cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.olur;
  23
  24 import java.security.Principal;
  25 import java.util.List;
  26
  27 import org.onap.aaf.cadi.CadiException;
  28 import org.onap.aaf.cadi.LocatorException;
  29 import org.onap.aaf.cadi.Lur;
  30 import org.onap.aaf.cadi.Permission;
  31 import org.onap.aaf.cadi.PropAccess;
  32 import org.onap.aaf.cadi.Access.Level;
  33 import org.onap.aaf.cadi.aaf.AAFPermission;
  34 import org.onap.aaf.cadi.client.Result;
  35 import org.onap.aaf.cadi.oauth.AbsOTafLur;
  36 import org.onap.aaf.cadi.oauth.OAuth2Principal;
  37 import org.onap.aaf.cadi.oauth.TimedToken;
  38 import org.onap.aaf.cadi.oauth.TokenClient;
  39 import org.onap.aaf.cadi.oauth.TokenPerm;
  40 import org.onap.aaf.cadi.principal.Kind;
  41 import org.onap.aaf.misc.env.APIException;
  42 import org.onap.aaf.misc.env.util.Split;
  43 import org.onap.aaf.misc.env.util.Pool.Pooled;
  44
  45 public class OLur extends AbsOTafLur implements Lur {
  46         public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
  47                 super(access, token_url, introspect_url);
  48         }
  49
  50         /* (non-Javadoc)
  51          * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
  52          */
  53         @Override
  54         public boolean fish(Principal bait, Permission pond) {
  55                 TokenPerm tp;
  56                 if(bait instanceof OAuth2Principal) {
  57                         OAuth2Principal oa2p = (OAuth2Principal)bait;
  58                         tp = oa2p.tokenPerm();
  59                 } else {
  60                         tp=null;
  61                 }
  62                 if(tp==null) {
  63                         // if no Token Perm preset, get
  64                         try {
  65                                 Pooled<TokenClient> tcp = tokenClientPool.get();
  66                                 try {
  67                                         TokenClient tc = tcp.content;
  68                                         tc.username(bait.getName());
  69                                         Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
  70                                         if(rtt.isOK()) {
  71                                                 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
  72                                                 if(rtp.isOK()) {
  73                                                         tp = rtp.value;
  74                                                 }
  75                                         }
  76                                 } finally {
  77                                         tcp.done();
  78                                 }
  79                         } catch (APIException | LocatorException | CadiException e) {
  80                                 access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
  81                         }
  82                 }
  83                 if(tp!=null) {
  84                         if(tkMgr.access.willLog(Level.DEBUG)) {
  85                                 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
  86                                 sb.append(bait.getName());
  87                                 sb.append(", from token ");
  88                                 sb.append(tp.get().getAccessToken());
  89                                 for (AAFPermission p : tp.perms()) {
  90                                         sb.append("\n\t");
  91                                         sb.append(p.getName());
  92                                         sb.append('|');
  93                                         sb.append(p.getInstance());
  94                                         sb.append('|');
  95                                         sb.append(p.getAction());
  96                                 }
  97                                 sb.append('\n');
  98                                 access.log(Level.DEBUG, sb);
  99                         }
 100                         for (AAFPermission p : tp.perms()) {
 101                                 if (p.match(pond)) {
 102                                         return true;
 103                                 }
 104                         }
 105                 }
 106                 return false;
 107         }
 108
 109         /* (non-Javadoc)
 110          * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
 111          */
 112         @Override
 113         public void fishAll(Principal bait, List<Permission> permissions) {
 114                 if(bait instanceof OAuth2Principal) {
 115                         for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
 116                                 permissions.add(p);
 117                         }
 118                 }
 119         }
 120
 121         /* (non-Javadoc)
 122          * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
 123          */
 124         @Override
 125         public boolean handlesExclusively(Permission pond) {
 126                 return false;
 127         }
 128
 129         /* (non-Javadoc)
 130          * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
 131          */
 132         @Override
 133         public boolean handles(Principal principal) {
 134                 return principal instanceof OAuth2Principal;
 135         }
 136
 137         /* (non-Javadoc)
 138          * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
 139          */
 140         @Override
 141         public Permission createPerm(final String p) {
 142                 String[] s = Split.split('|',p);
 143                 if(s!=null && s.length==3) {
 144                         return new AAFPermission(s[0],s[1],s[2]);
 145                 } else {
 146                         return null;
 147                 }
 148         }
 149
 150 }