/*- * ============LICENSE_START======================================================= * ONAP Policy Engine * ================================================================================ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= */ package org.onap.policy.rest.util; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.base.Splitter; import com.google.common.base.Strings; import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringReader; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import javax.json.Json; import javax.json.JsonException; import javax.json.JsonObject; import javax.json.JsonReader; import javax.json.JsonValue; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.json.JSONArray; import org.json.JSONObject; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.adapter.ClosedLoopFaultBody; import org.onap.policy.rest.adapter.ClosedLoopPMBody; import org.onap.policy.rest.adapter.PolicyRestAdapter; import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.MicroServiceModels; import org.onap.policy.rest.jpa.OptimizationModels; import org.onap.policy.rest.jpa.SafePolicyWarning; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.util.XACMLPolicyScanner; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service public class PolicyValidation { private static final Logger LOGGER = FlexLogger.getLogger(PolicyValidation.class); public static final String CONFIG_POLICY = "Config"; public static final String ACTION_POLICY = "Action"; public static final String DECISION_POLICY = "Decision"; public static final String DECISION_POLICY_MS = "Decision_MS"; public static final String CLOSEDLOOP_POLICY = "ClosedLoop_Fault"; public static final String CLOSEDLOOP_PM = "ClosedLoop_PM"; public static final String ENFORCER_CONFIG_POLICY = "Enforcer Config"; public static final String MICROSERVICES = "Micro Service"; public static final String FIREWALL = "Firewall Config"; public static final String OPTIMIZATION="Optimization"; public static final String BRMSPARAM = "BRMS_Param"; public static final String BRMSRAW = "BRMS_Raw"; public static final String HTML_ITALICS_LNBREAK = "
"; public static final String SUCCESS = "success"; public static final String EMPTY_COMPONENT_ATTR = "Component Attributes: One or more Fields in Component Attributes is Empty."; public static final String ISREQUIRED = " is required"; public static final String SPACESINVALIDCHARS = " : value has spaces or invalid characters
"; private static final String REQUIRED_ATTRIBUTE = "required-true"; private static final String DECISION_MS_MODEL = "MicroService_Model"; private static final String RAW = "Raw"; private static Map mapAttribute = new HashMap<>(); private static Map jsonRequestMap = new HashMap<>(); private static List modelRequiredFieldsList = new ArrayList<>(); private Set allReqTrueKeys = new HashSet<>(); private Set allOptReqTrueKeys = new HashSet<>(); private static CommonClassDao commonClassDao; @Autowired public PolicyValidation(CommonClassDao commonClassDao) { PolicyValidation.commonClassDao = commonClassDao; } /* * This is an empty constructor */ public PolicyValidation() { // Empty constructor } /** * Validate policy. * * @param policyData the policy data * @return the string builder * @throws IOException Signals that an I/O exception has occurred. */ public StringBuilder validatePolicy(PolicyRestAdapter policyData) throws IOException { try { boolean valid = true; StringBuilder responseString = new StringBuilder(); ObjectMapper mapper = new ObjectMapper(); if (policyData.getPolicyName() != null) { String policyNameValidate = PolicyUtils.policySpecialCharValidator(policyData.getPolicyName()); if (!policyNameValidate.contains(SUCCESS)) { responseString.append("PolicyName:" + policyNameValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("PolicyName: PolicyName Should not be empty" + HTML_ITALICS_LNBREAK); valid = false; } if (policyData.getPolicyDescription() != null) { String descriptionValidate = PolicyUtils.descriptionValidator(policyData.getPolicyDescription()); if (!descriptionValidate.contains(SUCCESS)) { responseString.append("Description:" + descriptionValidate + HTML_ITALICS_LNBREAK); valid = false; } } if (!"API".equals(policyData.getApiflag()) && policyData.getAttributes() != null && !policyData.getAttributes().isEmpty()) { for (Object attribute : policyData.getAttributes()) { if (attribute instanceof LinkedHashMap) { String value = null; String key = null; if (((LinkedHashMap) attribute).get("key") != null) { key = ((LinkedHashMap) attribute).get("key").toString(); if (!PolicyUtils.policySpecialCharWithDashValidator(key).contains(SUCCESS)) { responseString.append("Attributes or Component Attributes:" + value + SPACESINVALIDCHARS); valid = false; } } else { if (CONFIG_POLICY.equals(policyData.getPolicyType())) { if ("Base".equals(policyData.getConfigPolicyType())) { responseString .append("Attributes: has one missing Attribute key
"); } if (BRMSPARAM.equals(policyData.getConfigPolicyType()) || BRMSRAW.equals(policyData.getConfigPolicyType())) { responseString .append("Rule Attributes: has one missing Attribute key
"); } } else { responseString.append( "Component Attributes: has one missing Component Attribute key
