/*- * ============LICENSE_START======================================================= * PolicyEngineAPI * ================================================================================ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= */ package org.openecomp.policy.std; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.StringReader; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.net.URLConnection; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Base64; import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.UUID; import javax.json.Json; import javax.json.JsonArrayBuilder; import javax.json.JsonObject; import javax.json.JsonObjectBuilder; import javax.json.JsonReader; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.io.IOUtils; import org.apache.http.entity.ContentType; //import org.apache.log4j.Logger; import org.json.JSONObject; import org.openecomp.policy.api.AttributeType; import org.openecomp.policy.api.ConfigRequestParameters; import org.openecomp.policy.api.DecisionRequestParameters; import org.openecomp.policy.api.DecisionResponse; import org.openecomp.policy.api.DeletePolicyParameters; import org.openecomp.policy.api.DictionaryParameters; import org.openecomp.policy.api.EventRequestParameters; import org.openecomp.policy.api.ImportParameters; import org.openecomp.policy.api.NotificationHandler; import org.openecomp.policy.api.NotificationScheme; import org.openecomp.policy.api.PDPNotification; import org.openecomp.policy.api.PolicyChangeResponse; import org.openecomp.policy.api.PolicyClass; import org.openecomp.policy.api.PolicyConfig; import org.openecomp.policy.api.PolicyConfigException; import org.openecomp.policy.api.PolicyConfigStatus; import org.openecomp.policy.api.PolicyConfigType; import org.openecomp.policy.api.PolicyDecision; import org.openecomp.policy.api.PolicyDecisionException; import org.openecomp.policy.api.PolicyEngineException; import org.openecomp.policy.api.PolicyEventException; import org.openecomp.policy.api.PolicyParameters; import org.openecomp.policy.api.PolicyResponse; import org.openecomp.policy.api.PolicyResponseStatus; import org.openecomp.policy.api.PolicyType; import org.openecomp.policy.api.PushPolicyParameters; import org.openecomp.policy.api.RuleProvider; //import org.openecomp.policy.utils.AAFPolicyClient; //import org.openecomp.policy.utils.AAFPolicyException; import org.w3c.dom.Document; import org.xml.sax.SAXException; import org.openecomp.policy.common.logging.flexlogger.FlexLogger; import org.openecomp.policy.common.logging.flexlogger.Logger; import com.att.research.xacml.api.Advice; import com.att.research.xacml.api.AttributeAssignment; import com.att.research.xacml.api.Decision; import com.att.research.xacml.api.Obligation; import com.att.research.xacml.api.Request; import com.att.research.xacml.api.Response; import com.att.research.xacml.api.Result; import org.openecomp.policy.xacml.api.XACMLErrorConstants; import org.openecomp.policy.xacml.std.pap.StdPAPPolicy; import org.openecomp.policy.xacml.std.pap.StdPDPPolicy; import com.att.research.xacml.api.pap.PAPException; import com.att.research.xacml.api.pap.PDPPolicy; import com.att.research.xacml.std.json.JSONRequest; import com.att.research.xacml.std.json.JSONResponse; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.base.CharMatcher; /** * PolicyEngine Implementation class * * @version 1.0 */ public class StdPolicyEngine { // Change the default Priority value here. private static final int defaultPriority = 9999; private String propertyFilePath = null; private static List pdps = null; private static List paps = null; private static String environment= null; private static String userName = null; private static String pass = null; private static List encoding = null; private static List encodingPAP = null; private List pdp_default = null; private List pap_default = null; private List type_default = null; private List notificationType = new ArrayList(); private List uebURLList = new ArrayList(); private NotificationScheme scheme = null; private NotificationHandler handler = null; private Matches match = null; private Boolean decide = false; private AutoClientUEB UEBClientThread = null; private Thread registerUEBThread = null; private boolean UEBThread = false; private String policyId = null; private String description = null; private String pushVersion = null; private boolean isValid = false; private int responseCode = 0; private boolean unique = false; private boolean junit = false; //private AAFPolicyClient aafClient = null; // Backward code. private String pyPDPClientFile = null; final private static String uniqueID = UUID.randomUUID ().toString (); private static Logger logger = FlexLogger.getLogger(StdPolicyConfig.class.getName()); /* * Taking the Property file even if it null. */ public StdPolicyEngine(String propertyFilePath) throws PolicyEngineException { setProperty(propertyFilePath); } /* * Taking the Notification Constructor. */ public StdPolicyEngine(String propertyFilePath, NotificationScheme scheme, NotificationHandler handler) throws PolicyEngineException { setProperty(propertyFilePath); this.scheme = scheme; this.handler = handler; if (!notificationType.get(0).equals("ueb")){ AutoClientEnd.setAuto(scheme, handler); } notification(scheme, handler); } /* * Taking the Notification Constructor. */ public StdPolicyEngine(String propertyFilePath, NotificationScheme scheme) throws PolicyEngineException { setProperty(propertyFilePath); this.scheme = scheme; setScheme(scheme); } // This Call will be used by PyPDP Requests public StdPolicyEngine(List configURL, List configPapURL, List encodingPAP, List encoding, NotificationScheme scheme, NotificationHandler handler, String environment, String clientProperties, Boolean isTest) { StdPolicyEngine.pdps = configURL; StdPolicyEngine.paps = configPapURL; StdPolicyEngine.encoding = encoding; StdPolicyEngine.encodingPAP = encodingPAP; StdPolicyEngine.environment = environment; Properties props = new Properties(); props.setProperty("ENVIRONMENT", environment); //Not Supported for 1610 Open Source /*try { aafClient = AAFPolicyClient.getInstance(props); } catch (AAFPolicyException e) { logger.error(XACMLErrorConstants.ERROR_UNKNOWN + e.getMessage()); }*/ pyPDPClientFile = clientProperties; // Default Notification Type for PyPDPServers. notificationType.add("websocket"); if(!isTest){ notification(scheme, handler); } } /* * sendEvent API Implementation */ public Collection event(Map eventAttributes, UUID requestID) throws PolicyEventException { Collection policyResponse = null; policyResponse = event(eventAttributes, requestID, userName, pass); return policyResponse; } /* * sendEvent API Implementation for eventRequestParameters */ public Collection event(EventRequestParameters eventRequestParameters) throws PolicyEventException{ Collection response = event(eventRequestParameters.getEventAttributes(), eventRequestParameters.getRequestID()); return response; } /* * getConfig API Implementation */ public Collection config(String eCOMPComponentName, String configName, Map configAttributes, UUID requestID) throws PolicyConfigException { Collection policyConfig = null; policyConfig = config(eCOMPComponentName, configName, configAttributes, requestID, userName, pass); return policyConfig; } /* * getConfig API Implementation */ public Collection config(String eCOMPComponentName, String configName, UUID requestID) throws PolicyConfigException { Collection policyConfig = null; policyConfig = config(eCOMPComponentName, configName,null, requestID, userName, pass); return policyConfig; } /* * getConfig API Implementation */ public Collection config(String eCOMPComponentName, UUID requestID) throws PolicyConfigException { Collection policyConfig = null; policyConfig = config(eCOMPComponentName, requestID, userName, pass); return policyConfig; } /* * getConfig using the PolicyFileName Implementation */ public Collection policyName(String policyName, UUID requestID) throws PolicyConfigException { Collection policyConfig = null; policyConfig = configPolicyName(policyName, requestID, userName, pass); return policyConfig; } /* * getConfig using configRequestParameters Implementation */ public Collection config(ConfigRequestParameters configRequestParameters) throws PolicyConfigException{ Collection response = null; response = configRequest(configRequestParameters, userName, pass); return response; } /* * listPolicies using configRequestParameters Implementation */ public Collection listConfig(ConfigRequestParameters listPolicyRequestParameters) throws PolicyConfigException{ Collection policyList = new ArrayList(); policyList = listConfigRequest(listPolicyRequestParameters, userName, pass); return policyList; } /* * getDecision using the decision Attributes. */ public DecisionResponse decide(String eCOMPComponentName, Map decisionAttributes, UUID requestID) throws PolicyDecisionException { DecisionResponse policyDecision = policyDecide(eCOMPComponentName, decisionAttributes, requestID, userName, pass); return policyDecision; } /* * getDecision Using decisionRequestParameters. */ public DecisionResponse decide(DecisionRequestParameters decisionRequestParameters) throws PolicyDecisionException{ DecisionResponse decision = decide(decisionRequestParameters.getECOMPComponentName(), decisionRequestParameters.getDecisionAttributes(), decisionRequestParameters.getRequestID()); return decision; } /* * PushPolicy using pushPolicyParameters. */ public PolicyChangeResponse pushPolicy(PushPolicyParameters pushPolicyParameters) throws Exception{ return pushPolicy(pushPolicyParameters, userName, pass); } public PolicyChangeResponse pushPolicy(PushPolicyParameters pushPolicyParameters, String userID, String passcode) throws Exception{ StdPolicyChangeResponse response = new StdPolicyChangeResponse(); String resource= "pushPolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseMessage(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseCode(401); return response; } String plainName = null; String scope = null; try{ if(pushPolicyParameters.getPolicyName()!=null){ plainName = pushPolicyParameters.getPolicyName().substring(pushPolicyParameters.getPolicyName().lastIndexOf(".")+1, pushPolicyParameters.getPolicyName().length()); scope = pushPolicyParameters.getPolicyName().substring(0, pushPolicyParameters.getPolicyName().lastIndexOf(".")); logger.info("Name is "+ plainName +" scope is "+ scope); } }catch(Exception e){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); } // check incoming requestID, if null then generate one here so the same id can be used for the multiple transactions for the same Push Policy request (i.e. POST, PUT) UUID requestID = pushPolicyParameters.getRequestID(); if (requestID == null) { requestID = UUID.randomUUID(); logger.info("Request ID was not provided from input, so sending generated ID: " + requestID.toString()); } else { logger.info("Request ID was provided from input: " + requestID.toString()); } // now use the local requestID field derived above to pass to the rest of the Push Policy process (below) // response.setResponseMessage(pushPolicy(scope, plainName, pushPolicyParameters.getPolicyType(), pushPolicyParameters.getPdpGroup(), pushPolicyParameters.getRequestID())); response.setResponseMessage(pushPolicy(scope, plainName, pushPolicyParameters.getPolicyType(), pushPolicyParameters.getPdpGroup(), requestID)); response.setResponseCode(responseCode); return response; } /* * Delete a Policy using deletePolicyParameters */ public PolicyChangeResponse deletePolicy(DeletePolicyParameters parameters) throws Exception { return deletePolicy(parameters, userName, pass); } public PolicyChangeResponse deletePolicy(DeletePolicyParameters parameters, String userID,String passcode) throws Exception { StdPolicyChangeResponse response = new StdPolicyChangeResponse(); String resource= "deletePolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseMessage(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseCode(401); return response; } if (parameters.getPolicyComponent()!=null) { if (parameters.getPolicyComponent().equalsIgnoreCase("PAP")) { response.setResponseMessage(deletePolicyFromPAP(parameters)); } else if (parameters.getPolicyComponent().equalsIgnoreCase("PDP")) { response.setResponseMessage(deletePolicyFromPDP(parameters)); } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy Component does not exist."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy Component does not exist. Please enter either PAP or PDP to delete the policy from a specified Policy Component."); } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Component given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Component given."); } response.setResponseCode(responseCode); return response; } /* * createDictionaryItem using dictionaryParameters. */ public PolicyChangeResponse createDictionaryItem(DictionaryParameters parameters) throws Exception{ StdPolicyChangeResponse response = new StdPolicyChangeResponse(); if(parameters.getDictionaryType()!=null || parameters.getDictionaryType().equals("")){ if(parameters.getDictionary()!=null || parameters.getDictionary().equals("")){ if(parameters.getDictionaryFields()!