cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.olur;
  23
  24 import java.security.Principal;
  25 import java.util.HashSet;
  26 import java.util.List;
  27 import java.util.Set;
  28
  29 import org.onap.aaf.cadi.Access.Level;
  30 import org.onap.aaf.cadi.CadiException;
  31 import org.onap.aaf.cadi.LocatorException;
  32 import org.onap.aaf.cadi.Lur;
  33 import org.onap.aaf.cadi.Permission;
  34 import org.onap.aaf.cadi.PropAccess;
  35 import org.onap.aaf.cadi.aaf.AAFPermission;
  36 import org.onap.aaf.cadi.client.Result;
  37 import org.onap.aaf.cadi.lur.LocalPermission;
  38 import org.onap.aaf.cadi.oauth.AbsOTafLur;
  39 import org.onap.aaf.cadi.oauth.OAuth2Principal;
  40 import org.onap.aaf.cadi.oauth.TimedToken;
  41 import org.onap.aaf.cadi.oauth.TokenClient;
  42 import org.onap.aaf.cadi.oauth.TokenPerm;
  43 import org.onap.aaf.cadi.principal.Kind;
  44 import org.onap.aaf.misc.env.APIException;
  45 import org.onap.aaf.misc.env.util.Pool.Pooled;
  46 import org.onap.aaf.misc.env.util.Split;
  47
  48 public class OLur extends AbsOTafLur implements Lur {
  49         public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
  50                 super(access, token_url, introspect_url);
  51         }
  52
  53         /* (non-Javadoc)
  54          * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
  55          */
  56         @Override
  57         public boolean fish(Principal bait, Permission ... pond) {
  58                 TokenPerm tp;
  59                 if(bait instanceof OAuth2Principal) {
  60                         OAuth2Principal oa2p = (OAuth2Principal)bait;
  61                         tp = oa2p.tokenPerm();
  62                 } else {
  63                         tp=null;
  64                 }
  65                 if(tp==null) {
  66                         // if no Token Perm preset, get
  67                         try {
  68                                 Pooled<TokenClient> tcp = tokenClientPool.get();
  69                                 try {
  70                                         TokenClient tc = tcp.content;
  71                                         tc.username(bait.getName());
  72                                         Set<String> scopeSet = new HashSet<>();
  73                                         scopeSet.add(tc.defaultScope());
  74                                         AAFPermission ap;
  75                                         for (Permission p : pond) {
  76                                                 ap = (AAFPermission)p;
  77                                                 scopeSet.add(ap.getNS());
  78                                         }
  79                                         String[] scopes = new String[scopeSet.size()];
  80                                         scopeSet.toArray(scopes);
  81
  82                                         Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
  83                                         if(rtt.isOK()) {
  84                                                 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
  85                                                 if(rtp.isOK()) {
  86                                                         tp = rtp.value;
  87                                                 }
  88                                         }
  89                                 } finally {
  90                                         tcp.done();
  91                                 }
  92                         } catch (APIException | LocatorException | CadiException e) {
  93                                 access.log(e, "Unable to Get a Token");
  94                         }
  95                 }
  96
  97                 boolean rv = false;
  98                 if(tp!=null) {
  99                         if(tkMgr.access.willLog(Level.DEBUG)) {
 100                                 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
 101                                 sb.append(bait.getName());
 102                                 sb.append(", from token ");
 103                                 sb.append(tp.get().getAccessToken());
 104                                 for (AAFPermission p : tp.perms()) {
 105                                         sb.append("\n\t[");
 106                                         sb.append(p.getNS());
 107                                         sb.append(']');
 108                                         sb.append(p.getType());
 109                                         sb.append('|');
 110                                         sb.append(p.getInstance());
 111                                         sb.append('|');
 112                                         sb.append(p.getAction());
 113                                 }
 114                                 sb.append('\n');
 115                                 access.log(Level.DEBUG, sb);
 116                         }
 117                         for (Permission p : pond) {
 118                                 if(rv) {
 119                                         break;
 120                                 }
 121                                 for (AAFPermission perm : tp.perms()) {
 122                                         if (rv=perm.match(p)) {
 123                                                 break;
 124                                         }
 125                                 }
 126                         }
 127                 }
 128                 return rv;
 129         }
 130
 131         /* (non-Javadoc)
 132          * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
 133          */
 134         @Override
 135         public void fishAll(Principal bait, List<Permission> permissions) {
 136                 if(bait instanceof OAuth2Principal) {
 137                         for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
 138                                 permissions.add(p);
 139                         }
 140                 }
 141         }
 142
 143         /* (non-Javadoc)
 144          * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
 145          */
 146         @Override
 147         public boolean handlesExclusively(Permission ... pond) {
 148                 return false;
 149         }
 150
 151         /* (non-Javadoc)
 152          * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
 153          */
 154         @Override
 155         public boolean handles(Principal principal) {
 156                 return principal instanceof OAuth2Principal;
 157         }
 158
 159         /* (non-Javadoc)
 160          * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
 161          */
 162         @Override
 163         public Permission createPerm(final String p) {
 164                 String[] s = Split.split('|',p);
 165                 switch(s.length) {
 166                         case 3:
 167                                 return new AAFPermission(null, s[0],s[1],s[2]);
 168                         case 4:
 169                                 return new AAFPermission(s[0],s[1],s[2],s[3]);
 170                         default:
 171                                 return new LocalPermission(p);
 172                 }
 173         }
 174
 175 }