"); } valid = false; } if (((LinkedHashMap) attribute).get("value") != null) { value = ((LinkedHashMap) attribute).get("value").toString(); if (!PolicyUtils.policySpecialCharWithDashValidator(value).contains(SUCCESS)) { if (CONFIG_POLICY.equals(policyData.getPolicyType())) { if ("Base".equals(policyData.getConfigPolicyType())) { responseString.append("Attributes:" + value + SPACESINVALIDCHARS); } if (BRMSPARAM.equals(policyData.getConfigPolicyType()) || BRMSRAW.equals(policyData.getConfigPolicyType())) { responseString.append("Rule Attributes:" + value + SPACESINVALIDCHARS); } } else { responseString.append("Component Attributes:" + value + SPACESINVALIDCHARS); } valid = false; } } else { if (CONFIG_POLICY.equals(policyData.getPolicyType())) { if ("Base".equals(policyData.getConfigPolicyType())) { responseString .append("Attributes: has one missing Attribute value
"); } if (BRMSPARAM.equals(policyData.getConfigPolicyType()) || BRMSRAW.equals(policyData.getConfigPolicyType())) { responseString.append( "Rule Attributes: has one missing Attribute value
"); } } else { responseString.append( "Component Attributes: has one missing Component Attribute value
"); } valid = false; } } } } // Decision Policy Attributes Validation if (!"API".equals(policyData.getApiflag()) && policyData.getSettings() != null && !policyData.getSettings().isEmpty()) { for (Object attribute : policyData.getAttributes()) { if (attribute instanceof LinkedHashMap) { String value = null; if (((LinkedHashMap) attribute).get("key") == null) { responseString .append("Settings Attributes: has one missing Attribute key
"); valid = false; } if (((LinkedHashMap) attribute).get("value") != null) { value = ((LinkedHashMap) attribute).get("value").toString(); if (!PolicyUtils.policySpecialCharValidator(value).contains(SUCCESS)) { responseString.append("Settings Attributes:" + value + SPACESINVALIDCHARS); valid = false; } } else { responseString .append("Settings Attributes: has one missing Attribute Value
"); valid = false; } } } } if (!"API".equals(policyData.getApiflag()) && policyData.getRuleAlgorithmschoices() != null && !policyData.getRuleAlgorithmschoices().isEmpty()) { for (Object attribute : policyData.getRuleAlgorithmschoices()) { if (attribute instanceof LinkedHashMap) { String label = ((LinkedHashMap) attribute).get("id").toString(); if (((LinkedHashMap) attribute).get("dynamicRuleAlgorithmField1") == null) { responseString.append( "Rule Algorithms:" + label + " : Field 1 value is not selected
"); valid = false; } if (((LinkedHashMap) attribute).get("dynamicRuleAlgorithmCombo") == null) { responseString.append( "Rule Algorithms:" + label + " : Field 2 value is not selected
"); valid = false; } if (((LinkedHashMap) attribute).get("dynamicRuleAlgorithmField2") != null) { String value = ((LinkedHashMap) attribute).get("dynamicRuleAlgorithmField2").toString(); if (!PolicyUtils.policySpecialCharValidator(value).contains(SUCCESS)) { responseString.append("Rule Algorithms:" + label + " : Field 3 value has special characters
"); valid = false; } } else { responseString .append("Rule Algorithms:" + label + " : Field 3 value is empty
"); valid = false; } } } } if (CONFIG_POLICY.equalsIgnoreCase(policyData.getPolicyType())) { if ("Base".equals(policyData.getConfigPolicyType()) || CLOSEDLOOP_POLICY.equals(policyData.getConfigPolicyType()) || CLOSEDLOOP_PM.equals(policyData.getConfigPolicyType()) || ENFORCER_CONFIG_POLICY.equals(policyData.getConfigPolicyType()) || MICROSERVICES.equals(policyData.getConfigPolicyType()) || OPTIMIZATION.equals(policyData.getConfigPolicyType())) { if (!Strings.isNullOrEmpty(policyData.getOnapName())) { String onapNameValidate = PolicyUtils.policySpecialCharWithDashValidator(policyData.getOnapName()); if (!onapNameValidate.contains(SUCCESS)) { responseString.append("OnapName:" + onapNameValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Onap Name: Onap Name Should not be empty" + HTML_ITALICS_LNBREAK); valid = false; } } if (!Strings.isNullOrEmpty(policyData.getRiskType())) { String riskTypeValidate = PolicyUtils.policySpecialCharValidator(policyData.getRiskType()); if (!riskTypeValidate.contains(SUCCESS)) { responseString.append("RiskType:" + riskTypeValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("RiskType: Risk Type Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } if (!Strings.isNullOrEmpty(policyData.getRiskLevel())) { String validateRiskLevel = PolicyUtils.policySpecialCharValidator(policyData.getRiskLevel()); if (!validateRiskLevel.contains(SUCCESS)) { responseString.append("RiskLevel:" + validateRiskLevel + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("RiskLevel: Risk Level Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } if (!Strings.isNullOrEmpty(policyData.getGuard())) { String validateGuard = PolicyUtils.policySpecialCharValidator(policyData.getGuard()); if (!validateGuard.contains(SUCCESS)) { responseString.append("Guard:" + validateGuard + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Guard: Guard Value Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } // Validate Config Base Policy Data if ("Base".equalsIgnoreCase(policyData.getConfigPolicyType())) { if (!Strings.isNullOrEmpty(policyData.getConfigName())) { String configNameValidate = PolicyUtils.policySpecialCharValidator(policyData.getConfigName()); if (!configNameValidate.contains(SUCCESS)) { responseString.append("ConfigName:" + configNameValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Config Name: Config Name Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } if (!Strings.isNullOrEmpty(policyData.getConfigType())) { String configTypeValidate = PolicyUtils.policySpecialCharValidator(policyData.getConfigType()); if (!configTypeValidate.contains(SUCCESS)) { responseString.append("ConfigType:" + configTypeValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Config Type: Config