=null){ logger.info("Parameters are good... start create dictionary item API..."); Map dictionaryFields = parameters.getDictionaryFields().get(AttributeType.DICTIONARY); StdPAPPolicy newDictionaryItem = new StdPAPPolicy(parameters.getDictionaryType().toString(), parameters.getDictionary(), dictionaryFields); String result = (String) callPAP(newDictionaryItem, new String[] {"operation=createDictionary", "apiflag=dictionaryApi"}, parameters.getRequestID(), "dictionaryItem"); response.setResponseCode(responseCode); response.setResponseMessage(result); }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary Fields given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary Fields given."); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary given."); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary Type given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Dictionary Type given."); } try{ }catch(Exception e){ } return response; } /* * createPolicy Using policyParameters. */ public PolicyChangeResponse createPolicy(PolicyParameters policyParameters) throws Exception{ return createPolicy(policyParameters, userName, pass); } public PolicyChangeResponse createPolicy(PolicyParameters policyParameters, String userID, String passcode) throws Exception{ StdPolicyChangeResponse response = new StdPolicyChangeResponse(); String resource= "createPolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseMessage(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseCode(401); return response; } String plainName = null; String scope = null; String date = "NA"; if (policyParameters.getTtlDate()!=null){ date = ConvertDate(policyParameters.getTtlDate()); } try{ if(policyParameters.getPolicyName()!=null){ plainName = policyParameters.getPolicyName().substring(policyParameters.getPolicyName().lastIndexOf(".")+1, policyParameters.getPolicyName().length()); scope = policyParameters.getPolicyName().substring(0, policyParameters.getPolicyName().lastIndexOf(".")); logger.info("Name is "+ plainName +" scope is "+ scope); } }catch(Exception e){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); } if(policyParameters.getPolicyConfigType()!=null){ // This is Config Class Policy. // Firewall if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.Firewall)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ json = stringToJsonObject(policyParameters.getConfigBody()); }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); throw new Exception(message); } response.setResponseMessage(createConfigFirewallPolicy(plainName, json, scope, policyParameters.getRequestID(), userID, passcode, policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body given."; logger.error(message); response.setResponseMessage(message); } } //Base else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.Base)){ if(policyParameters.getConfigBody()!=null) { if(policyParameters.getConfigBodyType()!=null){ response.setResponseMessage(createConfigPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getConfigName(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getConfigBodyType().toString(), policyParameters.getConfigBody(), scope, policyParameters.getRequestID(), userID, passcode, policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body Type given."; logger.error(message); response.setResponseMessage(message); } } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body given."; logger.error(message); response.setResponseMessage(message); } } //BRMS Raw else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.BRMS_RAW)){ if(policyParameters.getConfigBody()!=null){ /*public String createUpdateBRMSRawPolicy(String policyName, String policyDescription, Map dyanamicFieldConfigAttributes, * String brmsRawBody, String policyScope, Boolean isEdit, UUID requestID)*/ response.setResponseMessage(createUpdateBRMSRawPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), policyParameters.getConfigBody(),scope, false, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); throw new Exception(message); } } //BRMS Param else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.BRMS_PARAM)){ if(policyParameters.getConfigBody()!=null){ response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), policyParameters.getConfigBody(),scope, false, policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), null,scope, false, policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); } } // Micro Services Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.MicroService)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ json = stringToJsonObject(policyParameters.getConfigBody()); }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); throw new Exception(message); } //call Micro Services Create API here response.setResponseMessage(createUpdateMicroServicesPolicy(plainName, json, policyParameters.getEcompName(), scope, false, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Micro Service or Attributes Config Body Present"; logger.error(message); throw new Exception(message); } } // ClosedLoop_Fault Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_Fault)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){ json = stringToJsonObject(policyParameters.getConfigBody()); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop JSON Contains Non ASCII Characters."; logger.error(message); response.setResponseCode(400); response.setResponseMessage(message); return response; } }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); response.setResponseCode(400); response.setResponseMessage(message); return response; } //call ClosedLoop_Fault Create API here response.setResponseMessage(createUpdateClosedLoopPolicy(plainName, json, policyParameters.getPolicyDescription(), scope, false, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); response.setResponseMessage(message); response.setResponseCode(400); return response; } } // ClosedLoop_PM Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_PM)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){ json = stringToJsonObject(policyParameters.getConfigBody()); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop PM JSON Contains Non ASCII Characters."; logger.error(message); response.setResponseMessage(message); response.setResponseCode(400); return response; } }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); response.setResponseMessage(message); response.setResponseCode(400); return response; } //call ClosedLoop_Fault Create API here response.setResponseMessage(createUpdateClosedLoopPmPolicy(plainName, json, policyParameters.getPolicyDescription(), scope, false, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); response.setResponseMessage(message); response.setResponseCode(400); return response; } } } else if (policyParameters.getPolicyClass()!=null){ if(policyParameters.getPolicyClass().equals(PolicyClass.Action)){ // call Action Create API here. response.setResponseMessage(createUpdateActionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), policyParameters.getActionPerformer(), policyParameters.getActionAttribute(), scope, false, policyParameters.getRequestID())); }else if(policyParameters.getPolicyClass().equals(PolicyClass.Decision)){ // Call Decision Create API here. if (policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)) { response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, false, policyParameters.getRequestID())); }else if(policyParameters.getAttributes()!=null && !policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), null, policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, false, policyParameters.getRequestID())); }else if(policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && !policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), policyParameters.getAttributes().get(AttributeType.MATCHING), null, policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, false, policyParameters.getRequestID())); }else{ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), null, null, policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, false, policyParameters.getRequestID())); } } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Class found."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Class found."); } response.setResponseCode(responseCode); return response; } /* * updatePolicy using policyParameters. */ public PolicyChangeResponse updatePolicy(PolicyParameters policyParameters) throws Exception{ return updatePolicy(policyParameters, userName, pass); } public PolicyChangeResponse updatePolicy(PolicyParameters policyParameters,String userID, String passcode) throws Exception{ StdPolicyChangeResponse response = new StdPolicyChangeResponse(); String resource= "updatePolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseMessage(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseCode(401); return response; } String plainName = null; String scope = null; String date = "NA"; if (policyParameters.getTtlDate()!=null){ date = ConvertDate(policyParameters.getTtlDate()); } try{ if(policyParameters.getPolicyName()!=null){ plainName = policyParameters.getPolicyName().substring(policyParameters.getPolicyName().lastIndexOf(".")+1, policyParameters.getPolicyName().length()); scope = policyParameters.getPolicyName().substring(0, policyParameters.getPolicyName().lastIndexOf(".")); logger.info("Name is "+ plainName +" scope is "+ scope); } }catch(Exception e){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); } if(policyParameters.getPolicyConfigType()!=null){ // This is Config Class Policy. //Firewall if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.Firewall)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ json = stringToJsonObject(policyParameters.getConfigBody()); }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); throw new Exception(message); } response.setResponseMessage(updateConfigFirewallPolicy(plainName, json, scope, policyParameters.getRequestID(), userID, passcode,policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body given."; logger.error(message); response.setResponseMessage(message); } } //Base Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.Base)){ if(policyParameters.getConfigBody()!=null) { if(policyParameters.getConfigBodyType()!=null){ response.setResponseMessage(updateConfigPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getConfigName(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getConfigBodyType().toString(), policyParameters.getConfigBody(), scope, policyParameters.getRequestID(), userID, passcode, policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body Type given."; logger.error(message); response.setResponseMessage(message); } } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Config Body given."; logger.error(message); response.setResponseMessage(message); } } //BRMS Raw else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.BRMS_RAW)){ if(policyParameters.getConfigBody()!=null){ /*public String createUpdateBRMSRawPolicy(String policyName, String policyDescription, Map dyanamicFieldConfigAttributes, * String brmsRawBody, String policyScope, Boolean isEdit, UUID requestID)*/ response.setResponseMessage(createUpdateBRMSRawPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), policyParameters.getConfigBody(),scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); throw new Exception(message); } } //BRMS Param else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.BRMS_PARAM)){ if(policyParameters.getConfigBody()!=null){ /* public String createUpdateBRMSParamPolicy(String policyName, String policyDescription, Map> dyanamicFieldConfigAttributes, String brmsRawBody, String policyScope, Boolean isEdit, UUID requestID,Map drlRuleAndUIParams)*/ response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), policyParameters.getConfigBody(),scope, true, policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ response.setResponseMessage(createUpdateBRMSParamPolicy(plainName, policyParameters.getPolicyDescription(),policyParameters.getAttributes(), null,scope, true, policyParameters.getRequestID(),policyParameters.getAttributes(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); } } // Micro Services Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.MicroService)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ json = stringToJsonObject(policyParameters.getConfigBody()); }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); throw new Exception(message); } //call Micro Services Create API here response.setResponseMessage(createUpdateMicroServicesPolicy(plainName, json, policyParameters.getEcompName(), scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Micro Service or Attributes Config Body Present"; logger.error(message); throw new Exception(message); } } // ClosedLoop_Fault Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_Fault)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){ json = stringToJsonObject(policyParameters.getConfigBody()); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop JSON Contains Non ASCII Characters."; logger.error(message); response.setResponseMessage(message); return response; } }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); response.setResponseMessage(message); return response; } //call ClosedLoop_Fault Create API here response.setResponseMessage(createUpdateClosedLoopPolicy(plainName, json, policyParameters.getPolicyDescription(), scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); response.setResponseMessage(message); } } // ClosedLoop_PM Policy else if(policyParameters.getPolicyConfigType().equals(PolicyConfigType.ClosedLoop_PM)){ if(policyParameters.getConfigBody()!