* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
+import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.InvalidKeyException;
import java.security.Key;
+import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Set;
import java.util.UUID;
+import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathFactory;
+import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
+import org.elasticsearch.common.Strings;
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.eelf.PolicyLogger;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.pap.xacml.rest.XACMLPapServlet;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.adapter.PolicyRestAdapter;
+import org.onap.policy.rest.dao.PolicyDBException;
import org.onap.policy.rest.jpa.ActionBodyEntity;
import org.onap.policy.rest.jpa.ConfigurationDataEntity;
import org.onap.policy.rest.jpa.DatabaseLockEntity;
import org.onap.policy.rest.jpa.PolicyDBDaoEntity;
import org.onap.policy.rest.jpa.PolicyEntity;
import org.onap.policy.rest.util.Webapps;
+import org.onap.policy.utils.CryptoUtils;
import org.onap.policy.xacml.api.pap.OnapPDP;
import org.onap.policy.xacml.api.pap.OnapPDPGroup;
import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
import org.onap.policy.xacml.std.pap.StdPDPGroup;
import org.onap.policy.xacml.std.pap.StdPDPPolicy;
+import org.onap.policy.xacml.util.XACMLPolicyScanner;
import org.onap.policy.xacml.util.XACMLPolicyWriter;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
* @return The new instance of PolicyDBDao or throw exception if the given emf is null.
* @throws IllegalStateException if a PolicyDBDao has already been constructed. Call getPolicyDBDaoInstance() to get this.
*/
- public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf) throws Exception{
+ public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf){
logger.debug("getPolicyDBDaoInstance(EntityManagerFactory emf) as getPolicyDBDaoInstance("+emf+") called");
if(currentInstance == null){
if(emf != null){
* @return The instance of PolicyDBDao or throws exception if the given instance is null.
* @throws IllegalStateException if a PolicyDBDao instance is null. Call createPolicyDBDaoInstance(EntityManagerFactory emf) to get this.
*/
- public static PolicyDBDao getPolicyDBDaoInstance() throws Exception{
+ public static PolicyDBDao getPolicyDBDaoInstance(){
logger.debug("getPolicyDBDaoInstance() as getPolicyDBDaoInstance() called");
if(currentInstance != null){
return currentInstance;
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.warn("List of remote PolicyDBDaos will be empty", e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
}
}
if(urlUserPass[2] == null || urlUserPass[2].equals("")){
- String passwordPropertyValue = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
+ String passwordPropertyValue = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
if(passwordPropertyValue != null){
urlUserPass[2] = passwordPropertyValue;
}
return urlUserPass;
}
- private static String encryptPassword(String password) throws Exception{
- Cipher cipher = Cipher.getInstance("AES");
- cipher.init(Cipher.ENCRYPT_MODE, aesKey());
- byte[] encryption = cipher.doFinal(password.getBytes("UTF-8"));
- System.out.println(encryption);
- return new String(Base64.getMimeEncoder().encode(encryption),"UTF-8");
- }
-
- private static String decryptPassword(String encryptedPassword) throws Exception{
- Cipher cipher = Cipher.getInstance("AES");
- cipher.init(Cipher.DECRYPT_MODE, aesKey());
- byte[] password = cipher.doFinal(Base64.getDecoder().decode(encryptedPassword.getBytes("UTF-8")));
- return new String(password,"UTF-8");
- }
- private static Key aesKey(){
- byte[] aesValue = (new String("njrmbklcxtoplawf")).getBytes();
- return new SecretKeySpec(aesValue,"AES");
- }
/**
* Register the PolicyDBDao instance in the PolicyDBDaoEntity table
* @return Boolean, were we able to register?
