
- Map<String, String> configAttributes, String configType, String body, String policyScope, UUID requestID, String userID, String passcode,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
-
- String response = null;
- String configBody = null;
- String resource= "createPolicy";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource;
- return response;
- }
-
- //check body for JSON form and remove single quotes if present
- if (configType.equalsIgnoreCase("JSON")) {
- if (body.contains("'")) {
- configBody = body.replace("'", "\"");
- } else {
- configBody = body;
- }
- } else {
- configBody = body;
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.";
- } else if (configName==null||configName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- }else {
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Base", policyName, policyDescription, ecompName, configName, configAttributes, configType,
- configBody, false, policyScope,0, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- response = (String) callPAP(newPAPPolicy, new String[] {"operation=create", "apiflag=api", "policyType=Config"}, requestID, "Config");
- }
- return response;
-
- }
-
- /*
- * Create Config Policy API Implementation
- */
- public String updateConfigPolicy(String policyName, String policyDescription, String ecompName, String configName,
- Map<String, String> configAttributes, String configType, String body, String policyScope, UUID requestID,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
- return updateConfigPolicy(policyName, policyDescription, ecompName, configName,
- configAttributes, configType, body, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate);
- }
-
- public String updateConfigPolicy(String policyName, String policyDescription, String ecompName, String configName,
- Map<String, String> configAttributes, String configType, String body, String policyScope,
- UUID requestID, String userID, String passcode,String riskLevel, String riskType, String guard,
- String ttlDate) throws Exception {
-
- String response = null;
- String configBody = null;
- String resource= "updatePolicy";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource;
- return response;
- }
- //check body for JSON form and remove single quotes if present
- if (configType.equalsIgnoreCase("JSON")) {
- if (body.contains("'")) {
- configBody = body.replace("'", "\"");
- } else {
- configBody = body;
- }
- } else {
- configBody = body;
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.";
- } else if (configName==null||configName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
- //set values for basic policy information
- String policyType = "Config";
- String configPolicyType = "base";
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy(configPolicyType, policyName, policyDescription, ecompName, configName, configAttributes, configType,
- configBody, true, policyScope,0, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- response = (String) callPAP(newPAPPolicy, new String[] {"operation=update", "apiflag=api", "policyType=" + policyType}, requestID, "Config");
-
- }
- return response;
-
- }
-
-
- /*
- * Create Config Firewall Policy API implementation
- */
- public String createConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
- return createConfigFirewallPolicy(policyName, firewallJson, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate);
- }
-
- public String createConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String userID, String passcode,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
-
- String response = null;
- String resource= "createPolicy";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource;
- return response;
- }
-
- //set values for basic policy information
- String configName = firewallJson.get("configName").toString();
- //String configDescription = firewallJson.get("configDescription").toString();
- String configDescription = "";
- String json = firewallJson.toString();
-
- boolean levelCheck = isNumeric(riskLevel);
-
- if (!isJSONValid(json)) {
- logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Invalid JSON for firewallJson: " + json);
- throw new PolicyDecisionException(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Invalid JSON for firewallJson: " + json);
- }
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Firewall Config", policyName, configDescription, configName, false, policyScope, json, 0,
- riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- response = (String) callPAP(newPAPPolicy, new String[] {"operation=create", "apiflag=api", "policyType=Config"}, requestID, "ConfigFirewall");
- }
-
- return response;
- }
-
- /*
- * Update Config Firewall Policy API implementation
- */
- public String updateConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String riskLevel, String riskType,
- String guard, String ttlDate) throws Exception {
- return updateConfigFirewallPolicy(policyName, firewallJson, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate);
