auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.service.validation;
  23
  24 import org.onap.aaf.auth.dao.cass.CredDAO;
  25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
  26 import org.onap.aaf.auth.dao.cass.Namespace;
  27 import org.onap.aaf.auth.dao.cass.PermDAO;
  28 import org.onap.aaf.auth.dao.cass.RoleDAO;
  29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
  30 import org.onap.aaf.auth.env.AuthzTrans;
  31 import org.onap.aaf.auth.layer.Result;
  32 import org.onap.aaf.auth.org.Organization;
  33 import org.onap.aaf.auth.rserv.Pair;
  34 import org.onap.aaf.auth.validation.Validator;
  35
  36 /**
  37  * Validator
  38  * Consistently apply content rules for content (incoming)
  39  *
  40  * Note: We restrict content for usability in URLs (because RESTful service), and avoid
  41  * issues with Regular Expressions, and other enabling technologies.
  42  * @author Jonathan
  43  *
  44  */
  45 public class ServiceValidator extends Validator {
  46         public ServiceValidator perm(Result<PermDAO.Data> rpd) {
  47                 if(rpd.notOK()) {
  48                         msg(rpd.details);
  49                 } else {
  50                         perm(rpd.value);
  51                 }
  52                 return this;
  53         }
  54
  55
  56         public ServiceValidator perm(PermDAO.Data pd) {
  57                 if(pd==null) {
  58                         msg("Perm Data is null.");
  59                 } else {
  60                         ns(pd.ns);
  61                         permType(pd.type,pd.ns);
  62                         permInstance(pd.instance);
  63                         permAction(pd.action);
  64                         if(pd.roles!=null) {
  65                                 for(String role : pd.roles) {
  66                                         role(role);
  67                                 }
  68                         }
  69                         if(pd.roles!=null) {
  70                                 for(String r : pd.roles) {
  71                                         role(r);
  72                                 }
  73                         }
  74                         description("Perm",pd.description);
  75                 }
  76                 return this;
  77         }
  78
  79         public ServiceValidator role(Result<RoleDAO.Data> rrd) {
  80                 if(rrd.notOK()) {
  81                         msg(rrd.details);
  82                 } else {
  83                         role(rrd.value);
  84                 }
  85                 return this;
  86         }
  87
  88         public ServiceValidator role(RoleDAO.Data pd) {
  89                 if(pd==null) {
  90                         msg("Role Data is null.");
  91                 } else {
  92                         ns(pd.ns);
  93                         role(pd.name);
  94                         if(pd.perms!=null) {
  95                                 for(String perm : pd.perms) {
  96                                         String[] ps = perm.split("\\|");
  97                                         if(ps.length!=3) {
  98                                                 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
  99                                         } else {
 100                                                 permType(ps[0],null);
 101                                                 permInstance(ps[1]);
 102                                                 permAction(ps[2]);
 103                                         }
 104                                 }
 105                         }
 106                         description("Role",pd.description);
 107                 }
 108                 return this;
 109         }
 110
 111         public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
 112                 if(rdd.notOK()) {
 113                         msg(rdd.details);
 114                 } else {
 115                         delegate(org, rdd.value);
 116                 }
 117                 return this;
 118         }
 119
 120         public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
 121                 if(dd==null) {
 122                         msg("Delegate Data is null.");
 123                 } else {
 124                         user(org,dd.user);
 125                         user(org,dd.delegate);
 126                 }
 127                 return this;
 128         }
 129
 130
 131         public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
 132                 if(rcd.notOK()) {
 133                         msg(rcd.details);
 134                 } else {
 135                         cred(trans, org,rcd.value,isNew);
 136                 }
 137                 return this;
 138         }
 139
 140         public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
 141                 if(cd==null) {
 142                         msg("Cred Data is null.");
 143                 } else {
 144                         if(!org.isValidCred(trans, cd.id)) {
 145                                 msg("ID [" + cd.id + "] is invalid in " + org.getName());
 146                         }
 147                         String str = cd.id;
 148                         int idx = str.indexOf('@');
 149                         if(idx>0) {
 150                                 str = str.substring(0,idx);
 151                         }
 152
 153                         if(org.supportsRealm(cd.id)) {
 154                                 String resp = org.isValidID(trans, str);
 155                                 if(isNew && (resp!=null && resp.length()>0)) {
 156                                         msg(cd.id,str);
 157                                 }
 158                         }
 159
 160                         if(cd.type==null) {
 161                                 msg("Credential Type must be set");
 162                         } else {
 163                                 switch(cd.type) {
 164                                         case CredDAO.BASIC_AUTH_SHA256:
 165                                                 // ok
 166                                                 break;
 167                                         default:
 168                                                 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
 169                                 }
 170                         }
 171                 }
 172                 return this;
 173         }
 174
 175
 176         public ServiceValidator user(Organization org, String user) {
 177                 if(nob(user,ID_CHARS)) {
 178                         msg("User [",user,"] is invalid.");
 179                 }
 180                 return this;
 181         }
 182
 183         public ServiceValidator ns(Result<Namespace> nsd) {
 184                 notOK(nsd);
 185                 ns(nsd.value);
 186                 return this;
 187         }
 188
 189         public ServiceValidator ns(Namespace ns) {
 190                 ns(ns.name);
 191                 for(String s : ns.admin) {
 192                         if(nob(s,ID_CHARS)) {
 193                                 msg("Admin [" + s + "] is invalid.");
 194                         }
 195
 196                 }
 197                 for(String s : ns.owner) {
 198                         if(nob(s,ID_CHARS)) {
 199                                 msg("Responsible [" + s + "] is invalid.");
 200                         }
 201
 202                 }
 203
 204                 if(ns.attrib!=null) {
 205                         for(Pair<String, String> at : ns.attrib) {
 206                                 if(nob(at.x,NAME_CHARS)) {
 207                                         msg("Attribute tag [" + at.x + "] is invalid.");
 208                                 }
 209                                 if(nob(at.x,NAME_CHARS)) {
 210                                         msg("Attribute value [" + at.y + "] is invalid.");
 211                                 }
 212                         }
 213                 }
 214
 215                 description("Namespace",ns.description);
 216                 return this;
 217         }
 218
 219         public ServiceValidator user_role(UserRoleDAO.Data urdd) {
 220                 if(urdd==null) {
 221                         msg("UserRole is null");
 222                 } else {
 223                         role(urdd.role);
 224                         nullOrBlank("UserRole.ns",urdd.ns);
 225                         nullOrBlank("UserRole.rname",urdd.rname);
 226                 }
 227                 return this;
 228         }
 229
 230         public ServiceValidator nullOrBlank(PermDAO.Data pd) {
 231                 if(pd==null) {
 232                         msg("Permission is null");
 233                 } else {
 234                         nullOrBlank("NS",pd.ns).
 235                         nullOrBlank("Type",pd.type).
 236                         nullOrBlank("Instance",pd.instance).
 237                         nullOrBlank("Action",pd.action);
 238                 }
 239                 return this;
 240         }
 241
 242         public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
 243                 if(rd==null) {
 244                         msg("Role is null");
 245                 } else {
 246                         nullOrBlank("NS",rd.ns).
 247                         nullOrBlank("Name",rd.name);
 248                 }
 249                 return this;
 250         }
 251 }