X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Flur%2FLocalLur.java;h=d6db6f4d106a5bf46bfb0901e08303e20fcb6452;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=0f9adb94d6cdc2c4e1d797f1f831daaae37905b4;hpb=13df7fff629c4fae42de9c619f3bd5aeeeddf04a;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java index 0f9adb94..d6db6f4d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java @@ -45,168 +45,177 @@ import org.onap.aaf.cadi.config.Config; * */ public final class LocalLur extends AbsUserCache implements Lur, CredVal { - public static final String SEMI = "\\s*;\\s*"; - public static final String COLON = "\\s*:\\s*"; - public static final String COMMA = "\\s*,\\s*"; - public static final String PERCENT = "\\s*%\\s*"; - - // Use to quickly determine whether any given group is supported by this LUR - private final Set supportingGroups; - private String supportedRealm; - - /** - * Construct by building structure, see "build" - * - * Reconstruct with "build" - * - * @param userProperties - * @param groupProperties - * @param decryptor - * @throws IOException - */ - public LocalLur(Access access, String userProperties, String groupProperties) throws IOException { - super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire - supportedRealm = access.getProperty(Config.BASIC_REALM, "localized"); - supportingGroups = new TreeSet<>(); - - if (userProperties != null) { - parseUserProperties(userProperties); - } - - if (groupProperties != null) { - parseGroupProperties(groupProperties); - } - } - - public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) { - if (cred == null) { - return false; - } - User usr = getUser(user, cred); - if (usr == null) { - return false; - } - // covers null as well as bad pass - if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {; - return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred()); - } - return false; - } - - // @Override - public boolean fish(Principal bait, Permission pond) { - if (pond == null) { - return false; - } - if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions - User user = getUser(bait); - if (user != null) { - return user.contains((LocalPermission)pond); - } - } - return false; - } - - // We do not want to expose the actual Group, so make a copy. - public void fishAll(Principal bait, List perms) { - if (handles(bait)) { - User user = getUser(bait); - if (user != null) { - user.copyPermsTo(perms); - } - } - } - - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) - */ - @Override - public boolean handles(Principal principal) { - if (principal == null) { - return false; - } - return principal.getName().endsWith(supportedRealm); - } - - public boolean handlesExclusively(Permission pond) { - return supportingGroups.contains(pond.getKey()); - } - - /* (non-Javadoc) - * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) - */ - @Override - public Permission createPerm(String p) { - return new LocalPermission(p); - } - - private void parseUserProperties(String userProperties) throws IOException { - // For each User name... - for (String userProperty : userProperties.trim().split(SEMI)) { - String[] userInfo = userProperty.split(COLON, 2); - String[] userPass = userInfo[0].split(PERCENT, 2); - String userName = userPass[0]; - - byte[] password = null; - if (userPass.length > 1) { - password = access.decrypt(userPass[1], true).getBytes(); - if (userName.indexOf('@') < 0) { - userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); - } - } - User usr; - usr = new User<>(new ConfigPrincipal(userName, password)); - addUser(usr); - access.log(Level.INIT, "Local User:", usr.principal); - - if (userInfo.length > 1) { - Map newMap = usr.newMap(); - for (String group : userInfo[1].split(COMMA)) { - supportingGroups.add(group); - usr.add(newMap, new LocalPermission(group)); - } - usr.setMap(newMap); - } - } - } - - - private void parseGroupProperties(String groupProperties) throws IOException { - // For each Group name... - for (String group : groupProperties.trim().split(SEMI)) { - String[] groups = group.split(COLON, 2); - if (groups.length <= 1) { - continue; - } - supportingGroups.add(groups[0]); - LocalPermission p = new LocalPermission(groups[0]); - - // Add all users (known by comma separators) - for (String groupMember : groups[1].split(COMMA)) { - // look for password, if so, put in passMap - String[] userPass = groupMember.split(PERCENT, 2); - String userName = userPass[0]; - if (userName.indexOf('@') < 0) { - userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); - } - - User usr = null; - byte[] password = null; - if (userPass.length > 