X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2Fcomponents%2FPolicyDBDao.java;h=568830f53cb44e9fe5a4eb934644c2db1537ed3a;hb=5ba143338d6fbc2b4d1e36c0efcbbabe15c65301;hp=d2ed1ad51eb454833e708c78d27aabbe7f9a20ab;hpb=cbc5914ca2c1770797f6ad2a05ea9d7c30a55b63;p=policy%2Fengine.git diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java index d2ed1ad51..568830f53 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,16 +28,20 @@ import java.io.FileWriter; import java.io.IOException; import java.io.InputStream; import java.io.StringReader; +import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.ProtocolException; +import java.net.URI; import java.net.URL; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.InvalidPathException; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.InvalidKeyException; import java.security.Key; +import java.security.NoSuchAlgorithmException; import java.util.Base64; import java.util.Date; import java.util.HashMap; @@ -49,7 +53,10 @@ import java.util.Map; import java.util.Set; import java.util.UUID; +import javax.crypto.BadPaddingException; import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.SecretKeySpec; import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; @@ -62,8 +69,10 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathFactory; +import org.apache.commons.io.FileUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; +import org.elasticsearch.common.Strings; import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; @@ -71,6 +80,7 @@ import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.pap.xacml.rest.XACMLPapServlet; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.adapter.PolicyRestAdapter; +import org.onap.policy.rest.dao.PolicyDBException; import org.onap.policy.rest.jpa.ActionBodyEntity; import org.onap.policy.rest.jpa.ConfigurationDataEntity; import org.onap.policy.rest.jpa.DatabaseLockEntity; @@ -79,11 +89,13 @@ import org.onap.policy.rest.jpa.PdpEntity; import org.onap.policy.rest.jpa.PolicyDBDaoEntity; import org.onap.policy.rest.jpa.PolicyEntity; import org.onap.policy.rest.util.Webapps; +import org.onap.policy.utils.CryptoUtils; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; import org.onap.policy.xacml.std.pap.StdPDPGroup; import org.onap.policy.xacml.std.pap.StdPDPPolicy; +import org.onap.policy.xacml.util.XACMLPolicyScanner; import org.onap.policy.xacml.util.XACMLPolicyWriter; import org.w3c.dom.Document; import org.xml.sax.InputSource; @@ -115,7 +127,7 @@ public class PolicyDBDao { * @return The new instance of PolicyDBDao or throw exception if the given emf is null. * @throws IllegalStateException if a PolicyDBDao has already been constructed. Call getPolicyDBDaoInstance() to get this. */ - public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf) throws Exception{ + public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf){ logger.debug("getPolicyDBDaoInstance(EntityManagerFactory emf) as getPolicyDBDaoInstance("+emf+") called"); if(currentInstance == null){ if(emf != null){ @@ -132,7 +144,7 @@ public class PolicyDBDao { * @return The instance of PolicyDBDao or throws exception if the given instance is null. * @throws IllegalStateException if a PolicyDBDao instance is null. Call createPolicyDBDaoInstance(EntityManagerFactory emf) to get this. */ - public static PolicyDBDao getPolicyDBDaoInstance() throws Exception{ + public static PolicyDBDao getPolicyDBDaoInstance(){ logger.debug("getPolicyDBDaoInstance() as getPolicyDBDaoInstance() called"); if(currentInstance != null){ return currentInstance; @@ -217,6 +229,7 @@ public class PolicyDBDao { try{ em.getTransaction().commit(); } catch(Exception e){ + logger.warn("List of remote PolicyDBDaos will be empty", e); try{ em.getTransaction().rollback(); } catch(Exception e2){ @@ -314,7 +327,7 @@ public class PolicyDBDao { } } if(urlUserPass[2] == null || urlUserPass[2].equals("")){ - String passwordPropertyValue = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS); + String passwordPropertyValue = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); if(passwordPropertyValue != null){ urlUserPass[2] = passwordPropertyValue; } @@ -323,24 +336,6 @@ public class PolicyDBDao { return urlUserPass; } - private static String