Remove Code from cadi, it is now in authz
[aaf/cadi.git] / aaf / src / main / java / org / onap / aaf / cadi / aaf / v2_0 / AAFCon.java
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java b/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
deleted file mode 100644 (file)
index 3ec6fed..0000000
+++ /dev/null
@@ -1,396 +0,0 @@
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- *  *      http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- *  * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.net.URI;\r
-import java.security.Principal;\r
-import java.util.Map;\r
-import java.util.concurrent.ConcurrentHashMap;\r
-\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Connector;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;\r
-import org.onap.aaf.cadi.client.AbsBasicAuth;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.util.Vars;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Split;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Error;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Users;\r
-\r
-public abstract class AAFCon<CLIENT> implements Connector {\r
-       public static final String AAF_LATEST_VERSION = "2.0";\r
-\r
-       final public PropAccess access;\r
-       // Package access\r
-       final public int timeout, cleanInterval, connTimeout;\r
-       final public int highCount, userExpires, usageRefreshTriggerCount;\r
-       private Map<String,Rcli<CLIENT>> clients = new ConcurrentHashMap<String,Rcli<CLIENT>>();\r
-       final public RosettaDF<Perms> permsDF;\r
-       final public RosettaDF<Certs> certsDF;\r
-       final public RosettaDF<Users> usersDF;\r
-       final public RosettaDF<Error> errDF;\r
-       private String realm;\r
-       public final String app;\r
-       protected SecuritySetter<CLIENT> ss;\r
-       protected SecurityInfoC<CLIENT> si;\r
-\r
-       private DisableCheck disableCheck;\r
-\r
-       private AAFLurPerm lur;\r
-\r
-       private RosettaEnv env;\r
-       protected abstract URI initURI();\r
-       protected abstract void setInitURI(String uriString) throws CadiException;\r
-\r
-       /**\r
-        * Use this call to get the appropriate client based on configuration (DME2, HTTP, future)\r
-        * \r
-        * @param apiVersion\r
-        * @return\r
-        * @throws CadiException\r
-        */\r
-       public Rcli<CLIENT> client(String apiVersion) throws CadiException {\r
-               Rcli<CLIENT> client = clients.get(apiVersion);\r
-               if(client==null) {\r
-                       client = rclient(initURI(),ss);\r
-                       client.apiVersion(apiVersion)\r
-                                 .readTimeout(connTimeout);\r
-                       clients.put(apiVersion, client);\r
-               } \r
-               return client;\r
-       }\r
-       \r
-       /**\r
-        * Use this API when you have permission to have your call act as the end client's ID.\r
-        * \r
-        *  Your calls will get 403 errors if you do not have this permission.  it is a special setup, rarely given.\r
-        * \r
-        * @param apiVersion\r
-        * @param req\r
-        * @return\r
-        * @throws CadiException\r
-        */\r
-       public Rcli<CLIENT> clientAs(String apiVersion, ServletRequest req) throws CadiException {\r
-               Rcli<CLIENT> cl = client(apiVersion);\r
-               return cl.forUser(transferSS(((HttpServletRequest)req).getUserPrincipal()));\r
-       }\r
-       \r
-       protected AAFCon(AAFCon<CLIENT> copy) {\r
-               access = copy.access;\r
-               timeout = copy.timeout;\r
-               cleanInterval = copy.cleanInterval;\r
-               connTimeout = copy.connTimeout;\r
-               highCount = copy.highCount;\r
-               userExpires = copy.userExpires;\r
-               usageRefreshTriggerCount = copy.usageRefreshTriggerCount;\r
-               permsDF = copy.permsDF;\r
-               certsDF = copy.certsDF;\r
-               usersDF = copy.usersDF;\r
-               errDF = copy.errDF;\r
-               app = copy.app;\r
-               ss = copy.ss;\r
-               si = copy.si;\r
-               env = copy.env;\r
-               disableCheck = copy.disableCheck;\r
-               realm = copy.realm;\r
-       }\r
-       \r
-       protected AAFCon(PropAccess access, String tag, SecurityInfoC<CLIENT> si) throws CadiException{\r
-               if(tag==null) {\r
-                       throw new CadiException("AAFCon cannot be constructed with a tag=null");\r
-               }\r
-               try {\r
-                       this.access = access;\r
-                       this.si = si;\r
-                       this.ss = si.defSS;\r
-                       if(ss==null) {\r
-                               String mechid = access.getProperty(Config.AAF_MECHID, null);\r
-                               String encpass = access.getProperty(Config.AAF_MECHPASS, null);\r
-                               if(encpass==null) {\r
-                                       String alias = access.getProperty(Config.CADI_ALIAS, mechid);\r
-                                       if(alias==null) {\r