Type Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } if (!Strings.isNullOrEmpty(policyData.getConfigBodyData())) { String configBodyData = policyData.getConfigBodyData(); String configType = policyData.getConfigType(); if (configType != null) { if ("JSON".equals(configType)) { if (!PolicyUtils.isJSONValid(configBodyData)) { responseString .append("Config Body: JSON Content is not valid" + HTML_ITALICS_LNBREAK); valid = false; } } else if ("XML".equals(configType)) { if (!PolicyUtils.isXMLValid(configBodyData)) { responseString.append( "Config Body: XML Content data is not valid" + HTML_ITALICS_LNBREAK); valid = false; } } else if ("PROPERTIES".equals(configType)) { if (!PolicyUtils.isPropValid(configBodyData) || "".equals(configBodyData)) { responseString .append("Config Body: Property data is not valid" + HTML_ITALICS_LNBREAK); valid = false; } } else if ("OTHER".equals(configType) && ("".equals(configBodyData))) { responseString .append("Config Body: Config Body Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } } } else { responseString.append("Config Body: Config Body Should not be Empty" + HTML_ITALICS_LNBREAK); valid = false; } } // Validate Config Firewall Policy Data if (FIREWALL.equalsIgnoreCase(policyData.getConfigPolicyType())) { if (policyData.getConfigName() != null && !policyData.getConfigName().isEmpty()) { String configNameValidate = PolicyUtils.policySpecialCharValidator(policyData.getConfigName()); if (!configNameValidate.contains(SUCCESS)) { responseString.append("ConfigName:" + configNameValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Config Name: Config Name is required" + HTML_ITALICS_LNBREAK); valid = false; } if (policyData.getSecurityZone() == null || policyData.getSecurityZone().isEmpty()) { responseString .append("Security Zone: Security Zone is required" + HTML_ITALICS_LNBREAK); valid = false; } } // Validate BRMS_Param Policy Data if (BRMSPARAM.equalsIgnoreCase(policyData.getConfigPolicyType()) && Strings.isNullOrEmpty(policyData.getRuleName())) { responseString.append("BRMS Template:BRMS Template is required" + HTML_ITALICS_LNBREAK); valid = false; } // Validate BRMS_Raw Policy Data if (BRMSRAW.equalsIgnoreCase(policyData.getConfigPolicyType())) { if (policyData.getConfigBodyData() != null && !policyData.getConfigBodyData().isEmpty()) { String message = PolicyUtils.brmsRawValidate(policyData.getConfigBodyData()); // If there are any error other than Annotations then this is not Valid if (message.contains("[ERR")) { responseString.append( "Raw Rule Validate:Raw Rule has error" + message + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Raw Rule:Raw Rule is required" + HTML_ITALICS_LNBREAK); valid = false; } } // Validate ClosedLoop_PM Policy Data if (CLOSEDLOOP_PM.equalsIgnoreCase(policyData.getConfigPolicyType())) { try { if (Strings.isNullOrEmpty( policyData.getServiceTypePolicyName().get("serviceTypePolicyName").toString())) { responseString.append("ServiceType PolicyName:ServiceType PolicyName is required" + HTML_ITALICS_LNBREAK); valid = false; } } catch (Exception e) { LOGGER.error("ERROR in ClosedLoop_PM PolicyName", e); responseString.append("ServiceType PolicyName:ServiceType PolicyName is required" + HTML_ITALICS_LNBREAK); valid = false; } if (policyData.getJsonBody() != null) { ClosedLoopPMBody pmBody = mapper.readValue(policyData.getJsonBody(), ClosedLoopPMBody.class); if (pmBody.getEmailAddress() != null) { String result = emailValidation(pmBody.getEmailAddress(), responseString.toString()); if (result != SUCCESS) { responseString.append(result + HTML_ITALICS_LNBREAK); valid = false; } } if ((pmBody.isGamma() || pmBody.isMcr() || pmBody.isTrinity() || pmBody.isvDNS() || pmBody.isvUSP()) != true) { responseString .append("D2/Virtualized Services: Select at least one D2/Virtualized Services" + HTML_ITALICS_LNBREAK); valid = false; } if (pmBody.getGeoLink() != null && !pmBody.getGeoLink().isEmpty()) { String result = PolicyUtils.policySpecialCharValidator(pmBody.getGeoLink()); if (!result.contains(SUCCESS)) { responseString.append("GeoLink:" + result + HTML_ITALICS_LNBREAK); valid = false; } } if (pmBody.getAttributes() != null && !pmBody.getAttributes().isEmpty()) { for (Entry entry : pmBody.getAttributes().entrySet()) { String key = entry.getKey(); String value = entry.getValue(); if (!key.contains("Message")) { String attributeValidate = PolicyUtils.policySpecialCharValidator(value); if (!attributeValidate.contains(SUCCESS)) { responseString.append("Attributes:" + key + " : value has spaces or invalid characters" + HTML_ITALICS_LNBREAK); valid = false; } } } } } else { responseString .append("D2/Virtualized Services:Select atleast one D2/Virtualized Services" + HTML_ITALICS_LNBREAK); valid = false; } } if (CLOSEDLOOP_POLICY.equalsIgnoreCase(policyData.getConfigPolicyType())) { if (policyData.getJsonBody() != null) { // For API we need to get the conditions key from the Json request and check it before // deserializing to POJO due to the enum if ("API".equals(policyData.getApiflag())) { JSONObject json = new JSONObject(policyData.getJsonBody()); if (!json.isNull("conditions")) { String apiCondition = (String) json.get("conditions"); if (Strings.isNullOrEmpty(apiCondition)) { responseString.append("Conditions: Select At least one Condition" + HTML_ITALICS_LNBREAK); return responseString; } } else { responseString .append("Conditions: There were no conditions provided in configBody json" + HTML_ITALICS_LNBREAK); return responseString; } } else { if (policyData.getTrapDatas().getTrap1() != null) { if (policyData.getClearTimeOut() == null) { responseString.append( "Trigger Clear TimeOut: Trigger Clear TimeOut is required when atleast One Trigger Signature is enabled
