X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2FAAF_CM.java;h=024d9f96594b038a80e976680ecc7151e86791ff;hb=be1edcb6830745015f5de72e820f40f36dd571ad;hp=a9a9b4e521d5c5e6f0ee57a76c53ba8100352e7a;hpb=f85f0889b3b0e5e9694afab4dd01a4a97a155188;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java index a9a9b4e5..024d9f96 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java @@ -3,13 +3,14 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,6 +24,7 @@ package org.onap.aaf.auth.cm; import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; @@ -39,6 +41,7 @@ import org.onap.aaf.auth.cm.facade.FacadeFactory; import org.onap.aaf.auth.cm.mapper.Mapper.API; import org.onap.aaf.auth.cm.service.CMService; import org.onap.aaf.auth.cm.service.Code; +import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.auth.dao.CassAccess; import org.onap.aaf.auth.dao.cass.LocateDAO; import org.onap.aaf.auth.direct.DirectLocatorCreator; @@ -70,173 +73,201 @@ import com.datastax.driver.core.Cluster; public class AAF_CM extends AbsService { - private static final String USER_PERMS = "userPerms"; - private static final Map certAuths = new TreeMap<>(); - public Facade1_0 facade1_0; // this is the default Facade - public Facade1_0 facade1_0_XML; // this is the XML Facade - public Map cacheUser; - public AAFAuthn aafAuthn; - public AAFLurPerm aafLurPerm; - final public Cluster cluster; - public final LocateDAO locateDAO; - - - /** - * Construct AuthzAPI with all the Context Supporting Routes that Authz needs - * - * @param env - * @param si - * @param dm - * @param decryptor - * @throws APIException - */ - public AAF_CM(AuthzEnv env) throws Exception { - super(env.access(),env); - aafLurPerm = aafCon().newLur(); - // Note: If you need both Authn and Authz construct the following: - aafAuthn = aafCon().newAuthn(aafLurPerm); - - String aaf_env = env.getProperty(Config.AAF_ENV); - if(aaf_env==null) { - throw new APIException("aaf_env needs to be set"); - } - - // Initialize Facade for all uses - AuthzTrans trans = env.newTrans(); - - cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null); - locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE); - - // Have AAFLocator object Create DirectLocators for Location needs - AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO)); - - // Load Supported Certificate Authorities by property - // Note: Some will be dynamic Properties, so we need to look through all - for(Entry es : env.access().getProperties().entrySet()) { - String key = es.getKey().toString(); - if(key.startsWith(CA.CM_CA_PREFIX)) { - int idx = key.indexOf('.'); - if(idx==key.lastIndexOf('.')) { // else it's a regular property - - env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1)); - String[] segs = Split.split(',', env.getProperty(key)); - if(segs.length>0) { - String[][] multiParams = new String[segs.length-1][]; - for(int i=0;i cac = (Class)Class.forName(segs[0]); - Constructor cons = cac.getConstructor(new Class[] { - Access.class,String.class,String.class,String[][].class - }); - Object pinst[] = new Object[4]; - pinst[0]=env; - pinst[1]= key.substring(idx+1); - pinst[2]= aaf_env; - pinst[3] = multiParams; - CA ca = cons.newInstance(pinst); - certAuths.put(ca.getName(),ca); - } - } - } - } - if(certAuths.size()==0) { - throw new APIException("No Certificate Authorities have been configured in CertMan"); - } - - CMService service = new CMService(trans, this); - // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor - facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade - facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); - - - synchronized(env) { - if(cacheUser == null) { - cacheUser = Cache.obtain(USER_PERMS); - Cache.startCleansing(env, USER_PERMS); - } - } - - //////////////////////////////////////////////////////////////////////////// - // APIs - //////////////////////////////////////////////////////////////////////// - API_Cert.init(this); - API_Artifact.init(this); - - StringBuilder sb = new StringBuilder(); - trans.auditTrail(2, sb); - trans.init().log(sb); - } - - public CA getCA(String key) { - return certAuths.get(key); - } - - /** - * Setup XML and JSON implementations for each supported Version type - * - * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties - * to do Versions and Content switches - * - */ - public void route(HttpMethods meth, String path, API api, Code code) throws Exception { - String version = "1.0"; - // Get Correct API Class from Mapper - Class respCls = facade1_0.mapper().getClass(api); - if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); - // setup Application API HTML ContentTypes for JSON and Route - String application = applicationJSON(respCls, version); - route(env,meth,path,code,application,"application/json;version="+version,"*/*"); - - // setup Application API HTML ContentTypes for XML and Route - application = applicationXML(respCls, version); - route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version); - - // Add other Supported APIs here as created - } - - public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception { - route(env,meth,path,code,""); // this will always match - } - - @Override - public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException { - try { - return new Filter[] { - new AuthzTransFilter(env,aafCon(), - new AAFTrustChecker((Env)env), - additionalTafLurs) - }; - } catch (NumberFormatException e) { - throw new CadiException("Invalid Property information", e); - } - } - - @SuppressWarnings("unchecked") - @Override - public Registrant[] registrants(final int port) throws CadiException, LocatorException { - return new Registrant[] { - new DirectRegistrar(access,locateDAO,app_name,app_version,port) - }; - } - - public void destroy() { - Cache.stopTimer(); - locateDAO.close(env.newTransNoAvg()); - cluster.close(); - } - - public static void main(final String[] args) { - try { - Log4JLogIt logIt = new Log4JLogIt(args, "cm"); - PropAccess propAccess = new