1) { - password = access.decrypt(userPass[1], true).getBytes(); - } - usr = getUser(userName, password); - if (usr == null) { - usr = new User<>(new ConfigPrincipal(userName, password)); - addUser(usr); - } - else { - usr.principal = new ConfigPrincipal(userName, password); - } - usr.add(p); - access.log(Level.INIT, "Local User:", usr.principal); - } - } - } + public static final String SEMI = "\\s*;\\s*"; + public static final String COLON = "\\s*:\\s*"; + public static final String COMMA = "\\s*,\\s*"; + public static final String PERCENT = "\\s*%\\s*"; + + // Use to quickly determine whether any given group is supported by this LUR + private final Set supportingGroups; + private String supportedRealm; + + /** + * Construct by building structure, see "build" + * + * Reconstruct with "build" + * + * @param userProperties + * @param groupProperties + * @param decryptor + * @throws IOException + */ + public LocalLur(Access access, String userProperties, String groupProperties) throws IOException { + super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire + supportedRealm = access.getProperty(Config.BASIC_REALM, "localized"); + supportingGroups = new TreeSet<>(); + + if (userProperties != null) { + parseUserProperties(userProperties); + } + + if (groupProperties != null) { + parseGroupProperties(groupProperties); + } + } + + public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) { + if (cred == null) { + return false; + } + User usr = getUser(user, cred); + if (usr == null) { + return false; + } + // covers null as well as bad pass + if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {; + return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred()); + } + return false; + } + + // @Override + public boolean fish(Principal bait, Permission ... pond) { + if (pond == null) { + return false; + } + for (Permission p : pond) { + if (handles(bait) && p instanceof LocalPermission) { // local Users only have LocalPermissions + User user = getUser(bait); + if (user != null) { + return user.contains((LocalPermission)p); + } + } + } + return false; + } + + // We do not want to expose the actual Group, so make a copy. + public void fishAll(Principal bait, List perms) { + if (handles(bait)) { + User user = getUser(bait); + if (user != null) { + user.copyPermsTo(perms); + } + } + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal) + */ + @Override + public boolean handles(Principal principal) { + if (principal == null) { + return false; + } + return principal.getName().endsWith(supportedRealm); + } + + @Override + public boolean handlesExclusively(Permission ... pond) { + boolean rv = false; + for (Permission p : pond) { + if (rv=supportingGroups.contains(p.getKey())) { + break; + } + } + return rv; + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String) + */ + @Override + public Permission createPerm(String p) { + return new LocalPermission(p); + } + + private void parseUserProperties(String userProperties) throws IOException { + // For each User name... + for (String userProperty : userProperties.trim().split(SEMI)) { + String[] userInfo = userProperty.split(COLON, 2); + String[] userPass = userInfo[0].split(PERCENT, 2); + String userName = userPass[0]; + + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + } + User usr; + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + access.log(Level.INIT, "Local User:", usr.principal); + + if (userInfo.length > 1) { + Map newMap = usr.newMap(); + for (String group : userInfo[1].split(COMMA)) { + supportingGroups.add(group); + usr.add(newMap, new LocalPermission(group)); + } + usr.setMap(newMap); + } + } + } + + + private void parseGroupProperties(String groupProperties) throws IOException { + // For each Group name... + for (String group : groupProperties.trim().split(SEMI)) { + String[] groups = group.split(COLON, 2); + if (groups.length <= 1) { + continue; + } + supportingGroups.add(groups[0]); + LocalPermission p = new LocalPermission(groups[0]); + + // Add all users (known by comma separators) + for (String groupMember : groups[1].split(COMMA)) { + // look for password, if so, put in passMap + String[] userPass = groupMember.split(PERCENT, 2); + String userName = userPass[0]; + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + + User usr = null; + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + } + usr = getUser(userName, password); + if (usr == null) { + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + } + else { + usr.principal = new ConfigPrincipal(userName, password); + } + usr.add(p); + access.log(Level.INIT, "Local User:", usr.principal); + } + } + } }