private boolean register(){
logger.debug("register() as register() called");
String[] url = getPapUrlUserPass();
+ //--- check URL length
+ if(url == null || url.length<3){
+ return false;
+ }
+
EntityManager em = emf.createEntityManager();
try{
startTransactionSynced(em, 1000);
PolicyDBDaoEntity foundPolicyDBDaoEntity = em.find(PolicyDBDaoEntity.class, url[0]);
Query getPolicyDBDaoEntityQuery = em.createQuery("SELECT e FROM PolicyDBDaoEntity e WHERE e.policyDBDaoUrl=:url");
getPolicyDBDaoEntityQuery.setParameter("url", url[0]);
+ // encrypt the password
+ String txt = null;
+ try{
+ txt = CryptoUtils.encryptTxt(url[2].getBytes(StandardCharsets.UTF_8));
+ } catch(Exception e){
+ logger.debug(e);
+ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password");
+ }
if(foundPolicyDBDaoEntity == null){
PolicyDBDaoEntity newPolicyDBDaoEntity = new PolicyDBDaoEntity();
em.persist(newPolicyDBDaoEntity);
newPolicyDBDaoEntity.setPolicyDBDaoUrl(url[0]);
newPolicyDBDaoEntity.setDescription("PAP server at "+url[0]);
newPolicyDBDaoEntity.setUsername(url[1]);
- try{
- newPolicyDBDaoEntity.setPassword(encryptPassword(url[2]));
- } catch(Exception e){
- PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password");
- }
+ newPolicyDBDaoEntity.setPassword(txt);
+
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.debug(e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
+ logger.debug(e2);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not add new PolicyDBDao to the database");
}
}
} else {
//just want to update in order to change modified date
- String encryptedPassword = null;
- try{
- encryptedPassword = encryptPassword(url[2]);
- } catch(Exception e){
- PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password");
- }
+
if(url[1] != null && !stringEquals(url[1], foundPolicyDBDaoEntity.getUsername())){
foundPolicyDBDaoEntity.setUsername(url[1]);
}
- if(encryptedPassword != null && !stringEquals(encryptedPassword, foundPolicyDBDaoEntity.getPassword())){
- foundPolicyDBDaoEntity.setPassword(encryptedPassword);
+ if(txt != null && !stringEquals(txt, foundPolicyDBDaoEntity.getPassword())){
+ foundPolicyDBDaoEntity.setPassword(txt);
}
+
foundPolicyDBDaoEntity.preUpdate();
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.debug(e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
+ logger.debug(e2);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not update PolicyDBDao in the database");
}
}
PolicyDBDaoEntity dbdEntity = (PolicyDBDaoEntity)obj;
String o = dbdEntity.getPolicyDBDaoUrl();
String username = dbdEntity.getUsername();
- String password;
+ String txt;
try{
- password = decryptPassword(dbdEntity.getPassword());
+ txt = new String(CryptoUtils.decryptTxt(dbdEntity.getPassword()), StandardCharsets.UTF_8);
} catch(Exception e){
+ logger.debug(e);
//if we can't decrypt, might as well try it anyway
- password = dbdEntity.getPassword();
+ txt = dbdEntity.getPassword();
}
+
Base64.Encoder encoder = Base64.getEncoder();
- String encoding = encoder.encodeToString((username+":"+password).getBytes(StandardCharsets.UTF_8));
+ String encoding = encoder.encodeToString((username+":"+txt).getBytes(StandardCharsets.UTF_8));
HttpURLConnection connection = null;
UUID requestID = UUID.randomUUID();
URL url;
//
// Open up the connection
//
- logger.debug("Connecting with url: "+url);
+ logger.info("PolicyDBDao: NotifyOtherThread: notifying other PAPs of an update");
+ logger.info("Connecting with url: "+url);
try {
connection = (HttpURLConnection)url.openConnection();
} catch (Exception e) {
readTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_NOTIFY_TIMEOUT));
} catch(Exception e){
- logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default.");
+ logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default.", e);
readTimeout = 10000;
}
connection.setReadTimeout(readTimeout);
}
try {
if (connection.getResponseCode() == 200) {
- logger.info("Received response 200 from pap server on notify");
- //notified = true;
+ logger.info("PolicyDBDao: NotifyOtherThread received response 200 from pap server on notify");
} else {
- logger.warn("connection response code not 200, received: "+connection.getResponseCode());
+ logger.warn("PolicyDBDao: NotifyOtherThread connection response code not 200, received: "+connection.getResponseCode());
}
} catch (Exception e) {
logger.warn("Caught Exception on: connection.getResponseCode() ", e);
handleIncomingPolicyChange(url, entityId,extraData);
break;