encryptPassword(String password) throws Exception{ - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(Cipher.ENCRYPT_MODE, aesKey()); - byte[] encryption = cipher.doFinal(password.getBytes("UTF-8")); - System.out.println(encryption); - return new String(Base64.getMimeEncoder().encode(encryption),"UTF-8"); - } - - private static String decryptPassword(String encryptedPassword) throws Exception{ - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(Cipher.DECRYPT_MODE, aesKey()); - byte[] password = cipher.doFinal(Base64.getDecoder().decode(encryptedPassword.getBytes("UTF-8"))); - return new String(password,"UTF-8"); - } - private static Key aesKey(){ - byte[] aesValue = (new String("njrmbklcxtoplawf")).getBytes(); - return new SecretKeySpec(aesValue,"AES"); - } /** * Register the PolicyDBDao instance in the PolicyDBDaoEntity table * @return Boolean, were we able to register? @@ -348,6 +343,11 @@ public class PolicyDBDao { private boolean register(){ logger.debug("register() as register() called"); String[] url = getPapUrlUserPass(); + //--- check URL length + if(url == null || url.length<3){ + return false; + } + EntityManager em = emf.createEntityManager(); try{ startTransactionSynced(em, 1000); @@ -381,47 +381,52 @@ public class PolicyDBDao { PolicyDBDaoEntity foundPolicyDBDaoEntity = em.find(PolicyDBDaoEntity.class, url[0]); Query getPolicyDBDaoEntityQuery = em.createQuery("SELECT e FROM PolicyDBDaoEntity e WHERE e.policyDBDaoUrl=:url"); getPolicyDBDaoEntityQuery.setParameter("url", url[0]); + // encrypt the password + String txt = null; + try{ + txt = CryptoUtils.encryptTxt(url[2].getBytes(StandardCharsets.UTF_8)); + } catch(Exception e){ + logger.debug(e); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); + } if(foundPolicyDBDaoEntity == null){ PolicyDBDaoEntity newPolicyDBDaoEntity = new PolicyDBDaoEntity(); em.persist(newPolicyDBDaoEntity); newPolicyDBDaoEntity.setPolicyDBDaoUrl(url[0]); newPolicyDBDaoEntity.setDescription("PAP server at "+url[0]); newPolicyDBDaoEntity.setUsername(url[1]); - try{ - newPolicyDBDaoEntity.setPassword(encryptPassword(url[2])); - } catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); - } + newPolicyDBDaoEntity.setPassword(txt); + try{ em.getTransaction().commit(); } catch(Exception e){ + logger.debug(e); try{ em.getTransaction().rollback(); } catch(Exception e2){ + logger.debug(e2); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not add new PolicyDBDao to the database"); } } } else { //just want to update in order to change modified date - String encryptedPassword = null; - try{ - encryptedPassword = encryptPassword(url[2]); - } catch(Exception e){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); - } + if(url[1] != null && !stringEquals(url[1], foundPolicyDBDaoEntity.getUsername())){ foundPolicyDBDaoEntity.setUsername(url[1]); } - if(encryptedPassword != null && !stringEquals(encryptedPassword, foundPolicyDBDaoEntity.getPassword())){ - foundPolicyDBDaoEntity.setPassword(encryptedPassword); + if(txt != null && !stringEquals(txt, foundPolicyDBDaoEntity.getPassword())){ + foundPolicyDBDaoEntity.setPassword(txt); } + foundPolicyDBDaoEntity.preUpdate(); try{ em.getTransaction().commit(); } catch(Exception e){ + logger.debug(e); try{ em.getTransaction().rollback(); } catch(Exception e2){ + logger.debug(e2); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not update PolicyDBDao in the database"); } } @@ -476,15 +481,17 @@ public class PolicyDBDao { PolicyDBDaoEntity dbdEntity = (PolicyDBDaoEntity)obj; String o = dbdEntity.getPolicyDBDaoUrl(); String username = dbdEntity.getUsername(); - String password; + String txt; try{ - password = decryptPassword(dbdEntity.getPassword()); + txt = new String(CryptoUtils.decryptTxt(dbdEntity.getPassword()), StandardCharsets.UTF_8); } catch(Exception e){ + logger.debug(e); //if we can't decrypt, might as well try it anyway - password = dbdEntity.getPassword(); + txt = dbdEntity.getPassword(); } + Base64.Encoder encoder = Base64.getEncoder(); - String encoding = encoder.encodeToString((username+":"+password).getBytes(StandardCharsets.UTF_8)); + String encoding = encoder.encodeToString((username+":"+txt).getBytes(StandardCharsets.UTF_8)); HttpURLConnection connection = null; UUID requestID = UUID.randomUUID(); URL url; @@ -521,7 +528,8 @@ public class PolicyDBDao { // // Open up the connection // - logger.debug("Connecting with url: "+url); + logger.info("PolicyDBDao: NotifyOtherThread: notifying other PAPs of an update"); + logger.info("Connecting with url: "+url); try { connection = (HttpURLConnection)url.openConnection(); } catch (Exception e) { @@ -547,7 +555,7 @@ public class PolicyDBDao { readTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_NOTIFY_TIMEOUT)); } catch(Exception e){ - logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default."); + logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default.", e); readTimeout = 10000; } connection.setReadTimeout(readTimeout); @@ -571,10 +579,9 @@ public class PolicyDBDao { } try { if (connection.getResponseCode() == 200) { - logger.info("Received response 200 from pap server on notify"); - //notified = true; + logger.info("PolicyDBDao: NotifyOtherThread received response 200 from pap server on notify"); } else { - logger.warn("connection response code not 200, received: "+connection.getResponseCode()); + logger.warn("PolicyDBDao: NotifyOtherThread connection response code not 200, received: "+connection.getResponseCode()); } } catch (Exception e) { logger.warn("Caught Exception on: connection.getResponseCode() ", e); @@ -643,11 +650,13 @@ public class PolicyDBDao { handleIncomingPolicyChange(url, entityId,extraData); break; } catch(Exception e){ + logger.debug(e); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPolicyChange("+url+", "+entityId+", "+extraData+")"); } try{ Thread.sleep(pauseBetweenRetries); }catch(InterruptedException ie){ + Thread.currentThread().interrupt(); break; } } @@ -658,11 +667,13 @@ public class PolicyDBDao { handleIncomingPdpChange(url, entityId, transaction); break; } catch(Exception e){ + logger.debug(e); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPdpChange("+url+", "+entityId+", "+transaction+")"); } try{ Thread.sleep(pauseBetweenRetries); }catch(InterruptedException ie){ + Thread.currentThread().interrupt(); break; } } @@ -673,11 +684,13 @@ public class PolicyDBDao { handleIncomingGroupChange(url, entityId, extraData, transaction, xacmlPapServlet); break; }catch(Exception e){ + logger.debug(e); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingGroupChange("+url+", "+entityId+", "+extraData+", "+transaction+", "+xacmlPapServlet+")"); } try{ Thread.sleep(pauseBetweenRetries); }catch(InterruptedException ie){ + Thread.currentThread().interrupt(); break; } } @@ -686,7 +699,7 @@ public class PolicyDBDao { //no changes should be being made in this function, we still need to close transaction.rollbackTransaction(); } - private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException{ + private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException, PolicyDBException{ GroupEntity groupRecord = null; long groupIdLong = -1; try{ @@ -775,7 +788,7 @@ public class PolicyDBDao { //set default if it should be if(!localGroupClone.isDefaultGroup() && groupRecord.isDefaultGroup()){ try { - papEngine.SetDefaultGroup(localGroup); + papEngine.setDefaultGroup(localGroup); return; } catch (PAPException e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught PAPException trying to set default group with papEngine.SetDefaultGroup("+localGroupClone+");"); @@ -810,7 +823,7 @@ public class PolicyDBDao { //call command that corresponds to the change that was made } //this will also handle removes, since incoming pdpGroup has no policies internally, we are just going to add them all in from the db - private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException{ + private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException, PolicyDBException{ if(!