+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.authz.cm.service;\r
-\r
-import java.lang.reflect.Constructor;\r
-import java.util.ArrayList;\r
-import java.util.EnumSet;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Properties;\r
-import java.util.TreeMap;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-//import com.att.aft.dme2.api.DME2FilterHolder;\r
-//import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.aft.dme2.api.DME2Server;\r
-import com.att.aft.dme2.api.DME2ServerProperties;\r
-import com.att.aft.dme2.api.DME2ServiceHolder;\r
-import com.att.aft.dme2.api.util.DME2FilterHolder;\r
-import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;\r
-import com.att.aft.dme2.api.util.DME2ServletHolder;\r
-//import com.att.aft.dme2.api.DME2ServletHolder;\r
-import com.att.authz.cm.api.API_Artifact;\r
-import com.att.authz.cm.api.API_Cert;\r
-import com.att.authz.cm.ca.CA;\r
-import com.att.authz.cm.facade.Facade1_0;\r
-import com.att.authz.cm.facade.FacadeFactory;\r
-import com.att.authz.cm.mapper.Mapper.API;\r
-import com.att.authz.env.AuthzEnv;\r
-import com.att.authz.env.AuthzTrans;\r
-import com.att.authz.env.AuthzTransFilter;\r
-import com.att.authz.server.AbsServer;\r
-import com.att.cache.Cache;\r
-import com.att.cache.Cache.Dated;\r
-import com.att.cadi.Access;\r
-import com.att.cadi.Access.Level;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.TrustChecker;\r
-import com.att.cadi.aaf.v2_0.AAFAuthn;\r
-import com.att.cadi.aaf.v2_0.AAFCon;\r
-import com.att.cadi.aaf.v2_0.AAFConHttp;\r
-import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
-import com.att.cadi.aaf.v2_0.AAFTrustChecker;\r
-import com.att.cadi.config.Config;\r
-import com.att.cssa.rserv.HttpMethods;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.Data;\r
-import com.att.inno.env.Env;\r
-import com.att.inno.env.Trans;\r
-import com.att.inno.env.util.Split;\r
-\r
-public class CertManAPI extends AbsServer {\r
-\r
- private static final String USER_PERMS = "userPerms";\r
- private static final Map<String,CA> certAuths = new TreeMap<String,CA>();\r
- private static final String AAF_CERTMAN_CA_PREFIX = null;\r
- public Facade1_0 facade1_0; // this is the default Facade\r
- public Facade1_0 facade1_0_XML; // this is the XML Facade\r
- public Map<String, Dated> cacheUser;\r
- public AAFAuthn<?> aafAuthn;\r
- public AAFLurPerm aafLurPerm;\r
-\r
- private String[] EMPTY;\r
- private AAFCon<?> aafcon;\r
- \r
- /**\r
- * Construct AuthzAPI with all the Context Supporting Routes that Authz needs\r
- * \r
- * @param env\r
- * @param si \r
- * @param dm \r
- * @param decryptor \r
- * @throws APIException \r
- */\r
- public CertManAPI(AuthzEnv env) throws Exception {\r
- super(env,"CertMan");\r
- env.setLog4JNames("log4j.properties","authz","cm","audit","init","trace");\r
- \r
- //aafcon = new AAFConHttp(env);\r
- \r
- aafLurPerm = aafcon.newLur();\r
- // Note: If you need both Authn and Authz construct the following:\r
- aafAuthn = aafcon.newAuthn(aafLurPerm);\r
-\r
- String aaf_env = env.getProperty(Config.AAF_ENV);\r
- if(aaf_env==null) {\r
- throw new APIException("aaf_env needs to be set");\r
- }\r
- \r
- // Initialize Facade for all uses\r
- AuthzTrans trans = env.newTrans();\r
- \r
- // Load Supported Certificate Authorities by property \r
- for(String key : env.existingStaticSlotNames()) {\r
- if(key.startsWith(AAF_CERTMAN_CA_PREFIX)) {\r
- int idx = key.indexOf('.');\r
- String[] params = Split.split(';', env.getProperty(key));\r
- if(params.length>1) {\r
- @SuppressWarnings("unchecked")\r
- Class<CA> cac = (Class<CA>)Class.forName((String)params[0]);\r
- Class<?> ptype[] = new Class<?>[params.length+1];\r
- ptype[0]=Trans.class;\r
- ptype[1]=String.class;\r
- Object pinst[] = new Object[params.length+1];\r
- pinst[0]=trans;\r
- pinst[1]= key.substring(idx+1);\r
- for(int i=1;i<params.length;++i) {\r
- idx = i+1;\r
- ptype[idx]=String.class;\r
- pinst[idx]=params[i];\r
- }\r
- Constructor<CA> cons = cac.getConstructor(ptype);\r
- CA ca = cons.newInstance(pinst);\r
- certAuths.put(ca.getName(),ca);\r
- }\r
- }\r
- }\r
- if(certAuths.size()==0) {\r
- throw new APIException("No Certificate Authorities have been configured in CertMan");\r
- }\r
- \r
- CMService service = new CMService(trans, this);\r
- // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor\r
- facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade\r
- facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); \r
- \r
-\r
- synchronized(env) {\r
- if(cacheUser == null) {\r
- cacheUser = Cache.obtain(USER_PERMS);\r
- Cache.startCleansing(env, USER_PERMS);\r
- Cache.addShutdownHook(); // Setup Shutdown Hook to close cache\r
- }\r
- }\r
- \r
- ////////////////////////////////////////////////////////////////////////////\r
- // APIs\r
- ////////////////////////////////////////////////////////////////////////\r
- API_Cert.init(this);\r
- API_Artifact.init(this);\r
- \r
- StringBuilder sb = new StringBuilder();\r
- trans.auditTrail(2, sb);\r
- trans.init().log(sb);\r
- }\r
- \r
- public CA getCA(String key) {\r
- return certAuths.get(key);\r
- }\r
-\r
- public String[] getTrustChain(String key) {\r
- CA ca = certAuths.get(key);\r
- if(ca==null) {\r
- return EMPTY;\r
- } else {\r
- return ca.getTrustChain();\r
- }\r
- }\r
-\r
- /**\r
- * Setup XML and JSON implementations for each supported Version type\r
- * \r
- * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties\r
- * to do Versions and Content switches\r
- * \r
- */\r
- public void route(HttpMethods meth, String path, API api, Code code) throws Exception {\r
- String version = "1.0";\r
- // Get Correct API Class from Mapper\r
- Class<?> respCls = facade1_0.mapper().getClass(api); \r
- if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());\r
- // setup Application API HTML ContentTypes for JSON and Route\r
- String application = applicationJSON(respCls, version);\r
- route(env,meth,path,code,application,"application/json;version="+version,"*/*");\r
-\r
- // setup Application API HTML ContentTypes for XML and Route\r
- application = applicationXML(respCls, version);\r
- route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);\r
- \r
- // Add other Supported APIs here as created\r
- }\r
- \r
- public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {\r
- route(env,meth,path,code,""); // this will always match\r
- }\r
-\r
-\r
- /**\r
- * Start up AuthzAPI as DME2 Service\r
- * @param env\r
- * @param props\r
- * @throws DME2Exception\r
- * @throws CadiException \r
- */\r
- public void startDME2(Properties props) throws DME2Exception, CadiException {\r
- DME2Manager dme2 = new DME2Manager("AAF Certman DME2Manager", props);\r
-\r
-\r
- DME2ServiceHolder svcHolder;\r
- List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();\r
- svcHolder = new DME2ServiceHolder();\r
- String serviceName = env.getProperty("DMEServiceName",null);\r
- if(serviceName!=null) {\r
- svcHolder.setServiceURI(serviceName);\r
- svcHolder.setManager(dme2);\r
- svcHolder.setContext("/");\r
- \r
- \r
- \r
- DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/cert"});\r
- srvHolder.setContextPath("/*");\r
- slist.add(srvHolder);\r
- \r
- EnumSet<RequestDispatcherType> edlist = EnumSet.of(\r
- RequestDispatcherType.REQUEST,\r
- RequestDispatcherType.FORWARD,\r
- RequestDispatcherType.ASYNC\r
- );\r
-\r
- ///////////////////////\r
- // Apply Filters\r
- ///////////////////////\r
- List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();\r
- \r
- // Secure all GUI interactions with AuthzTransFilter\r
- flist.add(new DME2FilterHolder(\r
- new AuthzTransFilter(env,aafcon,TrustChecker.NOTRUST),\r
- "/*", edlist));\r
- \r
-\r
- svcHolder.setFilters(flist);\r
- svcHolder.setServletHolders(slist);\r
- \r
- DME2Server dme2svr = dme2.getServer();\r
- DME2ServerProperties dsprops = dme2svr.getServerProperties();\r
- dsprops.setGracefulShutdownTimeMs(1000);\r
- \r
- env.init().log("Starting AAF Certman Jetty/DME2 server...");\r
- dme2svr.start();\r
- try {\r
-// if(env.getProperty("NO_REGISTER",null)!=null)\r
- dme2.bindService(svcHolder);\r
- env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());\r
- while(true) { // Per DME2 Examples...\r
- Thread.sleep(5000);\r
- }\r
- } catch(InterruptedException e) {\r
- env.init().log("AAF Jetty Server interrupted!");\r
- } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process\r
- env.init().log(e,"DME2 Initialization Error");\r
- dme2svr.stop();\r
- System.exit(1);\r
- }\r
- } else {\r
- env.init().log("Properties must contain DMEServiceName");\r
- }\r
- }\r
-\r
- public static void main(String[] args) {\r
- setup(CertManAPI.class, "certman.props");\r
-\r
- }\r
-\r
-}\r
Code Review / aaf / authz.git / blobdiff