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPolicyChange("+url+", "+entityId+", "+extraData+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
handleIncomingPdpChange(url, entityId, transaction);
break;
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPdpChange("+url+", "+entityId+", "+transaction+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
handleIncomingGroupChange(url, entityId, extraData, transaction, xacmlPapServlet);
break;
}catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingGroupChange("+url+", "+entityId+", "+extraData+", "+transaction+", "+xacmlPapServlet+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
//no changes should be being made in this function, we still need to close
transaction.rollbackTransaction();
}
- private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException{
+ private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException, PolicyDBException{
GroupEntity groupRecord = null;
long groupIdLong = -1;
try{
//set default if it should be
if(!localGroupClone.isDefaultGroup() && groupRecord.isDefaultGroup()){
try {
- papEngine.SetDefaultGroup(localGroup);
+ papEngine.setDefaultGroup(localGroup);
return;
} catch (PAPException e) {
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught PAPException trying to set default group with papEngine.SetDefaultGroup("+localGroupClone+");");
//call command that corresponds to the change that was made
}
//this will also handle removes, since incoming pdpGroup has no policies internally, we are just going to add them all in from the db
- private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException{
+ private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException, PolicyDBException{
if(!(pdpGroup instanceof StdPDPGroup)){
throw new PAPException("group is not a StdPDPGroup");
}
if(currentPolicySet.containsKey(pdpPolicyName)){
newPolicySet.add(currentPolicySet.get(pdpPolicyName));
} else{
+ logger.info("PolicyDBDao: Adding the new policy to the PDP group after notification: " + pdpPolicyName);
InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes());
group.copyPolicyToFile(pdpPolicyName,policyStream);
- ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(policy.getPolicyName()));
+ ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(pdpPolicyName));
try {
policyStream.close();
} catch (IOException e) {
}
}
}
+ logger.info("PolicyDBDao: Adding updated policies to group after notification.");
if(didUpdate){
newPolicySet.addAll(group.getPolicies());
group.setPolicies(newPolicySet);
return didUpdate;
}
- private String removeExtensionAndVersionFromPolicyName(String originalPolicyName){
+
+ /*
+ * This method is called during all pushPolicy transactions and makes sure the file system
+ * group is in sync with the database groupentity
+ */
+ private StdPDPGroup synchronizeGroupPoliciesInFileSystem(StdPDPGroup pdpGroup, GroupEntity groupentity) throws PAPException, PolicyDBException{
+
+ HashMap<String,PDPPolicy> currentPolicyMap = new HashMap<>();
+ HashSet<String> newPolicyIdSet = new HashSet<>();
+ HashSet<PDPPolicy> newPolicySet = new HashSet<>();
+
+ for(PDPPolicy pdpPolicy : pdpGroup.getPolicies()){
+ currentPolicyMap.put(pdpPolicy.getId(), pdpPolicy);
+ }
+
+ for(PolicyEntity policy : groupentity.getPolicies()){
+ String pdpPolicyId = getPdpPolicyName(policy.getPolicyName(), policy.getScope());
+ newPolicyIdSet.add(pdpPolicyId);
+
+ if(currentPolicyMap.containsKey(pdpPolicyId)){
+ newPolicySet.add(currentPolicyMap.get(pdpPolicyId));
+ } else {
+
+ //convert PolicyEntity object to PDPPolicy
+ String name = null;
+ name = pdpPolicyId.replace(".xml", "");
+ name = name.substring(0, name.lastIndexOf("."));
+ InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes());
+ pdpGroup.copyPolicyToFile(pdpPolicyId,name,policyStream);
+ URI location = Paths.get(pdpGroup.getDirectory().toAbsolutePath().toString(), pdpPolicyId).toUri();
+ StdPDPPolicy newPolicy = null;
+ try {
+ newPolicy = new StdPDPPolicy(pdpPolicyId, true, removeExtensionAndVersionFromPolicyName(pdpPolicyId),location);
+ newPolicySet.add(newPolicy);
+ } catch (Exception e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Exception occurred while creating the StdPDPPolicy newPolicy object " + e.getMessage());
+ }
+
+ }
+
+ }
+
+ for(String id : currentPolicyMap.keySet()) {
+ if(!newPolicyIdSet.contains(id)){
+ try {
+ Files.delete(Paths.get(currentPolicyMap.get(id).getLocation()));
