+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.Access;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.CadiWrap;\r
-import com.att.cadi.Connector;\r
-import com.att.cadi.LocatorException;\r
-import com.att.cadi.Lur;\r
-import com.att.cadi.SecuritySetter;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.aaf.marshal.CertsMarshal;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.config.SecurityInfo;\r
-import com.att.cadi.lur.EpiLur;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.util.Split;\r
-import com.att.rosetta.env.RosettaDF;\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Users;\r
-\r
-public abstract class AAFCon<CLIENT> implements Connector {\r
- public static final String AAF_VERSION = "2.0";\r
-\r
- final public Access access;\r
- // Package access\r
- final public int timeout, cleanInterval, connTimeout;\r
- final public int highCount, userExpires, usageRefreshTriggerCount;\r
- private Rcli<CLIENT> client = null;\r
- final public RosettaDF<Perms> permsDF;\r
- final public RosettaDF<Certs> certsDF;\r
- final public RosettaDF<Users> usersDF;\r
- private String realm;\r
- public final String app;\r
- protected SecuritySetter<CLIENT> ss;\r
- protected SecurityInfo<CLIENT> si;\r
- protected final URI initURI;\r
-\r
- public Rcli<CLIENT> client(String apiVersion) throws CadiException {\r
- if(client==null) {\r
- client = rclient(initURI,ss);\r
- client.apiVersion(apiVersion)\r
- .readTimeout(connTimeout);\r
- }\r
- return client;\r
- }\r
- \r
- protected AAFCon(Access access, String tag, SecurityInfo<CLIENT> si) throws CadiException{\r
- try {\r
- this.access = access;\r
- this.si = si;\r
- this.ss = si.defSS;\r
- if(ss==null) {\r
- String mechid = access.getProperty(Config.AAF_MECHID, null);\r
- String encpass = access.getProperty(Config.AAF_MECHPASS, null);\r
- if(encpass==null) {\r
- String alias = access.getProperty(Config.CADI_ALIAS, mechid);\r
- if(alias==null) {\r
- throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");\r
- }\r
- si.defSS=ss = x509Alias(alias);\r
- } else {\r
- if(mechid!=null && encpass !=null) {\r
- si.defSS=ss=basicAuth(mechid, encpass);\r
- } else {\r
- si.defSS=ss=new SecuritySetter<CLIENT>() {\r
- \r
- @Override\r
- public String getID() {\r
- return "";\r
- }\r
- \r
- @Override\r
- public void setSecurity(CLIENT client) throws CadiException {\r
- throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");\r
- }\r
- };\r
- }\r
- }\r
- }\r
- \r
- timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));\r
- cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));\r
- highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());\r
- connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());\r
- userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());\r
- usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based\r
- \r
- \r
- initURI = new URI(access.getProperty(tag,null));\r
- if(initURI==null) {\r
- throw new CadiException(tag + " property is required.");\r
- }\r
- \r
- app=reverseDomain(ss.getID());\r
- realm="openecomp.org";\r
- \r
- RosettaEnv env = new RosettaEnv();\r
- permsDF = env.newDataFactory(Perms.class);\r
- usersDF = env.newDataFactory(Users.class);\r
- certsDF = env.newDataFactory(Certs.class);\r
- certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling\r
- } catch (APIException|URISyntaxException e) {\r
- throw new CadiException("AAFCon cannot be configured",e);\r
- }\r
- }\r
- \r
- /**\r
- * Return the backing AAFCon, if there is a Lur Setup that is AAF.\r
- * \r
- * If there is no AAFLur setup, it will return "null"\r
- * @param servletRequest\r
- * @return\r
- */\r
- public static final AAFCon<?> obtain(Object servletRequest) {\r
- if(servletRequest instanceof CadiWrap) {\r
- Lur lur = ((CadiWrap)servletRequest).getLur();\r
- if(lur != null) {\r
- if(lur instanceof EpiLur) {\r
- AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);\r
- if(aal!=null) {\r
- return aal.aaf;\r
- }\r
- } else {\r
- if(lur instanceof AbsAAFLur) {\r
- return ((AbsAAFLur<?>)lur).aaf;\r
- }\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- public AAFAuthn<CLIENT> newAuthn() throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFLurPerm newLur() throws CadiException {\r
- try {\r
- return new AAFLurPerm(this);\r
- } catch (CadiException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFLurPerm(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- /**\r
- * Take a Fully Qualified User, and get a Namespace from it.\r
- * @param user\r
- * @return\r
- */\r
- public static String reverseDomain(String user) {\r
- StringBuilder sb = null;\r
- String[] split = Split.split('.',user);\r
- int at;\r
- for(int i=split.length-1;i>=0;--i) {\r
- if(sb == null) {\r
- sb = new StringBuilder();\r
- } else {\r
- sb.append('.');\r
- }\r
-\r
- if((at = split[i].indexOf('@'))>0) {\r
- sb.append(split[i].subSequence(at+1, split[i].length()));\r
- } else {\r
- sb.append(split[i]);\r
- }\r
- }\r
- \r
- return sb==null?"":sb.toString();\r
- }\r
-\r
- protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;\r
- \r
- public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;\r
-\r
-\r
- public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;\r
-\r
-\r
- public String getRealm() {\r
- return realm;\r
-\r
- }\r
-\r
- public SecuritySetter<CLIENT> set(SecuritySetter<CLIENT> ss) {\r
- this.ss = ss;\r
- if(client!=null) {\r
- client.setSecuritySetter(ss);\r
- }\r
- return ss;\r
- }\r
- \r
- public SecurityInfo<CLIENT> securityInfo() {\r
- return si;\r
- }\r
-\r
- public String defID() {\r
- if(ss!=null) {\r
- return ss.getID();\r
- }\r
- return "unknown";\r
- }\r
- \r
- public void invalidate() throws CadiException {\r
- if(client!=null) {\r
- client.invalidate();\r
- }\r
- client = null;\r
- }\r
-\r
-\r
-}\r