"); valid = false; } if (policyData.getTrapMaxAge() == null) { responseString.append( "Trap Max Age: Trap Max Age is required when atleast One Trigger Signature is enabled
"); valid = false; } } if (policyData.getFaultDatas().getTrap1() != null && policyData.getVerificationclearTimeOut() == null) { responseString.append( "Fault Clear TimeOut: Fault Clear TimeOut is required when atleast One Fault Signature is enabled
"); valid = false; } } ClosedLoopFaultBody faultBody = mapper.readValue(policyData.getJsonBody(), ClosedLoopFaultBody.class); if (faultBody.getEmailAddress() != null && !faultBody.getEmailAddress().isEmpty()) { String result = emailValidation(faultBody.getEmailAddress(), responseString.toString()); if (!SUCCESS.equals(result)) { responseString.append(result + HTML_ITALICS_LNBREAK); valid = false; } } if (!(faultBody.isGamma() || faultBody.isMcr() || faultBody.isTrinity() || faultBody.isvDNS() || faultBody.isvUSP())) { responseString .append("D2/Virtualized Services: Select at least one D2/Virtualized Services" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getActions() == null || faultBody.getActions().isEmpty()) { responseString .append("vPRO Actions: vPRO Actions is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getClosedLoopPolicyStatus() == null || faultBody.getClosedLoopPolicyStatus().isEmpty()) { responseString.append( "Policy Status: Policy Status is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getConditions() == null) { responseString.append( "Conditions: Select At least one Condition" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getGeoLink() != null && !faultBody.getGeoLink().isEmpty()) { String result = PolicyUtils.policySpecialCharWithSpaceValidator(faultBody.getGeoLink()); if (!result.contains(SUCCESS)) { responseString.append("GeoLink:" + result + HTML_ITALICS_LNBREAK); valid = false; } } if (faultBody.getAgingWindow() == 0) { responseString .append("Aging Window: Aging Window is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getTimeInterval() == 0) { responseString.append( "Time Interval: Time Interval is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getRetrys() == 0) { responseString.append("Number of Retries: Number of Retries is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getTimeOutvPRO() == 0) { responseString.append( "APP-C Timeout: APP-C Timeout is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getTimeOutRuby() == 0) { responseString .append("TimeOutRuby: TimeOutRuby is required" + HTML_ITALICS_LNBREAK); valid = false; } if (faultBody.getVnfType() == null || faultBody.getVnfType().isEmpty()) { responseString.append("Vnf Type: Vnf Type is required" + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString .append("D2/Virtualized Services: Select atleast one D2/Virtualized Services" + HTML_ITALICS_LNBREAK); responseString .append("vPRO Actions: vPRO Actions is required" + HTML_ITALICS_LNBREAK); responseString .append("Aging Window: Aging Window is required" + HTML_ITALICS_LNBREAK); responseString .append("Policy Status: Policy Status is required" + HTML_ITALICS_LNBREAK); responseString .append("Conditions: Select Atleast one Condition" + HTML_ITALICS_LNBREAK); responseString.append("PEP Name: PEP Name is required" + HTML_ITALICS_LNBREAK); responseString.append("PEP Action: PEP Action is required" + HTML_ITALICS_LNBREAK); responseString .append("Time Interval: Time Interval is required" + HTML_ITALICS_LNBREAK); responseString.append( "Number of Retries: Number of Retries is required" + HTML_ITALICS_LNBREAK); responseString .append("APP-C Timeout: APP-C Timeout is required" + HTML_ITALICS_LNBREAK); responseString.append("TimeOutRuby: TimeOutRuby is required" + HTML_ITALICS_LNBREAK); responseString.append("Vnf Type: Vnf Type is required" + HTML_ITALICS_LNBREAK); valid = false; } } // Validate MicroService Policy Data if (MICROSERVICES.equals(policyData.getConfigPolicyType())) { boolean tmpValid = validateMsModel(policyData, responseString); if (!tmpValid) { valid = false; } } // Validate Optimization Policy Data if (OPTIMIZATION.equals(policyData.getConfigPolicyType())){ boolean tmpValid = validateOptimization(policyData, responseString); if (!tmpValid) { valid = false; } } } if ((DECISION_POLICY.equalsIgnoreCase(policyData.getPolicyType())) || (DECISION_POLICY_MS.equalsIgnoreCase(policyData.getPolicyType()))) { if (!RAW.equalsIgnoreCase(policyData.getRuleProvider())) { if (!Strings.isNullOrEmpty(policyData.getOnapName())) { String onapNameValidate = PolicyUtils.policySpecialCharValidator(policyData.getOnapName()); if (!onapNameValidate.contains(SUCCESS)) { responseString.append("OnapName:" + onapNameValidate + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Onap Name: Onap Name Should not be empty" + HTML_ITALICS_LNBREAK); valid = false; } } if (RAW.equalsIgnoreCase(policyData.getRuleProvider())) { Object policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(StringEscapeUtils.unescapeXml(policyData.getRawXacmlPolicy()).getBytes(StandardCharsets.UTF_8))); if (!(policy instanceof PolicySetType || policy instanceof PolicyType)) { responseString.append("Raw XACML: The XACML Content is not valid" + HTML_ITALICS_LNBREAK); valid = false; } } if (DECISION_MS_MODEL.equals(policyData.getRuleProvider())) { LOGGER.info("Validating Decision MS Policy - "); boolean tmpValid = validateMsModel(policyData, responseString); if (!tmpValid) { valid = false; } } if ("Rainy_Day".equals(policyData.getRuleProvider())) { if (policyData.getRainyday() == null) { responseString.append(" Rainy Day Parameters are Required
