cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFBase.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package com.att.aaf.cadi.cass;
  23
  24 import java.io.File;
  25 import java.io.FileInputStream;
  26 import java.io.InputStream;
  27 import java.net.HttpURLConnection;
  28 import java.net.URL;
  29 import java.util.HashSet;
  30 import java.util.Properties;
  31 import java.util.Set;
  32
  33 import org.apache.cassandra.auth.DataResource;
  34 import org.apache.cassandra.auth.IAuthenticator;
  35 import org.apache.cassandra.config.DatabaseDescriptor;
  36 import org.apache.cassandra.exceptions.ConfigurationException;
  37 import org.onap.aaf.cadi.Access;
  38 import org.onap.aaf.cadi.Access.Level;
  39 import org.onap.aaf.cadi.Lur;
  40 import org.onap.aaf.cadi.PropAccess;
  41 import org.onap.aaf.cadi.aaf.AAFPermission;
  42 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
  43 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
  44 import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
  45 import org.onap.aaf.cadi.config.Config;
  46 import org.onap.aaf.cadi.config.SecurityInfoC;
  47 import org.onap.aaf.cadi.lur.EpiLur;
  48 import org.onap.aaf.cadi.lur.LocalLur;
  49
  50 public abstract class AAFBase {
  51         protected static final Set<IAuthenticator.Option> options;
  52         protected static final Set<DataResource> dataResource;
  53
  54         static {
  55                 options = new HashSet<IAuthenticator.Option>();
  56                 options.add(IAuthenticator.Option.PASSWORD);
  57
  58                 dataResource = new HashSet<DataResource>();
  59                 dataResource.add(DataResource.columnFamily("system_auth", "credentials"));
  60         }
  61
  62         protected static Access access;
  63         protected static LocalLur localLur;
  64         protected static AAFCon<?> aafcon;
  65         protected static AAFAuthn<?> aafAuthn;
  66         protected static AbsAAFLur<AAFPermission> aafLur;
  67         protected static String default_realm;
  68     protected static String cluster_name;
  69     protected static String perm_type;
  70         private static boolean props_ok = false;
  71
  72         /**
  73          * If you use your own Access Class, this must be called before
  74          * "setup()" is invoked by Cassandra.
  75          *
  76          * Otherwise, it will default to reading Properties CADI style.
  77          *
  78          * @param access
  79          */
  80         public static void setAccess(Access access) {
  81                 AAFBase.access = access;
  82         }
  83
  84
  85     public void validateConfiguration() throws ConfigurationException {
  86         setup();
  87         if(!props_ok)  {
  88                 throw new ConfigurationException("AAF not initialized");
  89         }
  90     }
  91
  92         @SuppressWarnings("unchecked")
  93         public synchronized void setup() {
  94                 if(aafAuthn == null) {
  95                         try {
  96                                 if(access==null) {
  97                                         String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");
  98                                         Properties initial = new Properties();
  99                                         URL cadi_props = ClassLoader.getSystemResource(value);
 100                                         if(cadi_props == null) {
 101                                                 File cp = new File(value);
 102                                                 if(cp.exists()) {
 103                                                         InputStream is = new FileInputStream(cp);
 104                                                         try {
 105                                                                 initial.load(is);
 106                                                         } finally {
 107                                                                 is.close();
 108                                                         }
 109                                                 } else {
 110                                                         System.out.printf("%s does not exist as File or in Classpath\n",value);
 111                                                         initial.setProperty(Config.CADI_PROP_FILES, value);
 112                                                 }
 113                                         } else {
 114                                                 InputStream is = cadi_props.openStream();
 115                                                 try {
 116                                                         initial.load(is);
 117                                                 } finally {
 118                                                         is.close();
 119                                                 }
 120                                         }
 121                                         access = new PropAccess(initial);
 122                                 }
 123                                 props_ok = true;
 124                                 if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {
 125                                         props_ok=false;
 126                                 } else {
 127                                         perm_type = perm_type + ".cass";
 128                                 }
 129
 130                                 if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {
 131                                         if((cluster_name = DatabaseDescriptor.getClusterName())==null) {
 132                                                 props_ok=false;
 133                                         }
 134                                 }
 135
 136                                 if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {
 137                                         props_ok=false;
 138                                 }
 139
 140                                 if(props_ok==false) {
 141                                         return;
 142                                 }
 143
 144                                 // AAFLur has pool of DME clients as needed, and Caches Client lookups
 145                                 SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
 146                                 Lur lur = Config.configLur(si,aafcon);
 147                                 // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon
 148                                 if(lur instanceof EpiLur) {
 149                                         EpiLur elur = (EpiLur)lur;
 150                                         for(int i=0; (lur = elur.get(i))!=null;++i) {
 151                                                 if(lur instanceof AbsAAFLur) {
 152                                                         aafLur=(AbsAAFLur<AAFPermission>)lur;
 153                                                         aafcon = aafLur.aaf;
 154                                                         aafAuthn = aafLur.aaf.newAuthn(aafLur);
 155                                                         break;
 156                                                 } else if(lur instanceof LocalLur) {
 157                                                         localLur = (LocalLur)lur;
 158                                                 }
 159                                         }
 160                                 } else if(lur instanceof AbsAAFLur) {
 161                                         aafLur=(AbsAAFLur<AAFPermission>)lur;
 162                                         aafcon = aafLur.aaf;
 163                                         aafAuthn = aafLur.aaf.newAuthn(aafLur);
 164                                 }
 165                                 if(aafAuthn==null) {
 166                                         access.log(Level.INIT,"Failed to instantiate full AAF access");
 167                                         props_ok = false;
 168                                 }
 169                         } catch (Exception e) {
 170                                 aafAuthn=null;
 171                                 if(access!=null)access.log(e, "Failed to initialize AAF");
 172                                 props_ok = false;
 173                         }
 174                 }
 175         }
 176
 177         public Set<DataResource> protectedResources() {
 178                 access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");
 179                 return dataResource;
 180         }
 181
 182         public Set<IAuthenticator.Option> supportedOptions() {
 183                 access.log(Level.DEBUG, "supportedOptions() called");
 184                 return options;
 185         }
 186
 187         public Set<IAuthenticator.Option> alterableOptions() {
 188                 access.log(Level.DEBUG, "alterableOptions() called");
 189                 return options;
 190         }
 191
 192
 193 }