auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.service.validation;
  23
  24 import org.onap.aaf.auth.dao.cass.CredDAO;
  25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
  26 import org.onap.aaf.auth.dao.cass.Namespace;
  27 import org.onap.aaf.auth.dao.cass.PermDAO;
  28 import org.onap.aaf.auth.dao.cass.RoleDAO;
  29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
  30 import org.onap.aaf.auth.env.AuthzTrans;
  31 import org.onap.aaf.auth.layer.Result;
  32 import org.onap.aaf.auth.org.Organization;
  33 import org.onap.aaf.auth.rserv.Pair;
  34 import org.onap.aaf.auth.validation.Validator;
  35
  36 /**
  37  * Validator
  38  * Consistently apply content rules for content (incoming)
  39  *
  40  * Note: We restrict content for usability in URLs (because RESTful service), and avoid
  41  * issues with Regular Expressions, and other enabling technologies.
  42  * @author Jonathan
  43  *
  44  */
  45 public class ServiceValidator extends Validator {
  46         public ServiceValidator perm(Result<PermDAO.Data> rpd) {
  47                 if(rpd.notOK()) {
  48                         msg(rpd.details);
  49                 } else {
  50                         perm(rpd.value);
  51                 }
  52                 return this;
  53         }
  54
  55
  56         public ServiceValidator perm(PermDAO.Data pd) {
  57                 if(pd==null) {
  58                         msg("Perm Data is null.");
  59                 } else {
  60                         ns(pd.ns);
  61                         permType(pd.type,pd.ns);
  62                         permInstance(pd.instance);
  63                         permAction(pd.action);
  64                         if(pd.roles!=null) {
  65                                 for(String role : pd.roles) {
  66                                         role(role);
  67                                 }
  68                         }
  69                         if(pd.roles!=null) {
  70                                 for(String r : pd.roles) {
  71                                         role(r);
  72                                 }
  73                         }
  74                         description("Perm",pd.description);
  75                 }
  76                 return this;
  77         }
  78
  79         public ServiceValidator role(Result<RoleDAO.Data> rrd) {
  80                 if(rrd.notOK()) {
  81                         msg(rrd.details);
  82                 } else {
  83                         role(rrd.value);
  84                 }
  85                 return this;
  86         }
  87
  88         public ServiceValidator role(RoleDAO.Data pd) {
  89                 if(pd==null) {
  90                         msg("Role Data is null.");
  91                 } else {
  92                         ns(pd.ns);
  93                         role(pd.name);
  94                         if(pd.perms!=null) {
  95                                 for(String perm : pd.perms) {
  96                                         String[] ps = perm.split("\\|");
  97                                         if(ps.length!=3) {
  98                                                 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
  99                                         } else {
 100                                                 permType(ps[0],null);
 101                                                 permInstance(ps[1]);
 102                                                 permAction(ps[2]);
 103                                         }
 104                                 }
 105                         }
 106                         description("Role",pd.description);
 107                 }
 108                 return this;
 109         }
 110
 111         public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
 112                 if(rdd.notOK()) {
 113                         msg(rdd.details);
 114                 } else {
 115                         delegate(org, rdd.value);
 116                 }
 117                 return this;
 118         }
 119
 120         public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
 121                 if(dd==null) {
 122                         msg("Delegate Data is null.");
 123                 } else {
 124                         user(org,dd.user);
 125                         user(org,dd.delegate);
 126                 }
 127                 return this;
 128         }
 129
 130
 131         public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
 132                 if(rcd.notOK()) {
 133                         msg(rcd.details);
 134                 } else {
 135                         cred(trans, org,rcd.value,isNew);
 136                 }
 137                 return this;
 138         }
 139
 140         public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
 141                 if(cd==null) {
 142                         msg("Cred Data is null.");
 143                 } else {
 144                         if(nob(cd.id,ID_CHARS)) {
 145                                 msg("ID [" + cd.id + "] is invalid in " + org.getName());
 146                         }
 147                         if(!org.isValidCred(trans, cd.id)) {
 148                                 msg("ID [" + cd.id + "] is invalid for a cred in " + org.getName());
 149                         }
 150                         String str = cd.id;
 151                         int idx = str.indexOf('@');
 152                         if(idx>0) {
 153                                 str = str.substring(0,idx);
 154                         }
 155
 156                         if(cd.id.endsWith(org.getRealm())) {
 157                                 if(isNew && (str=org.isValidID(trans, str)).length()>0) {
 158                                         msg(cd.id,str);
 159                                 }
 160                         }
 161
 162                         if(cd.type==null) {
 163                                 msg("Credential Type must be set");
 164                         } else {
 165                                 switch(cd.type) {
 166                                         case CredDAO.BASIC_AUTH_SHA256:
 167                                                 // ok
 168                                                 break;
 169                                         default:
 170                                                 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
 171                                 }
 172                         }
 173                 }
 174                 return this;
 175         }
 176
 177
 178         public ServiceValidator user(Organization org, String user) {
 179                 if(nob(user,ID_CHARS)) {
 180                         msg("User [",user,"] is invalid.");
 181                 }
 182                 return this;
 183         }
 184
 185         public ServiceValidator ns(Result<Namespace> nsd) {
 186                 notOK(nsd);
 187                 ns(nsd.value);
 188                 return this;
 189         }
 190
 191         public ServiceValidator ns(Namespace ns) {
 192                 ns(ns.name);
 193                 for(String s : ns.admin) {
 194                         if(nob(s,ID_CHARS)) {
 195                                 msg("Admin [" + s + "] is invalid.");
 196                         }
 197
 198                 }
 199                 for(String s : ns.owner) {
 200                         if(nob(s,ID_CHARS)) {
 201                                 msg("Responsible [" + s + "] is invalid.");
 202                         }
 203
 204                 }
 205
 206                 if(ns.attrib!=null) {
 207                         for(Pair<String, String> at : ns.attrib) {
 208                                 if(nob(at.x,NAME_CHARS)) {
 209                                         msg("Attribute tag [" + at.x + "] is invalid.");
 210                                 }
 211                                 if(nob(at.x,NAME_CHARS)) {
 212                                         msg("Attribute value [" + at.y + "] is invalid.");
 213                                 }
 214                         }
 215                 }
 216
 217                 description("Namespace",ns.description);
 218                 return this;
 219         }
 220
 221         public ServiceValidator user_role(UserRoleDAO.Data urdd) {
 222                 if(urdd==null) {
 223                         msg("UserRole is null");
 224                 } else {
 225                         role(urdd.role);
 226                         nullOrBlank("UserRole.ns",urdd.ns);
 227                         nullOrBlank("UserRole.rname",urdd.rname);
 228                 }
 229                 return this;
 230         }
 231
 232         public ServiceValidator nullOrBlank(PermDAO.Data pd) {
 233                 if(pd==null) {
 234                         msg("Permission is null");
 235                 } else {
 236                         nullOrBlank("NS",pd.ns).
 237                         nullOrBlank("Type",pd.type).
 238                         nullOrBlank("Instance",pd.instance).
 239                         nullOrBlank("Action",pd.action);
 240                 }
 241                 return this;
 242         }
 243
 244         public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
 245                 if(rd==null) {
 246                         msg("Role is null");
 247                 } else {
 248                         nullOrBlank("NS",rd.ns).
 249                         nullOrBlank("Name",rd.name);
 250                 }
 251                 return this;
 252         }
 253 }