+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.net.URI;\r
-import java.security.Principal;\r
-import java.util.Map;\r
-import java.util.concurrent.ConcurrentHashMap;\r
-\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Connector;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;\r
-import org.onap.aaf.cadi.client.AbsBasicAuth;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.util.Vars;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Split;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Error;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Users;\r
-\r
-public abstract class AAFCon<CLIENT> implements Connector {\r
- public static final String AAF_LATEST_VERSION = "2.0";\r
-\r
- final public PropAccess access;\r
- // Package access\r
- final public int timeout, cleanInterval, connTimeout;\r
- final public int highCount, userExpires, usageRefreshTriggerCount;\r
- private Map<String,Rcli<CLIENT>> clients = new ConcurrentHashMap<String,Rcli<CLIENT>>();\r
- final public RosettaDF<Perms> permsDF;\r
- final public RosettaDF<Certs> certsDF;\r
- final public RosettaDF<Users> usersDF;\r
- final public RosettaDF<Error> errDF;\r
- private String realm;\r
- public final String app;\r
- protected SecuritySetter<CLIENT> ss;\r
- protected SecurityInfoC<CLIENT> si;\r
-\r
- private DisableCheck disableCheck;\r
-\r
- private AAFLurPerm lur;\r
-\r
- private RosettaEnv env;\r
- protected abstract URI initURI();\r
- protected abstract void setInitURI(String uriString) throws CadiException;\r
-\r
- /**\r
- * Use this call to get the appropriate client based on configuration (DME2, HTTP, future)\r
- * \r
- * @param apiVersion\r
- * @return\r
- * @throws CadiException\r
- */\r
- public Rcli<CLIENT> client(String apiVersion) throws CadiException {\r
- Rcli<CLIENT> client = clients.get(apiVersion);\r
- if(client==null) {\r
- client = rclient(initURI(),ss);\r
- client.apiVersion(apiVersion)\r
- .readTimeout(connTimeout);\r
- clients.put(apiVersion, client);\r
- } \r
- return client;\r
- }\r
- \r
- /**\r
- * Use this API when you have permission to have your call act as the end client's ID.\r
- * \r
- * Your calls will get 403 errors if you do not have this permission. it is a special setup, rarely given.\r
- * \r
- * @param apiVersion\r
- * @param req\r
- * @return\r
- * @throws CadiException\r
- */\r
- public Rcli<CLIENT> clientAs(String apiVersion, ServletRequest req) throws CadiException {\r
- Rcli<CLIENT> cl = client(apiVersion);\r
- return cl.forUser(transferSS(((HttpServletRequest)req).getUserPrincipal()));\r
- }\r
- \r
- protected AAFCon(AAFCon<CLIENT> copy) {\r
- access = copy.access;\r
- timeout = copy.timeout;\r
- cleanInterval = copy.cleanInterval;\r
- connTimeout = copy.connTimeout;\r
- highCount = copy.highCount;\r
- userExpires = copy.userExpires;\r
- usageRefreshTriggerCount = copy.usageRefreshTriggerCount;\r
- permsDF = copy.permsDF;\r
- certsDF = copy.certsDF;\r
- usersDF = copy.usersDF;\r
- errDF = copy.errDF;\r
- app = copy.app;\r
- ss = copy.ss;\r
- si = copy.si;\r
- env = copy.env;\r
- disableCheck = copy.disableCheck;\r
- realm = copy.realm;\r
- }\r
- \r
- protected AAFCon(PropAccess access, String tag, SecurityInfoC<CLIENT> si) throws CadiException{\r
- if(tag==null) {\r
- throw new CadiException("AAFCon cannot be constructed with a tag=null");\r
- }\r
- try {\r
- this.access = access;\r
- this.si = si;\r
- this.ss = si.defSS;\r
- if(ss==null) {\r
- String mechid = access.getProperty(Config.AAF_MECHID, null);\r
- String encpass = access.getProperty(Config.AAF_MECHPASS, null);\r
- if(encpass==null) {\r
- String alias = access.getProperty(Config.CADI_ALIAS, mechid);\r
- if(alias==null) {\r
- throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");\r
- }\r
- set(si.defSS=x509Alias(alias));\r
- } else {\r
- if(mechid!=null && encpass !=null) {\r
- set(si.defSS=basicAuth(mechid, encpass));\r
- } else {\r
- set(si.defSS=new SecuritySetter<CLIENT>() {\r
- \r
- @Override\r
- public String getID() {\r
- return "";\r
- }\r
- \r
- @Override\r
- public void setSecurity(CLIENT client) throws CadiException {\r
- throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");\r
- }\r
-\r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
- });\r
- }\r
- }\r
- }\r
- \r
- timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));\r
- cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));\r
- highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());\r
- connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());\r
- userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());\r
- usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based\r
- \r
- String str = access.getProperty(tag,null);\r
- if(str==null) {\r
- throw new CadiException(tag + " property is required.");\r
- }\r
- setInitURI(str);\r
- \r
- app=reverseDomain(ss.getID());\r
- realm="openecomp.org";\r
- \r
- env = new RosettaEnv();\r
- permsDF = env.newDataFactory(Perms.class);\r
- usersDF = env.newDataFactory(Users.class);\r
- certsDF = env.newDataFactory(Certs.class);\r
- certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling\r
- errDF = env.newDataFactory(Error.class);\r
- } catch (APIException e) {\r
- throw new CadiException("AAFCon cannot be configured",e);\r
- }\r
- }\r
- \r
- public RosettaEnv env() {\r
- return env;\r
- }\r
- \r
- /**\r
- * Return the backing AAFCon, if there is a Lur Setup that is AAF.\r
- * \r
- * If there is no AAFLur setup, it will return "null"\r
- * @param servletRequest\r
- * @return\r
- */\r
- public static final AAFCon<?> obtain(Object servletRequest) {\r
- if(servletRequest instanceof CadiWrap) {\r
- Lur lur = ((CadiWrap)servletRequest).getLur();\r
- if(lur != null) {\r
- if(lur instanceof EpiLur) {\r
- AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);\r
- if(aal!=null) {\r
- return aal.aaf;\r
- }\r
- } else {\r
- if(lur instanceof AbsAAFLur) {\r
- return ((AbsAAFLur<?>)lur).aaf;\r
- }\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- public abstract AAFCon<CLIENT> clone(String url) throws CadiException;\r
- \r
- public AAFAuthn<CLIENT> newAuthn() throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFLurPerm newLur() throws CadiException {\r
- try {\r
- if(lur==null) {\r
- return new AAFLurPerm(this);\r
- } else {\r
- return new AAFLurPerm(this,lur);\r
- }\r
- } catch (CadiException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFLurPerm(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- /**\r
- * Take a Fully Qualified User, and get a Namespace from it.\r
- * @param user\r
- * @return\r
- */\r
- public static String reverseDomain(String user) {\r
- StringBuilder sb = null;\r
- String[] split = Split.split('.',user);\r
- int at;\r
- for(int i=split.length-1;i>=0;--i) {\r
- if(sb == null) {\r
- sb = new StringBuilder();\r
- } else {\r
- sb.append('.');\r
- }\r
-\r
- if((at = split[i].indexOf('@'))>0) {\r
- sb.append(split[i].subSequence(at+1, split[i].length()));\r
- } else {\r
- sb.append(split[i]);\r
- }\r
- }\r
- \r
- return sb==null?"":sb.toString();\r
- }\r
-\r
- protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;\r
- \r
- public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;\r
-\r
-\r
- public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;\r
-\r
-\r
- public String getRealm() {\r
- return realm;\r
-\r
- }\r
-\r
- public SecuritySetter<CLIENT> set(final SecuritySetter<CLIENT> ss) {\r
- this.ss = ss;\r
- if(ss instanceof AbsBasicAuth) {\r
- disableCheck = (ss instanceof AbsBasicAuth)?\r
- new DisableCheck() {\r
- AbsBasicAuth<?> aba = (AbsBasicAuth<?>)ss;\r
- @Override\r
- public boolean isDisabled() {\r
- return aba.isDenied();\r
- }\r
- }:\r
- new DisableCheck() {\r
- @Override\r
- public boolean isDisabled() {\r
- return this.isDisabled();\r
- }\r
- };\r
- }\r
- for(Rcli<CLIENT> client : clients.values()) {\r
- client.setSecuritySetter(ss);\r
- }\r
- return ss;\r
- }\r
- \r
- public SecurityInfoC<CLIENT> securityInfo() {\r
- return si;\r
- }\r
-\r
- public String defID() {\r
- if(ss!=null) {\r
- return ss.getID();\r
- }\r
- return "unknown";\r
- }\r
- \r
- public void invalidate() throws CadiException {\r
- for(Rcli<CLIENT> client : clients.values()) {\r
- client.invalidate();\r
- clients.remove(client);\r
- }\r
- }\r
-\r
- public String readableErrMsg(Future<?> f) {\r
- String text = f.body();\r
- if(text==null || text.length()==0) {\r
- text = f.code() + ": **No Message**";\r
- } else if(text.contains("%")) {\r
- try {\r
- Error err = errDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
- return Vars.convert(err.getText(),err.getVariables());\r
- } catch (APIException e){\r
- // just return the body below\r
- }\r
- }\r
- return text;\r
- }\r
- \r
- private interface DisableCheck {\r
- public boolean isDisabled();\r
- };\r
- \r
- public boolean isDisabled() {\r
- return disableCheck.isDisabled();\r
- }\r
-}\r