(pdpGroup instanceof StdPDPGroup)){ throw new PAPException("group is not a StdPDPGroup"); } @@ -829,9 +842,10 @@ public class PolicyDBDao { if(currentPolicySet.containsKey(pdpPolicyName)){ newPolicySet.add(currentPolicySet.get(pdpPolicyName)); } else{ + logger.info("PolicyDBDao: Adding the new policy to the PDP group after notification: " + pdpPolicyName); InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes()); group.copyPolicyToFile(pdpPolicyName,policyStream); - ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(policy.getPolicyName())); + ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(pdpPolicyName)); try { policyStream.close(); } catch (IOException e) { @@ -841,6 +855,7 @@ public class PolicyDBDao { } } } + logger.info("PolicyDBDao: Adding updated policies to group after notification."); if(didUpdate){ newPolicySet.addAll(group.getPolicies()); group.setPolicies(newPolicySet); @@ -848,7 +863,67 @@ public class PolicyDBDao { return didUpdate; } - private String removeExtensionAndVersionFromPolicyName(String originalPolicyName){ + + /* + * This method is called during all pushPolicy transactions and makes sure the file system + * group is in sync with the database groupentity + */ + private StdPDPGroup synchronizeGroupPoliciesInFileSystem(StdPDPGroup pdpGroup, GroupEntity groupentity) throws PAPException, PolicyDBException{ + + HashMap currentPolicyMap = new HashMap<>(); + HashSet newPolicyIdSet = new HashSet<>(); + HashSet newPolicySet = new HashSet<>(); + + for(PDPPolicy pdpPolicy : pdpGroup.getPolicies()){ + currentPolicyMap.put(pdpPolicy.getId(), pdpPolicy); + } + + for(PolicyEntity policy : groupentity.getPolicies()){ + String pdpPolicyId = getPdpPolicyName(policy.getPolicyName(), policy.getScope()); + newPolicyIdSet.add(pdpPolicyId); + + if(currentPolicyMap.containsKey(pdpPolicyId)){ + newPolicySet.add(currentPolicyMap.get(pdpPolicyId)); + } else { + + //convert PolicyEntity object to PDPPolicy + String name = null; + name = pdpPolicyId.replace(".xml", ""); + name = name.substring(0, name.lastIndexOf(".")); + InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes()); + pdpGroup.copyPolicyToFile(pdpPolicyId,name,policyStream); + URI location = Paths.get(pdpGroup.getDirectory().toAbsolutePath().toString(), pdpPolicyId).toUri(); + StdPDPPolicy newPolicy = null; + try { + newPolicy = new StdPDPPolicy(pdpPolicyId, true, removeExtensionAndVersionFromPolicyName(pdpPolicyId),location); + newPolicySet.add(newPolicy); + } catch (Exception e) { + logger.debug(e); + PolicyLogger.error("PolicyDBDao: Exception occurred while creating the StdPDPPolicy newPolicy object " + e.getMessage()); + } + + } + + } + + for(String id : currentPolicyMap.keySet()) { + if(!newPolicyIdSet.contains(id)){ + try { + Files.delete(Paths.get(currentPolicyMap.get(id).getLocation())); + } catch (Exception e) { + logger.debug(e); + PolicyLogger.error("PolicyDBDao: Exception occurred while attempting to delete the old version of the policy file from the group. " + e.getMessage()); + } + } + } + + logger.info("PolicyDBDao: Adding new policy set to group to keep filesystem and DB in sync"); + pdpGroup.setPolicies(newPolicySet); + + return pdpGroup; + } + + private String removeExtensionAndVersionFromPolicyName(String originalPolicyName) throws PolicyDBException{ return getPolicyNameAndVersionFromPolicyFileName(originalPolicyName)[0]; } @@ -857,14 +932,14 @@ public class PolicyDBDao { * @param originalPolicyName: a policy file name ex: Config_policy.2.xml * @return An array [0]: The policy name, [1]: the policy version, as a string */ - private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){ + private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{ String policyName = originalPolicyName; String[] nameAndVersion = new String[2]; try{ policyName = removeFileExtension(policyName); nameAndVersion[0] = policyName.substring(0,policyName.lastIndexOf('.')); if(isNullOrEmpty(nameAndVersion[0])){ - throw new Exception(); + throw new PolicyDBException(); } } catch(Exception e){ nameAndVersion[0] = originalPolicyName; @@ -873,7 +948,7 @@ public class PolicyDBDao { try{ nameAndVersion[1] = policyName.substring(policyName.lastIndexOf('.')