cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.aaf.v2_0;
  23
  24 import java.security.Principal;
  25 import java.util.ArrayList;
  26 import java.util.Date;
  27 import java.util.List;
  28
  29 import org.onap.aaf.cadi.AbsUserCache;
  30 import org.onap.aaf.cadi.Access.Level;
  31 import org.onap.aaf.cadi.CachingLur;
  32 import org.onap.aaf.cadi.Lur;
  33 import org.onap.aaf.cadi.Permission;
  34 import org.onap.aaf.cadi.User;
  35 import org.onap.aaf.cadi.aaf.AAFPermission;
  36 import org.onap.aaf.cadi.config.Config;
  37 import org.onap.aaf.misc.env.APIException;
  38 import org.onap.aaf.misc.env.util.Split;
  39
  40 public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
  41         protected static final byte[] BLANK_PASSWORD = new byte[0];
  42         private String[] debug = null;
  43         public AAFCon<?> aaf;
  44         public Lur preemptiveLur=null; // Initial Use is for OAuth2, preemptive Lur
  45         private String[] supports;
  46
  47         public AbsAAFLur(AAFCon<?> con) throws APIException {
  48                 super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);
  49                 aaf = con;
  50                 setLur(this);
  51                 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
  52         }
  53
  54         public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws APIException {
  55                 super(auc);
  56                 aaf = con;
  57                 setLur(this);
  58                 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
  59         }
  60
  61         @Override
  62         public void setDebug(String ids) {
  63                 this.debug = ids==null?null:Split.split(',', ids);
  64         }
  65
  66         public void setPreemptiveLur(Lur preemptive) {
  67                 this.preemptiveLur = preemptive;
  68         }
  69
  70         protected abstract User<PERM> loadUser(Principal bait);
  71
  72         @Override
  73         public final boolean handles(Principal principal) {
  74                 if(preemptiveLur!=null) {
  75                         if(preemptiveLur.handles(principal)) {
  76                                 return true;
  77                         }
  78                 }
  79                 String userName=principal.getName();
  80                 if(userName!=null) {
  81                         for(String s : supports) {
  82                                 if(userName.endsWith(s))
  83                                         return true;
  84                         }
  85                 }
  86                 return false;
  87         }
  88
  89
  90         protected abstract boolean isCorrectPermType(Permission pond);
  91
  92         // This is where you build AAF CLient Code.  Answer the question "Is principal "bait" in the "pond"
  93         public boolean fish(Principal bait, Permission pond) {
  94                 if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
  95                         return preemptiveLur.fish(bait, pond);
  96                 } else {
  97                         if(pond==null) {
  98                                 return false;
  99                         }
 100                         if(isDebug(bait)) {
 101                                 boolean rv = false;
 102                                 StringBuilder sb = new StringBuilder("Log for ");
 103                                 sb.append(bait);
 104                                 if(handles(bait)) {
 105                                         User<PERM> user = getUser(bait);
 106                                         if(user==null) {
 107                                                 sb.append("\n\tUser is not in Cache");
 108                                         } else {
 109                                                 if(user.noPerms()) {
 110                                                         sb.append("\n\tUser has no Perms");
 111                                                 }
 112                                                 if(user.permExpired()) {
 113                                                         sb.append("\n\tUser's perm expired [");
 114                                                         sb.append(new Date(user.permExpires()));
 115                                                         sb.append(']');
 116                                                 } else {
 117                                                         sb.append("\n\tUser's perm expires [");
 118                                                         sb.append(new Date(user.permExpires()));
 119                                                         sb.append(']');
 120                                                 }
 121                                         }
 122                                         if(user==null || user.permsUnloaded() || user.permExpired()) {
 123                                                 user = loadUser(bait);
 124                                                 sb.append("\n\tloadUser called");
 125                                         }
 126                                         if(user==null) {
 127                                                 sb.append("\n\tUser was not Loaded");
 128                                         } else if(user.contains(pond)) {
 129                                                 sb.append("\n\tUser contains ");
 130                                                 sb.append(pond.getKey());
 131                                                 rv = true;
 132                                         } else {
 133                                                 sb.append("\n\tUser does not contain ");
 134                                                 sb.append(pond.getKey());
 135                                                 List<Permission> perms = new ArrayList<>();
 136                                                 user.copyPermsTo(perms);
 137                                                 for(Permission p : perms) {
 138                                                         sb.append("\n\t\t");
 139                                                         sb.append(p.getKey());
 140                                                 }
 141                                         }
 142                                 } else {
 143                                         sb.append("AAF Lur does not support [");
 144                                         sb.append(bait);
 145                                         sb.append("]");
 146                                 }
 147                                 aaf.access.log(Level.INFO, sb);
 148                                 return rv;
 149                         } else {
 150                                 if(handles(bait)) {
 151                                         User<PERM> user = getUser(bait);
 152                                         if(user==null || user.permsUnloaded() || user.permExpired()) {
