src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java

   1 /*******************************************************************************
   2  *  ============LICENSE_START=======================================================
   3  *  org.onap.dmaap
   4  *  ================================================================================
   5  *  Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  *  ================================================================================
   7  *  Licensed under the Apache License, Version 2.0 (the "License");
   8  *  you may not use this file except in compliance with the License.
   9  *  You may obtain a copy of the License at
  10  *        http://www.apache.org/licenses/LICENSE-2.0
  11 *
  12  *  Unless required by applicable law or agreed to in writing, software
  13  *  distributed under the License is distributed on an "AS IS" BASIS,
  14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15  *  See the License for the specific language governing permissions and
  16  *  limitations under the License.
  17  *  ============LICENSE_END=========================================================
  18  *
  19  *
  20  *******************************************************************************/
  21 package org.onap.dmaap.commonauth.kafka.base.authorization;
  22
  23 import java.io.FileInputStream;
  24 import java.io.IOException;
  25 import java.util.Properties;
  26
  27 import org.slf4j.Logger;
  28 import org.slf4j.LoggerFactory;
  29
  30 import org.onap.aaf.cadi.CadiException;
  31 import org.onap.aaf.cadi.PropAccess;
  32 import org.onap.aaf.cadi.aaf.AAFPermission;
  33 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
  34 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
  35 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
  36 import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
  37 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
  38
  39 public class Cadi3AAFProvider implements AuthorizationProvider {
  40
  41         private static PropAccess access;
  42         private static AAFCon<?> aafcon;
  43         private static final String CADI_PROPERTIES = "/opt/kafka/config/cadi.properties";
  44         private static final String AAF_LOCATOR_ENV = "aaf_locate_url";
  45         private static final String MR_NAMESPACE = "org.onap.dmaap.mr";
  46
  47         public static AAFAuthn<?> getAafAuthn() throws CadiException {
  48                 if (aafAuthn == null) {
  49                         throw new CadiException("Cadi is uninitialized in Cadi3AAFProvider.getAafAuthn()");
  50                 }
  51                 return aafAuthn;
  52         }
  53
  54         private static AAFAuthn<?> aafAuthn;
  55         private static AbsAAFLur<AAFPermission> aafLur;
  56
  57         private static boolean props_ok = false;
  58
  59         private static final Logger logger = LoggerFactory.getLogger(Cadi3AAFProvider.class);
  60
  61         public Cadi3AAFProvider() {
  62                 setup();
  63         }
  64
  65         private synchronized void setup() {
  66                 if (access == null) {
  67
  68                         Properties props = new Properties();
  69                         FileInputStream fis = null;
  70                         try {
  71                                 if (System.getProperty("CADI_PROPERTIES") != null) {
  72                                         fis = new FileInputStream(System.getProperty("CADI_PROPERTIES"));
  73                                 } else {
  74                                         fis = new FileInputStream(CADI_PROPERTIES);
  75                                 }
  76                                 try {
  77                                         props.load(fis);
  78                                         if (System.getenv(AAF_LOCATOR_ENV) != null)
  79                                                 props.setProperty(AAF_LOCATOR_ENV, System.getenv(AAF_LOCATOR_ENV));
  80                                         access = new PropAccess(props);
  81                                 } finally {
  82                                         fis.close();
  83                                 }
  84                         } catch (IOException e) {
  85                                 logger.error("Unable to load " + CADI_PROPERTIES);
  86                                 logger.error("Error", e);
  87                         }
  88
  89                         props_ok = true;
  90                         if (props_ok == false) {
  91                                 return;
  92                         }
  93                 }
  94
  95                 if (aafAuthn == null) {
  96                         try {
  97                                 aafcon = new AAFConHttp(access);
  98                                 aafAuthn = aafcon.newAuthn();
  99                                 aafLur = aafcon.newLur(aafAuthn);
 100                         } catch (final Exception e) {
 101                                 aafAuthn = null;
 102                                 if (access != null)
 103                                         access.log(e, "Failed to initialize AAF");
 104                                 props_ok = false;
 105                         }
 106                 }
 107
 108         }
 109
 110         /**
 111          * Checks if a user has a particular permission
 112          * <p/>
 113          * Returns true if the permission in found
 114          */
 115         public boolean hasPermission(String userId, String permission, String instance, String action) {
 116                 boolean hasPermission = false;
 117                 try {
 118                         logger.info("^ Event at hasPermission to validate userid " + userId + " with " + permission + " " + instance
 119                                         + " " + action);
 120                         // AAF Style permissions are in the form
 121                         // Resource Name, Resource Type, Action
 122                         if (userId.equals("admin")) {
 123                                 hasPermission = true;
 124                                 return hasPermission;
 125                         }
 126                         AAFPermission perm = new AAFPermission(MR_NAMESPACE, permission, instance, action);
 127                         if (aafLur != null) {
 128                                 hasPermission = aafLur.fish(new UnAuthPrincipal(userId), perm);
 129                                 logger.trace("Permission: " + perm.getKey() + " for user :" + userId + " found: " + hasPermission);
 130                         } else {
 131                                 logger.error("AAF client not initialized. Not able to find permissions.");
 132                         }
 133                 } catch (Exception e) {
 134                         logger.error("AAF client not initialized", e);
 135                 }
 136                 return hasPermission;
 137         }
 138
 139         public String getId() {
 140                 return "CADI_AAF_PROVIDER";
 141         }
 142
 143         public String authenticate(String userId, String password) throws Exception {
 144                 logger.info("^Event received  with   username " + userId);
 145                 if (userId.equals("admin")) {
 146                         logger.info("User Admin by passess AAF call ....");
 147                         return null;
 148                 }
 149                 String aafResponse = aafAuthn.validate(userId, password);
 150                 logger.info("aafResponse=" + aafResponse + " for " + userId);
 151
 152                 if (aafResponse != null) {
 153                         logger.error("Authentication failed for user ." + userId);
 154                 }
 155                 return aafResponse;
 156         }
 157
 158 }