package org.onap.dmaap.dbcapi.aaf;
-import java.io.IOException;
-
-import org.apache.log4j.Logger;
import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
import org.onap.dmaap.dbcapi.util.DmaapConfig;
+/*
+ * this service uses the AAF REST API endpoints to provision values in AAF
+ */
public class AafService extends BaseLoggingClass {
public enum ServiceType {
AAF_Admin,
private AafConnection aaf;
private ServiceType ctype;
private String aafURL ;
+ private String identity;
+ private boolean useAAF = false;
+
+
+ public String getIdentity() {
+ return identity;
+ }
+
+
+ public void setIdentity(String identity) {
+ this.identity = identity;
+ }
+
+
private String getCred( boolean wPwd ) {
String mechIdProperty = null;
String pwdProperty = null;
logger.error( "Unexpected case for AAF credential type: " + ctype );
return null;
}
- String user = p.getProperty( mechIdProperty, "noMechId@domain.netset.com" );
- //String dClass = p.getProperty( "AafDecryption.Class", "org.openecomp.dmaapbc.aaf.ClearDecrypt");
+ identity = p.getProperty( mechIdProperty, "noMechId@domain.netset.com" );
+
String pwd = "";
String encPwd = p.getProperty( pwdProperty, "notSet" );
- //DecryptionInterface dec = null;
- //try {
- // dec = (DecryptionInterface) (Class.forName(dClass).newInstance());
- // dec.init( p.getProperty("CredentialCodecKeyfile", "LocalKey"));
- //} catch (Exception ee ) {
- // errorLogger.error(DmaapbcLogMessageEnum.UNEXPECTED_CONDITION, "attempting to use " + dClass + " to decrypt " + encPwd );
- //}
- //try {
- // pwd = dec.decrypt( encPwd );
- //} catch( IOException io ) {
- // errorLogger.error(DmaapbcLogMessageEnum.DECRYPT_IO_ERROR, dClass, encPwd );
- //}
+
pwd = decryptor.decrypt(encPwd);
if ( wPwd ) {
- return user + ":" + pwd;
+ return identity + ":" + pwd;
} else {
- return user;
+ return identity;
}
}
+
public AafService(ServiceType t ) {
DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
- aafURL = p.getProperty( "aaf.URL", "https://authentication.domain.netset.com:8095/proxy/");
+ aafURL = p.getProperty( "aaf.URL", "https://authentication.domain.netset.com:8100/proxy/");
initAafService( t );
}
public AafService( ServiceType t, String url ) {
}
private void initAafService( ServiceType t ) {
+ DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
+ useAAF= "true".equalsIgnoreCase(p.getProperty("UseAAF", "false"));
+ logger.info( "AafService initAafService: useAAF=" + useAAF);
+
ctype = t;
aaf = new AafConnection( getCred( true ) );
}
public int addPerm(DmaapPerm perm) {
-
- int rc = -1;
logger.info( "entry: addPerm() " );
- String pURL = aafURL + "authz/perm";
- rc = aaf.postAaf( perm, pURL );
- switch( rc ) {
- case 401:
- case 403:
- errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred( false ) );
- System.exit(1);
- case 409:
- logger.warn( "Perm already exists. Possible conflict.");
- break;
-
- case 201:
- logger.info( "expected response" );
- break;
- default :
- logger.error( "Unexpected response: " + rc );
- break;
- }
-
- return rc;
+ return doPost( perm, "authz/perm", 201);
}
public int addGrant(DmaapGrant grant ) {
-
- int rc = -1;
logger.info( "entry: addGrant() " );
-
- String pURL = aafURL + "authz/role/perm";
- rc = aaf.postAaf( grant, pURL );
- switch( rc ) {
- case 401:
- case 403:
- errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred( false ) );
- System.exit(1);
- break;
-
- case 409:
- logger.warn( "Perm already exists. Possible conflict.");
- break;
-
- case 201:
- logger.info( "expected response" );
- break;
- default :
- logger.error( "Unexpected response: " + rc );
- break;
- }
-
- return rc;
+ return doPost( grant, "authz/role/perm", 201 );
+ }
+ public int addUserRole( AafUserRole ur ) {
+ logger.info( "entry: addUserRole() " );
+ return doPost( ur, "authz/userRole", 201 );
}
public int delGrant( DmaapGrant grant ) {
logger.info( "entry: delGrant() " );
String pURL = aafURL + "authz/role/:" + grant.getRole() + "/perm";
- rc = aaf.delAaf( grant, pURL );
+
+ if ( useAAF ) {
+ rc = aaf.delAaf( grant, pURL );
+ } else {
+ rc = 200;
+ }
switch( rc ) {
case 401:
case 403:
return rc;
}
+
+ public int addRole(AafRole role) {
+ logger.info( "entry: addRole() " );
+ return doPost( role, "authz/role", 201 );
+ }
+
+
+
+ public int addNamespace(AafNamespace ns) {
+ logger.info( "entry: addNamespace() " );
+ return doPost( ns, "authz/ns", 201 );
+ }
+
+
+ private int doPost( AafObject obj, String uri, int expect ) {
+ int rc = -1;
+ logger.info( "entry: doPost() " );
+ String pURL = aafURL + uri;
+ logger.info( "doPost: useAAF=" + useAAF );
+ if ( useAAF ) {
+ logger.info( "doPost: " + obj.toJSON());
+ rc = aaf.postAaf( obj, pURL );
+ } else {
+ rc = expect;
+ }
+ switch( rc ) {
+ case 401:
+ case 403:
+ errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred( false ) );
+ System.exit(1);
+ case 409:
+ logger.warn( "Object for " + uri + " already exists. Possible conflict.");
+ break;
+
+
+ default :
+ if ( rc == expect ) {
+ logger.info( "expected response: " + rc);
+ } else {
+ logger.error( "Unexpected response: " + rc );
+ }
+ break;
+ }
+
+ return rc;
+ }
}