 153                                                 user = loadUser(bait);
 154                                         }
 155                                         return user==null?false:user.contains(pond);
 156                                 }
 157                                 return false;
 158                         }
 159                 }
 160         }
 161
 162         public void fishAll(Principal bait, List<Permission> perms) {
 163                 if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
 164                         preemptiveLur.fishAll(bait, perms);
 165                 } else {
 166                         if(isDebug(bait)) {
 167                                 StringBuilder sb = new StringBuilder("Log for ");
 168                                 sb.append(bait);
 169                                 if(handles(bait)) {
 170                                         User<PERM> user = getUser(bait);
 171                                         if(user==null) {
 172                                                 sb.append("\n\tUser is not in Cache");
 173                                         } else {
 174                                                 if(user.noPerms()) {
 175                                                         sb.append("\n\tUser has no Perms");
 176                                                 }
 177                                                 if(user.permExpired()) {
 178                                                         sb.append("\n\tUser's perm expired [");
 179                                                         sb.append(new Date(user.permExpires()));
 180                                                         sb.append(']');
 181                                                 } else {
 182                                                         sb.append("\n\tUser's perm expires [");
 183                                                         sb.append(new Date(user.permExpires()));
 184                                                         sb.append(']');
 185                                                 }
 186                                         }
 187                                         if(user==null || user.permsUnloaded() || user.permExpired()) {
 188                                                 user = loadUser(bait);
 189                                                 sb.append("\n\tloadUser called");
 190                                         }
 191                                         if(user==null) {
 192                                                 sb.append("\n\tUser was not Loaded");
 193                                         } else {
 194                                                 sb.append("\n\tCopying Perms ");
 195                                                 user.copyPermsTo(perms);
 196                                                 for(Permission p : perms) {
 197                                                         sb.append("\n\t\t");
 198                                                         sb.append(p.getKey());
 199                                                 }
 200                                         }
 201                                 } else {
 202                                         sb.append("AAF Lur does not support [");
 203                                         sb.append(bait);
 204                                         sb.append("]");
 205                                 }
 206                                 aaf.access.log(Level.INFO, sb);
 207                         } else {
 208                                 if(handles(bait)) {
 209                                         User<PERM> user = getUser(bait);
 210                                         if(user==null || user.permsUnloaded() || user.permExpired()) {
 211                                                 user = loadUser(bait);
 212                                         }
 213                                         if(user!=null) {
 214                                                 user.copyPermsTo(perms);
 215                                         }
 216                                 }
 217                         }
 218                 }
 219         }
 220
 221         @Override
 222         public void remove(String user) {
 223                 super.remove(user);
 224         }
 225
 226         private boolean isDebug(Principal p) {
 227                 if(debug!=null) {
 228                         if(debug.length==1 && "all".equals(debug[0])) {
 229                                 return true;
 230                         }
 231                         String name = p.getName();
 232                         for(String s : debug) {
 233                                 if(s.equals(name)) {
 234                                         return true;
 235                                 }
 236                         }
 237                 }
 238                 return false;
 239         }
 240         /**
 241          * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.
 242          *
 243          * @param bait
 244          * @param obj
 245          * @param type
 246          * @param instance
 247          * @param actions
 248          */
 249         public<A> void fishOneOf(Principal princ, A obj, String type, String instance, List<Action<A>> actions) {
 250                 User<PERM> user = getUser(princ);
 251                 if(user==null || user.permsUnloaded() || user.permExpired()) {
 252                         user = loadUser(princ);
 253                 }
 254                 if(user!=null) {
 255                         ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);
 256                         for(Action<A> action : actions) {
 257                                 perm.setAction(action.getName());
 258                                 if(user.contains(perm)) {
 259                                         if(action.exec(obj))return;
 260                                 }
 261                         }
 262                 }
 263         }
 264
 265         public static interface Action<A> {
 266                 public String getName();
 267                 /**
 268                  *  Return false to continue, True to end now
 269                  * @return
 270                  */
 271                 public boolean exec(A a);
 272         }
 273
 274         private class ReuseAAFPermission extends AAFPermission {
 275                 public ReuseAAFPermission(String type, String instance) {
 276                         super(type,instance,null,null);
 277                 }
 278
 279                 public void setAction(String s) {
 280                         action = s;
 281                 }
 282
 283                 /**
 284                  * This function understands that AAF Keys are hierarchical, :A:B:C,
 285                  *  Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit
 286                  * @return
 287                  */
 288         }
 289 }