- }
-
- public String updateConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String userID, String passcode,
- String riskLevel, String riskType, String guard, String ttlDate) throws Exception {
-
- String response = null;
- String resource= "updatePolicy";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource;
- return response;
- }
- String configName = firewallJson.get("configName").toString();
- //String configDescription = firewallJson.get("configDescription").toString();
- String configDescription = ""; //ASK Lak about this...****
- String json = firewallJson.toString();
- boolean levelCheck = isNumeric(riskLevel);
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Firewall Config", policyName, configDescription, configName, true, policyScope, json, 0,
- riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- response = (String) callPAP(newPAPPolicy, new String[] {"operation=update", "apiflag=api", "policyType=Config"}, requestID, "ConfigFirewall");
- }
-
- return response;
- }
-
- /*
- * Create or Update BRMS Raw Config Policy API implementation
- */
- public String createUpdateBRMSRawPolicy(String policyName,
- String policyDescription,
- Map<AttributeType, Map<String, String>> dyanamicFieldConfigAttributes,
- String brmsRawBody,
- String policyScope,
- Boolean isEdit,
- UUID requestID,
- String riskLevel,
- String riskType,
- String guard,
- String ttlDate) {
-
- String response = null;
- String operation = null;
-
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if(policyDescription==null || policyDescription.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (brmsRawBody==null ||brmsRawBody.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No rule body given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No rule body given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
- /*String configPolicyType, String policyName, String description,
- String configName, Boolean editPolicy, String domain,
- Map<String,String> dyanamicFieldConfigAttributes, Integer highestVersion, String eCompName,
- String configBodyData*/
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("BRMS_Raw",policyName,policyDescription,
- "BRMS_RAW_RULE",isEdit,policyScope,
- dyanamicFieldConfigAttributes.get(AttributeType.RULE), 0, "DROOLS",
- brmsRawBody, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigBrmsRaw");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
- }
-
- /*
- * Create or Update BRMS Param Config Policy API implementation
- */
- public String createUpdateBRMSParamPolicy(String policyName,
- String policyDescription,
- Map<AttributeType, Map<String, String>> dyanamicFieldConfigAttributes,
- String brmsRawBody,
- String policyScope,
- Boolean isEdit,
- UUID requestID,
- Map<AttributeType, Map<String, String>> drlRuleAndUIParams,
- String riskLevel, String riskType, String guard, String ttlDate) {
-
- String response = null;
- String operation = null;
-
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if(policyDescription==null || policyDescription.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if ((dyanamicFieldConfigAttributes==null)){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Rule Attributes given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Rule Attributes given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- }else {
- /*public StdPAPPolicy (String configPolicyType, String policyName, String description,
- String configName, Boolean editPolicy, String domain,
- Map<String,String> dyanamicFieldConfigAttributes, Integer highestVersion, String eCompName,
- String configBodyData,Map<String,String> drlRuleAndUIParams) */
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("BRMS_Param",policyName,policyDescription,
- "BRMS_PARAM_RULE",isEdit,policyScope,
- drlRuleAndUIParams.get(AttributeType.MATCHING), 0, "DROOLS",
- brmsRawBody, drlRuleAndUIParams.get(AttributeType.RULE), riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigBrmsParam");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
- }
-
- /*
- * Create or Update Action Policy API implementation
- */
- public String createUpdateActionPolicy(String policyName, String policyDescription, Map<String,String> componentAttributes, List<String> dynamicRuleAlgorithmLabels,
- List<String> dynamicRuleAlgorithmField1, List<String> dynamicRuleAlgorithmFunctions, List<String> dynamicRuleAlgorithmField2,
- String actionPerformer, String actionAttribute, String policyScope, Boolean isEdit, UUID requestID) {
-
- String response = null;
- String operation = null;
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- return response;
- } else if (componentAttributes==null||componentAttributes.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Component Attributes given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Component Attributes given.";
- return response;