=null){ JsonObject json = null; try{ if(validateNONASCIICharactersAndAllowSpaces(policyParameters.getConfigBody())){ json = stringToJsonObject(policyParameters.getConfigBody()); } else { String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ "The ClosedLoop PM JSON Contains Non ASCII Characters."; logger.error(message); response.setResponseMessage(message); return response; } }catch(Exception e){ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " improper JSON object : " + policyParameters.getConfigBody(); logger.error(message); response.setResponseMessage(message); return response; } //call ClosedLoop_Fault Create API here response.setResponseMessage(createUpdateClosedLoopPmPolicy(plainName, json, policyParameters.getPolicyDescription(), scope, true, policyParameters.getRequestID(),policyParameters.getRiskLevel(), policyParameters.getRiskType(), String.valueOf(policyParameters.getGuard()), date)); }else{ String message = XACMLErrorConstants.ERROR_DATA_ISSUE+ " No Config Body Present"; logger.error(message); response.setResponseMessage(message); } } }else{ if(policyParameters.getPolicyClass().equals(PolicyClass.Action)){ // call Action Update API here. response.setResponseMessage(createUpdateActionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), policyParameters.getActionPerformer(), policyParameters.getActionAttribute(), scope, true, policyParameters.getRequestID())); }else if(policyParameters.getPolicyClass().equals(PolicyClass.Decision)){ // Call Decision Create API here. if (policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)) { response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), policyParameters.getAttributes().get(AttributeType.MATCHING), policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, true, policyParameters.getRequestID())); }else if(policyParameters.getAttributes()!=null && !policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), null, policyParameters.getAttributes().get(AttributeType.SETTINGS), policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, true, policyParameters.getRequestID())); }else if(policyParameters.getAttributes()!=null && policyParameters.getAttributes().containsKey(AttributeType.MATCHING) && !policyParameters.getAttributes().containsKey(AttributeType.SETTINGS)){ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), policyParameters.getAttributes().get(AttributeType.MATCHING), null, policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, true, policyParameters.getRequestID())); }else{ response.setResponseMessage(createUpdateDecisionPolicy(plainName, policyParameters.getPolicyDescription(), policyParameters.getEcompName(), policyParameters.getRuleProvider(), null, null, policyParameters.getDynamicRuleAlgorithmLabels(), policyParameters.getDynamicRuleAlgorithmField1(), policyParameters.getDynamicRuleAlgorithmFunctions(), policyParameters.getDynamicRuleAlgorithmField2(), scope, true, policyParameters.getRequestID())); } } } response.setResponseCode(responseCode); return response; } public DecisionResponse policyDecide(String eCOMPComponentName, Map decisionAttributes, UUID requestID, String userID, String passcode) throws PolicyDecisionException { String resource= "getDecision"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyDecisionException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } DecisionResponse policyDecision; if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName); throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given."); } if (decisionAttributes != null && !decisionAttributes.isEmpty()) { JsonArrayBuilder resourceArray = Json.createArrayBuilder(); for (String key : decisionAttributes.keySet()) { if (key.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an Empty Key"); throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key"); } JsonObjectBuilder resourceBuilder = Json.createObjectBuilder(); if (decisionAttributes.get(key).matches("[0-9]+")) { int val = Integer.parseInt(decisionAttributes.get(key)); resourceBuilder.add("Value", val); } else { resourceBuilder.add("Value", decisionAttributes.get(key)); } resourceBuilder.add("AttributeId", key); resourceArray.add(resourceBuilder); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", eCOMPComponentName) .add("AttributeId", "ECOMPName"))) .add("Resource", Json.createObjectBuilder().add( "Attribute", resourceArray)) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "DECIDE") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id")))) .build(); try { decide = true; policyDecision = decisionResult(generateRequest(model .toString(), requestID)); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); decide = false; throw new PolicyDecisionException(e); } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Decision Attributes Given. "); throw new PolicyDecisionException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No DecisionAttributes Given."); } decide = false; return policyDecision; } public Collection configPolicyName(String policyName, UUID requestID, String userID, String passcode) throws PolicyConfigException { String resource= "getConfigByPolicyName"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; if (policyName == null || policyName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE+ "No Policy FileName specified!! : " + policyName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE+"No Policy FileName specified!!"); } if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){ policyName = policyName + ".[\\d].*"; } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder().add( "Attribute", Json.createObjectBuilder() .add("Value", policyName) .add("AttributeId", "PolicyName"))) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))) .build(); try { policyConfig = configResult(generateRequest(model.toString(), requestID)); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } return policyConfig; } public Collection config(String eCOMPComponentName, UUID requestID, String userID, String passcode) throws PolicyConfigException { String resource= "getConfig"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given."); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", eCOMPComponentName) .add("AttributeId", "ECOMPName"))) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))) .build(); try { policyConfig = configResult(generateRequest(model.toString(), requestID)); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } return policyConfig; } public Collection config(String eCOMPComponentName, String configName, UUID requestID, String userID, String passcode) throws PolicyConfigException { String resource= "getConfig"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given."); } if (configName == null || configName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No configName given : " + configName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No configName given."); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute", Json.createArrayBuilder() .add(Json .createObjectBuilder() .add("Value", eCOMPComponentName) .add("AttributeId", "ECOMPName")) .add(Json .createObjectBuilder() .add("Value", configName) .add("AttributeId", "ConfigName")))) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id")))) .build(); try { policyConfig = configResult(generateRequest(model.toString(), requestID)); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } return policyConfig; } public Collection config(String eCOMPComponentName, String configName, Map configAttributes, UUID requestID, String userID, String passcode) throws PolicyConfigException { String resource= "getConfig"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; if (eCOMPComponentName == null || eCOMPComponentName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given : " + eCOMPComponentName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName given."); } if (configName == null || configName.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No configName given : " + configName); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No configName given."); } if (configAttributes != null && !configAttributes.isEmpty()) { if(!configAttributes.containsKey("RiskType")){ configAttributes.put("RiskType", ".*"); } if(!configAttributes.containsKey("RiskLevel")){ configAttributes.put("RiskLevel", ".*"); } if(!configAttributes.containsKey("guard")){ configAttributes.put("guard", ".*"); } if(!configAttributes.containsKey("TTLDate")){ configAttributes.put("TTLDate", ".*"); } }else{ // ConfigAttributes is Null. So add basic values. configAttributes = new HashMap(); configAttributes.put("RiskType", ".*"); configAttributes.put("RiskLevel", ".*"); configAttributes.put("guard", ".*"); configAttributes.put("TTLDate", ".*"); } JsonArrayBuilder resourceArray = Json.createArrayBuilder(); for (String key : configAttributes.keySet()) { if (key.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key"); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key"); } JsonObjectBuilder resourceBuilder = Json.createObjectBuilder(); /*if (configAttributes.get(key).matches("[0-9]+")) { int val = Integer.parseInt(configAttributes.get(key)); resourceBuilder.add("Value", val); } else {*/ resourceBuilder.add("Value", configAttributes.get(key)); resourceBuilder.add("AttributeId", key); resourceArray.add(resourceBuilder); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute", Json.createArrayBuilder() .add(Json .createObjectBuilder() .add("Value", eCOMPComponentName) .add("AttributeId", "ECOMPName")) .add(Json .createObjectBuilder() .add("Value", configName) .add("AttributeId", "ConfigName")))) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", resourceArray .add(Json.createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))) .build(); try { policyConfig = configResult(generateRequest(model.toString(), requestID)); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } return policyConfig; } public Collection configRequest(ConfigRequestParameters configRequestParameters, String userID, String passcode) throws PolicyConfigException{ String resource= "getConfig"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; unique = false; if(configRequestParameters==null){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No config Request Parameters given "); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No config Request Parameters given."); } if(configRequestParameters.getEcompName() == null && configRequestParameters.getPolicyName() == null){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot proceed without eCOMPComponentName or PolicyName"); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No eCOMPComponentName or PolicyName given."); } String policyName = configRequestParameters.getPolicyName(); if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){ policyName = policyName + ".[\\d].*"; } JsonArrayBuilder subjectArray = Json.createArrayBuilder(); JsonArrayBuilder resourceArray = Json.createArrayBuilder(); if(configRequestParameters.getPolicyName()!=null){ JsonObjectBuilder subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", policyName); subjectBuilder.add("AttributeId", "PolicyName"); subjectArray.add(subjectBuilder); }else{ logger.info("PolicyName values are not given. "); } if(configRequestParameters.getEcompName()!=null){ JsonObjectBuilder subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", configRequestParameters.getEcompName()); subjectBuilder.add("AttributeId", "ECOMPName"); subjectArray.add(subjectBuilder); if(configRequestParameters.getConfigName()!=null){ subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", configRequestParameters.getConfigName()); subjectBuilder.add("AttributeId", "ConfigName"); subjectArray.add(subjectBuilder); Map configAttributes = configRequestParameters.getConfigAttributes(); if (configAttributes != null && !configAttributes.isEmpty()) { if(!configAttributes.containsKey("RiskType")){ configAttributes.put("RiskType", ".*"); } if(!configAttributes.containsKey("RiskLevel")){ configAttributes.put("RiskLevel", ".*"); } if(!configAttributes.containsKey("guard")){ configAttributes.put("guard", ".*"); } if(!configAttributes.containsKey("TTLDate")){ configAttributes.put("TTLDate", ".*"); } }else{ // ConfigAttributes is Null. So add basic values. configAttributes = new HashMap(); configAttributes.put("RiskType", ".*"); configAttributes.put("RiskLevel", ".*"); configAttributes.put("guard", ".*"); configAttributes.put("TTLDate", ".*"); } for (String key : configAttributes.keySet()) { if (key.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key"); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key"); } JsonObjectBuilder resourceBuilder = Json.createObjectBuilder(); /*if (configAttributes.get(key).matches("[0-9]+")) { int val = Integer.parseInt(configAttributes.get(key)); resourceBuilder.add("Value", val); } else {*/ resourceBuilder.add("Value", configAttributes.get(key)); resourceBuilder.add("AttributeId", key); resourceArray.add(resourceBuilder); } }else{ logger.info("Config Name is not given. "); } }else{ logger.info("Ecomp Name is not given. "); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute",subjectArray)) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", resourceArray .add(Json .createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))) .build(); logger.debug("Generated JSON Request is: " + model.toString()); if(configRequestParameters.getUnique()){ logger.info("Requested for Unique Result only. "); unique = true; } try { policyConfig = configResult(generateRequest(model.toString(), configRequestParameters.getRequestID())); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } return policyConfig; } public Collection listConfigRequest(ConfigRequestParameters listRequestParameters, String userID, String passcode) throws PolicyConfigException{ String resource= "listConfig"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyConfigException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyConfig = null; Collection policyList = new ArrayList(); unique = false; if(listRequestParameters==null){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Request Parameters given "); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Request Parameters given."); } if (junit){ policyList.add("Policy Name: listConfigTest"); return policyList; } String policyName = listRequestParameters.getPolicyName(); if(policyName!