cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.olur;
  23
  24 import java.security.Principal;
  25 import java.util.HashSet;
  26 import java.util.List;
  27 import java.util.Set;
  28
  29 import org.onap.aaf.cadi.Access.Level;
  30 import org.onap.aaf.cadi.CadiException;
  31 import org.onap.aaf.cadi.LocatorException;
  32 import org.onap.aaf.cadi.Lur;
  33 import org.onap.aaf.cadi.Permission;
  34 import org.onap.aaf.cadi.PropAccess;
  35 import org.onap.aaf.cadi.aaf.AAFPermission;
  36 import org.onap.aaf.cadi.client.Result;
  37 import org.onap.aaf.cadi.lur.LocalPermission;
  38 import org.onap.aaf.cadi.oauth.AbsOTafLur;
  39 import org.onap.aaf.cadi.oauth.OAuth2Principal;
  40 import org.onap.aaf.cadi.oauth.TimedToken;
  41 import org.onap.aaf.cadi.oauth.TokenClient;
  42 import org.onap.aaf.cadi.oauth.TokenPerm;
  43 import org.onap.aaf.cadi.principal.Kind;
  44 import org.onap.aaf.misc.env.APIException;
  45 import org.onap.aaf.misc.env.util.Pool.Pooled;
  46 import org.onap.aaf.misc.env.util.Split;
  47
  48 public class OLur extends AbsOTafLur implements Lur {
  49         public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
  50                 super(access, token_url, introspect_url);
  51         }
  52
  53         /* (non-Javadoc)
  54          * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
  55          */
  56         @Override
  57         public boolean fish(Principal bait, Permission ... pond) {
  58                 TokenPerm tp;
  59                 if(bait instanceof OAuth2Principal) {
  60                         OAuth2Principal oa2p = (OAuth2Principal)bait;
  61                         tp = oa2p.tokenPerm();
  62                 } else {
  63                         tp=null;
  64                 }
  65                 if(tp==null) {
  66                         // if no Token Perm preset, get
  67                         try {
  68                                 Pooled<TokenClient> tcp = tokenClientPool.get();
  69                                 try {
  70                                         TokenClient tc = tcp.content;
  71                                         tc.username(bait.getName());
  72                                         Set<String> scopeSet = new HashSet<>();
  73                                         scopeSet.add(tc.defaultScope());
  74                                         AAFPermission ap;
  75                                         for (Permission p : pond) {
  76                                                 if(p instanceof AAFPermission) {
  77                                                         ap = (AAFPermission)p;
  78                                                         scopeSet.add(ap.getNS());
  79                                                 }
  80                                         }
  81                                         String[] scopes = new String[scopeSet.size()];
  82                                         scopeSet.toArray(scopes);
  83
  84                                         Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
  85                                         if(rtt.isOK()) {
  86                                                 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
  87                                                 if(rtp.isOK()) {
  88                                                         tp = rtp.value;
  89                                                 }
  90                                         }
  91                                 } finally {
  92                                         tcp.done();
  93                                 }
  94                         } catch (APIException | LocatorException | CadiException e) {
  95                                 access.log(e, "Unable to Get a Token");
  96                         }
  97                 }
  98
  99                 boolean rv = false;
 100                 if(tp!=null) {
 101                         if(tkMgr.access.willLog(Level.DEBUG)) {
 102                                 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
 103                                 sb.append(bait.getName());
 104                                 sb.append(", from token ");
 105                                 sb.append(tp.get().getAccessToken());
 106                                 for (AAFPermission p : tp.perms()) {
 107                                         sb.append("\n\t[");
 108                                         sb.append(p.getNS());
 109                                         sb.append(']');
 110                                         sb.append(p.getType());
 111                                         sb.append('|');
 112                                         sb.append(p.getInstance());
 113                                         sb.append('|');
 114                                         sb.append(p.getAction());
 115                                 }
 116                                 sb.append('\n');
 117                                 access.log(Level.DEBUG, sb);
 118                         }
 119                         for (Permission p : pond) {
 120                                 if(rv) {
 121                                         break;
 122                                 }
 123                                 for (AAFPermission perm : tp.perms()) {
 124                                         if (rv=perm.match(p)) {
 125                                                 break;
 126                                         }
 127                                 }
 128                         }
 129                 }
 130                 return rv;
 131         }
 132
 133         /* (non-Javadoc)
 134          * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
 135          */
 136         @Override
 137         public void fishAll(Principal bait, List<Permission> permissions) {
 138                 if(bait instanceof OAuth2Principal) {
 139                         for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
 140                                 permissions.add(p);
 141                         }
 142                 }
 143         }
 144
 145         /* (non-Javadoc)
 146          * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
 147          */
 148         @Override
 149         public boolean handlesExclusively(Permission ... pond) {
 150                 return false;
 151         }
 152
 153         /* (non-Javadoc)
 154          * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
 155          */
 156         @Override
 157         public boolean handles(Principal principal) {
 158                 return principal instanceof OAuth2Principal;
 159         }
 160
 161         /* (non-Javadoc)
 162          * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
 163          */
 164         @Override
 165         public Permission createPerm(final String p) {
 166                 String[] s = Split.split('|',p);
 167                 switch(s.length) {
 168                         case 3:
 169                                 return new AAFPermission(null, s[0],s[1],s[2]);
 170                         case 4:
 171                                 return new AAFPermission(s[0],s[1],s[2],s[3]);
 172                         default:
 173                                 return new LocalPermission(p);
 174                 }
 175         }
 176
 177 }