cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.oauth;
  23
  24 import java.io.IOException;
  25 import java.net.HttpURLConnection;
  26 import java.net.URI;
  27 import java.net.URISyntaxException;
  28 import java.nio.file.Path;
  29 import java.security.GeneralSecurityException;
  30 import java.security.NoSuchAlgorithmException;
  31 import java.util.Map;
  32 import java.util.concurrent.ConcurrentHashMap;
  33 import java.util.regex.Pattern;
  34
  35 import org.onap.aaf.cadi.Access;
  36 import org.onap.aaf.cadi.CadiException;
  37 import org.onap.aaf.cadi.Hash;
  38 import org.onap.aaf.cadi.Locator;
  39 import org.onap.aaf.cadi.LocatorException;
  40 import org.onap.aaf.cadi.Symm;
  41 import org.onap.aaf.cadi.aaf.Defaults;
  42 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
  43 import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
  44 import org.onap.aaf.cadi.config.Config;
  45 import org.onap.aaf.cadi.config.SecurityInfoC;
  46 import org.onap.aaf.cadi.locator.PropertyLocator;
  47 import org.onap.aaf.cadi.locator.SingleEndpointLocator;
  48 import org.onap.aaf.cadi.oauth.TokenClient.AUTHN_METHOD;
  49 import org.onap.aaf.cadi.persist.Persist;
  50 import org.onap.aaf.cadi.principal.Kind;
  51 import org.onap.aaf.misc.env.APIException;
  52 import org.onap.aaf.misc.rosetta.env.RosettaEnv;
  53
  54 import aafoauth.v2_0.Token;
  55
  56 public class TokenClientFactory extends Persist<Token,TimedToken> {
  57         private static TokenClientFactory instance;
  58         private Map<String,AAFConHttp> aafcons = new ConcurrentHashMap<>();
  59         private SecurityInfoC<HttpURLConnection> hsi;
  60         // Package on purpose
  61         final Symm symm;
  62
  63         private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
  64                 super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
  65
  66                 if(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
  67                         access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Defaults.OAUTH2_TOKEN_URL); // Default to AAF
  68                 }
  69                 if(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
  70                         access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
  71                 }
  72
  73                 symm = Symm.encrypt.obtain();
  74                 hsi = SecurityInfoC.instance(access, HttpURLConnection.class);
  75         }
  76
  77         public synchronized static final TokenClientFactory instance(Access access) throws APIException, GeneralSecurityException, IOException, CadiException {
  78                 if(instance==null) {
  79                         instance = new TokenClientFactory(access);
  80                 }
  81                 return instance;
  82         }
  83
  84         /**
  85          * Pickup Timeout from Properties
  86          *
  87          * @param tagOrURL
  88          * @return
  89          * @throws CadiException
  90          * @throws LocatorException
  91          * @throws APIException
  92          */
  93         public<INTR> TokenClient newClient(final String tagOrURL) throws CadiException, LocatorException, APIException {
  94                 return newClient(tagOrURL,Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF)));
  95         }
  96
  97         public<INTR> TokenClient newClient(final String tagOrURL, final int timeout) throws CadiException, LocatorException, APIException {
  98                 AAFConHttp ach;
  99                 if(tagOrURL==null) {
 100                         throw new CadiException("parameter tagOrURL cannot be null.");
 101                 } else {
 102                         ach = aafcons.get(tagOrURL);
 103                         if(ach==null) {
 104                                 aafcons.put(tagOrURL, ach=new AAFConHttp(access,tagOrURL));
 105                         }
 106                 }
 107                 char okind;
 108                 if( Config.AAF_OAUTH2_TOKEN_URL.equals(tagOrURL) ||
 109                         Config.AAF_OAUTH2_INTROSPECT_URL.equals(tagOrURL) ||
 110                         tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL, null)) ||
 111                         tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL, null))
 112                         ) {
 113                                 okind = Kind.AAF_OAUTH;
 114                         } else {
 115                                 okind = Kind.OAUTH;
 116                         }
 117                 TokenClient tci = new TokenClient(
 118                                 okind,
 119                                 this,
 120                                 ach,
 121                                 timeout,
 122                                 AUTHN_METHOD.none);
 123                 tci.client_creds(access);
 124                 return tci;
 125         }
 126
 127         public TzClient newTzClient(final String locatorURL) throws CadiException, LocatorException {
 128                 try {
 129                         return new TzHClient(access,hsi,bestLocator(locatorURL));
 130                 } catch (URISyntaxException e) {
 131                         throw new LocatorException(e);
 132                 }
 133         }
 134
 135         static String getKey(char tokenSource,String client_id, String username, byte[] hash, String scope) throws CadiException {
 136                 try {
 137                         StringBuilder sb = new StringBuilder(client_id);
 138                         sb.append('_');
 139                         if(username!=null) {
 140                                 sb.append(username);
 141                         }
 142                         sb.append('_');
 143                         sb.append(tokenSource);
 144                         byte[] tohash=scope.getBytes();
 145                         if(hash!=null && hash.length>0) {
 146                                 byte temp[] = new byte[hash.length+tohash.length];
 147                                 System.arraycopy(tohash, 0, temp, 0, tohash.length);
 148                                 System.arraycopy(hash, 0, temp, tohash.length, hash.length);
 149                                 tohash = temp;
 150                         }
 151                         if(scope!=null && scope.length()>0) {
 152                                 sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
 153                         }
 154                         return sb.toString();
 155                 } catch (NoSuchAlgorithmException e) {
 156                         throw new CadiException(e);
 157                 }
 158         }
 159
 160         @Override
 161         protected TimedToken newCacheable(Token t, long expires, byte[] hash, Path path) throws IOException {
 162                 return new TimedToken(this,t,expires,hash,path);
 163         }
 164
 165         public TimedToken putTimedToken(String key, Token token, byte[] hash) throws IOException, CadiException {
 166                 TimedToken tt = new TimedToken(this,token,token.getExpiresIn()+(System.currentTimeMillis()/1000),hash,getPath(key));
 167                 put(key,tt);
 168                 return tt;
 169         }
 170
 171         private static final Pattern locatePattern = Pattern.compile("https://.*/locate/.*");
 172         public Locator<URI> bestLocator(final String locatorURL ) throws LocatorException, URISyntaxException {
 173                 if(locatorURL==null) {
 174                         throw new LocatorException("Cannot have a null locatorURL in bestLocator");
 175                 }
 176                 if(locatorURL.startsWith("https://AAF_LOCATE_URL/") || locatePattern.matcher(locatorURL).matches()) {
 177                         return new AAFLocator(hsi,new URI(locatorURL));
 178                 } else if(locatorURL.indexOf(',')>0) { // multiple URLs is a Property Locator
 179                         return new PropertyLocator(locatorURL);
 180                 } else {
 181                         return new SingleEndpointLocator(locatorURL);
 182                 }
 183                 // Note: Removed DME2Locator... If DME2 client is needed, use DME2Clients
 184         }
 185 }