-                                               throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");\r
-                                       }\r
-                                       set(si.defSS=x509Alias(alias));\r
-                               } else {\r
-                                       if(mechid!=null && encpass !=null) {\r
-                                               set(si.defSS=basicAuth(mechid, encpass));\r
-                                       } else {\r
-                                               set(si.defSS=new SecuritySetter<CLIENT>() {\r
-                                                       \r
-                                                       @Override\r
-                                                       public String getID() {\r
-                                                               return "";\r
-                                                       }\r
-                       \r
-                                                       @Override\r
-                                                       public void setSecurity(CLIENT client) throws CadiException {\r
-                                                               throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");\r
-                                                       }\r
-\r
-                                                       @Override\r
-                                                       public int setLastResponse(int respCode) {\r
-                                                               return 0;\r
-                                                       }\r
-                                               });\r
-                                       }\r
-                               }\r
-                       }\r
-                       \r
-                       timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));\r
-                       cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));\r
-                       highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());\r
-                       connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());\r
-                       userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());\r
-                       usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based\r
-       \r
-                       String str = access.getProperty(tag,null);\r
-                       if(str==null) {\r
-                               throw new CadiException(tag + " property is required.");\r
-                       }\r
-                       setInitURI(str);\r
-       \r
-                       app=reverseDomain(ss.getID());\r
-                       realm="openecomp.org";\r
-       \r
-                       env = new RosettaEnv();\r
-                       permsDF = env.newDataFactory(Perms.class);\r
-                       usersDF = env.newDataFactory(Users.class);\r
-                       certsDF = env.newDataFactory(Certs.class);\r
-                       certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling\r
-                       errDF = env.newDataFactory(Error.class);\r
-               } catch (APIException e) {\r
-                       throw new CadiException("AAFCon cannot be configured",e);\r
-               }\r
-       }\r
-       \r
-       public RosettaEnv env() {\r
-               return env;\r
-       }\r
-       \r
-       /**\r
-        * Return the backing AAFCon, if there is a Lur Setup that is AAF.\r
-        * \r
-        * If there is no AAFLur setup, it will return "null"\r
-        * @param servletRequest\r
-        * @return\r
-        */\r
-       public static final AAFCon<?> obtain(Object servletRequest) {\r
-               if(servletRequest instanceof CadiWrap) {\r
-                       Lur lur = ((CadiWrap)servletRequest).getLur();\r
-                       if(lur != null) {\r
-                               if(lur instanceof EpiLur) {\r
-                                       AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);\r
-                                       if(aal!=null) {\r
-                                               return aal.aaf;\r
-                                       }\r
-                               } else {\r
-                                       if(lur instanceof AbsAAFLur) {\r
-                                               return ((AbsAAFLur<?>)lur).aaf;\r
-                                       }\r
-                               }\r
-                       }\r
-               }\r
-               return null;\r
-       }\r
-       \r
-       public abstract AAFCon<CLIENT> clone(String url) throws CadiException;\r
-       \r
-       public AAFAuthn<CLIENT> newAuthn() throws APIException {\r
-               try {\r
-                       return new AAFAuthn<CLIENT>(this);\r
-               } catch (APIException e) {\r
-                       throw e;\r
-               } catch (Exception e) {\r
-                       throw new APIException(e);\r
-               }\r
-       }\r
-\r
-       public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {\r
-               try {\r
-                       return new AAFAuthn<CLIENT>(this,c);\r