= null && !policyName.trim().equals("") && !policyName.endsWith("xml")){ policyName = policyName + ".[\\d].*"; } JsonArrayBuilder subjectArray = Json.createArrayBuilder(); JsonArrayBuilder resourceArray = Json.createArrayBuilder(); if(listRequestParameters.getPolicyName()!=null){ JsonObjectBuilder subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", policyName); subjectBuilder.add("AttributeId", "PolicyName"); subjectArray.add(subjectBuilder); }else{ logger.info("PolicyName values are not given. "); } if(listRequestParameters.getEcompName()!=null){ JsonObjectBuilder subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", listRequestParameters.getEcompName()); subjectBuilder.add("AttributeId", "ECOMPName"); subjectArray.add(subjectBuilder); if(listRequestParameters.getConfigName()!=null){ subjectBuilder = Json.createObjectBuilder(); subjectBuilder.add("Value", listRequestParameters.getConfigName()); subjectBuilder.add("AttributeId", "ConfigName"); subjectArray.add(subjectBuilder); Map configAttributes = listRequestParameters.getConfigAttributes(); if (configAttributes != null && !configAttributes.isEmpty()) { if(!configAttributes.containsKey("RiskType")){ configAttributes.put("RiskType", ".*"); } if(!configAttributes.containsKey("RiskLevel")){ configAttributes.put("RiskLevel", ".*"); } if(!configAttributes.containsKey("guard")){ configAttributes.put("guard", ".*"); } if(!configAttributes.containsKey("TTLDate")){ configAttributes.put("TTLDate", ".*"); } }else{ // ConfigAttributes is Null. So add basic values. configAttributes = new HashMap(); configAttributes.put("RiskType", ".*"); configAttributes.put("RiskLevel", ".*"); configAttributes.put("guard", ".*"); configAttributes.put("TTLDate", ".*"); } for (String key : configAttributes.keySet()) { if (key.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an empty Key"); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key"); } JsonObjectBuilder resourceBuilder = Json.createObjectBuilder(); /*if (configAttributes.get(key).matches("[0-9]+")) { int val = Integer.parseInt(configAttributes.get(key)); resourceBuilder.add("Value", val); } else {*/ resourceBuilder.add("Value", configAttributes.get(key)); resourceBuilder.add("AttributeId", key); resourceArray.add(resourceBuilder); } }else{ logger.info("Config Name is not given. "); } }else{ logger.info("Ecomp Name is not given. "); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder() .add("AccessSubject", Json.createObjectBuilder() .add("Attribute",subjectArray)) .add("Action", Json.createObjectBuilder() .add("Attribute", Json.createObjectBuilder() .add("Value", "ACCESS") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:action:action-id"))) .add("Resource", Json.createObjectBuilder() .add("Attribute", resourceArray .add(Json .createObjectBuilder() .add("Value", "Config") .add("AttributeId", "urn:oasis:names:tc:xacml:1.0:resource:resource-id"))))) .build(); logger.debug("Generated JSON Request is: " + model.toString()); if(listRequestParameters.getUnique()){ logger.info("Requested for Unique Result only. "); unique = true; } try { policyConfig = configResult(generateRequest(model.toString(), listRequestParameters.getRequestID())); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyConfigException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } for(PolicyConfig policy : policyConfig){ if(policy.getPolicyConfigMessage()!=null && policy.getPolicyConfigMessage().contains("PE300")){ policyList.add(policy.getPolicyConfigMessage()); } else { policyList.add("Policy Name: " + policy.getPolicyName()); } } return policyList; } public Collection event(Map eventAttributes, UUID requestID, String userID, String passcode) throws PolicyEventException { String resource= "sendEvent"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); throw new PolicyEventException(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } Collection policyResponse = null; if (eventAttributes != null && !eventAttributes.isEmpty()) { JsonArrayBuilder resourceArray = Json.createArrayBuilder(); for (String key : eventAttributes.keySet()) { if (key.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot have an Empty Key"); throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +"Cannot have an empty Key"); } JsonObjectBuilder resourceBuilder = Json.createObjectBuilder(); if (eventAttributes.get(key).matches("[0-9]+")) { int val = Integer.parseInt(eventAttributes.get(key)); resourceBuilder.add("Value", val); } else { resourceBuilder.add("Value", eventAttributes.get(key)); } resourceBuilder.add("AttributeId", key); resourceArray.add(resourceBuilder); } JsonObject model = Json .createObjectBuilder() .add("Request", Json.createObjectBuilder().add( "Resource", Json.createObjectBuilder().add("Attribute", resourceArray))).build(); // Removed Part can be Useful in Future. /* * .add("AccessSubject",Json.createObjectBuilder() .add("Attribute", * subjectArray)) .add("Action", Json.createObjectBuilder() * .add("Attribute", actionArray)) */ // System.out.println(model.toString()); try { // StdPolicyResponse stdPolicyResponse = // generateRequest(model.toString()); // stdPolicyResponse.setRequestAttributes(eventAttributes); policyResponse = eventResult(generateRequest(model.toString(), requestID), eventAttributes); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +e); } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No event Attributes Given. "); throw new PolicyEventException(XACMLErrorConstants.ERROR_DATA_ISSUE +"No EventAttributes Given."); } return policyResponse; } private Collection generateRequest(String Json, UUID requestID) throws Exception { Collection results = null; Response response = null; // Create Request. We need XACML API here. try { Request request = JSONRequest.load(Json); String jRequest = JSONRequest.toString(request); // Call the PDP logger.debug("--- Generating Request: ---\n" + jRequest ); response = callPDP(new ByteArrayInputStream(jRequest.getBytes()), requestID); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e); StdStatus stdStatus = new StdStatus(); results = new HashSet(); stdStatus.setStatus("Unable to Call PDP. Error with the URL", PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_NOT_FOUND); results.add(stdStatus); throw new Exception(e); } if(this.UEBThread){ this.UEBThread = registerUEBThread.isAlive(); } if (response != null) { results = checkResponse(response); // TODO Starting Auto Client Here. if (notificationType.get(0).equals("ueb") && !this.UEBThread){ this.UEBClientThread = new AutoClientUEB(pdps.get(0), uebURLList); this.registerUEBThread = new Thread(this.UEBClientThread); this.registerUEBThread.start(); this.UEBThread = true; }else { if(AutoClientEnd.getURL()==null){ AutoClientEnd.start(pdps.get(0)); }else if(AutoClientEnd.getURL()!=pdps.get(0)){ AutoClientEnd.stop(); AutoClientEnd.start(pdps.get(0)); } } } else { logger.debug("No Response Received from PDP"); StdStatus stdStatus = new StdStatus(); results = new HashSet(); stdStatus.setStatus("No Response Received", PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_NOT_FOUND); results.add(stdStatus); } return results; } private Response callPDP(ByteArrayInputStream input, UUID requestID) throws Exception { Response response = null; HttpURLConnection connection = null; responseCode = 0; // Checking for the available PDPs is done during the first Request and // the List is going to have the connected PDP as first element. // This makes it Real-Time to change the list depending on their // availability. if (pdps == null || pdps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDPs List is Empty."); throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PDPs List is empty."); } else { int pdpsCount = 0; boolean connected = false; while (pdpsCount < pdps.size()) { input.reset(); try { String urlValue = pdps.get(0); URL url = new URL(urlValue); logger.debug("--- Sending Request to PDP : "+ url.toString() + " ---"); connection = (HttpURLConnection) url.openConnection(); // Setting Content-Type connection.setRequestProperty("Content-Type","application/json"); // Adding Authorization connection.setRequestProperty("Authorization", "Basic " + encoding.get(0)); // Adding Environment. connection.setRequestProperty("Environment", environment); // Adding RequestID if (requestID == null) { requestID = UUID.randomUUID(); logger.info("No request ID provided, sending generated ID: " + requestID.toString()); } else { logger.info("Using provided request ID: " + requestID.toString()); } connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); // Setting up connection method and headers. connection.setRequestMethod("POST"); connection.setUseCaches(false); connection.setInstanceFollowRedirects(false); connection.setDoOutput(true); connection.setDoInput(true); OutputStream os = connection.getOutputStream(); IOUtils.copy(input, os); connection.connect(); responseCode = connection.getResponseCode(); // If Connected to a PDP Then break from the loop and // continue with the Request. if (connection.getResponseCode() == 200 || junit) { connected = true; break; } else { logger.debug(XACMLErrorConstants.ERROR_PERMISSIONS+ "PDP Response Code : " + connection.getResponseCode()); Collections.rotate(pdps, -1); Collections.rotate(encoding, -1); } } catch (Exception e) { // This means that the PDP is not working and needs to // Re-Order our List and Connect to the next one. logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PDP connection Error : " + e); Collections.rotate(pdps, -1); Collections.rotate(encoding, -1); } pdpsCount++; } if (connected) { // Read the Response // System.out.println("connected to PDP : " + pdps.get(0)); logger.debug("connected to PDP : " + pdps.get(0)); logger.debug("--- Response: ---"); Map> headers = connection.getHeaderFields(); for(String key : headers.keySet()){ logger.debug("Header : " + key + " Value: " + headers.get(key)); } try { if (connection.getResponseCode() == 200 || junit) { // Read the Response ContentType contentType = null; try { contentType = ContentType.parse(connection .getContentType()); if (contentType.getMimeType().equalsIgnoreCase( ContentType.APPLICATION_JSON.getMimeType())) { if(junit){ response = JSONResponse.load(getJsonResponseString()); } else { response = JSONResponse.load(connection.getInputStream()); } logger.debug(response + "\n---"); } else { logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unknown Content-Type: " + contentType); throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unknown Content-Type: " + contentType); } } catch (Exception e) { String message = XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Parsing Content-Type: " + connection.getContentType() + ", error=" + e; logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e); throw new Exception(message, e); } } else { throw new Exception(XACMLErrorConstants.ERROR_PERMISSIONS+ "ERROR response code of the URL " + pdps.get(0) + " is " + connection.getResponseCode()); } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"Error in Connecting to the PDP ", e); } return response; } else { if(junit){ response = JSONResponse.load(getJsonResponseString()); return response; } throw new Exception(XACMLErrorConstants.ERROR_PERMISSIONS+ "Unable to get valid Response from PDP(s) " + pdps); } } } private Collection checkResponse(Response response) throws Exception { String pdpConfigURL = null; Collection combinedResult = new HashSet(); int priority = defaultPriority; Map uniqueResult = new HashMap(); for (Result result : response.getResults()) { if (!result.getDecision().equals(Decision.PERMIT)) { logger.debug("Decision not a Permit. " + result.getDecision().toString()); StdStatus stdStatus = new StdStatus(); if (decide) { stdStatus.setDecision(PolicyDecision.DENY); for(Advice advice: result.getAssociatedAdvice()){ for(AttributeAssignment attribute: advice.getAttributeAssignments()){ stdStatus.setDetails(attribute.getAttributeValue().getValue().toString()); break; } } combinedResult.add(stdStatus); return combinedResult; } stdStatus.setStatus(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Params passed: Decision not a Permit.",PolicyResponseStatus.NO_ACTION_REQUIRED,PolicyConfigStatus.CONFIG_NOT_FOUND); combinedResult.add(stdStatus); return combinedResult; } else { if (decide) { // check for Decision for decision based calls. StdStatus stdStatus = new StdStatus(); stdStatus.setDecision(PolicyDecision.PERMIT); stdStatus.setDetails("Decision Permit. OK!"); combinedResult.add(stdStatus); return combinedResult; } if (!result.getAssociatedAdvice().isEmpty()) { // @ TODO Add advice actions // Configurations should be in advice. + Also PDP took // actions could be here. for (Advice advice : result.getAssociatedAdvice()) { int config = 0, uri = 0; String configURL = null; String policyName = null; String policyVersion = null; Map matchingConditions = new HashMap(); match = new Matches(); Map configAttributes = new HashMap(); Map responseAttributes = new HashMap(); Map actionTaken = new HashMap(); StdStatus stdStatus = new StdStatus(); Map adviseAttributes = new HashMap(); for (AttributeAssignment attribute : advice.getAttributeAssignments()) { adviseAttributes.put(attribute.getAttributeId().stringValue(), attribute.getAttributeValue().getValue().toString()); if (attribute.getAttributeValue().getValue().toString().equalsIgnoreCase("CONFIGURATION")) { config++; } else if (attribute.getDataTypeId().stringValue().endsWith("anyURI")) { uri++; if (uri == 1) { configURL = attribute.getAttributeValue().getValue().toString(); String currentUsedPDP = pdps.get(0); int pos = (pdps.get(0)).lastIndexOf("/"); String configURLPath = currentUsedPDP.substring(0, pos); int pos1 = configURLPath.lastIndexOf("/"); String pdpConfigURLPath = configURLPath.substring(0, pos1 + 1); pdpConfigURL = configURL.replace("$URL", pdpConfigURLPath); } else { if (!