+ } catch (Exception e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Exception occurred while attempting to delete the old version of the policy file from the group. " + e.getMessage());
+ }
+ }
+ }
+
+ logger.info("PolicyDBDao: Adding new policy set to group to keep filesystem and DB in sync");
+ pdpGroup.setPolicies(newPolicySet);
+
+ return pdpGroup;
+ }
+
+ private String removeExtensionAndVersionFromPolicyName(String originalPolicyName) throws PolicyDBException{
return getPolicyNameAndVersionFromPolicyFileName(originalPolicyName)[0];
}
* @param originalPolicyName: a policy file name ex: Config_policy.2.xml
* @return An array [0]: The policy name, [1]: the policy version, as a string
*/
- private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){
+ private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{
String policyName = originalPolicyName;
String[] nameAndVersion = new String[2];
try{
policyName = removeFileExtension(policyName);
nameAndVersion[0] = policyName.substring(0,policyName.lastIndexOf('.'));
if(isNullOrEmpty(nameAndVersion[0])){
- throw new Exception();
+ throw new PolicyDBException();
}
} catch(Exception e){
nameAndVersion[0] = originalPolicyName;
try{
nameAndVersion[1] = policyName.substring(policyName.lastIndexOf('.')+1);
if(isNullOrEmpty(nameAndVersion[1])){
- throw new Exception();
+ throw new PolicyDBException();
}
} catch(Exception e){
nameAndVersion[1] = "1";
try {
if(policy != null){
policyName = policy.getPolicyName();
- logger.debug("Deleting Policy: " + policy.getPolicyName());
+ logger.info("Deleting old Policy Config File for " + policy.getPolicyName());
action = "delete";
Path subFile = null;
}
private Path getPolicySubFile(String filename, String subFileType){
- logger.debug("getPolicySubFile(" + filename + ", " + subFileType + ")");
+ logger.info("getPolicySubFile(" + filename + ", " + subFileType + ")");
Path filePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS).toString(), subFileType);
File file = null;
finalPath = Paths.get(file.getAbsolutePath());
}
- logger.debug("end of getPolicySubFile: " + finalPath);
+ logger.info("end of getPolicySubFile: " + finalPath);
return finalPath;
}
}
}
+
+ public StdPDPGroup auditLocalFileSystem(StdPDPGroup group){
+
+ logger.info("Starting Local File System group audit");
+ EntityManager em = emf.createEntityManager();
+ em.getTransaction().begin();
+
+ Query groupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted");
+ groupQuery.setParameter("groupId", group.getId());
+ groupQuery.setParameter("deleted", false);
+ List<?> groupQueryList;
+ try{
+ groupQueryList = groupQuery.getResultList();
+ }catch(Exception e){
+ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if group exists groupQuery.getResultList()");
+ throw new PersistenceException("Query failed trying to check if group "+group.getId()+" exists");
+ }
+
+ GroupEntity dbgroup = null;
+ if(groupQueryList!=null){
+ dbgroup = (GroupEntity)groupQueryList.get(0);
+ }
+
+ em.getTransaction().commit();
+ em.close();
+
+ StdPDPGroup updatedGroup = null;
+ try {
+ updatedGroup = synchronizeGroupPoliciesInFileSystem(group, dbgroup);
+ } catch (PAPException e) {
+ logger.error(e);
+ } catch (PolicyDBException e) {
+ logger.error(e);
+ }
+ logger.info("Group was updated during file system audit: " + updatedGroup.toString());
+ return updatedGroup;
+
+ }
+
public void deleteAllGroupTables(){
logger.debug("PolicyDBDao.deleteAllGroupTables() called");
EntityManager em = emf.createEntityManager();
try{
startTransactionSynced(this.em,transactionWaitTime);
} catch(Exception e){
+ logger.debug(e);
throw new PersistenceException("Could not lock transaction within "+transactionWaitTime+" milliseconds");
}
}
+ "\n TimeStamp = " + date.getTime()
+ "\n\n");
}
+ Thread.currentThread().interrupt();
return;
}
if(logger.isDebugEnabled()){
try{
em.close();
}catch(Exception e){
- logger.warn("Could not close already closed transaction");
+ logger.warn("Could not close already closed transaction", e);
}
}
try{
configPath = Paths.get(configPath).toString();
} catch(InvalidPathException e){
- logger.error("Invalid config path: "+configPath);
+ logger.error("Invalid config path: "+configPath, e);
throw new IllegalArgumentException("Invalid config path: "+configPath);
}
return configPath;
String prefix = null;
if (policy.policyAdapter.getPolicyType().equalsIgnoreCase("Config")) {
- prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.indexOf(policy.policyAdapter.getPolicyName()));
+ prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.lastIndexOf(policy.policyAdapter.getPolicyName()));
