auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22
  23 package org.onap.aaf.auth.cm;
  24
  25 import java.lang.reflect.Constructor;
  26 import java.util.Map;
  27 import java.util.Map.Entry;
  28 import java.util.TreeMap;
  29
  30 import javax.servlet.Filter;
  31
  32 import org.onap.aaf.auth.cache.Cache;
  33 import org.onap.aaf.auth.cache.Cache.Dated;
  34 import org.onap.aaf.auth.cm.api.API_Artifact;
  35 import org.onap.aaf.auth.cm.api.API_Cert;
  36 import org.onap.aaf.auth.cm.ca.CA;
  37 import org.onap.aaf.auth.cm.facade.Facade1_0;
  38 import org.onap.aaf.auth.cm.facade.FacadeFactory;
  39 import org.onap.aaf.auth.cm.mapper.Mapper.API;
  40 import org.onap.aaf.auth.cm.service.CMService;
  41 import org.onap.aaf.auth.cm.service.Code;
  42 import org.onap.aaf.auth.dao.CassAccess;
  43 import org.onap.aaf.auth.dao.cass.LocateDAO;
  44 import org.onap.aaf.auth.direct.DirectLocatorCreator;
  45 import org.onap.aaf.auth.direct.DirectRegistrar;
  46 import org.onap.aaf.auth.env.AuthzEnv;
  47 import org.onap.aaf.auth.env.AuthzTrans;
  48 import org.onap.aaf.auth.env.AuthzTransFilter;
  49 import org.onap.aaf.auth.rserv.HttpMethods;
  50 import org.onap.aaf.auth.server.AbsService;
  51 import org.onap.aaf.auth.server.JettyServiceStarter;
  52 import org.onap.aaf.cadi.Access;
  53 import org.onap.aaf.cadi.CadiException;
  54 import org.onap.aaf.cadi.LocatorException;
  55 import org.onap.aaf.cadi.PropAccess;
  56 import org.onap.aaf.cadi.Access.Level;
  57 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
  58 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
  59 import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
  60 import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator;
  61 import org.onap.aaf.cadi.config.Config;
  62 import org.onap.aaf.cadi.register.Registrant;
  63 import org.onap.aaf.misc.env.APIException;
  64 import org.onap.aaf.misc.env.Data;
  65 import org.onap.aaf.misc.env.Env;
  66 import org.onap.aaf.misc.env.util.Split;
  67
  68 import com.datastax.driver.core.Cluster;
  69
  70 public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
  71
  72         private static final String USER_PERMS = "userPerms";
  73         private static final Map<String,CA> certAuths = new TreeMap<String,CA>();
  74         public Facade1_0 facade1_0; // this is the default Facade
  75         public Facade1_0 facade1_0_XML; // this is the XML Facade
  76         public Map<String, Dated> cacheUser;
  77         public AAFAuthn<?> aafAuthn;
  78         public AAFLurPerm aafLurPerm;
  79         final public Cluster cluster;
  80         public final LocateDAO locateDAO;
  81
  82
  83         /**
  84          * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
  85          *
  86          * @param env
  87          * @param si
  88          * @param dm
  89          * @param decryptor
  90          * @throws APIException
  91          */
  92         public AAF_CM(AuthzEnv env) throws Exception {
  93                 super(env.access(),env);
  94                 aafLurPerm = aafCon().newLur();
  95                 // Note: If you need both Authn and Authz construct the following:
  96                 aafAuthn = aafCon().newAuthn(aafLurPerm);
  97
  98                 String aaf_env = env.getProperty(Config.AAF_ENV);
  99                 if(aaf_env==null) {
 100                         throw new APIException("aaf_env needs to be set");
 101                 }
 102
 103                 // Initialize Facade for all uses
 104                 AuthzTrans trans = env.newTrans();
 105
 106                 cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null);
 107                 locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE);
 108
 109                 // Have AAFLocator object Create DirectLocators for Location needs
 110                 AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO));
 111
 112                 // Load Supported Certificate Authorities by property
 113                 // Note: Some will be dynamic Properties, so we need to look through all
 114                 for(Entry<Object, Object> es : env.access().getProperties().entrySet()) {
 115                         String key = es.getKey().toString();
 116                         if(key.startsWith(CA.CM_CA_PREFIX)) {
 117                                 int idx = key.indexOf('.');
 118                                 if(idx==key.lastIndexOf('.')) { // else it's a regular property
 119
 120                                         env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1));
 121                                         String[] segs = Split.split(',', env.getProperty(key));
 122                                         if(segs.length>0) {
 123                                                 String[][] multiParams = new String[segs.length-1][];
 124                                                 for(int i=0;i<multiParams.length;++i) {
 125                                                         multiParams[i]=Split.split(';',segs[1+i]);
 126                                                 }
 127                                                 @SuppressWarnings("unchecked")
 128                                                 Class<CA> cac = (Class<CA>)Class.forName(segs[0]);
 129                                                 Constructor<CA> cons = cac.getConstructor(new Class<?>[] {
