PolicyEngineUtils/src/main/java/org/openecomp/policy/utils/AAFPolicyClientImpl.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * PolicyEngineUtils
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21
  22 package org.openecomp.policy.utils;
  23
  24 import java.util.Properties;
  25
  26 import org.apache.log4j.Logger;
  27
  28 import com.att.cadi.Access;
  29 import com.att.cadi.Access.Level;
  30 import com.att.cadi.CadiException;
  31 import com.att.cadi.aaf.AAFPermission;
  32 import com.att.cadi.aaf.v2_0.AAFAuthn;
  33 import com.att.cadi.aaf.v2_0.AAFCon;
  34 import com.att.cadi.aaf.v2_0.AAFConDME2;
  35 import com.att.cadi.aaf.v2_0.AAFLurPerm;
  36 import com.att.cadi.config.Config;
  37
  38
  39 /**
  40  * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization.
  41  *
  42  */
  43 public class AAFPolicyClientImpl implements AAFPolicyClient{
  44         private static Logger LOGGER = Logger.getLogger(AAFPolicyClientImpl.class.getName());
  45
  46         private static final String ENVIRONMENT = "ENVIRONMENT";
  47
  48         // Warning Please don't Change these Values. Confirm with AAF team.
  49         private static final String DEVL_AAF_URL = "";
  50         private static final String TEST_AAF_URL = "";
  51         private static final String PROD_AAF_URL = "";
  52         private static final String DEFAULT_AFT_LATITUDE = "32.780140";
  53         private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
  54         private static final String TEST_AFT_ENVIRONMENT = "AFTUAT";
  55         private static final String PROD_AFT_ENVIRONMENT = "AFTPRD";
  56         private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000);       // 5 minutes for found items to live in cache
  57         private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400);             // Maximum number of items in Cache
  58
  59         private static AAFPolicyClientImpl instance = null;
  60
  61         private static Properties props = new Properties();
  62         private static AAFCon<?> aafCon = null;
  63         private static AAFLurPerm aafLurPerm = null;
  64         private static AAFAuthn<?> aafAuthn = null;
  65         private static Access access = null;
  66
  67         private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{
  68                 if(instance == null){
  69                         instance = this;
  70                 }
  71                 setup(properties);
  72         }
  73
  74         /**
  75          * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
  76          *
  77          * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
  78          * @return AAFClient instance.
  79          * @throws AAFPolicyException Exceptions.
  80          */
  81         public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{
  82                 if(instance == null) {
  83                         LOGGER.info("Creating AAFClient Instance ");
  84                         instance = new AAFPolicyClientImpl(properties);
  85                 }
  86                 return instance;
  87         }
  88
  89         // To set Property values && Connections.
  90         private void setup(Properties properties) throws AAFPolicyException {
  91                 if(properties!=null && !properties.isEmpty()){
  92                         props = System.getProperties();
  93                         props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
  94                         props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
  95                         String aftEnv = TEST_AFT_ENVIRONMENT;
  96                         //props.setProperty(Config.CADI_KEYFILE,"keyfile");
  97                         props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
  98                         props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
  99                         if(properties.containsKey(Config.AAF_URL)){
 100                                 // if given a value in properties file.
 101                                 props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
 102                         }else{
 103                                 // Set Default values.
 104                                 if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(Environment.TEST.toString())){
 105                                         props.setProperty(Config.AAF_URL, TEST_AAF_URL);
 106                                 }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(Environment.PROD.toString())){
 107                                         props.setProperty(Config.AAF_URL, PROD_AAF_URL);
 108                                         aftEnv = PROD_AFT_ENVIRONMENT;
 109                                 }else{
 110                                         props.setProperty(Config.AAF_URL, DEVL_AAF_URL);
 111                                 }
 112                         }
 113                         props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv));
 114                         props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));
 115                         props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
 116                 }else{
 117                         LOGGER.error("Required Property value is missing : " + ENVIRONMENT);
 118                         throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
 119                 }
 120                 access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString())));
 121                 setUpAAF();
 122         }
 123
 124         /**
 125          * Updates the Properties file in case if required.
 126          *
 127          * @param properties  Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
 128          * @throws AAFPolicyException exceptions if any.
 129          */
 130         public void updateProperties(Properties properties) throws AAFPolicyException{
 131                 setup(properties);
 132         }
 133
 134         /**
 135          * Checks the Authentication and Permissions for the given values.
 136          *
 137          * @param mechID MechID or ATT ID must be registered under the Name space.
 138          * @param pass Password pertaining to the MechID or ATTID.
 139          * @param type Permissions Type.
 140          * @param instance Permissions Instance.
 141          * @param action Permissions Action.
 142          * @return
 143          */
 144         public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
 145                 if(checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action)){
 146                         return true;
 147                 }
 148                 return false;
 149         }
 150
 151         /**
 152          * Checks the Authentication of the UserName and Password Given.
 153          *
 154          * @param userName UserName or MechID
 155          * @param pass Password.
 156          * @return True or False.
 157          */
 158         public boolean checkAuth(String userName, String pass){
 159                 if(aafAuthn!=null){
 160                         try {
 161                                 int i=0;
 162                                 do{
 163                                         if(aafAuthn.validate(userName, pass)==null){
 164                                                 return true;
 165                                         }
 166                                         i++;
 167                                 }while(i<2);
 168                         } catch (Exception e) {
 169                                 LOGGER.error(e.getMessage());
 170                         }
 171                 }
 172                 LOGGER.info("Authentication failed for : " + userName + " in " + props.getProperty(Config.AAF_URL));
 173                 return false;
 174         }
 175
 176         /**
 177          * Checks Permissions for the given UserName, Password and Type, Instance Action.
 178          *
 179          * @param userName UserName or MechID
 180          * @param pass Password.
 181          * @param type Permissions Type.
 182          * @param instance Permissions Instance.
 183          * @param action Permissions Action.
 184          * @return True or False.
 185          */
 186         public boolean checkPerm(String userName, String pass, String type, String instance, String action){
 187                 int i =0;
 188                 Boolean result= false;
 189                 do{
 190                         if(aafCon!=null && aafLurPerm !=null){
 191                                 try {
 192                                         aafCon.basicAuth(userName, pass);
 193                                         AAFPermission perm = new AAFPermission(type, instance, action);
 194                                         result = aafLurPerm.fish(userName, perm);
 195                                 } catch (CadiException e) {
 196                                         LOGGER.error(e.getMessage());
 197                                         aafLurPerm.destroy();
 198                                 }
 199                         }
 200                         LOGGER.info("Permissions for : " + userName + " in " + props.getProperty(Config.AAF_URL) + " for " + type  + "," + instance + "," + action + "\n Result is: " + result);
 201                         i++;
 202                 }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues.
 203                 return result;
 204         }
 205
 206         private boolean setUpAAF(){
 207                 try {
 208                         aafCon = new AAFConDME2(access);
 209                         aafLurPerm = aafCon.newLur();//new AAFLurPerm(aafCon);
 210                         aafAuthn = aafCon.newAuthn(aafLurPerm);//new AAFAuthn(aafCon, aafLurPerm);
 211                         return true;
 212                 } catch (Exception e) {
 213                         LOGGER.error("Error while setting up AAF Connection " + e.getMessage());
 214                         return false;
 215                 }
 216         }
 217 }