2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.policy.utils;
23 import java.security.Principal;
24 import java.util.Properties;
26 import org.apache.log4j.Logger;
27 import org.onap.aaf.cadi.Access.Level;
28 import org.onap.aaf.cadi.CadiException;
29 import org.onap.aaf.cadi.PropAccess;
30 import org.onap.aaf.cadi.aaf.AAFPermission;
31 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
32 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
33 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
34 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
35 import org.onap.aaf.cadi.config.Config;
36 import org.onap.aaf.cadi.locator.PropertyLocator;
37 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
42 * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization.
45 public class AAFPolicyClientImpl implements AAFPolicyClient{
46 private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
48 private static final String ENVIRONMENT = "ENVIRONMENT";
50 // Warning Please don't Change these Values. Confirm with AAF team.
51 private static final String DEVL_AAF_URL = "";
52 private static final String TEST_AAF_URL = "";
53 private static final String PROD_AAF_URL = "";
54 private static final String DEFAULT_AFT_LATITUDE = "32.780140";
55 private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
56 private static final String TEST_AFT_ENVIRONMENT = "AFTUAT";
57 private static final String PROD_AFT_ENVIRONMENT = "AFTPRD";
58 private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache
59 private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache
61 private static AAFPolicyClientImpl instance = null;
63 private static Properties props = new Properties();
64 private static AAFCon<?> aafCon = null;
65 private static AAFLurPerm aafLurPerm = null;
66 private static AAFAuthn<?> aafAuthn = null;
67 private static PropAccess access = null;
69 private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{
74 * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
76 * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
77 * @return AAFClient instance.
78 * @throws AAFPolicyException Exceptions.
80 public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{
81 if(instance == null) {
82 logger.info("Creating AAFClient Instance ");
83 instance = new AAFPolicyClientImpl(properties);
88 // To set Property values && Connections.
89 private static void setup(Properties properties) throws AAFPolicyException {
90 if(properties!=null && !properties.isEmpty()){
91 props = System.getProperties();
92 props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
93 props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
94 String aftEnv = TEST_AFT_ENVIRONMENT;
95 props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
96 props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
97 if(properties.containsKey(Config.AAF_URL)){
98 // if given a value in properties file.
99 props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
101 // Set Default values.
102 if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){
103 props.setProperty(Config.AAF_URL, TEST_AAF_URL);
104 }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){
105 props.setProperty(Config.AAF_URL, PROD_AAF_URL);
106 aftEnv = PROD_AFT_ENVIRONMENT;
108 props.setProperty(Config.AAF_URL, DEVL_AAF_URL);
111 props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv));
112 props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));
113 props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
115 logger.error("Required Property value is missing : " + ENVIRONMENT);
116 throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
118 access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString())));
123 * Updates the Properties file in case if required.
125 * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
126 * @throws AAFPolicyException exceptions if any.
129 public void updateProperties(Properties properties) throws AAFPolicyException{
134 * Checks the Authentication and Permissions for the given values.
136 * @param mechID MechID or ATT ID must be registered under the Name space.
137 * @param pass Password pertaining to the MechID or ATTID.
138 * @param type Permissions Type.
139 * @param instance Permissions Instance.
140 * @param action Permissions Action.
144 public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
145 return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action);
149 * Checks the Authentication of the UserName and Password Given.
151 * @param userName UserName or MechID
152 * @param pass Password.
153 * @return True or False.
156 public boolean checkAuth(String userName, String pass){
157 if (aafAuthn == null) {
163 if(aafAuthn.validate(userName, pass)==null){
168 } catch (Exception e) {
169 logger.error(e.getMessage() + e);
176 * Checks Permissions for the given UserName, Password and Type, Instance Action.
178 * @param userName UserName or MechID
179 * @param pass Password.
180 * @param type Permissions Type.
181 * @param instance Permissions Instance.
182 * @param action Permissions Action.
183 * @return True or False.
186 public boolean checkPerm(String userName, String pass, String type, String instance, String action){
188 Boolean result= false;
190 if(aafCon!=null && aafLurPerm !=null){
192 aafCon.basicAuth(userName, pass);
194 // The first parameter is the namespace. At this point we will default
195 // to null until we are given a namespace to use.
197 AAFPermission perm = new AAFPermission(null, type, instance, action);
198 final Principal p = new UnAuthPrincipal(userName);
199 result = aafLurPerm.fish(p, perm);
200 } catch (CadiException e) {
201 logger.error(e.getMessage() + e);
202 aafLurPerm.destroy();
206 }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues.
210 private static boolean setUpAAF(){
212 aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100"));
213 aafLurPerm = aafCon.newLur();
214 aafAuthn = aafCon.newAuthn(aafLurPerm);
216 } catch (Exception e) {
217 logger.error("Error while setting up AAF Connection " + e.getMessage() + e);
Code Review / policy / engine.git / blob