if(isNullOrEmpty(policy.policyAdapter.getConfigBodyData())){
String configData = "";
try{
@Override
public void updateGroup(OnapPDPGroup group, String username){
- logger.debug("updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called");
+ logger.info("PolicyDBDao: updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called");
if(group == null){
throw new IllegalArgumentException("PDPGroup group must not be null");
}
PolicyLogger.error("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database");
throw new PersistenceException("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database");
}
- GroupEntity groupToUpdate = (GroupEntity)getGroupQueryList.get(0);
- if(!stringEquals(groupToUpdate.getModifiedBy(), username)){
- groupToUpdate.setModifiedBy(username);
+ GroupEntity groupToUpdateInDB = (GroupEntity)getGroupQueryList.get(0);
+ if(!stringEquals(groupToUpdateInDB.getModifiedBy(), username)){
+ groupToUpdateInDB.setModifiedBy(username);
}
- if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdate.getDescription())){
- groupToUpdate.setDescription(group.getDescription());
+ if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdateInDB.getDescription())){
+ groupToUpdateInDB.setDescription(group.getDescription());
}
//let's find out what policies have been deleted
StdPDPGroup oldGroup = null;
if(oldGroup == null){
PolicyLogger.error("We cannot get the group from the papEngine to delete policies");
} else {
-
Set<String> newPolicySet = new HashSet<>(group.getPolicies().size());
//a multiple of n runtime is faster than n^2, so I am using a hashset to do the comparison
for(PDPPolicy pol: group.getPolicies()){
//should be fast since getPolicies uses a HashSet in StdPDPGroup
if(!newPolicySet.contains(pol.getId())){
String[] scopeAndName = getNameScopeAndVersionFromPdpPolicy(pol.getId());
- PolicyEntity policyToDelete;
+ PolicyEntity policyToDelete = null;
try{
- policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]);
+ if(scopeAndName!=null){
+ policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]);
+
+ if ("XACMLPapServlet.doDelete".equals(username)) {
+
+ Iterator<PolicyEntity> dbPolicyIt = groupToUpdateInDB.getPolicies().iterator();
+ String policyName = getPolicyNameAndVersionFromPolicyFileName(policyToDelete.getPolicyName())[0];
+
+ logger.info("PolicyDBDao: delete policy from GroupEntity");
+ try{
+ while(dbPolicyIt.hasNext()){
+ PolicyEntity dbpolicy = dbPolicyIt.next();
+ if(policyToDelete.getScope().equals(dbpolicy.getScope()) &&
+ getPolicyNameAndVersionFromPolicyFileName(dbpolicy.getPolicyName())[0].equals(policyName)) {
+ dbPolicyIt.remove();
+
+ logger.info("PolicyDBDao: deleting policy from the existing group:\n "
+ + "policyName is " + policyToDelete.getScope()+"."+policyToDelete.getPolicyName() + "\n"
+ + "group is " + groupToUpdateInDB.getGroupId());
+ }
+ }
+ }catch(Exception e){
+ logger.debug(e);
+ PolicyLogger.error("Could not delete policy with name: "+ policyToDelete.getScope()+"."+policyToDelete.getPolicyName()+"\n ID: "+ policyToDelete.getPolicyId());
+ }
+ }
+ }
+
}catch(Exception e){
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not get policy to remove: "+pol.getId());
throw new PersistenceException("Could not get policy to remove: "+pol.getId());
}
- groupToUpdate.getPolicies().remove(policyToDelete);
-
}
}
}
- if(group.getName() != null && !stringEquals(group.getName(),groupToUpdate.getgroupName())){
+
+ if(group.getName() != null && !stringEquals(group.getName(),groupToUpdateInDB.getgroupName())){
//we need to check if the new id exists in the database
String newGroupId = createNewPDPGroupId(group.getName());
Query checkGroupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted");
PolicyLogger.error("The new group name already exists, group id "+newGroupId);
throw new PersistenceException("The new group name already exists, group id "+newGroupId);
}
- groupToUpdate.setGroupId(newGroupId);
- groupToUpdate.setGroupName(group.getName());
+ groupToUpdateInDB.setGroupId(newGroupId);
+ groupToUpdateInDB.setGroupName(group.getName());
this.newGroupId = group.getId();
}
em.flush();
- this.groupId = groupToUpdate.getGroupKey();
+ this.groupId = groupToUpdateInDB.getGroupKey();
}
}
@Override
- public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PAPException {
+ public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PolicyDBException {
logger.debug("deleteGroup(PDPGroup group, PDPGroup moveToGroup, String username) as deleteGroup("+group+", "+moveToGroup+","+username+") called");