- } else if (actionAttribute==null||actionAttribute.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Attribute given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Attribute given.";
- return response;
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- return response;
- } else if (actionPerformer==null||actionPerformer.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Performer given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Performer given.";
- return response;
- } else if (!actionPerformer.equals("PEP")) {
- if (!actionPerformer.equals("PDP")) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Action Performer given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Action Performer given.";
- return response;
- }
- }
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyName, policyDescription, componentAttributes, dynamicRuleAlgorithmLabels, dynamicRuleAlgorithmFunctions,
- dynamicRuleAlgorithmField1, dynamicRuleAlgorithmField2, actionPerformer, actionAttribute, isEdit, policyScope, 0);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Action"}, requestID, "Action");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- return response;
-
- }
-
- /*
- * Create or Update Decision Policy implementation
- */
- private String createUpdateDecisionPolicy(String policyName, String policyDescription, String ecompName, RuleProvider ruleProvider, Map<String,String> componentAttributes, Map<String,String> settings,
- List<String> dynamicRuleAlgorithmLabels, List<String> dynamicRuleAlgorithmField1, List<String> dynamicRuleAlgorithmFunctions, List<String> dynamicRuleAlgorithmField2,
- String policyScope, Boolean isEdit, UUID requestID) {
-
- String response = null;
- String operation = null;
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else {
-
- if (ruleProvider==null) {
- ruleProvider = RuleProvider.CUSTOM ;
- }
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyName, policyDescription, ecompName, ruleProvider.toString(), componentAttributes, settings, dynamicRuleAlgorithmLabels, dynamicRuleAlgorithmFunctions,
- dynamicRuleAlgorithmField1, dynamicRuleAlgorithmField2, null, null, null, isEdit, policyScope, 0);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Decision"}, requestID, "Decision");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
- }
-
- /*
- * Create or Update ClosedLoop_Fault policy implementation
- */
- private String createUpdateClosedLoopPolicy(String policyName, JsonObject configBody, String policyDescription, String policyScope, Boolean isEdit,
- UUID requestID,String riskLevel, String riskType, String guard, String ttlDate) {
-
- String response = null;
- String operation = null;
- String oldPolicyName = null;
-
- if (isEdit){
- operation = "update";
- if (policyName.endsWith("_Draft")) {
- oldPolicyName = policyName + "_Draft.1";
- }
- } else {
- operation = "create";
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- // get values and attributes from the JsonObject
- String ecompName = configBody.get("ecompname").toString().replace("\"", "");
- String jsonBody = configBody.toString();
-
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("ClosedLoop_Fault", policyName, policyDescription, ecompName,
- jsonBody, false, oldPolicyName, null, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigClosedLoop");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
-
- }
-
- private String createUpdateClosedLoopPmPolicy(String policyName, JsonObject configBody, String policyDescription, String policyScope, Boolean isEdit,
- UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) {
-
- String response = null;
- String operation = null;
- String oldPolicyName = null;
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- // get values and attributes from the JsonObject
- String ecompName = configBody.get("ecompname").toString().replace("\"", "");
- String serviceType = configBody.get("serviceTypePolicyName").toString().replace("\"", "");
- String jsonBody = configBody.toString();
-
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("ClosedLoop_PM", policyName, policyDescription, ecompName,
- jsonBody, false, oldPolicyName, serviceType, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigClosedLoop");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
-
- }
-
- public Boolean validateNONASCIICharactersAndAllowSpaces(Object json){
- Boolean isValidForm = false;
- if (json instanceof String) {
- String jsonString = (String)json;
- if (jsonString.isEmpty()) {
- logger.info("JSON String is empty so cannot validate NON ACSII Characters.");
- } else {
- if(CharMatcher.ASCII.matchesAllOf((CharSequence) jsonString)){
- logger.info("The Value does not contain ASCII Characters");
- isValidForm = true;
- }else{
- logger.error("The Value Contains Non ASCII Characters");
- isValidForm = false;
- }
- }
- } else if (json instanceof JsonObject) {
- JsonObject jsonObj = (JsonObject)json;
- if (jsonObj.isEmpty()){
- logger.info("JSON object is empty so cannot validate NON ACSII Characters.");