"); valid = false; } else { if (Strings.isNullOrEmpty(policyData.getRainyday().getServiceType())) { responseString.append("Rainy Day Service Type is Required
"); valid = false; } if (Strings.isNullOrEmpty(policyData.getRainyday().getVnfType())) { responseString.append("Rainy Day VNF Type is Required
"); valid = false; } if (Strings.isNullOrEmpty(policyData.getRainyday().getBbid())) { responseString.append("Rainy Day Building Block ID is Required
"); valid = false; } if (Strings.isNullOrEmpty(policyData.getRainyday().getWorkstep())) { responseString.append("Rainy Day Work Step is Required
"); valid = false; } if (!policyData.getRainyday().getTreatmentTableChoices().isEmpty() && policyData.getRainyday().getTreatmentTableChoices() != null) { for (Object treatmentMap : policyData.getRainyday().getTreatmentTableChoices()) { String errorCode = null; String treatment = null; if (treatmentMap instanceof LinkedHashMap) { if (((LinkedHashMap) treatmentMap).containsKey("errorcode")) { errorCode = ((LinkedHashMap) treatmentMap).get("errorcode").toString(); } if (((LinkedHashMap) treatmentMap).containsKey("treatment")) { treatment = ((LinkedHashMap) treatmentMap).get("treatment").toString(); } } if (Strings.isNullOrEmpty(errorCode) && Strings.isNullOrEmpty(treatment)) { responseString.append( "Rainy Day Error Code and Desired Treatment cannot be empty
"); valid = false; break; } if (Strings.isNullOrEmpty(errorCode)) { responseString.append( "Rainy Day Error Code is Required for each Desired Treatment
"); valid = false; break; } if (Strings.isNullOrEmpty(treatment)) { responseString.append( "Rainy Day Desired Treatment is Required for each Error Code
"); valid = false; break; } } } else { responseString.append("Rainy Day Desired Automated Treatments are Required
"); valid = false; } } } if ("GUARD_YAML".equals(policyData.getRuleProvider()) || "GUARD_BL_YAML".equals(policyData.getRuleProvider()) || "GUARD_MIN_MAX".equals(policyData.getRuleProvider())) { if (policyData.getYamlparams() == null) { responseString.append(" Guard Params are Required " + HTML_ITALICS_LNBREAK); valid = false; } else { if (Strings.isNullOrEmpty(policyData.getYamlparams().getActor())) { responseString.append("Guard Params Actor is Required " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getRecipe())) { responseString.append("Guard Params Recipe is Required " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getGuardActiveStart())) { responseString.append( "Guard Params Guard Active Start is Required " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getGuardActiveEnd())) { responseString .append("Guard Params Guard Active End is Required " + HTML_ITALICS_LNBREAK); valid = false; } if ("GUARD_YAML".equals(policyData.getRuleProvider())) { if (Strings.isNullOrEmpty(policyData.getYamlparams().getLimit())) { responseString.append(" Guard Params Limit is Required " + HTML_ITALICS_LNBREAK); valid = false; } else if (!PolicyUtils.isInteger(policyData.getYamlparams().getLimit())) { responseString .append(" Guard Params Limit Should be Integer " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getTimeWindow())) { responseString .append("Guard Params Time Window is Required" + HTML_ITALICS_LNBREAK); valid = false; } else if (!PolicyUtils.isInteger(policyData.getYamlparams().getTimeWindow())) { responseString.append( " Guard Params Time Window Should be Integer " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getTimeUnits())) { responseString .append("Guard Params Time Units is Required" + HTML_ITALICS_LNBREAK); valid = false; } } else if ("GUARD_MIN_MAX".equals(policyData.getRuleProvider())) { if (Strings.isNullOrEmpty(policyData.getYamlparams().getMin())) { responseString.append(" Guard Params Min is Required " + HTML_ITALICS_LNBREAK); valid = false; } else if (!PolicyUtils.isInteger(policyData.getYamlparams().getMin())) { responseString .append(" Guard Params Min Should be Integer " + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getYamlparams().getMax())) { responseString.append(" Guard Params Max is Required " + HTML_ITALICS_LNBREAK); valid = false; } else if (!PolicyUtils.isInteger(policyData.getYamlparams().getMax())) { responseString .append(" Guard Params Max Should be Integer " + HTML_ITALICS_LNBREAK); valid = false; } } else if ("GUARD_BL_YAML".equals(policyData.getRuleProvider()) && "Use Manual Entry".equals(policyData.getBlackListEntryType())) { if (policyData.getYamlparams().getBlackList() == null || policyData.getYamlparams().getBlackList().isEmpty()) { responseString .append(" Guard Params BlackList is Required " + HTML_ITALICS_LNBREAK); valid = false; } else { for (String blackList : policyData.getYamlparams().getBlackList()) { if (blackList == null || !