 130                                                         Access.class,String.class,String.class,String[][].class
 131                                                 });
 132                                                 Object pinst[] = new Object[4];
 133                                                 pinst[0]=env;
 134                                                 pinst[1]= key.substring(idx+1);
 135                                                 pinst[2]= aaf_env;
 136                                                 pinst[3] = multiParams;
 137                                                 CA ca = cons.newInstance(pinst);
 138                                                 certAuths.put(ca.getName(),ca);
 139                                         }
 140                                 }
 141                         }
 142                 }
 143                 if(certAuths.size()==0) {
 144                         throw new APIException("No Certificate Authorities have been configured in CertMan");
 145                 }
 146
 147                 CMService service = new CMService(trans, this);
 148                 // note: Service knows how to shutdown Cluster on Shutdown, etc.  See Constructor
 149                 facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON);   // Default Facade
 150                 facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML);
 151
 152
 153                 synchronized(env) {
 154                         if(cacheUser == null) {
 155                                 cacheUser = Cache.obtain(USER_PERMS);
 156                                 Cache.startCleansing(env, USER_PERMS);
 157                         }
 158                 }
 159
 160                 ////////////////////////////////////////////////////////////////////////////
 161                 // APIs
 162                 ////////////////////////////////////////////////////////////////////////
 163                 API_Cert.init(this);
 164                 API_Artifact.init(this);
 165
 166                 StringBuilder sb = new StringBuilder();
 167                 trans.auditTrail(2, sb);
 168                 trans.init().log(sb);
 169         }
 170
 171         public CA getCA(String key) {
 172                 return certAuths.get(key);
 173         }
 174
 175         /**
 176          * Setup XML and JSON implementations for each supported Version type
 177          *
 178          * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
 179          * to do Versions and Content switches
 180          *
 181          */
 182         public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
 183                 String version = "1.0";
 184                 // Get Correct API Class from Mapper
 185                 Class<?> respCls = facade1_0.mapper().getClass(api);
 186                 if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
 187                 // setup Application API HTML ContentTypes for JSON and Route
 188                 String application = applicationJSON(respCls, version);
 189                 route(env,meth,path,code,application,"application/json;version="+version,"*/*");
 190
 191                 // setup Application API HTML ContentTypes for XML and Route
 192                 application = applicationXML(respCls, version);
 193                 route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
 194
 195                 // Add other Supported APIs here as created
 196         }
 197
 198         public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {
 199                 route(env,meth,path,code,""); // this will always match
 200         }
 201
 202         @Override
 203         public Filter[] filters() throws CadiException, LocatorException {
 204                 try {
 205                         return new Filter[] {
 206                                         new AuthzTransFilter(env,aafCon(),
 207                                                 new AAFTrustChecker((Env)env))
 208                                 };
 209                 } catch (NumberFormatException e) {
 210                         throw new CadiException("Invalid Property information", e);
 211                 }
 212         }
 213
 214         @SuppressWarnings("unchecked")
 215         @Override
 216         public Registrant<AuthzEnv>[] registrants(final int port) throws CadiException, LocatorException {
 217                 return new Registrant[] {
 218                         new DirectRegistrar(access,locateDAO,app_name,app_version,port)
 219                 };
 220         }
 221
 222         public void destroy() {
 223                 Cache.stopTimer();
 224                 locateDAO.close(env.newTransNoAvg());
 225                 cluster.close();
 226         }
 227
 228         public static void main(final String[] args) {
 229                 PropAccess propAccess = new PropAccess(args);
 230                 try {
 231                         AAF_CM service = new AAF_CM(new AuthzEnv(propAccess));
 232 //                      env.setLog4JNames("log4j.properties","authz","cm","audit","init","trace");
 233                         JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
 234                         jss.start();
 235                 } catch (Exception e) {
 236                         e.printStackTrace();
 237                 }
 238         }
 239 }