- } else {
- if(CharMatcher.ASCII.matchesAllOf((CharSequence) jsonObj.toString())){
- logger.info("The Value does not contain ASCII Characters");
- isValidForm = true;
- }else{
- logger.error("The Value Contains Non ASCII Characters");
- isValidForm = false;
- }
- }
-
- }
-
- return isValidForm;
- }
-
- private String createUpdateMicroServicesPolicy(String policyName, JsonObject microServiceAttributes, String ecompName, String policyScope, Boolean isEdit, UUID requestID,
- String riskLevel, String riskType, String guard, String ttlDate) {
-
- String response = null;
- String operation = null;
-
- if (isEdit){
- operation = "update";
- } else {
- operation = "create";
- }
-
- boolean levelCheck = isNumeric(riskLevel);
-
- // get values and attributes from the JsonObject
- String microService = microServiceAttributes.get("service").toString().replace("\"", "");
- String uuid = microServiceAttributes.get("uuid").toString().replace("\"", "");
- String msLocation = microServiceAttributes.get("location").toString().replace("\"", "");;
- String policyDescription = microServiceAttributes.get("description").toString().replace("\"", "");
- String configName = microServiceAttributes.get("configName").toString().replace("\"", "");
- String priority = microServiceAttributes.get("priority").toString().replace("\"", "");
- String version = microServiceAttributes.get("version").toString().replace("\"", "");
-
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (ecompName==null||ecompName.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given.";
- } else if (configName==null||configName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Configuration Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Configuration Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (!levelCheck){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given.";
- } else {
-
-
- StdPAPPolicy newPAPPolicy = new StdPAPPolicy("DCAE Micro Service", policyName, policyDescription, ecompName,
- configName, microService, uuid, msLocation, microServiceAttributes.toString(), priority,
- version, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate);
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigMS");
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return response;
-
- }
-
-
- /*
- * Push a policy to the PDP API implementation
- */
- public String pushPolicy(String policyScope, String policyName, String policyType, String pdpGroup, UUID requestID) throws Exception {
- return pushPolicy(policyScope, policyName, policyType, pdpGroup, requestID, userName, pass);
- }
-
- public String pushPolicy(String policyScope, String policyName, String policyType, String pdpGroup, UUID requestID, String userID, String passcode) throws Exception {
- String resource= "pushPolicy";
- if(!checkPermissions(userID, passcode, resource)){
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- return (XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource);
- }
- String response = null;
- String filePrefix = null;
- String clientScope = null;
- String activeVersion = null;
-
- //get the client scope based policy type
- if (policyType.equalsIgnoreCase("Firewall")){
- clientScope = "ConfigFirewall";
- filePrefix = "Config_FW_";
- } else if (policyType.equalsIgnoreCase("Action")) {
- clientScope = "Action";
- filePrefix = "Action_";
- } else if (policyType.equalsIgnoreCase("Decision")){
- clientScope = "Decision";
- filePrefix = "Decision_";
- } else if (policyType.equalsIgnoreCase("Base")){
- clientScope = "Config";
- filePrefix = "Config_";
- } else if (policyType.equalsIgnoreCase("ClosedLoop_Fault")){
- clientScope = "ConfigClosedLoop";
- filePrefix = "Config_Fault_";
- } else if (policyType.equalsIgnoreCase("ClosedLoop_PM")){
- clientScope = "ConfigClosedLoop";
- filePrefix = "Config_PM_";
- } else if (policyType.equalsIgnoreCase("MicroService")) {
- clientScope = "ConfigMS";
- filePrefix = "Config_MS_";
- }else if (policyType.equalsIgnoreCase("BRMS_RAW")){
- clientScope = "ConfigBrmsRaw";
- filePrefix = "Config_BRMS_Raw_";
- } else if (policyType.equalsIgnoreCase("BRMS_PARAM")){
- clientScope = "ConfigBrmsParam";
- filePrefix = "Config_BRMS_Param_";
- } else {
- clientScope = null;
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + policyType + " is not a valid Policy Type.");
- return XACMLErrorConstants.ERROR_DATA_ISSUE + policyType + " is not a valid Policy Type.";
- }
-
- logger.debug("clientScope is " + clientScope);
- logger.debug("filePrefix is " + filePrefix);
-
- if (pdpGroup == null) {
- pdpGroup = "default";
- }
-
- if (policyName==null||policyName.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (policyScope==null||policyScope.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given.";
- } else if (policyType==null||policyType.equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Type given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Type given.";
- } else {
- // requestID null check.
