+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Set;\r
-import java.util.TreeSet;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Hash;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.StrLur;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-\r
-/**\r
- * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms.\r
- * \r
- *\r
- */\r
-public final class LocalLur extends AbsUserCache<LocalPermission> implements StrLur, CredVal {\r
- public static final String SEMI = "\\s*;\\s*";\r
- public static final String COLON = "\\s*:\\s*";\r
- public static final String COMMA = "\\s*,\\s*";\r
- public static final String PERCENT = "\\s*%\\s*";\r
- \r
- // Use to quickly determine whether any given group is supported by this LUR\r
- private final Set<String> supportingGroups;\r
- private String supportedRealm; \r
- \r
- /**\r
- * Construct by building structure, see "build"\r
- * \r
- * Reconstruct with "build"\r
- * \r
- * @param userProperty\r
- * @param groupProperty\r
- * @param decryptor\r
- * @throws IOException\r
- */\r
- public LocalLur(Access access, String userProperty, String groupProperty) throws IOException {\r
- super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire\r
- supportedRealm = access.getProperty(Config.BASIC_REALM, "localized");\r
- supportingGroups = new TreeSet<String>();\r
- \r
- if(userProperty!=null) {\r
- // For each User name...\r
- for(String user : userProperty.trim().split(SEMI)) {\r
- String[] us = user.split(COLON,2);\r
- String[] userpass = us[0].split(PERCENT,2);\r
- String u;\r
- User<LocalPermission> usr;\r
- if(userpass.length>1) {\r
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {\r
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());\r
- }\r
-\r
- u = userpass[0];\r
- byte[] pass = access.decrypt(userpass[1], true).getBytes();\r
- usr = new User<LocalPermission>(new ConfigPrincipal(u, pass));\r
- } else {\r
- u = us[0];\r
- usr = new User<LocalPermission>(new ConfigPrincipal(u, (byte[])null));\r
- }\r
- addUser(usr);\r
- access.log(Level.INIT, "Local User:",usr.principal);\r
- \r
- if(us.length>1) {\r
- Map<String, Permission> newMap = usr.newMap();\r
- for(String group : us[1].split(COMMA)) {\r
- supportingGroups.add(group);\r
- usr.add(newMap,new LocalPermission(group));\r
- }\r
- usr.setMap(newMap);\r
- }\r
- }\r
- }\r
- if(groupProperty!=null) {\r
- // For each Group name...\r
- for(String group : groupProperty.trim().split(SEMI)) {\r
- String[] gs = group.split(COLON,2);\r
- if(gs.length>1) {\r
- supportingGroups.add(gs[0]);\r
- LocalPermission p = new LocalPermission(gs[0]);\r
- // Add all users (known by comma separators) \r
- \r
- for(String grpMem : gs[1].split(COMMA)) {\r
- // look for password, if so, put in passMap\r
- String[] userpass = grpMem.split(PERCENT,2);\r
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {\r
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());\r
- }\r
- User<LocalPermission> usr = getUser(userpass[0]);\r
- if(userpass.length>1) {\r
- byte[] pass = access.decrypt(userpass[1], true).getBytes();\r
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],pass)));\r
- else usr.principal=new ConfigPrincipal(userpass[0],pass);\r
- } else {\r
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],(byte[])null)));\r
- }\r
- usr.add(p);\r
- access.log(Level.INIT, "Local User:",usr.principal);\r
- }\r
- }\r
- }\r
- }\r
- }\r
- \r
- public boolean validate(String user, CredVal.Type type, byte[] cred) {\r
- User<LocalPermission> usr = getUser(user);\r
- switch(type) {\r
- case PASSWORD:\r
- // covers null as well as bad pass\r
- if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) {\r
- return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred());\r
- }\r
- break;\r
- }\r
- return false;\r
- }\r
-\r
- // @Override\r
- public boolean fish(Principal bait, Permission pond) {\r
- if(supports(bait.getName()) && pond instanceof LocalPermission) { // local Users only have LocalPermissions\r
- User<LocalPermission> user = getUser(bait);\r
- return user==null?false:user.contains((LocalPermission)pond);\r
- }\r
- return false;\r
- }\r
-\r
- public boolean fish(String bait, Permission pond) {\r
- if(supports(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions\r
- User<LocalPermission> user = getUser(bait);\r
- return user==null?false:user.contains((LocalPermission)pond);\r
- }\r
- return false;\r
- }\r
-\r
- // We do not want to expose the actual Group, so make a copy.\r
- public void fishAll(Principal bait, List<Permission> perms) {\r
- if(supports(bait.getName())) {\r
- User<LocalPermission> user = getUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
-\r
- public void fishAll(String bait, List<Permission> perms) {\r
- if(supports(bait)) {\r
- User<LocalPermission> user = getUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
-\r
- public boolean supports(String userName) {\r
- return userName!=null && userName.endsWith(supportedRealm);\r
- }\r
-\r
- public boolean handlesExclusively(Permission pond) {\r
- return supportingGroups.contains(pond.getKey());\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#createPerm(java.lang.String)\r
- */\r
- @Override\r
- public Permission createPerm(String p) {\r
- return new LocalPermission(p);\r
- }\r
-\r
-}\r