--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ECOMP-PDP-REST
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.openecomp.policy.pdp.rest.config;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.StringTokenizer;
+
+import org.openecomp.policy.api.PolicyEngineException;
+import org.openecomp.policy.common.logging.eelf.MessageCodes;
+import org.openecomp.policy.common.logging.eelf.PolicyLogger;
+import org.openecomp.policy.rest.XACMLRestProperties;
+import org.openecomp.policy.utils.AAFPolicyClient;
+import org.openecomp.policy.utils.AAFPolicyException;
+import org.openecomp.policy.utils.PolicyUtils;
+import org.openecomp.policy.xacml.api.XACMLErrorConstants;
+
+import com.att.research.xacml.util.XACMLProperties;
+
+public class PDPApiAuth {
+ private static String environment = null;
+ private static Path clientPath = null;
+ private static Map<String,ArrayList<String>> clientMap = null;
+ private static Long oldModified = null;
+ private static AAFPolicyClient aafClient = null;
+
+ /*
+ * Set Property by reading the properties File.
+ */
+ public static void setProperty() {
+ environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
+ String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE);
+ if(clientFile!=null){
+ clientPath = Paths.get(clientFile);
+ }
+ try {
+ aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties());
+ } catch (AAFPolicyException | IOException e) {
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly.");
+ }
+ }
+
+ /*
+ * Return Environment value of the PDP servlet.
+ */
+ public static String getEnvironment() {
+ if(environment==null){
+ setProperty();
+ }
+ return environment;
+ }
+
+ /*
+ * Security check for authentication and authorizations.
+ */
+ public static boolean checkPermissions(String clientEncoding, String requestID,
+ String resource) {
+ try{
+ String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
+ if(userNamePass==null){
+ String usernameAndPassword = null;
+ byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ String username = tokenizer.nextToken();
+ String password = tokenizer.nextToken();
+ userNamePass= new String[]{username, password};
+ }
+ PolicyLogger.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
+ Boolean result = false;
+ // Check Backward Compatibility.
+ try{
+ result = clientAuth(userNamePass);
+ }catch(Exception e){
+ PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, "");
+ }
+ if(!result){
+ try{
+ String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
+ String aafResource = XACMLProperties.getProperty("policy.aaf.resource");
+ if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){
+ userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace;
+ }
+ if(aafResource != null){
+ resource = aafResource + resource;
+ }
+ PolicyLogger.info("Contacting AAF in : " + environment);
+ result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*");
+ }catch (NullPointerException e){
+ result = false;
+ }
+ }
+ return result;
+ }catch(Exception e){
+ PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, "");
+ return false;
+ }
+ }
+
+ private static Boolean clientAuth(String[] userNamePass) throws Exception{
+ if(clientPath==null){
+ setProperty();
+ }
+ if (Files.notExists(clientPath)) {
+ return false;
+ }else if(clientPath.toString().endsWith(".properties")) {
+ try {
+ readProps(clientPath);
+ if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
+ return true;
+ }
+ }catch(PolicyEngineException e){
+ return false;
+ }
+ }
+ return false;
+ }
+
+ private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{
+ if(oldModified!=null){
+ Long newModified = clientPath.toFile().lastModified();
+ if (newModified == oldModified) {
+ return clientMap;
+ }
+ }
+ InputStream in;
+ Properties clientProp = new Properties();
+ try {
+ in = new FileInputStream(clientPath.toFile());
+ clientProp.load(in);
+ } catch (IOException e) {
+ PolicyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
+ throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
+ }
+ // Read the Properties and Load the Clients and their scopes.
+ clientMap = new HashMap<String, ArrayList<String>>();
+ //
+ for (Object propKey : clientProp.keySet()) {
+ String clientID = (String)propKey;
+ String clientValue = clientProp.getProperty(clientID);
+ if (clientValue != null) {
+ if (clientValue.contains(",")) {
+ ArrayList<String> clientValues = new ArrayList<String>(Arrays.asList(clientValue.split("\\s*,\\s*")));
+ if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
+ clientMap.put(clientID, clientValues);
+ }
+ }
+ }
+ }
+ if (clientMap == null || clientMap.isEmpty()) {
+ PolicyLogger.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
+ throw new PolicyEngineException("Empty Client file");
+ }
+ oldModified = clientPath.toFile().lastModified();
+ return clientMap;
+ }
+}
Code Review / policy / engine.git / blobdiff