(attribute.getIssuer().equalsIgnoreCase("PDP"))) { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error having multiple URI in the Policy"); } } } else if (attribute.getAttributeId().stringValue() .equalsIgnoreCase("PolicyName")) { policyName = attribute.getAttributeValue() .getValue().toString(); } else if (attribute.getAttributeId().stringValue() .equalsIgnoreCase("VersionNumber")) { policyVersion = attribute.getAttributeValue() .getValue().toString(); } else if (attribute.getAttributeId().stringValue().equalsIgnoreCase("Priority")){ try{ priority = Integer.parseInt(attribute.getAttributeValue().getValue().toString()); } catch(Exception e){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE+ "Unable to Parse Integer for Priority. Setting to default value"); priority = defaultPriority; } } else if (attribute.getAttributeId().stringValue() .startsWith("matching")) { matchingConditions.put(attribute .getAttributeId().stringValue() .replaceFirst("(matching).", ""), attribute.getAttributeValue() .getValue().toString()); if (attribute.getAttributeId().stringValue() .replaceFirst("(matching).", "") .equals("ECOMPName")) { match.setEcompName(attribute .getAttributeValue().getValue() .toString()); } else if (attribute.getAttributeId() .stringValue() .replaceFirst("(matching).", "") .equals("ConfigName")) { match.setConfigName(attribute .getAttributeValue().getValue() .toString()); } else { configAttributes.put(attribute .getAttributeId().stringValue() .replaceFirst("(matching).", ""), attribute.getAttributeValue() .getValue().toString()); } } else if (attribute.getAttributeId().stringValue().startsWith("key:")) { responseAttributes.put(attribute .getAttributeId().stringValue() .replaceFirst("(key).", ""), attribute.getAttributeValue() .getValue().toString()); } } if (!configAttributes.isEmpty()) { match.setConfigAttributes(configAttributes); } if ((config == 1) && (uri == 1)) { // If there is a configuration. try { logger.debug("Configuration Call to : " + configURL); stdStatus = ConfigCall(pdpConfigURL); } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW+ e); stdStatus .setStatus( "Error in Calling the Configuration URL " + e, PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_NOT_FOUND); } stdStatus.setPolicyName(policyName); stdStatus.setPolicyVersion(policyVersion); stdStatus.setMatchingConditions(matchingConditions); stdStatus.setResposneAttributes(responseAttributes); if(!unique){ combinedResult.add(stdStatus); }else{ if(!uniqueResult.isEmpty()){ if(uniqueResult.containsKey(priority)){ // Not any more unique, check the matching conditions size int oldSize = uniqueResult.get(priority).getMatchingConditions().size(); int newSize = matchingConditions.size(); if(oldSize < newSize){ uniqueResult.put(priority, stdStatus); }else if(oldSize == newSize){ stdStatus = new StdStatus(); stdStatus.setStatus("Two/more Policies have Same Priority and matching conditions, Please correct your policies.", PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_NOT_FOUND); combinedResult.add(stdStatus); unique = false; return combinedResult; } }else{ uniqueResult.put(priority, stdStatus); } }else{ uniqueResult.put(priority, stdStatus); } } } else { // Else it is Action Taken. logger.info("Action Taken by PDP. "); actionTaken.putAll(adviseAttributes); stdStatus.setActionTaken(actionTaken); stdStatus.setPolicyResponseStatus( "Action Taken by the PDP", PolicyResponseStatus.ACTION_TAKEN); combinedResult.add(stdStatus); } } } if (!result.getObligations().isEmpty()) { // @ TODO add Obligation actions // Action advised should be in obligations. for (Obligation obligation : result.getObligations()) { Map actionAdvised = new HashMap(); StdStatus stdStatus = new StdStatus(); for (AttributeAssignment attribute : obligation .getAttributeAssignments()) { actionAdvised.put(attribute.getAttributeId() .stringValue(), attribute .getAttributeValue().getValue().toString()); } stdStatus.setActionAdvised(actionAdvised); stdStatus.setPolicyResponseStatus( "Action has been Advised ", PolicyResponseStatus.ACTION_ADVISED); combinedResult.add(stdStatus); } } } } if(unique){ // Select Unique policy. int minNum = defaultPriority; for(int num: uniqueResult.keySet()){ if(num < minNum){ minNum = num; } } combinedResult.add(uniqueResult.get(minNum)); // Turn off Unique unique = false; } return combinedResult; } private StdStatus ConfigCall(String stringURL) throws Exception { StdStatus stdStatus = new StdStatus(); try { URL configURL = new URL(stringURL); URLConnection connection = null; try { connection = configURL.openConnection(); if (stringURL.endsWith("json")) { stdStatus.setPolicyType(PolicyType.JSON); JsonReader jsonReader = Json.createReader(connection .getInputStream()); stdStatus.setJsonObject(jsonReader.readObject()); jsonReader.close(); logger.info("config Retrieved "); stdStatus.setStatus("Config Retrieved from: " + configURL, PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_RETRIEVED); try { MatchStore.storeMatch(match); } catch (Exception e) { logger.info("StoreMatch failed for Ecomp:" + match.getEcompName() + " Config: " + match.getConfigName()); } return stdStatus; } else if (stringURL.endsWith("xml")) { stdStatus.setPolicyType(PolicyType.XML); DocumentBuilderFactory dbf = DocumentBuilderFactory .newInstance(); DocumentBuilder db = null; try { db = dbf.newDocumentBuilder(); Document config = db.parse(connection.getInputStream()); stdStatus.setDocument(config); } catch (ParserConfigurationException e) { logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + e); throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Unable to create Document Object", e); } catch (SAXException e) { logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID+ e); throw new Exception(XACMLErrorConstants.ERROR_SCHEMA_INVALID+ "Unable to parse the XML config", e); } logger.info("config Retrieved "); stdStatus.setStatus("Config Retrieved from: " + configURL, PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_RETRIEVED); try { MatchStore.storeMatch(match); } catch (Exception e) { logger.info("StoreMatch failed for Ecomp:" + match.getEcompName() + " Config: " + match.getConfigName()); } return stdStatus; } else if (stringURL.endsWith("properties")) { stdStatus.setPolicyType(PolicyType.PROPERTIES); Properties configProp = new Properties(); configProp.load(connection.getInputStream()); stdStatus.setProperties(configProp); logger.info("config Retrieved "); stdStatus.setStatus("Config Retrieved from: " + configURL, PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_RETRIEVED); try { MatchStore.storeMatch(match); } catch (Exception e) { logger.info("StoreMatch failed for Ecomp:" + match.getEcompName() + " Config: " + match.getConfigName()); } return stdStatus; } else if (stringURL.endsWith("txt")) { stdStatus.setPolicyType(PolicyType.OTHER); InputStream in = connection.getInputStream(); String other = IOUtils.toString(in); IOUtils.closeQuietly(in); stdStatus.setOther(other); logger.info("config Retrieved "); stdStatus.setStatus("Config Retrieved from: " + configURL, PolicyResponseStatus.NO_ACTION_REQUIRED, PolicyConfigStatus.CONFIG_RETRIEVED); try { MatchStore.storeMatch(match); } catch (Exception e) { logger.info("StoreMatch failed for Ecomp:" + match.getEcompName() + " Config: " + match.getConfigName()); } return stdStatus; } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Config Not Found"); stdStatus .setPolicyConfigStatus(PolicyConfigStatus.CONFIG_NOT_FOUND); stdStatus .setConfigStatus("Illegal form of Configuration Type Found."); return stdStatus; } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); throw new Exception(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Cannot open a connection to the configURL", e); } } catch (MalformedURLException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error in ConfigURL", e); } } private void setProperty(String propertyFilePath) throws PolicyEngineException { this.propertyFilePath = propertyFilePath; if (this.propertyFilePath == null) { // This is only for testing purpose. Or We will add a default PDP // address here. // url_default = "http://localhost:8080/pdp/"; // The General Error Message is Below. throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error NO PropertyFile Path provided"); } else { // Adding logic for remote Properties file. Properties prop = new Properties(); if (propertyFilePath.startsWith("http")) { URL configURL; try { configURL = new URL(propertyFilePath); URLConnection connection = null; connection = configURL.openConnection(); prop.load(connection.getInputStream()); } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Maformed property URL "+ e.getMessage()); } } else { Path file = Paths.get(propertyFilePath); if (Files.notExists(file)) { throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "File doesn't exist in the specified Path " + file.toString()); } if (file.toString().endsWith(".properties")) { InputStream in; prop = new Properties(); try { in = new FileInputStream(file.toFile()); prop.load(in); } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e); throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Cannot Load the Properties file", e); } } else { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Not a .properties file " + propertyFilePath); throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Not a .properties file"); } } // UEB Settings String check_type = prop.getProperty("NOTIFICATION_TYPE"); String serverList = prop.getProperty("NOTIFICATION_UEB_SERVERS"); if(check_type==null) { notificationType.add("websocket"); logger.info("Properties file doesn't have the NOTIFICATION_TYPE parameter system will use defualt websockets"); }else{ if(check_type.contains(",")) { type_default = new ArrayList(Arrays.asList(prop.getProperty("NOTIFICATION_TYPE").split(","))); notificationType = type_default; } else { notificationType = new ArrayList(); notificationType.add(check_type); } } if(serverList==null) { notificationType.clear(); notificationType.add("websocket"); logger.info("Properties file doesn't have the NOTIFICATION_UEB_SERVERS parameter system will use defualt websockets"); }else{ if(serverList.contains(",")) { uebURLList = new ArrayList(Arrays.asList(prop.getProperty("NOTIFICATION_UEB_SERVERS").split(","))); } else { uebURLList = new ArrayList(); uebURLList.add(serverList); } } // Client ID Authorization Settings. String clientID = prop.getProperty("CLIENT_ID"); String clientKey = prop.getProperty("CLIENT_KEY"); userName = clientID; pass = clientKey; pyPDPClientFile = prop.getProperty("CLIENT_FILE"); environment = prop.getProperty("ENVIRONMENT", "DEVL"); /*try { aafClient = AAFPolicyClient.getInstance(prop); } catch (AAFPolicyException e) { logger.error(XACMLErrorConstants.ERROR_UNKNOWN + e.getMessage()); throw new PolicyEngineException(XACMLErrorConstants.ERROR_UNKNOWN + e); }*/ // Initializing the values. pdps = new ArrayList(); paps = new ArrayList(); encoding = new ArrayList(); encodingPAP = new ArrayList(); // Check the Keys for PDP_URLs Collection unsorted = prop.keySet(); @SuppressWarnings({ "rawtypes", "unchecked" }) List sorted = new ArrayList(unsorted); Collections.sort(sorted); for (String propKey : sorted) { if (propKey.startsWith("PDP_URL")) { String check_val = prop.getProperty(propKey); if (check_val == null) { throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Properties file doesn't have the PDP_URL parameter"); } if (check_val.contains(";")) { pdp_default = new ArrayList(Arrays.asList(check_val.split("\\s*;\\s*"))); int pdpCount = 0; while (pdpCount < pdp_default.size()) { String pdpVal = pdp_default.get(pdpCount); readPDPParam(pdpVal); pdpCount++; } } else { readPDPParam(check_val); } } else if (propKey.startsWith("PAP_URL")) { String check_val = prop.getProperty(propKey); if (check_val == null) { throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Properties file doesn't have the PAP_URL parameter"); } if (check_val.contains(";")) { pap_default = new ArrayList(Arrays.asList(check_val.split("\\s*;\\s*"))); int papCount = 0; while (papCount < pap_default.size()) { String papVal = pap_default.get(papCount); readPAPParam(papVal); papCount++; } } else { readPAPParam(check_val); } } } if (pdps == null || pdps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PDP_URLs"); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PDP_URLs"); } if (paps == null || paps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed without PAP_URLs"); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot Proceed with out PAP_URLs"); } // Get JUNIT property from properties file when running tests String junit = prop.getProperty("JUNIT"); if(junit == null || junit.isEmpty()){ logger.info("No JUNIT property provided, this will not be executed as a test."); }else{ if(junit.equals("test")){ this.junit = true; } else { this.junit = false; } } } } /* * Read the PDP_URL parameter */ private void readPDPParam(String pdpVal) throws PolicyEngineException{ if(pdpVal.contains(",")){ List pdpValues = new ArrayList(Arrays.asList(pdpVal.split("\\s*,\\s*"))); if(pdpValues.size()==3){ // 0 - PDPURL pdps.add(pdpValues.get(0)); // 1:2 will be UserID:Password String userID = pdpValues.get(1); String pass = pdpValues.get(2); Base64.Encoder encoder = Base64.getEncoder(); encoding.add(encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8))); }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + pdpValues); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request. " + pdpValues); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP value is improper/missing required values: " + pdpVal); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "PDP value is improper/missing required values."); } } /* * Read the PAP_URL parameter */ private void readPAPParam(String papVal) throws PolicyEngineException{ if(papVal.contains(",")){ List papValues = new ArrayList(Arrays.asList(papVal.split("\\s*,\\s*"))); if(papValues.size()==3){ // 0 - PAPURL paps.add(papValues.get(0)); // 1:2 will be UserID:Password String userID = papValues.get(1); String pass = papValues.get(2); Base64.Encoder encoder = Base64.getEncoder(); encodingPAP.add(encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8))); }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + papValues); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request. " + papValues); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Credentials to send Request: " + papVal); throw new PolicyEngineException(XACMLErrorConstants.ERROR_DATA_ISSUE + "No enough Credentials to send Request."); } } /* * Allowing changes to the scheme and Handler. */ public void notification(NotificationScheme scheme, NotificationHandler handler) { this.scheme = scheme; this.handler = handler; logger.debug("Scheme is : " + scheme.toString()); logger.debug("Handler is : " + handler.getClass().getName()); if (!notificationType.get(0).equals("ueb")){ AutoClientEnd.setAuto(scheme, handler); }else { if (this.UEBThread){ UEBClientThread.setAuto(scheme, handler); this.UEBThread = registerUEBThread.isAlive(); } } //TODO This could also be a Start point for Auto Notifications.. if(pdps!