- if(requestID==null){
- requestID = UUID.randomUUID();
- logger.debug("Request ID not provided. Generating request ID " + requestID.toString());
- }
-
- // change call to getActiveVersion to pass requestID for PAP to receive on the GET process so PAP won't generate another
- // activeVersion = getActiveVersion(policyScope, filePrefix, policyName, clientScope);
- activeVersion = getActiveVersion(policyScope, filePrefix, policyName, clientScope, requestID);
- logger.debug("The active version of " + policyScope + File.separator + filePrefix + policyName + " is " + activeVersion);
-
- String id = null;
- if (activeVersion.equalsIgnoreCase("pe100")) {
- logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is 403. PEP is not Authorized for making this Request!! "
- + "\n Contact Administrator for this Scope. ");
- return XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is 403. PEP is not Authorized for making this Request!! "
- + "Contact Administrator for this Scope. ";
-
- } else if (activeVersion.equalsIgnoreCase("pe300")) {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is 404. "
- + "This indicates a problem with getting the version from the PAP or the policy does not exist.");
- return XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is 404. "
- + "This indicates a problem with getting the version from the PAP or the policy does not exist.";
- }
-
-
- if (!activeVersion.equalsIgnoreCase("0")) {
- id = policyScope + "." + filePrefix + policyName + "." + activeVersion + ".xml";
- logger.debug("The policyId is " + id);
- } else {
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the activeVersion for this policy. "
- + "This indicates the policy does not exist, please verify the policy exists.");
- return XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the activeVersion for this policy. could not retrieve the activeVersion for this policy. "
- + "This indicates the policy does not exist, please verify the policy exists.";
- }
-
- // change call to getgitPath to pass requestID for PAP to receive on the GET process so PAP won't generate another
- // String gitPath = getGitPath(policyScope, filePrefix, policyName, activeVersion, clientScope);
- String gitPath = getGitPath(policyScope, filePrefix, policyName, activeVersion, clientScope, requestID);
- logger.debug("Full gitPath policy xml file: " + gitPath);
-
- // change call to getSelectedURI to pass requestID for PAP to receive on the GET process so PAP won't generate another
- // URI selectedURI = getSelectedURI(gitPath, clientScope);
- URI selectedURI = getSelectedURI(gitPath, clientScope, requestID);
-
- logger.debug("The selectedURI is : " + selectedURI.toString());
- String name = filePrefix+policyName;
-
- StdPDPPolicy selectedPolicy = new StdPDPPolicy(id, true, name, selectedURI, isValid, policyId, description, pushVersion);
-
- logger.debug("StdPDPPolicy object contains: " + selectedPolicy.getId() + ", " + selectedPolicy.getName() + ", " + selectedPolicy.getLocation().toString());
-
- response = copyPolicy(selectedPolicy, pdpGroup, clientScope, requestID);
-
- logger.debug("copyPolicy response: " + response);
-
- if(response.contains("successfully")){
- response = (String) callPAP(selectedPolicy, new String[]{"groupId=" + pdpGroup, "policyId="+id, "apiflag=addPolicyToGroup", "operation=PUT"}, requestID, clientScope);
- }
-
- logger.debug("Final API response: " + response);
- }
-
- return response;
-
- }
-
- private String deletePolicyFromPAP(DeletePolicyParameters parameters) {
- String response = null;
- String clientScope = null;
- String pdpGroup = parameters.getPdpGroup();
-
- if (pdpGroup==null){
- pdpGroup="NA";
- }
-
- //get the client scope based policy type
- if (parameters.getPolicyName().contains("Config_FW")){
- clientScope = "ConfigFirewall";
- } else if (parameters.getPolicyName().contains("Action")) {
- clientScope = "Action";
- } else if (parameters.getPolicyName().contains("Decision")){
- clientScope = "Decision";
- } else if (parameters.getPolicyName().contains("Config_Fault")){
- clientScope = "ConfigClosedLoop";
- } else if (parameters.getPolicyName().contains("Config_PM")){
- clientScope = "ConfigClosedLoop";
- } else if (parameters.getPolicyName().contains("Config_MS")){
- clientScope = "ConfigMS";