(SUCCESS.equals(PolicyUtils.policySpecialCharValidator(blackList)))) { responseString.append(" Guard Params BlackList Should be valid String" + HTML_ITALICS_LNBREAK); valid = false; break; } } } } } } } if (ACTION_POLICY.equalsIgnoreCase(policyData.getPolicyType())) { if (!Strings.isNullOrEmpty(policyData.getActionPerformer())) { String actionPerformer = PolicyUtils.policySpecialCharValidator(policyData.getActionPerformer()); if (!actionPerformer.contains(SUCCESS)) { responseString.append("ActionPerformer:" + actionPerformer + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append( "ActionPerformer: ActionPerformer Should not be empty" + HTML_ITALICS_LNBREAK); valid = false; } if (!Strings.isNullOrEmpty(policyData.getActionAttributeValue())) { String actionAttribute = PolicyUtils.policySpecialCharValidator(policyData.getActionAttributeValue()); if (!actionAttribute.contains(SUCCESS)) { responseString.append("ActionAttribute:" + actionAttribute + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append( "ActionAttribute: ActionAttribute Should not be empty" + HTML_ITALICS_LNBREAK); valid = false; } } if (CONFIG_POLICY.equals(policyData.getPolicyType())) { String value = ""; if (valid) { if (commonClassDao != null) { List spData = commonClassDao.getDataById(SafePolicyWarning.class, "riskType", policyData.getRiskType()); if (!spData.isEmpty()) { SafePolicyWarning safePolicyWarningData = (SafePolicyWarning) spData.get(0); value = "Message:" + safePolicyWarningData.getMessage() + ""; } } responseString.append(SUCCESS + "@#" + value); } } else { if (valid) { responseString.append(SUCCESS); } } return responseString; } catch (Exception e) { LOGGER.error("Exception Occured during Policy Validation" + e); return null; } } protected String emailValidation(String email, String response) { String res = response; if (email != null) { String validateEmail = PolicyUtils.validateEmailAddress(email.replace("\"", "")); if (!validateEmail.contains(SUCCESS)) { res += "Email:" + validateEmail + HTML_ITALICS_LNBREAK; } else { return SUCCESS; } } return res; } private MicroServiceModels getAttributeObject(String name, String version) { MicroServiceModels workingModel = null; try { List microServiceModelsData = commonClassDao.getDataById(MicroServiceModels.class, "modelName:version", name + ":" + version); if (microServiceModelsData != null) { workingModel = (MicroServiceModels) microServiceModelsData.get(0); } } catch (Exception e) { String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Template. The template name, " + name + " was not found in the dictionary: "; LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message + e); return null; } return workingModel; } private OptimizationModels getOptimizationModelData(String name, String version) { OptimizationModels workingModel = null; try{ List optimizationModelsData = commonClassDao.getDataById(OptimizationModels.class, "modelName:version", name+":"+version); if(optimizationModelsData != null){ workingModel = (OptimizationModels) optimizationModelsData.get(0); } }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Template. The template name, " + name + " was not found in the dictionary: "; LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + message + e); return null; } return workingModel; } private void pullJsonKeyPairs(JsonNode rootNode) { Iterator> fieldsIterator = rootNode.fields(); while (fieldsIterator.hasNext()) { Map.Entry field = fieldsIterator.next(); final String key = field.getKey(); final JsonNode value = field.getValue(); if (value.isContainerNode() && !value.isArray()) { pullJsonKeyPairs(value); // RECURSIVE CALL } else { if (value.isArray()) { String newValue = StringUtils.replaceEach(value.toString(), new String[] {"[", "]", "\""}, new String[] {"", "", ""}); mapAttribute.put(key, newValue); } else { mapAttribute.put(key, value.toString().trim()); } } } } private void pullModelJsonKeyPairs(JsonNode rootNode) { Iterator> fieldsIterator = rootNode.fields(); while (fieldsIterator.hasNext()) { Map.Entry field = fieldsIterator.next(); final String key = field.getKey(); final JsonNode value = field.getValue(); if (value.isContainerNode() && !value.isArray()) { jsonRequestMap.put(key.trim(), value.toString().trim()); pullModelJsonKeyPairs(value); // RECURSIVE CALL } else if (value.isArray()) { try { String valueStr = value.toString(); String stringValue = valueStr.substring(valueStr.indexOf('[') + 1, valueStr.lastIndexOf(']')); if (stringValue.isEmpty()) { stringValue = "{\"test\":\"test\"}"; } ObjectMapper mapper = new ObjectMapper(); JsonNode newValue = mapper.readTree(stringValue); jsonRequestMap.put(key.trim(), value.toString().trim()); pullModelJsonKeyPairs(newValue); } catch (IOException e) { LOGGER.info("PolicyValidation: Exception occurred while mapping string to JsonNode " + e); } } else { jsonRequestMap.put(key.trim(), value.toString().trim()); } } } private JsonObject stringToJsonObject(String value) { try (JsonReader jsonReader = Json.createReader(new StringReader(value))) { return jsonReader.readObject(); } catch (JsonException | IllegalStateException e) { LOGGER.info( XACMLErrorConstants.ERROR_DATA_ISSUE + "Improper JSON format... may or may not cause issues in validating the policy: " + value, e); return null; } } private void findRequiredFields(JsonObject json) { if (json == null) { return; } for (Entry keyMap : json.entrySet()) { Object obj = keyMap.getValue(); String key = keyMap.getKey(); if (obj instanceof JsonObject) { if (allReqTrueKeys.contains(key)) { JsonObject jsonObj = (JsonObject) obj; // only check fields in obj if obj itself is required. for (Entry jsonMap : jsonObj.entrySet()) { if (jsonMap.getValue().toString().contains(REQUIRED_ATTRIBUTE)) { modelRequiredFieldsList.add(jsonMap.getKey().trim()); } } } } else if (keyMap.getValue().toString().contains(REQUIRED_ATTRIBUTE)) { modelRequiredFieldsList.add(key.trim()); } } } // call this method to start the recursive private Set getAllKeys(JSONObject json) { return getAllKeys(json, new HashSet<>()); } private Set getAllKeys(JSONArray arr) { return getAllKeys(arr, new HashSet<>()); } private Set getAllKeys(JSONArray arr, Set keys) { for (int i = 0; i < arr.length(); i++) { Object obj = arr.get(i); if (obj instanceof