=null){ if (notificationType.get(0).equals("ueb") && !this.UEBThread){ this.UEBClientThread = new AutoClientUEB(pdps.get(0), uebURLList); this.UEBClientThread.setAuto(scheme, handler); this.registerUEBThread = new Thread(this.UEBClientThread); this.registerUEBThread.start(); this.UEBThread = true; } if (!notificationType.get(0).equals("ueb")){ if(pdps.get(0)!=null){ if(AutoClientEnd.getURL()==null){ AutoClientEnd.start(pdps.get(0)); }else { AutoClientEnd.stop(); AutoClientEnd.start(pdps.get(0)); } } } } } /* * Gets the Notification if one exists. Used only for Manual Polling * purposes. */ public PDPNotification getNotification(){ //TODO manual Polling //Check if there is proper scheme.. PDPNotification notification = null; if(this.scheme.equals(NotificationScheme.MANUAL_ALL_NOTIFICATIONS) || this.scheme.equals(NotificationScheme.MANUAL_NOTIFICATIONS)) { if (notificationType.get(0).equals("ueb")){ ManualClientEndUEB.start(pdps.get(0), uebURLList, uniqueID); notification = ManualClientEndUEB.result(scheme); }else{ ManualClientEnd.start(pdps.get(0)); logger.debug("manual notification requested.. : " + scheme.toString()); notification = ManualClientEnd.result(scheme); } if (notification == null){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Notification yet.."); return null; } else { return notification; } }else { return null; } } /* * Setting the Scheme. */ public void setScheme(NotificationScheme scheme) { this.scheme = scheme; if (notificationType.get(0).equals("ueb")){ AutoClientUEB.setScheme(this.scheme); if (this.scheme.equals(NotificationScheme.MANUAL_ALL_NOTIFICATIONS)){ ManualClientEndUEB.createTopic(pdps.get(0), uniqueID, uebURLList); } }else{ AutoClientEnd.setScheme(this.scheme); } } /* * Returns the Scheme */ public NotificationScheme getScheme() { return this.scheme; } /* * Returns the NotificationHandler */ public NotificationHandler getNotificationHandler() { return this.handler; } private Collection configResult( Collection generateRequest) { Collection result = new HashSet(); if (generateRequest == null) { return null; } if (!generateRequest.isEmpty()) { for (StdStatus stdStatus : generateRequest) { PolicyConfig policyConfig = new StdPolicyConfig(); policyConfig = stdStatus; result.add(policyConfig); } } return result; } private Collection eventResult( Collection generateRequest, Map eventAttributes) { Collection result = new HashSet(); if (generateRequest == null) { return null; } if (!generateRequest.isEmpty()) { for (StdStatus stdStatus : generateRequest) { StdPolicyResponse policyResponse = new StdPolicyResponse(); policyResponse = stdStatus; policyResponse.setRequestAttributes(eventAttributes); result.add(policyResponse); } } return result; } private DecisionResponse decisionResult(Collection generateRequest) { StdDecisionResponse policyDecision = new StdDecisionResponse(); if (generateRequest == null) { return policyDecision; } if (!generateRequest.isEmpty()) { for (StdStatus stdStatus : generateRequest) { policyDecision.setDecision(stdStatus.getDecision()); policyDecision.setDetails(stdStatus.getDetails()); } } return policyDecision; } /* * Stop the Notification Service if its running. */ public void stopNotification() { if (this.scheme != null && this.handler != null) { if (this.scheme.equals(NotificationScheme.AUTO_ALL_NOTIFICATIONS) || this.scheme .equals(NotificationScheme.AUTO_NOTIFICATIONS)) { logger.info("Clear Notification called.. "); if (notificationType.get(0).equals("ueb")){ this.UEBClientThread.terminate(); this.UEBThread = false; }else{ AutoClientEnd.stop(); } } } } /* * Create Config Policy API Implementation */ public String createConfigPolicy(String policyName, String policyDescription, String ecompName, String configName, Map configAttributes, String configType, String body, String policyScope, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { return createConfigPolicy(policyName,policyDescription, ecompName, configName, configAttributes, configType, body, policyScope, requestID, userName , pass, riskLevel, riskType, guard, ttlDate); } public String createConfigPolicy(String policyName, String policyDescription, String ecompName, String configName, Map configAttributes, String configType, String body, String policyScope, UUID requestID, String userID, String passcode, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { String response = null; String configBody = null; String resource= "createPolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource; return response; } //check body for JSON form and remove single quotes if present if (configType.equalsIgnoreCase("JSON")) { if (body.contains("'")) { configBody = body.replace("'", "\""); } else { configBody = body; } } else { configBody = body; } boolean levelCheck = isNumeric(riskLevel); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."; } else if (configName==null||configName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; }else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Base", policyName, policyDescription, ecompName, configName, configAttributes, configType, configBody, false, policyScope,0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP response = (String) callPAP(newPAPPolicy, new String[] {"operation=create", "apiflag=api", "policyType=Config"}, requestID, "Config"); } return response; } /* * Create Config Policy API Implementation */ public String updateConfigPolicy(String policyName, String policyDescription, String ecompName, String configName, Map configAttributes, String configType, String body, String policyScope, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { return updateConfigPolicy(policyName, policyDescription, ecompName, configName, configAttributes, configType, body, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate); } public String updateConfigPolicy(String policyName, String policyDescription, String ecompName, String configName, Map configAttributes, String configType, String body, String policyScope, UUID requestID, String userID, String passcode,String riskLevel, String riskType, String guard, String ttlDate) throws Exception { String response = null; String configBody = null; String resource= "updatePolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource; return response; } //check body for JSON form and remove single quotes if present if (configType.equalsIgnoreCase("JSON")) { if (body.contains("'")) { configBody = body.replace("'", "\""); } else { configBody = body; } } else { configBody = body; } boolean levelCheck = isNumeric(riskLevel); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."; } else if (configName==null||configName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Config Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { //set values for basic policy information String policyType = "Config"; String configPolicyType = "base"; StdPAPPolicy newPAPPolicy = new StdPAPPolicy(configPolicyType, policyName, policyDescription, ecompName, configName, configAttributes, configType, configBody, true, policyScope,0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP response = (String) callPAP(newPAPPolicy, new String[] {"operation=update", "apiflag=api", "policyType=" + policyType}, requestID, "Config"); } return response; } /* * Create Config Firewall Policy API implementation */ public String createConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { return createConfigFirewallPolicy(policyName, firewallJson, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate); } public String createConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String userID, String passcode, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { String response = null; String resource= "createPolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource; return response; } //set values for basic policy information String configName = firewallJson.get("configName").toString(); //String configDescription = firewallJson.get("configDescription").toString(); String configDescription = ""; String json = firewallJson.toString(); boolean levelCheck = isNumeric(riskLevel); if (!isJSONValid(json)) { logger.error(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Invalid JSON for firewallJson: " + json); throw new PolicyDecisionException(XACMLErrorConstants.ERROR_SCHEMA_INVALID + "Invalid JSON for firewallJson: " + json); } if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Firewall Config", policyName, configDescription, configName, false, policyScope, json, 0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP response = (String) callPAP(newPAPPolicy, new String[] {"operation=create", "apiflag=api", "policyType=Config"}, requestID, "ConfigFirewall"); } return response; } /* * Update Config Firewall Policy API implementation */ public String updateConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { return updateConfigFirewallPolicy(policyName, firewallJson, policyScope, requestID, userName, pass, riskLevel, riskType, guard, ttlDate); } public String updateConfigFirewallPolicy(String policyName, JsonObject firewallJson, String policyScope, UUID requestID, String userID, String passcode, String riskLevel, String riskType, String guard, String ttlDate) throws Exception { String response = null; String resource= "updatePolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response = XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource; return response; } String configName = firewallJson.get("configName").toString(); //String configDescription = firewallJson.get("configDescription").toString(); String configDescription = ""; //ASK Lak about this...**** String json = firewallJson.toString(); boolean levelCheck = isNumeric(riskLevel); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("Firewall Config", policyName, configDescription, configName, true, policyScope, json, 0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP response = (String) callPAP(newPAPPolicy, new String[] {"operation=update", "apiflag=api", "policyType=Config"}, requestID, "ConfigFirewall"); } return response; } /* * Create or Update BRMS Raw Config Policy API implementation */ public String createUpdateBRMSRawPolicy(String policyName, String policyDescription, Map> dyanamicFieldConfigAttributes, String brmsRawBody, String policyScope, Boolean isEdit, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) { String response = null; String operation = null; if (isEdit){ operation = "update"; } else { operation = "create"; } boolean levelCheck = isNumeric(riskLevel); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if(policyDescription==null || policyDescription.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (brmsRawBody==null ||brmsRawBody.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No rule body given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No rule body given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { /*String configPolicyType, String policyName, String description, String configName, Boolean editPolicy, String domain, Map dyanamicFieldConfigAttributes, Integer highestVersion, String eCompName, String configBodyData*/ StdPAPPolicy newPAPPolicy = new StdPAPPolicy("BRMS_Raw",policyName,policyDescription, "BRMS_RAW_RULE",isEdit,policyScope, dyanamicFieldConfigAttributes.get(AttributeType.RULE), 0, "DROOLS", brmsRawBody, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigBrmsRaw"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } /* * Create or Update BRMS Param Config Policy API implementation */ public String createUpdateBRMSParamPolicy(String policyName, String policyDescription, Map> dyanamicFieldConfigAttributes, String brmsRawBody, String policyScope, Boolean isEdit, UUID requestID, Map> drlRuleAndUIParams, String riskLevel, String riskType, String guard, String ttlDate) { String response = null; String operation = null; if (isEdit){ operation = "update"; } else { operation = "create"; } boolean levelCheck = isNumeric(riskLevel); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if(policyDescription==null || policyDescription.