+1); if(isNullOrEmpty(nameAndVersion[1])){ - throw new Exception(); + throw new PolicyDBException(); } } catch(Exception e){ nameAndVersion[1] = "1"; @@ -996,7 +1071,7 @@ public class PolicyDBDao { try { if(policy != null){ policyName = policy.getPolicyName(); - logger.debug("Deleting Policy: " + policy.getPolicyName()); + logger.info("Deleting old Policy Config File for " + policy.getPolicyName()); action = "delete"; Path subFile = null; @@ -1033,7 +1108,7 @@ public class PolicyDBDao { } private Path getPolicySubFile(String filename, String subFileType){ - logger.debug("getPolicySubFile(" + filename + ", " + subFileType + ")"); + logger.info("getPolicySubFile(" + filename + ", " + subFileType + ")"); Path filePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS).toString(), subFileType); File file = null; @@ -1050,7 +1125,7 @@ public class PolicyDBDao { finalPath = Paths.get(file.getAbsolutePath()); } - logger.debug("end of getPolicySubFile: " + finalPath); + logger.info("end of getPolicySubFile: " + finalPath); return finalPath; } @@ -1123,6 +1198,45 @@ public class PolicyDBDao { } } + + public StdPDPGroup auditLocalFileSystem(StdPDPGroup group){ + + logger.info("Starting Local File System group audit"); + EntityManager em = emf.createEntityManager(); + em.getTransaction().begin(); + + Query groupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"); + groupQuery.setParameter("groupId", group.getId()); + groupQuery.setParameter("deleted", false); + List groupQueryList; + try{ + groupQueryList = groupQuery.getResultList(); + }catch(Exception e){ + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if group exists groupQuery.getResultList()"); + throw new PersistenceException("Query failed trying to check if group "+group.getId()+" exists"); + } + + GroupEntity dbgroup = null; + if(groupQueryList!=null){ + dbgroup = (GroupEntity)groupQueryList.get(0); + } + + em.getTransaction().commit(); + em.close(); + + StdPDPGroup updatedGroup = null; + try { + updatedGroup = synchronizeGroupPoliciesInFileSystem(group, dbgroup); + } catch (PAPException e) { + logger.error(e); + } catch (PolicyDBException e) { + logger.error(e); + } + logger.info("Group was updated during file system audit: " + updatedGroup.toString()); + return updatedGroup; + + } + public void deleteAllGroupTables(){ logger.debug("PolicyDBDao.deleteAllGroupTables() called"); EntityManager em = emf.createEntityManager(); @@ -1338,6 +1452,7 @@ public class PolicyDBDao { try{ startTransactionSynced(this.em,transactionWaitTime); } catch(Exception e){ + logger.debug(e); throw new PersistenceException("Could not lock transaction within "+transactionWaitTime+" milliseconds"); } } @@ -1366,6 +1481,7 @@ public class PolicyDBDao { + "\n TimeStamp = " + date.getTime() + "\n\n"); } + Thread.currentThread().interrupt(); return; } if(logger.isDebugEnabled()){ @@ -1486,7 +1602,7 @@ public class PolicyDBDao { try{ em.close(); }catch(Exception e){ - logger.warn("Could not close already closed transaction"); + logger.warn("Could not close already closed transaction", e); } } @@ -2079,7 +2195,7 @@ public class PolicyDBDao { try{ configPath = Paths.get(configPath).toString(); } catch(InvalidPathException e){ - logger.error("Invalid config path: "+configPath); + logger.error("Invalid config path: "+configPath, e); throw new IllegalArgumentException("Invalid config path: "+configPath); } return configPath; @@ -2133,7 +2249,7 @@ public class PolicyDBDao { String prefix = null; if (policy.policyAdapter.getPolicyType().equalsIgnoreCase("Config")) { - prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.indexOf(policy.policyAdapter.getPolicyName())); + prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.lastIndexOf(policy.policyAdapter.getPolicyName())); if(isNullOrEmpty(policy.policyAdapter.getConfigBodyData())){ String configData = ""; try{ @@ -2254,7 +2370,7 @@ public class PolicyDBDao { @Override public void updateGroup(OnapPDPGroup group, String username){ - logger.debug("updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called"); + logger.info("PolicyDBDao: updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called"); if(group == null){ throw new IllegalArgumentException("PDPGroup group must not be null"); } @@ -2281,12 +2397,12 @@ public class PolicyDBDao { PolicyLogger.error("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database"); throw new PersistenceException("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database"); } - GroupEntity groupToUpdate = (GroupEntity)getGroupQueryList.get(0); - if(!stringEquals(groupToUpdate.getModifiedBy(), username)){ - groupToUpdate.setModifiedBy(username); + GroupEntity groupToUpdateInDB = (GroupEntity)getGroupQueryList.get(0); + if(!stringEquals(groupToUpdateInDB.getModifiedBy(), username)){ + groupToUpdateInDB.setModifiedBy(username); } - if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdate.getDescription())){ - groupToUpdate.setDescription(group.getDescription()); + if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdateInDB.getDescription())){ + groupToUpdateInDB.setDescription(group.getDescription()); } //let's find out what policies have been deleted StdPDPGroup oldGroup = null; @@ -2298,7 +2414,6 @@ public class PolicyDBDao { if(oldGroup == null){ PolicyLogger.error("We cannot get the group from the papEngine to delete policies"); } else { - Set newPolicySet = new HashSet<>(group.getPolicies().size()); //a multiple of n runtime is faster than n^2, so I am using a hashset to do the comparison for(PDPPolicy pol: group.getPolicies()){ @@ -2308,19 +2423,45 @@ public class PolicyDBDao { //should be fast since getPolicies uses a HashSet in StdPDPGroup if(!newPolicySet.contains(pol.getId())){ String[] scopeAndName = getNameScopeAndVersionFromPdpPolicy(pol.getId()); - PolicyEntity policyToDelete; + PolicyEntity policyToDelete = null; try{ - policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]); + if(scopeAndName!=null){ + policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]); + + if ("XACMLPapServlet.doDelete".equals(username)) { + + Iterator dbPolicyIt = groupToUpdateInDB.getPolicies().iterator(); + String policyName = getPolicyNameAndVersionFromPolicyFileName(policyToDelete.getPolicyName())[0]; + + logger.info("PolicyDBDao: delete policy from GroupEntity"); + try{ + while(dbPolicyIt.hasNext()){ + PolicyEntity dbpolicy = dbPolicyIt.next(); + if(policyToDelete.getScope().equals(dbpolicy.getScope()) && + getPolicyNameAndVersionFromPolicyFileName(dbpolicy.getPolicyName())[0].equals(policyName)) { + dbPolicyIt.remove(); + + logger.info("PolicyDBDao: deleting policy from the existing group:\n " + + "policyName is " + policyToDelete.getScope()+"."+policyToDelete.getPolicyName() + "\n" + + "group is " + groupToUpdateInDB.getGroupId()); + } + } + }catch(Exception e){ + logger.debug(e); + PolicyLogger.error("Could not delete policy with name: "+ policyToDelete.getScope()+"."+policyToDelete.getPolicyName()+"\n ID: "+ policyToDelete.getPolicyId()); + } + } + } + }catch(Exception e){ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not get policy to remove: "+pol.getId()); throw new PersistenceException("Could not get policy to remove: "+pol.getId()); } - groupToUpdate.getPolicies().remove(policyToDelete); - } } } - if(group.getName() != null && !stringEquals(group.getName(),groupToUpdate.getgroupName())){ + + if(group.getName() != null && !stringEquals(group.getName(),groupToUpdateInDB.getgroupName())){ //we need to check if the new id exists in the database String newGroupId = createNewPDPGroupId(group.getName()); Query checkGroupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"); @@ -2337,13 +2478,13 @@ public class PolicyDBDao { PolicyLogger.error("The new group name already exists, group id "+newGroupId); throw new PersistenceException("The new group name already exists, group id "+newGroupId); } - groupToUpdate.setGroupId(newGroupId); - groupToUpdate.setGroupName(group.getName()); + groupToUpdateInDB.setGroupId(newGroupId); + groupToUpdateInDB.setGroupName(group.getName()); this.newGroupId = group.getId(); } em.flush(); - this.groupId = groupToUpdate.getGroupKey(); + this.groupId = groupToUpdateInDB.getGroupKey(); } } @@ -2568,7 +2709,7 @@ public class PolicyDBDao { @Override - public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PAPException { + public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PolicyDBException { logger.debug("deleteGroup(PDPGroup group, PDPGroup moveToGroup, String username) as deleteGroup("+group+", "+moveToGroup+","+username+") called"); if(group == null){ throw new IllegalArgumentException("PDPGroup group cannot be null"); @@ -2579,7 +2720,7 @@ public class PolicyDBDao { if(group.isDefaultGroup()){ PolicyLogger.error("The default group "+group.getId()+" was attempted to be deleted. It cannot be."); - throw new PAPException("You cannot delete the default group."); + throw new PolicyDBException("You cannot delete the default group."); } synchronized(emLock){ checkBeforeOperationRun(); @@ -2649,7 +2790,7 @@ public class PolicyDBDao { } } else { PolicyLogger.error("Group "+group.getId()+" is trying to be delted with PDPs. No group was provided to move them to"); - throw new PAPException("Group has PDPs. Must provide a group for them to move to"); + throw new PolicyDBException("Group has PDPs. Must provide a group for them to move to"); } } @@ -2665,8 +2806,8 @@ public class PolicyDBDao { } @Override - public void addPolicyToGroup(String groupID, String policyID, String username) { - logger.debug("addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called"); + public StdPDPGroup addPolicyToGroup(String groupID, String policyID, String username) throws PolicyDBException { + logger.info("PolicyDBDao: addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called"); if(isNullOrEmpty(groupID, policyID, username)){ throw new IllegalArgumentException("groupID, policyID, and username must not be null or empty"); } @@ -2690,6 +2831,7 @@ public class PolicyDBDao { PolicyLogger.error("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted"); throw new PersistenceException("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted"); } + //we need to convert the form of the policy id that is used groups into the form that is used //for the database. (com.Config_mypol.1.xml) to (Config_mypol.xml) String[] policyNameScopeAndVersion = getNameScopeAndVersionFromPdpPolicy(policyID); @@ -2701,6 +2843,7 @@ public class PolicyDBDao { try{ policyQueryList = policyQuery.getResultList(); } catch(Exception e){ + logger.debug(e); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if policy exists policyQuery.getResultList()"); throw new PersistenceException("Query failed trying to check if policy "+policyNameScopeAndVersion[0]+" exists"); } @@ -2711,22 +2854,40 @@ public class PolicyDBDao { PolicyLogger.error("Somehow, more than one policy with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted"); throw new PersistenceException("Somehow, more than one group with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted"); } + logger.info("PolicyDBDao: Getting group and policy from database"); GroupEntity group = (GroupEntity)groupQueryList.get(0); PolicyEntity policy = (PolicyEntity)policyQueryList.get(0); Iterator policyIt = group.getPolicies().iterator(); String policyName = getPolicyNameAndVersionFromPolicyFileName(policy.getPolicyName())[0]; + + logger.info("PolicyDBDao: policyName retrieved is " + policyName); try{ - while(policyIt.hasNext()){ - PolicyEntity pol = policyIt.next(); - if(getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)){ - policyIt.remove(); - } - } + while(policyIt.hasNext()){ + PolicyEntity pol = policyIt.next(); + if(policy.getScope().equals(pol.getScope()) && + getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)) { + policyIt.remove(); + } + } }catch(Exception e){ + logger.debug(e); PolicyLogger.error("Could not delete old versions for policy "+policy.getPolicyName()+", ID: "+policy.getPolicyId()); } group.addPolicyToGroup(policy); em.flush(); + + // After adding policy to the db group we need to make sure the filesytem group is in sync with the db group + StdPDPGroup pdpGroup = null; + StdPDPGroup updatedGroup = null; + try { + pdpGroup = (StdPDPGroup) papEngine.getGroup(group.getGroupId()); + updatedGroup = synchronizeGroupPoliciesInFileSystem(pdpGroup, group); + } catch (PAPException e) { + logger.debug(e); + PolicyLogger.error("PolicyDBDao: Could not synchronize the filesystem group with the database group. " + e.getMessage()); + } + + return updatedGroup; } } @@ -2784,18 +2945,12 @@ public class PolicyDBDao { String computeScope(String fullPath, String pathToExclude){ return PolicyDBDao.computeScope(fullPath, pathToExclude); } - String encryptPassword(String password) throws Exception{ - return PolicyDBDao.encryptPassword(password); - } - String decryptPassword(String password) throws Exception{ - return PolicyDBDao.decryptPassword(password); - } String getDescriptionFromXacml(String xacmlData){ return PolicyDBDao.getDescriptionFromXacml(xacmlData); } - String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){ + String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{ return PolicyDBDao.this.getPolicyNameAndVersionFromPolicyFileName(originalPolicyName); } } -} +} \ No newline at end of file