JSONObject) { keys.addAll(getAllKeys(arr.getJSONObject(i))); } if (obj instanceof JSONArray) { keys.addAll(getAllKeys(arr.getJSONArray(i))); } } return keys; } // this method returns a set of keys with "required-true" defined in their value. private Set getAllKeys(JSONObject json, Set keys) { for (String key : json.keySet()) { Object obj = json.get(key); if (obj instanceof String && ((String) obj).contains(REQUIRED_ATTRIBUTE)) { LOGGER.debug("key : " + key); LOGGER.debug("obj : " + obj); allReqTrueKeys.add(key); //For MicroService policies allOptReqTrueKeys.add(key); //For Optimization policies // get the type from value and add that one also String type = StringUtils.substringBefore((String) obj, ":"); if (!StringUtils.isBlank(type) && !StringUtils.containsAny(type.toLowerCase(), MSModelUtils.STRING, MSModelUtils.INTEGER, MSModelUtils.LIST, MSModelUtils.MAP, "java", "boolean")) { allReqTrueKeys.add(type); } } if (obj instanceof JSONObject) { keys.addAll(getAllKeys(json.getJSONObject(key))); } if (obj instanceof JSONArray) { keys.addAll(getAllKeys(json.getJSONArray(key))); } } return keys; } private boolean validateMsModel(PolicyRestAdapter policyData, StringBuilder responseString) throws JsonProcessingException { boolean valid = true; if (!Strings.isNullOrEmpty(policyData.getServiceType())) { modelRequiredFieldsList.clear(); pullJsonKeyPairs((JsonNode) policyData.getPolicyJSON()); String service; String version; if (policyData.getServiceType().contains("-v")) { service = policyData.getServiceType().split("-v")[0]; version = policyData.getServiceType().split("-v")[1]; } else { service = policyData.getServiceType(); version = policyData.getVersion(); } if (!Strings.isNullOrEmpty(version)) { MicroServiceModels returnModel = getAttributeObject(service, version); if (returnModel != null) { String annotation = returnModel.getAnnotation(); String refAttributes = returnModel.getRef_attributes(); String subAttributes = returnModel.getSub_attributes(); String modelAttributes = returnModel.getAttributes(); if (!Strings.isNullOrEmpty(annotation)) { Map rangeMap = Splitter.on(",").withKeyValueSeparator("=").split(annotation); for (Entry raMap : rangeMap.entrySet()) { if (raMap.getValue().contains("range::")) { String value = mapAttribute.get(raMap.getKey().trim()); String[] tempString = raMap.getValue().split("::")[1].split("-"); int startNum = Integer.parseInt(tempString[0]); int endNum = Integer.parseInt(tempString[1]); String returnString = "InvalidreturnModel Range:" + raMap.getKey() + " must be between " + startNum + " - " + endNum + ","; if (value != null) { if (PolicyUtils.isInteger(value.replace("\"", ""))) { int result = Integer.parseInt(value.replace("\"", "")); if (result < startNum || result > endNum) { responseString.append(returnString); valid = false; } } else { responseString.append(returnString); valid = false; } } else { responseString.append("" + raMap.getKey() + ":" + raMap.getKey() + " is required for the MicroService model " + service + HTML_ITALICS_LNBREAK); valid = false; } } } } else if (!DECISION_MS_MODEL.equals(policyData.getRuleProvider())) { // Validate for configName, location, uuid, and policyScope if no annotations exist for this // model if (Strings.isNullOrEmpty(policyData.getLocation())) { responseString.append("Micro Service Model: location is required for this model" + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getConfigName())) { responseString.append("Micro Service Model: configName is required for this model" + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getUuid())) { responseString.append("Micro Service Model: uuid is required for this model" + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getPolicyScope())) { responseString .append("Micro Service Model: policyScope is required for this model" + HTML_ITALICS_LNBREAK); valid = false; } } // If request comes from the API we need to validate required fields in the Micro Service Model // GUI request are already validated from the SDK-APP if ("API".equals(policyData.getApiflag())) { // first , get the complete set of required fields populateReqFieldSet(new String[] {refAttributes, modelAttributes}, subAttributes); // ignore req fields in which parent is not reqd populateRequiredFields(new String[] {refAttributes, modelAttributes}, subAttributes, modelAttributes); if (modelRequiredFieldsList != null && !modelRequiredFieldsList.isEmpty()) { // create jsonRequestMap with all json keys and values from request JsonNode rootNode = (JsonNode) policyData.getPolicyJSON(); jsonRequestMap.clear(); pullModelJsonKeyPairs(rootNode); // validate if the requiredFields are in the request for (String requiredField : modelRequiredFieldsList) { if (jsonRequestMap.containsKey(requiredField)) { String value = jsonRequestMap.get(requiredField); if (StringUtils.isBlank(value) || "\"\"".equals(value)) { responseString.append("Micro Service Model: " + requiredField + ISREQUIRED + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Micro Service Model: " + requiredField + ISREQUIRED + HTML_ITALICS_LNBREAK); valid = false; } } } } } else { responseString.append("Micro Service Model: Invalid Model. The model name, " + service + " of version, " + version + " was not found in the dictionary" + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append( "Micro Service Version: Micro Service Version is required" + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Micro Service: Micro Service Model is required" + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getPriority()) && !DECISION_MS_MODEL.equals(policyData.getRuleProvider())) { responseString.append("Priority: Priority is required" + HTML_ITALICS_LNBREAK); } return valid; } private boolean validateOptimization(PolicyRestAdapter policyData, StringBuilder responseString) { boolean valid = true; if (!Strings.isNullOrEmpty(policyData.getServiceType())) { modelRequiredFieldsList.clear(); pullJsonKeyPairs((JsonNode) policyData.getPolicyJSON()); String service; String version; if (policyData.getServiceType().contains("-v")) { service = policyData.getServiceType().split("-v")[0]; version = policyData.getServiceType().split("-v")[1]; } else { service = policyData.getServiceType(); version = policyData.getVersion(); } if (!Strings.isNullOrEmpty(version)) { OptimizationModels returnModel = getOptimizationModelData(service, version); if (returnModel != null) { String annotation = returnModel.getAnnotation(); String refAttributes = returnModel.getRefattributes(); String subAttributes = returnModel.getSubattributes(); String modelAttributes = returnModel.getAttributes(); if (!Strings.isNullOrEmpty(annotation)) { Map rangeMap = Splitter.on(",").withKeyValueSeparator("=") .split(annotation); for (Entry rMap : rangeMap.entrySet()) { if (rMap.getValue().contains("range::")) { String value = mapAttribute.get(rMap.getKey().trim()); String[] tempString = rMap.getValue().split("::")[1].split("-"); int startNum = Integer.parseInt(tempString[0]); int endNum = Integer.parseInt(tempString[1]); String returnString = "InvalidreturnModel Range:" + rMap.getKey() + " must be between " + startNum + " - " + endNum + ","; if (value != null) { if (PolicyUtils.isInteger(value.replace("\"", ""))) { int result = Integer.parseInt(value.replace("\"", "")); if (result < startNum || result > endNum) { responseString.append(returnString); valid = false; } } else { responseString.append(returnString); valid = false; } } else { responseString.append("" + rMap.getKey() + ":" + rMap.getKey() + " is required for the Optimization model " + service + HTML_ITALICS_LNBREAK); valid = false; } } } } // If request comes from the API we need to validate required fields in the Micro Service Modelvalid // GUI request are already validated from the SDK-APP if ("API".equals(policyData.getApiflag())) { // first , get the complete set of required fields populateReqFieldSet(new String[] {refAttributes, modelAttributes}, subAttributes); Iterator reqTrueKeysIter = allOptReqTrueKeys.iterator(); while (reqTrueKeysIter.hasNext()) { modelRequiredFieldsList.add(reqTrueKeysIter.next()); } if (modelRequiredFieldsList != null && !modelRequiredFieldsList.isEmpty()) { // create jsonRequestMap with all json keys and values from request JsonNode rootNode = (JsonNode) policyData.getPolicyJSON(); jsonRequestMap.clear(); pullModelJsonKeyPairs(rootNode); // validate if the requiredFields are in the request for (String requiredField : modelRequiredFieldsList) { if (jsonRequestMap.containsKey(requiredField)) { String value = jsonRequestMap.get(requiredField); if (StringUtils.isBlank(value) || "\"\"".equals(value)) { responseString.append("Optimization Service Model: " + requiredField + ISREQUIRED + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Optimization Service Model: " + requiredField + ISREQUIRED + HTML_ITALICS_LNBREAK); valid = false; } } } } } else { responseString.append("Optimization Service Model: Invalid Model. The model name, " + service + " of version, " + version + " was not found in the dictionary" + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append( "Optimization Service Version: Optimization Service Version is required" + HTML_ITALICS_LNBREAK); valid = false; } } else { responseString.append("Optimization Service: Optimization policy data is missing or invalid Json." + HTML_ITALICS_LNBREAK); valid = false; } if (Strings.isNullOrEmpty(policyData.getPriority())) { responseString.append("Priority: Priority is required" + HTML_ITALICS_LNBREAK); valid = false; } return valid; } private void populateRequiredFields(String[] attrArr, String subAttributes, String modelAttributes) throws JsonProcessingException { // get list of required fields from the ref_Attributes of the Model for (String attributes : attrArr) { if (!StringUtils.isBlank(attributes)) { Map attributesMap = null; if (",".equals(attributes.substring(attributes.length() - 1))) { String attributesString = attributes.substring(0, attributes.length() - 1); attributesMap = Splitter.on(",").withKeyValueSeparator("=").split(attributesString); } else if (!StringUtils.isBlank(modelAttributes)) { attributesMap = Splitter.on(",").withKeyValueSeparator("=").split(modelAttributes); } else { continue; } String json = new ObjectMapper().writeValueAsString(attributesMap); findRequiredFields(stringToJsonObject(json)); } } // get list of required fields from the sub_Attributes of the Model if (!StringUtils.isBlank(subAttributes)) { JsonObject subAttributesJson = stringToJsonObject(subAttributes); findRequiredFields(subAttributesJson); } } private void populateReqFieldSet(String[] attrArr, String subAttributes) { allReqTrueKeys.clear(); JSONObject jsonSub = new JSONObject(subAttributes); // Get all keys with "required-true" defined in their value from subAttribute getAllKeys(jsonSub); // parse refAttrbutes for (String attr : attrArr) { if (attr != null) { String[] referAarray = attr.split(","); String[] element = null; for (int i = 0; i < referAarray.length; i++) { element = referAarray[i].split("="); if (element.length > 1 && element[1].contains(REQUIRED_ATTRIBUTE)) { allReqTrueKeys.add(element[0]); } } } } } }