2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
22 package org.openecomp.policy.utils;
24 import java.io.IOException;
25 import java.util.Properties;
27 import org.apache.log4j.Logger;
29 import com.att.cadi.Access;
30 import com.att.cadi.Access.Level;
31 import com.att.cadi.CadiException;
32 import com.att.cadi.aaf.AAFPermission;
33 import com.att.cadi.aaf.v2_0.AAFAuthn;
34 import com.att.cadi.aaf.v2_0.AAFCon;
35 import com.att.cadi.aaf.v2_0.AAFConDME2;
36 import com.att.cadi.aaf.v2_0.AAFLurPerm;
37 import com.att.cadi.config.Config;
41 * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization.
44 public class AAFPolicyClient {
45 private static Logger LOGGER = Logger.getLogger(AAFPolicyClient.class.getName());
47 private static final String DEFAULT_AFT_LATITUDE = "32.780140";
48 private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
49 private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache
50 private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache
52 private static AAFPolicyClient instance = null;
53 private static Properties props = new Properties();
54 private static AAFCon<?> aafCon = null;
55 private static AAFLurPerm aafLurPerm = null;
56 private static AAFAuthn<?> aafAuthn = null;
57 private static Access access = null;
60 private AAFPolicyClient(Properties properties) throws AAFPolicyException{
68 * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
70 * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
71 * @return AAFClient instance.
72 * @throws AAFPolicyException Exceptions.
74 public static synchronized AAFPolicyClient getInstance(Properties properties) throws AAFPolicyException{
75 if(instance == null) {
76 LOGGER.info("Creating AAFClient Instance ");
77 instance = new AAFPolicyClient(properties);
82 // To set Property values && Connections.
83 private void setup(Properties properties) throws AAFPolicyException {
84 /*if(properties!=null && !properties.isEmpty()){
85 props = System.getProperties();
86 props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
87 props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
88 props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
89 props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
90 if(properties.containsKey(Config.AAF_URL)){
91 // if given a value in properties file.
92 props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
94 LOGGER.error("Required Property value is missing : " + Config.AAF_URL);
95 throw new AAFPolicyException("Required Property value is missing : " + Config.AAF_URL);
98 if(properties.containsKey("AFT_ENVIRONMENT")){
99 props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT"));
101 LOGGER.error("Required Property value is missing : AFT_ENVIRONMENT");
102 throw new AAFPolicyException("Required Property value is missing : AFT_ENVIRONMENT");
104 props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));
105 props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
107 LOGGER.error("Required Property value is missing ");
108 throw new AAFPolicyException("Required Property value is missing");
110 access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.INFO.toString())));
115 * Updates the Properties file in case if required.
117 * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
118 * @throws AAFPolicyException exceptions if any.
120 public void updateProperties(Properties properties) throws AAFPolicyException{
125 * Checks the Authentication and Permissions for the given values.
127 * @param pass Password pertaining to the loginId
128 * @param type Permissions Type.
129 * @param instance Permissions Instance.
130 * @param action Permissions Action.
133 public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
134 if(checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action)){
141 * Checks the Authentication of the UserName and Password Given.
143 * @param userName UserName
144 * @param pass Password.
145 * @return True or False.
147 public boolean checkAuth(String userName, String pass){
148 /*if(aafAuthn!=null){
152 if(aafAuthn.validate(userName, pass)==null){
157 } catch (Exception e) {
158 LOGGER.error(e.getMessage());
161 LOGGER.debug("Authentication failed for : " + userName + " in " + props.getProperty("AAF_URL"));
167 * Checks Permissions for the given UserName, Password and Type, Instance Action.
169 * @param userName UserName
170 * @param pass Password.
171 * @param type Permissions Type.
172 * @param instance Permissions Instance.
173 * @param action Permissions Action.
174 * @return True or False.
176 public boolean checkPerm(String userName, String pass, String type, String instance, String action){
178 Boolean result= false;
180 if(aafCon!=null && aafLurPerm !=null){
182 aafCon.basicAuth(userName, pass);
183 AAFPermission perm = new AAFPermission(type, instance, action);
184 result = aafLurPerm.fish(userName, perm);
185 } catch (CadiException e) {
186 LOGGER.error(e.getMessage());
187 aafLurPerm.destroy();
190 LOGGER.debug("Permissions for : " + userName + " in " + props.getProperty("AAF_URL") + "for " + type + "," + instance + "," + action + "\n Result is: " + result);
192 }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues.
197 /*private boolean setUpAAF(){
199 aafCon = new AAFConDME2(access);
200 aafLurPerm = aafCon.newLur();//new AAFLurPerm(aafCon);
201 aafAuthn = aafCon.newAuthn(aafLurPerm);//new AAFAuthn(aafCon, aafLurPerm);
203 } catch (Exception e) {
204 LOGGER.error("Error while creating Connection " + e.getMessage());