if(group == null){
throw new IllegalArgumentException("PDPGroup group cannot be null");
if(group.isDefaultGroup()){
PolicyLogger.error("The default group "+group.getId()+" was attempted to be deleted. It cannot be.");
- throw new PAPException("You cannot delete the default group.");
+ throw new PolicyDBException("You cannot delete the default group.");
}
synchronized(emLock){
checkBeforeOperationRun();
}
} else {
PolicyLogger.error("Group "+group.getId()+" is trying to be delted with PDPs. No group was provided to move them to");
- throw new PAPException("Group has PDPs. Must provide a group for them to move to");
+ throw new PolicyDBException("Group has PDPs. Must provide a group for them to move to");
}
}
}
@Override
- public void addPolicyToGroup(String groupID, String policyID, String username) {
- logger.debug("addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called");
+ public StdPDPGroup addPolicyToGroup(String groupID, String policyID, String username) throws PolicyDBException {
+ logger.info("PolicyDBDao: addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called");
if(isNullOrEmpty(groupID, policyID, username)){
throw new IllegalArgumentException("groupID, policyID, and username must not be null or empty");
}
PolicyLogger.error("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted");
throw new PersistenceException("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted");
}
+
//we need to convert the form of the policy id that is used groups into the form that is used
//for the database. (com.Config_mypol.1.xml) to (Config_mypol.xml)
String[] policyNameScopeAndVersion = getNameScopeAndVersionFromPdpPolicy(policyID);
try{
policyQueryList = policyQuery.getResultList();
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if policy exists policyQuery.getResultList()");
throw new PersistenceException("Query failed trying to check if policy "+policyNameScopeAndVersion[0]+" exists");
}
PolicyLogger.error("Somehow, more than one policy with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted");
throw new PersistenceException("Somehow, more than one group with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted");
}
+ logger.info("PolicyDBDao: Getting group and policy from database");
GroupEntity group = (GroupEntity)groupQueryList.get(0);
PolicyEntity policy = (PolicyEntity)policyQueryList.get(0);
Iterator<PolicyEntity> policyIt = group.getPolicies().iterator();
String policyName = getPolicyNameAndVersionFromPolicyFileName(policy.getPolicyName())[0];
+
+ logger.info("PolicyDBDao: policyName retrieved is " + policyName);
try{
- while(policyIt.hasNext()){
- PolicyEntity pol = policyIt.next();
- if(getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)){
- policyIt.remove();
- }
- }
+ while(policyIt.hasNext()){
+ PolicyEntity pol = policyIt.next();
+ if(policy.getScope().equals(pol.getScope()) &&
+ getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)) {
+ policyIt.remove();
+ }
+ }
}catch(Exception e){
+ logger.debug(e);
PolicyLogger.error("Could not delete old versions for policy "+policy.getPolicyName()+", ID: "+policy.getPolicyId());
}
group.addPolicyToGroup(policy);
em.flush();
+
+ // After adding policy to the db group we need to make sure the filesytem group is in sync with the db group
+ StdPDPGroup pdpGroup = null;
+ StdPDPGroup updatedGroup = null;
+ try {
+ pdpGroup = (StdPDPGroup) papEngine.getGroup(group.getGroupId());
+ updatedGroup = synchronizeGroupPoliciesInFileSystem(pdpGroup, group);
+ } catch (PAPException e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Could not synchronize the filesystem group with the database group. " + e.getMessage());
+ }
+
+ return updatedGroup;
}
}
String computeScope(String fullPath, String pathToExclude){
return PolicyDBDao.computeScope(fullPath, pathToExclude);
}
- String encryptPassword(String password) throws Exception{
- return PolicyDBDao.encryptPassword(password);
- }
- String decryptPassword(String password) throws Exception{
- return PolicyDBDao.decryptPassword(password);
- }
String getDescriptionFromXacml(String xacmlData){
return PolicyDBDao.getDescriptionFromXacml(xacmlData);
}
- String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){
+ String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{
return PolicyDBDao.this.getPolicyNameAndVersionFromPolicyFileName(originalPolicyName);
}
}
-}
+}
\ No newline at end of file
Code Review / policy / engine.git / blobdiff