PropAccess(logIt,args); - - AAF_CM service = new AAF_CM(new AuthzEnv(propAccess)); - JettyServiceStarter jss = new JettyServiceStarter(service); - jss.start(); - } catch (Exception e) { - e.printStackTrace(); - } - } + private static final String USER_PERMS = "userPerms"; + private static final String CM_ALLOW_TMP = "cm_allow_tmp"; + private static final Map certAuths = new TreeMap<>(); + public static Facade1_0 facade1_0; // this is the default Facade + public static Facade1_0 facade1_0_XML; // this is the XML Facade + public static Map cacheUser; + public static AAFAuthn aafAuthn; + public static AAFLurPerm aafLurPerm; + public final Cluster cluster; + public final LocateDAO locateDAO; + public static AuthzEnv envLog; + CMService service; + + //Added for junits + public CMService getService() { + return null; + } + /** + * Construct AuthzAPI with all the Context Supporting Routes that Authz needs + * + * @param env + * @param si + * @param dm + * @param decryptor + * @throws APIException + */ + public AAF_CM(AuthzEnv env) throws Exception { + super(env.access(),env); + aafLurPerm = aafCon().newLur(); + // Note: If you need both Authn and Authz construct the following: + aafAuthn = aafCon().newAuthn(aafLurPerm); + + String aafEnv = env.getProperty(Config.AAF_ENV); + if (aafEnv==null) { + throw new APIException("aaf_env needs to be set"); + } + + // Check for allowing /tmp in Properties + String allowTmp = env.getProperty(CM_ALLOW_TMP); + if("true".equalsIgnoreCase(allowTmp)) { + CertmanValidator.allowTmp(); + } + + + // Initialize Facade for all uses + AuthzTrans trans = env.newTrans(); + + cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null); + locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE); + + // Have AAFLocator object Create DirectLocators for Location needs + AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO)); + + // Load Supported Certificate Authorities by property + // Note: Some will be dynamic Properties, so we need to look through all + for (Entry es : env.access().getProperties().entrySet()) { + String key = es.getKey().toString(); + if (key.startsWith(CA.CM_CA_PREFIX)) { + int idx = key.indexOf('.'); + if (idx==key.lastIndexOf('.')) { // else it's a regular property + env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1)); + String[] segs = Split.split(',', env.getProperty(key)); + if (segs.length>0) { + String[][] multiParams = new String[segs.length-1][]; + for (int i=0;i cac = (Class)Class.forName(segs[0]); + Constructor cons = cac.getConstructor(new Class[] { + Access.class,String.class,String.class,String[][].class + }); + Object pinst[] = new Object[4]; + pinst[0]=env; + pinst[1]= key.substring(idx+1); + pinst[2]= aafEnv; + pinst[3] = multiParams; + try { + CA ca = cons.newInstance(pinst); + certAuths.put(ca.getName(),ca); + } catch (InvocationTargetException e) { + if(e.getLocalizedMessage()==null) { + access.log((Exception)e.getTargetException(), "Loading", segs[0]); + } else { + access.log(e, "Loading", segs[0]); + } + } + } + } + } + } + if (certAuths.size()==0) { + throw new APIException("No Certificate Authorities have been configured in CertMan"); + } + + service = getService(); + if(service == null) { + service = new CMService(trans, this); + } + // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor + facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade + facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); + + + synchronized(env) { + if (cacheUser == null) { + cacheUser = Cache.obtain(USER_PERMS); + Cache.startCleansing(env, USER_PERMS); + } + } + + //////////////////////////////////////////////////////////////////////////// + // APIs + //////////////////////////////////////////////////////////////////////// + API_Cert.init(this); + API_Artifact.init(this); + + StringBuilder sb = new StringBuilder(); + trans.auditTrail(2, sb); + trans.init().log(sb); + } + + public CA getCA(String key) { + return certAuths.get(key); + } + + + /** + * Setup XML and JSON implementations for each supported Version type + * + * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties + * to do Versions and Content switches + * + */ + public void route(HttpMethods meth, String path, API api, Code code) throws Exception { + String version = "1.0"; + // Get Correct API Class from Mapper + Class respCls = facade1_0.mapper().getClass(api); + if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); + // setup Application API HTML ContentTypes for JSON and Route + String application = applicationJSON(respCls, version); + route(env,meth,path,code,application,"application/json;version="+version,"*/*"); + + // setup Application API HTML ContentTypes for XML and Route + application = applicationXML(respCls, version); + route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version); + + // Add other Supported APIs here as created + } + + public void routeAll(HttpMethods meth, String path, API api, Code code) { + route(env,meth,path,code,""); // this will always match + } + + @Override + public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException { + try { + return new Filter[] { + new AuthzTransFilter(env,aafCon(), + new AAFTrustChecker((Env)env), + additionalTafLurs) + }; + } catch (NumberFormatException e) { + throw new CadiException("Invalid Property information", e); + } + } + + @SuppressWarnings("unchecked") + @Override + public Registrant[] registrants(final int port) throws CadiException, LocatorException { + return new Registrant[] { + new DirectRegistrar(access,locateDAO,port) + }; + } + + @Override + public void destroy() { + Cache.stopTimer(); + locateDAO.close(env.newTransNoAvg()); + cluster.close(); + } + + public static void main(final String[] args) { + try { + Log4JLogIt logIt = new Log4JLogIt(args, "cm"); + PropAccess propAccess = new PropAccess(logIt,args); + try { + new JettyServiceStarter( + new AAF_CM(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } + } catch (APIException e) { + e.printStackTrace(System.err); + } + } }