X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=PolicyEngineUtils%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Futils%2FAAFPolicyClientImpl.java;fp=PolicyEngineUtils%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Futils%2FAAFPolicyClientImpl.java;h=0f487605113e7d945b6f227dd28fd2c4b03b068b;hb=073cc188efe9abb4c010cf674e34e2cf46ef1c52;hp=0000000000000000000000000000000000000000;hpb=4ca818fdfb9b807562166800a086b413593d6894;p=policy%2Fengine.git

diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
new file mode 100644
index 000000000..0f4876051
--- /dev/null
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
@@ -0,0 +1,214 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * PolicyEngineUtils
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+
+package org.onap.policy.utils;
+
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+import com.att.cadi.Access;
+import com.att.cadi.Access.Level;
+import com.att.cadi.CadiException;
+import com.att.cadi.aaf.AAFPermission;
+import com.att.cadi.aaf.v2_0.AAFAuthn;
+import com.att.cadi.aaf.v2_0.AAFCon;
+import com.att.cadi.aaf.v2_0.AAFConDME2;
+import com.att.cadi.aaf.v2_0.AAFLurPerm;
+import com.att.cadi.config.Config;
+
+
+/**
+ * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization. 
+ * 
+ */
+public class AAFPolicyClientImpl implements AAFPolicyClient{
+	private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
+
+	private static final String ENVIRONMENT = "ENVIRONMENT";
+	
+	// Warning Please don't Change these Values. Confirm with AAF team.  
+	private static final String DEVL_AAF_URL = "";
+	private static final String TEST_AAF_URL = "";
+	private static final String PROD_AAF_URL = "";
+	private static final String DEFAULT_AFT_LATITUDE = "32.780140";
+	private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
+	private static final String TEST_AFT_ENVIRONMENT = "AFTUAT";
+	private static final String PROD_AFT_ENVIRONMENT = "AFTPRD";
+	private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); 	// 5 minutes for found items to live in cache
+	private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); 		// Maximum number of items in Cache
+
+	private static AAFPolicyClientImpl instance = null;
+
+	private static Properties props = new Properties();
+	private static AAFCon<?> aafCon = null;
+	private static AAFLurPerm aafLurPerm = null;
+	private static AAFAuthn<?> aafAuthn = null;
+	private static Access access = null;
+
+	private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{
+		if(instance == null){
+			instance = this;
+		}
+		setup(properties);
+	}
+
+	/**
+	 * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+	 * 
+	 * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+	 * @return AAFClient instance. 
+	 * @throws AAFPolicyException Exceptions. 
+	 */
+	public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{
+		if(instance == null) {
+			logger.info("Creating AAFClient Instance ");
+			instance = new AAFPolicyClientImpl(properties);
+		}
+		return instance;
+	}
+
+	// To set Property values && Connections. 
+	private static void setup(Properties properties) throws AAFPolicyException {
+		if(properties!=null && !properties.isEmpty()){
+			props = System.getProperties();
+			props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
+			props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
+			String aftEnv = TEST_AFT_ENVIRONMENT;
+			//props.setProperty(Config.CADI_KEYFILE,"keyfile");
+			props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
+			props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
+			if(properties.containsKey(Config.AAF_URL)){
+				// if given a value in properties file. 
+				props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
+			}else{
+				// Set Default values. 
+				if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){
+					props.setProperty(Config.AAF_URL, TEST_AAF_URL);
+				}else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){
+					props.setProperty(Config.AAF_URL, PROD_AAF_URL);
+					aftEnv = PROD_AFT_ENVIRONMENT;
+				}else{
+					props.setProperty(Config.AAF_URL, DEVL_AAF_URL);
+				}
+			}
+			props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv));
+			props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));	
+			props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
+		}else{
+			logger.error("Required Property value is missing : " + ENVIRONMENT);
+			throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
+		}
+		access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString())));
+		setUpAAF();
+	}
+
+	/**
+	 * Updates the Properties file in case if required. 
+	 * 
+	 * @param properties  Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+	 * @throws AAFPolicyException exceptions if any.
+	 */
+	public void updateProperties(Properties properties) throws AAFPolicyException{
+		setup(properties);
+	}
+
+	/**
+	 * Checks the Authentication and Permissions for the given values. 
+	 * 
+	 * @param mechID MechID or ATT ID must be registered under the Name space. 
+	 * @param pass Password pertaining to the MechID or ATTID. 
+	 * @param type Permissions Type.
+	 * @param instance Permissions Instance. 
+	 * @param action Permissions Action. 
+	 * @return
+	 */
+	public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
+		return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action);
+	}
+
+	/**
+	 * Checks the Authentication of the UserName and Password Given. 
+	 * 
+	 * @param userName UserName or MechID
+	 * @param pass Password.
+	 * @return True or False. 
+	 */
+	public boolean checkAuth(String userName, String pass){
+		if(aafAuthn!=null){
+			try {
+				int i=0;
+				do{
+					if(aafAuthn.validate(userName, pass)==null){ 
+						return true; 
+					}
+					i++;
+				}while(i<2);
+			} catch (Exception e) {
+				logger.error(e.getMessage() + e);
+			}
+		}
+		logger.info("Authentication failed for : " + userName + " in " + props.getProperty(Config.AAF_URL));
+		return false;
+	}
+
+	/**
+	 * Checks Permissions for the given UserName, Password and Type, Instance Action. 
+	 * 
+	 * @param userName UserName or MechID
+	 * @param pass Password.
+	 * @param type Permissions Type. 
+	 * @param instance Permissions Instance. 
+	 * @param action Permissions Action. 
+	 * @return True or False. 
+	 */
+	public boolean checkPerm(String userName, String pass, String type, String instance, String action){
+		int i =0;
+		Boolean result= false;
+		do{
+			if(aafCon!=null && aafLurPerm !=null){
+				try {
+					aafCon.basicAuth(userName, pass);
+					AAFPermission perm = new AAFPermission(type, instance, action);
+					result = aafLurPerm.fish(userName, perm);
+				} catch (CadiException e) {
+					logger.error(e.getMessage() + e);
+					aafLurPerm.destroy();
+				}
+			}
+			logger.info("Permissions for : " + userName + " in " + props.getProperty(Config.AAF_URL) + " for " + type  + "," + instance + "," + action + "\n Result is: " + result);
+			i++;
+		}while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues. 
+		return result;
+	}
+
+	private static boolean setUpAAF(){
+		try {
+			aafCon = new AAFConDME2(access);
+			aafLurPerm = aafCon.newLur();//new AAFLurPerm(aafCon);
+			aafAuthn = aafCon.newAuthn(aafLurPerm);//new AAFAuthn(aafCon, aafLurPerm);
+			return true;
+		} catch (Exception e) {
+			logger.error("Error while setting up AAF Connection " + e.getMessage() + e);
+			return false;
+		}
+	}
+}