- } else if (parameters.getPolicyName().contains("Config_BRMS_Raw")){
- clientScope = "ConfigBrmsRaw";
- } else if (parameters.getPolicyName().contains("Config_BRMS_Param")){
- clientScope = "ConfigBrmsParam";
- } else {
- clientScope = "Config";
- }
-
- logger.debug("clientScope is " + clientScope);
-
- if (clientScope==null||clientScope.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name.");
- return XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name.";
- }
-
- if (parameters.getPolicyName()==null||parameters.getPolicyName().equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (parameters.getDeleteCondition()==null||parameters.getDeleteCondition().equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Delete Condition given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Delete Condition given.";
- } else {
-
- StdPAPPolicy deletePapPolicy = new StdPAPPolicy(parameters.getPolicyName(), parameters.getDeleteCondition().toString());
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(deletePapPolicy, new String[] {"groupId="+pdpGroup, "apiflag=deletePapApi", "operation=delete" }, parameters.getRequestID(), clientScope);
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- }
-
- return response;
- }
-
- private String deletePolicyFromPDP(DeletePolicyParameters parameters) {
- String response = null;
- String clientScope = null;
- String pdpGroup = parameters.getPdpGroup();
-
- if (pdpGroup==null){
- pdpGroup="NA";
- }
-
- //get the client scope based policy type
- if (parameters.getPolicyName().contains("Config_FW")){
- clientScope = "ConfigFirewall";
- } else if (parameters.getPolicyName().contains("Action")) {
- clientScope = "Action";
- } else if (parameters.getPolicyName().contains("Decision")){
- clientScope = "Decision";
- } else if (parameters.getPolicyName().contains("Config_Fault")){
- clientScope = "ConfigClosedLoop";
- } else if (parameters.getPolicyName().contains("Config_PM")){
- clientScope = "ConfigClosedLoop";
- } else if (parameters.getPolicyName().contains("Config_MS")){
- clientScope = "ConfigMS";
- }else if (parameters.getPolicyName().contains("Config_BRMS_Raw")){
- clientScope = "ConfigBrmsRaw";
- } else if (parameters.getPolicyName().contains("Config_BRMS_Param")){
- clientScope = "ConfigBrmsParam";
- } else {
- clientScope = "Config";
- }
-
- logger.debug("clientScope is " + clientScope);
-
- if (clientScope==null||clientScope.equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name.");
- return XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name.";
- }
-
- if (parameters.getPolicyName()==null||parameters.getPolicyName().equalsIgnoreCase("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given.";
- } else if (parameters.getPdpGroup()==null||parameters.getPdpGroup().equals("")){
- logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No PDP Group given.");
- response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No PDP Group given.";
- } else {
-
- //send JSON object to PAP
- try {
- response = (String) callPAP(null, new String[] {"policyName="+parameters.getPolicyName(), "groupId="+pdpGroup, "apiflag=deletePdpApi", "operation=delete" }, parameters.getRequestID(), clientScope);
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- }
-
- return response;
- }
-
- /*
- * Copy a single Policy file from the input stream to the PAP Servlet.
- * Either this works (silently) or it throws an exception.
- *
- */
- public String copyFile(String policyId, String group, StdPAPPolicy location, String clientScope, UUID requestID) throws PAPException {
- String response = null;
- //String clientScope = null;
-
- // send the policy file to the PAP Servlet
- try {
- response = (String) callPAP(location, new String[] {"groupId=" + group, "policyId="+policyId, "apiflag=api", "operation=post"}, requestID, clientScope);
- } catch (Exception e) {
- String message = "Unable to PUT policy '" + policyId + "', e:" + e;
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e);
- throw new PAPException(message);
- }
-
- return response;
- }
-
- public String copyPolicy(PDPPolicy policy, String group, String policyType, UUID requestID) throws PAPException {
- String response = null;
-
- if (policy == null || group == null) {
- throw new PAPException("Null input policy="+policy+" group="+group);