auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.service.validation;
  23
  24 import org.onap.aaf.auth.dao.cass.CredDAO;
  25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
  26 import org.onap.aaf.auth.dao.cass.Namespace;
  27 import org.onap.aaf.auth.dao.cass.PermDAO;
  28 import org.onap.aaf.auth.dao.cass.RoleDAO;
  29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
  30 import org.onap.aaf.auth.env.AuthzTrans;
  31 import org.onap.aaf.auth.layer.Result;
  32 import org.onap.aaf.auth.org.Organization;
  33 import org.onap.aaf.auth.rserv.Pair;
  34 import org.onap.aaf.auth.validation.Validator;
  35
  36 /**
  37  * Validator
  38  * Consistently apply content rules for content (incoming)
  39  *
  40  * Note: We restrict content for usability in URLs (because RESTful service), and avoid
  41  * issues with Regular Expressions, and other enabling technologies.
  42  * @author Jonathan
  43  *
  44  */
  45 public class ServiceValidator extends Validator {
  46         public ServiceValidator perm(Result<PermDAO.Data> rpd) {
  47                 if(rpd.notOK()) {
  48                         msg(rpd.details);
  49                 } else {
  50                         perm(rpd.value);
  51                 }
  52                 return this;
  53         }
  54
  55
  56         public ServiceValidator perm(PermDAO.Data pd) {
  57                 if(pd==null) {
  58                         msg("Perm Data is null.");
  59                 } else {
  60                         ns(pd.ns);
  61                         permType(pd.type,pd.ns);
  62                         permInstance(pd.instance);
  63                         permAction(pd.action);
  64                         if(pd.roles!=null) {
  65                                 for(String role : pd.roles) {
  66                                         role(role);
  67                                 }
  68                         }
  69                         if(pd.roles!=null) {
  70                                 for(String r : pd.roles) {
  71                                         role(r);
  72                                 }
  73                         }
  74                         description("Perm",pd.description);
  75                 }
  76                 return this;
  77         }
  78
  79         public ServiceValidator role(Result<RoleDAO.Data> rrd) {
  80                 if(rrd.notOK()) {
  81                         msg(rrd.details);
  82                 } else {
  83                         role(rrd.value);
  84                 }
  85                 return this;
  86         }
  87
  88         public ServiceValidator role(RoleDAO.Data pd) {
  89                 if(pd==null) {
  90                         msg("Role Data is null.");
  91                 } else {
  92                         ns(pd.ns);
  93                         role(pd.name);
  94                         if(pd.perms!=null) {
  95                                 for(String perm : pd.perms) {
  96                                         String[] ps = perm.split("\\|");
  97                                         if(ps.length!=3) {
  98                                                 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
  99                                         } else {
 100                                                 permType(ps[0],null);
 101                                                 permInstance(ps[1]);
 102                                                 permAction(ps[2]);
 103                                         }
 104                                 }
 105                         }
 106                         description("Role",pd.description);
 107                 }
 108                 return this;
 109         }
 110
 111         public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
 112                 if(rdd.notOK()) {
 113                         msg(rdd.details);
 114                 } else {
 115                         delegate(org, rdd.value);
 116                 }
 117                 return this;
 118         }
 119
 120         public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
 121                 if(dd==null) {
 122                         msg("Delegate Data is null.");
 123                 } else {
 124                         user(org,dd.user);
 125                         user(org,dd.delegate);
 126                 }
 127                 return this;
 128         }
 129
 130
 131         public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
 132                 if(rcd.notOK()) {
 133                         msg(rcd.details);
 134                 } else {
 135                         cred(trans, org,rcd.value,isNew);
 136                 }
 137                 return this;
 138         }
 139
 140         public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
 141                 if(cd==null) {
 142                         msg("Cred Data is null.");
 143                 } else {
 144                         if(nob(cd.id,ID_CHARS)) {
 145                                 msg("ID [" + cd.id + "] is invalid in " + org.getName());
 146                         }
 147                         if(!org.isValidCred(trans, cd.id)) {
 148                                 msg("ID [" + cd.id + "] is invalid for a cred in " + org.getName());
 149                         }
 150                         String str = cd.id;
 151                         int idx = str.indexOf('@');
 152                         if(idx>0) {
 153                                 str = str.substring(0,idx);
 154                         }
 155
 156                         if(org.supportsRealm(cd.id)) {
 157                                 String resp = org.isValidID(trans, str);
 158                                 if(isNew && (resp!=null && resp.length()>0)) {
 159                                         msg(cd.id,str);
 160                                 }
 161                         }
 162
 163                         if(cd.type==null) {
 164                                 msg("Credential Type must be set");
 165                         } else {
 166                                 switch(cd.type) {
 167                                         case CredDAO.BASIC_AUTH_SHA256:
 168                                                 // ok
 169                                                 break;
 170                                         default:
 171                                                 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
 172                                 }
 173                         }
 174                 }
 175                 return this;
 176         }
 177
 178
 179         public ServiceValidator user(Organization org, String user) {
 180                 if(nob(user,ID_CHARS)) {
 181                         msg("User [",user,"] is invalid.");
 182                 }
 183                 return this;
 184         }
 185
 186         public ServiceValidator ns(Result<Namespace> nsd) {
 187                 notOK(nsd);
 188                 ns(nsd.value);
 189                 return this;
 190         }
 191
 192         public ServiceValidator ns(Namespace ns) {
 193                 ns(ns.name);
 194                 for(String s : ns.admin) {
 195                         if(nob(s,ID_CHARS)) {
 196                                 msg("Admin [" + s + "] is invalid.");
 197                         }
 198
 199                 }
 200                 for(String s : ns.owner) {
 201                         if(nob(s,ID_CHARS)) {
 202                                 msg("Responsible [" + s + "] is invalid.");
 203                         }
 204
 205                 }
 206
 207                 if(ns.attrib!=null) {
 208                         for(Pair<String, String> at : ns.attrib) {
 209                                 if(nob(at.x,NAME_CHARS)) {
 210                                         msg("Attribute tag [" + at.x + "] is invalid.");
 211                                 }
 212                                 if(nob(at.x,NAME_CHARS)) {
 213                                         msg("Attribute value [" + at.y + "] is invalid.");
 214                                 }
 215                         }
 216                 }
 217
 218                 description("Namespace",ns.description);
 219                 return this;
 220         }
 221
 222         public ServiceValidator user_role(UserRoleDAO.Data urdd) {
 223                 if(urdd==null) {
 224                         msg("UserRole is null");
 225                 } else {
 226                         role(urdd.role);
 227                         nullOrBlank("UserRole.ns",urdd.ns);
 228                         nullOrBlank("UserRole.rname",urdd.rname);
 229                 }
 230                 return this;
 231         }
 232
 233         public ServiceValidator nullOrBlank(PermDAO.Data pd) {
 234                 if(pd==null) {
 235                         msg("Permission is null");
 236                 } else {
 237                         nullOrBlank("NS",pd.ns).
 238                         nullOrBlank("Type",pd.type).
 239                         nullOrBlank("Instance",pd.instance).
 240                         nullOrBlank("Action",pd.action);
 241                 }
 242                 return this;
 243         }
 244
 245         public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
 246                 if(rd==null) {
 247                         msg("Role is null");
 248                 } else {
 249                         nullOrBlank("NS",rd.ns).
 250                         nullOrBlank("Name",rd.name);
 251                 }
 252                 return this;
 253         }
 254 }