-               } catch (APIException e) {\r
-                       throw e;\r
-               } catch (Exception e) {\r
-                       throw new APIException(e);\r
-               }\r
-       }\r
-\r
-       public AAFLurPerm newLur() throws CadiException {\r
-               try {\r
-                       if(lur==null) {\r
-                               return new AAFLurPerm(this);\r
-                       } else {\r
-                               return new AAFLurPerm(this,lur);\r
-                       }\r
-               } catch (CadiException e) {\r
-                       throw e;\r
-               } catch (Exception e) {\r
-                       throw new CadiException(e);\r
-               }\r
-       }\r
-       \r
-       public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {\r
-               try {\r
-                       return new AAFLurPerm(this,c);\r
-               } catch (APIException e) {\r
-                       throw e;\r
-               } catch (Exception e) {\r
-                       throw new APIException(e);\r
-               }\r
-       }\r
-\r
-       /**\r
-        * Take a Fully Qualified User, and get a Namespace from it.\r
-        * @param user\r
-        * @return\r
-        */\r
-       public static String reverseDomain(String user) {\r
-               StringBuilder sb = null;\r
-               String[] split = Split.split('.',user);\r
-               int at;\r
-               for(int i=split.length-1;i>=0;--i) {\r
-                       if(sb == null) {\r
-                               sb = new StringBuilder();\r
-                       } else {\r
-                               sb.append('.');\r
-                       }\r
-\r
-                       if((at = split[i].indexOf('@'))>0) {\r
-                               sb.append(split[i].subSequence(at+1, split[i].length()));\r
-                       } else {\r
-                               sb.append(split[i]);\r
-                       }\r
-               }\r
-               \r
-               return sb==null?"":sb.toString();\r
-       }\r
-\r
-       protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;\r
-       \r
-       public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;\r
-\r
-\r
-       public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;\r
-       \r
-       public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;\r
-       \r
-       public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;\r
-       \r
-       public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;\r
-\r
-\r
-       public String getRealm() {\r
-               return realm;\r
-\r
-       }\r
-\r
-       public SecuritySetter<CLIENT> set(final SecuritySetter<CLIENT> ss) {\r
-               this.ss = ss;\r
-               if(ss instanceof AbsBasicAuth) {\r
-                       disableCheck = (ss instanceof AbsBasicAuth)?\r
-                       new DisableCheck() {\r
-                               AbsBasicAuth<?> aba = (AbsBasicAuth<?>)ss;\r
-                               @Override\r
-                               public boolean isDisabled() {\r
-                                       return aba.isDenied();\r
-                               }\r
-                       }:\r
-                       new DisableCheck() {\r
-                               @Override\r
-                               public boolean isDisabled() {\r
-                                       return this.isDisabled();\r
-                               }\r
-                       };\r
-               }\r
-               for(Rcli<CLIENT> client : clients.values()) {\r
-                       client.setSecuritySetter(ss);\r
-               }\r
-               return ss;\r
-       }\r
-       \r
-       public SecurityInfoC<CLIENT> securityInfo() {\r
-               return si;\r
-       }\r
-\r
-       public String defID() {\r
-               if(ss!=null) {\r
-                       return ss.getID();\r
-               }\r
-               return "unknown";\r
-       }\r
-       \r
-       public void invalidate() throws CadiException {\r
-               for(Rcli<CLIENT> client : clients.values()) {\r
-                       client.invalidate();\r
-                       clients.remove(client);\r
-               }\r
-       }\r
-\r
-       public String readableErrMsg(Future<?> f) {\r
-               String text = f.body();\r
-               if(text==null || text.length()==0) {\r
-                       text = f.code() + ": **No Message**";\r
-               } else if(text.contains("%")) {\r
-                       try {\r
-                               Error err = errDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
-                               return Vars.convert(err.getText(),err.getVariables());\r
-                       } catch (APIException e){\r
-                               // just return the body below\r
-                       }\r
-               }\r
-               return text;\r
-       }\r
-       \r
-       private interface DisableCheck {\r
-               public boolean isDisabled();\r
-       };\r
-       \r
-       public boolean isDisabled() {\r
-               return disableCheck.isDisabled();\r
-       }\r
-}\r