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No policyDescription given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if ((dyanamicFieldConfigAttributes==null)){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Rule Attributes given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Rule Attributes given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; }else { /*public StdPAPPolicy (String configPolicyType, String policyName, String description, String configName, Boolean editPolicy, String domain, Map dyanamicFieldConfigAttributes, Integer highestVersion, String eCompName, String configBodyData,Map drlRuleAndUIParams) */ StdPAPPolicy newPAPPolicy = new StdPAPPolicy("BRMS_Param",policyName,policyDescription, "BRMS_PARAM_RULE",isEdit,policyScope, drlRuleAndUIParams.get(AttributeType.MATCHING), 0, "DROOLS", brmsRawBody, drlRuleAndUIParams.get(AttributeType.RULE), riskLevel, riskType, guard, ttlDate); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigBrmsParam"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } /* * Create or Update Action Policy API implementation */ public String createUpdateActionPolicy(String policyName, String policyDescription, Map componentAttributes, List dynamicRuleAlgorithmLabels, List dynamicRuleAlgorithmField1, List dynamicRuleAlgorithmFunctions, List dynamicRuleAlgorithmField2, String actionPerformer, String actionAttribute, String policyScope, Boolean isEdit, UUID requestID) { String response = null; String operation = null; if (isEdit){ operation = "update"; } else { operation = "create"; } if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; return response; } else if (componentAttributes==null||componentAttributes.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Component Attributes given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Component Attributes given."; return response; } else if (actionAttribute==null||actionAttribute.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Attribute given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Attribute given."; return response; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; return response; } else if (actionPerformer==null||actionPerformer.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Performer given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Action Performer given."; return response; } else if (!actionPerformer.equals("PEP")) { if (!actionPerformer.equals("PDP")) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Action Performer given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Action Performer given."; return response; } } StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyName, policyDescription, componentAttributes, dynamicRuleAlgorithmLabels, dynamicRuleAlgorithmFunctions, dynamicRuleAlgorithmField1, dynamicRuleAlgorithmField2, actionPerformer, actionAttribute, isEdit, policyScope, 0); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Action"}, requestID, "Action"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return response; } /* * Create or Update Decision Policy implementation */ private String createUpdateDecisionPolicy(String policyName, String policyDescription, String ecompName, RuleProvider ruleProvider, Map componentAttributes, Map settings, List dynamicRuleAlgorithmLabels, List dynamicRuleAlgorithmField1, List dynamicRuleAlgorithmFunctions, List dynamicRuleAlgorithmField2, String policyScope, Boolean isEdit, UUID requestID) { String response = null; String operation = null; if (isEdit){ operation = "update"; } else { operation = "create"; } if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No ECOMP Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else { if (ruleProvider==null) { ruleProvider = RuleProvider.CUSTOM ; } StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyName, policyDescription, ecompName, ruleProvider.toString(), componentAttributes, settings, dynamicRuleAlgorithmLabels, dynamicRuleAlgorithmFunctions, dynamicRuleAlgorithmField1, dynamicRuleAlgorithmField2, null, null, null, isEdit, policyScope, 0); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Decision"}, requestID, "Decision"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } /* * Create or Update ClosedLoop_Fault policy implementation */ private String createUpdateClosedLoopPolicy(String policyName, JsonObject configBody, String policyDescription, String policyScope, Boolean isEdit, UUID requestID,String riskLevel, String riskType, String guard, String ttlDate) { String response = null; String operation = null; String oldPolicyName = null; if (isEdit){ operation = "update"; if (policyName.endsWith("_Draft")) { oldPolicyName = policyName + "_Draft.1"; } } else { operation = "create"; } boolean levelCheck = isNumeric(riskLevel); // get values and attributes from the JsonObject String ecompName = configBody.get("ecompname").toString().replace("\"", ""); String jsonBody = configBody.toString(); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("ClosedLoop_Fault", policyName, policyDescription, ecompName, jsonBody, false, oldPolicyName, null, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigClosedLoop"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } private String createUpdateClosedLoopPmPolicy(String policyName, JsonObject configBody, String policyDescription, String policyScope, Boolean isEdit, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) { String response = null; String operation = null; String oldPolicyName = null; if (isEdit){ operation = "update"; } else { operation = "create"; } boolean levelCheck = isNumeric(riskLevel); // get values and attributes from the JsonObject String ecompName = configBody.get("ecompname").toString().replace("\"", ""); String serviceType = configBody.get("serviceTypePolicyName").toString().replace("\"", ""); String jsonBody = configBody.toString(); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("ClosedLoop_PM", policyName, policyDescription, ecompName, jsonBody, false, oldPolicyName, serviceType, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigClosedLoop"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } public Boolean validateNONASCIICharactersAndAllowSpaces(Object json){ Boolean isValidForm = false; if (json instanceof String) { String jsonString = (String)json; if (jsonString.isEmpty()) { logger.info("JSON String is empty so cannot validate NON ACSII Characters."); } else { if(CharMatcher.ASCII.matchesAllOf((CharSequence) jsonString)){ logger.info("The Value does not contain ASCII Characters"); isValidForm = true; }else{ logger.error("The Value Contains Non ASCII Characters"); isValidForm = false; } } } else if (json instanceof JsonObject) { JsonObject jsonObj = (JsonObject)json; if (jsonObj.isEmpty()){ logger.info("JSON object is empty so cannot validate NON ACSII Characters."); } else { if(CharMatcher.ASCII.matchesAllOf((CharSequence) jsonObj.toString())){ logger.info("The Value does not contain ASCII Characters"); isValidForm = true; }else{ logger.error("The Value Contains Non ASCII Characters"); isValidForm = false; } } } return isValidForm; } private String createUpdateMicroServicesPolicy(String policyName, JsonObject microServiceAttributes, String ecompName, String policyScope, Boolean isEdit, UUID requestID, String riskLevel, String riskType, String guard, String ttlDate) { String response = null; String operation = null; if (isEdit){ operation = "update"; } else { operation = "create"; } boolean levelCheck = isNumeric(riskLevel); // get values and attributes from the JsonObject String microService = microServiceAttributes.get("service").toString().replace("\"", ""); String uuid = microServiceAttributes.get("uuid").toString().replace("\"", ""); String msLocation = microServiceAttributes.get("location").toString().replace("\"", "");; String policyDescription = microServiceAttributes.get("description").toString().replace("\"", ""); String configName = microServiceAttributes.get("configName").toString().replace("\"", ""); String priority = microServiceAttributes.get("priority").toString().replace("\"", ""); String version = microServiceAttributes.get("version").toString().replace("\"", ""); if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (ecompName==null||ecompName.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Ecomp Name given."; } else if (configName==null||configName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Configuration Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Configuration Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (!levelCheck){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect Risk Level given."; } else { StdPAPPolicy newPAPPolicy = new StdPAPPolicy("DCAE Micro Service", policyName, policyDescription, ecompName, configName, microService, uuid, msLocation, microServiceAttributes.toString(), priority, version, isEdit, policyScope, 0, riskLevel, riskType, guard, ttlDate); //send JSON object to PAP try { response = (String) callPAP(newPAPPolicy, new String[] {"operation="+operation, "apiflag=api", "policyType=Config"}, requestID, "ConfigMS"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } /* * Push a policy to the PDP API implementation */ public String pushPolicy(String policyScope, String policyName, String policyType, String pdpGroup, UUID requestID) throws Exception { return pushPolicy(policyScope, policyName, policyType, pdpGroup, requestID, userName, pass); } public String pushPolicy(String policyScope, String policyName, String policyType, String pdpGroup, UUID requestID, String userID, String passcode) throws Exception { String resource= "pushPolicy"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); return (XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); } String response = null; String filePrefix = null; String clientScope = null; String activeVersion = null; //get the client scope based policy type if (policyType.equalsIgnoreCase("Firewall")){ clientScope = "ConfigFirewall"; filePrefix = "Config_FW_"; } else if (policyType.equalsIgnoreCase("Action")) { clientScope = "Action"; filePrefix = "Action_"; } else if (policyType.equalsIgnoreCase("Decision")){ clientScope = "Decision"; filePrefix = "Decision_"; } else if (policyType.equalsIgnoreCase("Base")){ clientScope = "Config"; filePrefix = "Config_"; } else if (policyType.equalsIgnoreCase("ClosedLoop_Fault")){ clientScope = "ConfigClosedLoop"; filePrefix = "Config_Fault_"; } else if (policyType.equalsIgnoreCase("ClosedLoop_PM")){ clientScope = "ConfigClosedLoop"; filePrefix = "Config_PM_"; } else if (policyType.equalsIgnoreCase("MicroService")) { clientScope = "ConfigMS"; filePrefix = "Config_MS_"; }else if (policyType.equalsIgnoreCase("BRMS_RAW")){ clientScope = "ConfigBrmsRaw"; filePrefix = "Config_BRMS_Raw_"; } else if (policyType.equalsIgnoreCase("BRMS_PARAM")){ clientScope = "ConfigBrmsParam"; filePrefix = "Config_BRMS_Param_"; } else { clientScope = null; logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + policyType + " is not a valid Policy Type."); return XACMLErrorConstants.ERROR_DATA_ISSUE + policyType + " is not a valid Policy Type."; } logger.debug("clientScope is " + clientScope); logger.debug("filePrefix is " + filePrefix); if (pdpGroup == null) { pdpGroup = "default"; } if (policyName==null||policyName.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (policyScope==null||policyScope.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Scope given."; } else if (policyType==null||policyType.equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Type given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Type given."; } else { // requestID null check. if(requestID==null){ requestID = UUID.randomUUID(); logger.debug("Request ID not provided. Generating request ID " + requestID.toString()); } // change call to getActiveVersion to pass requestID for PAP to receive on the GET process so PAP won't generate another // activeVersion = getActiveVersion(policyScope, filePrefix, policyName, clientScope); activeVersion = getActiveVersion(policyScope, filePrefix, policyName, clientScope, requestID); logger.debug("The active version of " + policyScope + File.separator + filePrefix + policyName + " is " + activeVersion); String id = null; if (activeVersion.equalsIgnoreCase("pe100")) { logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is 403. PEP is not Authorized for making this Request!! " + "\n Contact Administrator for this Scope. "); return XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is 403. PEP is not Authorized for making this Request!! " + "Contact Administrator for this Scope. "; } else if (activeVersion.equalsIgnoreCase("pe300")) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is 404. " + "This indicates a problem with getting the version from the PAP or the policy does not exist."); return XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is 404. " + "This indicates a problem with getting the version from the PAP or the policy does not exist."; } if (!activeVersion.equalsIgnoreCase("0")) { id = policyScope + "." + filePrefix + policyName + "." + activeVersion + ".xml"; logger.debug("The policyId is " + id); } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the activeVersion for this policy. " + "This indicates the policy does not exist, please verify the policy exists."); return XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the activeVersion for this policy. could not retrieve the activeVersion for this policy. " + "This indicates the policy does not exist, please verify the policy exists."; } // change call to getgitPath to pass requestID for PAP to receive on the GET process so PAP won't generate another // String gitPath = getGitPath(policyScope, filePrefix, policyName, activeVersion, clientScope); String gitPath = getGitPath(policyScope, filePrefix, policyName, activeVersion, clientScope, requestID); logger.debug("Full gitPath policy xml file: " + gitPath); // change call to getSelectedURI to pass requestID for PAP to receive on the GET process so PAP won't generate another // URI selectedURI = getSelectedURI(gitPath, clientScope); URI selectedURI = getSelectedURI(gitPath, clientScope, requestID); logger.debug("The selectedURI is : " + selectedURI.toString()); String name = filePrefix+policyName; StdPDPPolicy selectedPolicy = new StdPDPPolicy(id, true, name, selectedURI, isValid, policyId, description, pushVersion); logger.debug("StdPDPPolicy object contains: " + selectedPolicy.getId() + ", " + selectedPolicy.getName() + ", " + selectedPolicy.getLocation().toString()); response = copyPolicy(selectedPolicy, pdpGroup, clientScope, requestID); logger.debug("copyPolicy response: " + response); if(response.contains("successfully")){ response = (String) callPAP(selectedPolicy, new String[]{"groupId=" + pdpGroup, "policyId="+id, "apiflag=addPolicyToGroup", "operation=PUT"}, requestID, clientScope); } logger.debug("Final API response: " + response); } return response; } private String deletePolicyFromPAP(DeletePolicyParameters parameters) { String response = null; String clientScope = null; String pdpGroup = parameters.getPdpGroup(); if (pdpGroup==null){ pdpGroup="NA"; } //get the client scope based policy type if (parameters.getPolicyName().contains("Config_FW")){ clientScope = "ConfigFirewall"; } else if (parameters.getPolicyName().contains("Action")) { clientScope = "Action"; } else if (parameters.getPolicyName().contains("Decision")){ clientScope = "Decision"; } else if (parameters.getPolicyName().contains("Config_Fault")){ clientScope = "ConfigClosedLoop"; } else if (parameters.getPolicyName().contains("Config_PM")){ clientScope = "ConfigClosedLoop"; } else if (parameters.getPolicyName().contains("Config_MS")){ clientScope = "ConfigMS"; } else if (parameters.getPolicyName().contains("Config_BRMS_Raw")){ clientScope = "ConfigBrmsRaw"; } else if (parameters.getPolicyName().contains("Config_BRMS_Param")){ clientScope = "ConfigBrmsParam"; } else { clientScope = "Config"; } logger.debug("clientScope is " + clientScope); if (clientScope==null||clientScope.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name."); return XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name."; } if (parameters.getPolicyName()==null||parameters.getPolicyName().equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (parameters.getDeleteCondition()==null||parameters.getDeleteCondition().equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Delete Condition given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Delete Condition given."; } else { StdPAPPolicy deletePapPolicy = new StdPAPPolicy(parameters.getPolicyName(), parameters.getDeleteCondition().toString()); //send JSON object to PAP try { response = (String) callPAP(deletePapPolicy, new String[] {"groupId="+pdpGroup, "apiflag=deletePapApi", "operation=delete" }, parameters.getRequestID(), clientScope); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } private String deletePolicyFromPDP(DeletePolicyParameters parameters) { String response = null; String clientScope = null; String pdpGroup = parameters.getPdpGroup(); if (pdpGroup==null){ pdpGroup="NA"; } //get the client scope based policy type if (parameters.getPolicyName().contains("Config_FW")){ clientScope = "ConfigFirewall"; } else if (parameters.getPolicyName().contains("Action")) { clientScope = "Action"; } else if (parameters.getPolicyName().contains("Decision")){ clientScope = "Decision"; } else if (parameters.getPolicyName().contains("Config_Fault")){ clientScope = "ConfigClosedLoop"; } else if (parameters.getPolicyName().contains("Config_PM")){ clientScope = "ConfigClosedLoop"; } else if (parameters.getPolicyName().contains("Config_MS")){ clientScope = "ConfigMS"; }else if (parameters.getPolicyName().contains("Config_BRMS_Raw")){ clientScope = "ConfigBrmsRaw"; } else if (parameters.getPolicyName().contains("Config_BRMS_Param")){ clientScope = "ConfigBrmsParam"; } else { clientScope = "Config"; } logger.debug("clientScope is " + clientScope); if (clientScope==null||clientScope.equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name."); return XACMLErrorConstants.ERROR_DATA_ISSUE + parameters.getPolicyName() + " is not a valid Policy Name."; } if (parameters.getPolicyName()==null||parameters.getPolicyName().equalsIgnoreCase("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Policy Name given."; } else if (parameters.getPdpGroup()==null||parameters.getPdpGroup().equals("")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "No PDP Group given."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "No PDP Group given."; } else { //send JSON object to PAP try { response = (String) callPAP(null, new String[] {"policyName="+parameters.getPolicyName(), "groupId="+pdpGroup, "apiflag=deletePdpApi", "operation=delete" }, parameters.getRequestID(), clientScope); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return response; } /* * Copy a single Policy file from the input stream to the PAP Servlet. * Either this works (silently) or it throws an exception. * */ public String copyFile(String policyId, String group, StdPAPPolicy location, String clientScope, UUID requestID) throws PAPException { String response = null; //String clientScope = null; // send the policy file to the PAP Servlet try { response = (String) callPAP(location, new String[] {"groupId=" + group, "policyId="+policyId, "apiflag=api", "operation=post"}, requestID, clientScope); } catch (Exception e) { String message = "Unable to PUT policy '" + policyId + "', e:" + e; logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); throw new PAPException(message); } return response; } public String copyPolicy(PDPPolicy policy, String group, String policyType, UUID requestID) throws PAPException { String response = null; if (policy == null || group == null) { throw new PAPException("Null input policy="+policy+" group="+group); } try { StdPAPPolicy location = new StdPAPPolicy(policy.getLocation()); response = copyFile(policy.getId(), group, location, policyType, requestID); } catch (Exception e) { String message = "Unable to PUT policy '" + policy.getId() + "', e:" + e; logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); throw new PAPException(message); } return response; } public Object callPAP(Object content, String[] parameters, UUID requestID, String clientScope) throws Exception { String response = null; HttpURLConnection connection = null; String requestMethod = null; String operation = null; responseCode = 0; // Checking for the available PDPs is done during the first Request and the List is going to have the connected PDP as first element. // This makes it Real-Time to change the list depending on their availability. if (paps == null || paps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty."); throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty."); }else { int papsCount = 0; boolean connected = false; while (papsCount < paps.size()) { try { String fullURL = paps.get(0); if (parameters != null && parameters.length > 0) { String queryString = ""; for (String p : parameters) { queryString += "&" + p; if (p.equalsIgnoreCase("operation=post")){ requestMethod = "POST"; } else if (p.equalsIgnoreCase("operation=delete")){ requestMethod = "DELETE"; operation = "delete"; } else { requestMethod = "PUT"; if (p.equalsIgnoreCase("operation=create")){ operation = "create"; } else if (p.equalsIgnoreCase("operation=update")){ operation = "update"; } else if (p.equalsIgnoreCase("operation=createDictionary")){ operation = "createDictionary"; } } } fullURL += "?" + queryString.substring(1); } URL url = new URL (fullURL); //Open the connection connection = (HttpURLConnection)url.openConnection(); // Setting Content-Type connection.setRequestProperty("Content-Type", "application/json"); // Adding Authorization connection.setRequestProperty("Authorization", "Basic " + encodingPAP.get(0)); connection.setRequestProperty("Environment", environment); connection.setRequestProperty("ClientScope", clientScope); //set the method and headers connection.setRequestMethod(requestMethod); connection.setUseCaches(false); connection.setInstanceFollowRedirects(false); connection.setDoOutput(true); connection.setDoInput(true); // Adding RequestID if (requestID == null) { requestID = UUID.randomUUID(); logger.info("No request ID provided, sending generated ID: " + requestID.toString()); } else { logger.info("Using provided request ID: " + requestID.toString()); } connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); if (content != null) { if (content instanceof InputStream) { try { //send current configuration try (OutputStream os = connection.getOutputStream()) { int count = IOUtils.copy((InputStream)content, os); if (logger.isDebugEnabled()) { logger.debug("copied to output, bytes=" + count); } } } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Failed to write content in 'PUT'", e); throw e; } } else { // the content is an object to be encoded in JSON ObjectMapper mapper = new ObjectMapper(); if(!junit){ mapper.writeValue(connection.getOutputStream(), content); } } } //DO the connect connection.connect(); responseCode = connection.getResponseCode(); // If Connected to PAP then break from the loop and continue with the Request if (connection.getResponseCode() > 0 || junit) { connected = true; break; } else { logger.debug(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error"); } } catch (Exception e) { // This means that the PAP is not working if (junit) { connected = true; break; } logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error : " + e); } papsCount++; } if (connected) { //Read the Response logger.debug("connected to the PAP : " + paps.get(0)); logger.debug("--- Response: ---"); Map> headers = connection.getHeaderFields(); for (String key : headers.keySet()) { logger.debug("Header :" + key + " Value: " + headers.get(key)); } try { if (responseCode == 200 || junit) { // Check for successful creation of policy String isSuccess = null; if(!junit){ //is this a junit test? isSuccess = connection.getHeaderField("successMapKey"); operation = connection.getHeaderField("operation"); } else { isSuccess = "success"; } if (isSuccess.equals("success")) { if (operation.equals("update")) { logger.info("Transaction ID: " + requestID + " --Policy Updated Successfully!" ); response = "Transaction ID: " + requestID + " --Policy with the name " + connection.getHeaderField("policyName") + " was successfully updated."; } else if (operation.equals("delete")) { logger.info("Transaction ID: " + requestID + " --Policy Deleted Successfully!"); response = "Transaction ID: " + requestID + " --The policy was successfully deleted."; } else if (operation.equals("import")) { logger.info("Transaction ID: " + requestID + " --Policy Engine Import Successful!"); response = "Transaction ID: " + requestID + " --The policy engine import for " + connection.getHeaderField("service") + " was successfull."; }else { logger.info("Transaction ID: " + requestID + " --Policy Created Successfully!" ); response = "Transaction ID: " + requestID + " --Policy with the name " + connection.getHeaderField("policyName") + " was successfully created."; } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Unable to Create/Update the Policy!"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Unable to Create/Update the Policy!"; } } else if (connection.getResponseCode() == 202) { if (connection.getHeaderField("operation")!=null && connection.getHeaderField("operation").equalsIgnoreCase("delete")){ if (connection.getHeaderField("lockdown")!=null && connection.getHeaderField("lockdown").equals("true")){ logger.warn("Transaction ID: " + requestID + "Policies are locked down."); response = "Transaction ID: " + requestID + " --Policies are locked down, please try again later."; } } } else if (connection.getResponseCode() == 204) { if (connection.getHeaderField("operation")!=null && connection.getHeaderField("operation").equals("push")){ logger.info("Transaction ID: " + requestID + " --Policy '" + connection.getHeaderField("policyId") + "' was successfully pushed to the PDP group '" + connection.getHeaderField("groupId") + "'."); response = "Transaction ID: " + requestID + " --Policy '" + connection.getHeaderField("policyId") + "' was successfully pushed to the PDP group '" + connection.getHeaderField("groupId") + "'."; } } else if (connection.getResponseCode() == 400 && connection.getHeaderField("error")!=null){ if (connection.getHeaderField("error").equals("noPolicyExist")) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy does not exist on the PDP."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy does not exist on the PDP."; } else if (connection.getHeaderField("error").equals("invalidPolicyName")) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid policyName... " + "policyName must be the full name of the file to be deleted including version and extension"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid policyName... " + "policyName must be the full name of the file to be deleted including version and extension"; } else if (connection.getHeaderField("error").equals("actionPolicyDB")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Could not find " + connection.getHeaderField("actionAttribute") + " in the ActionPolicyDict table."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid actionAttribute given."; } else if (connection.getHeaderField("error").equals("serviceModelDB")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Service or Version. The Service Model, " + connection.getHeaderField("modelName") + " of version " + connection.getHeaderField("modelVersion") + " was not found in the dictionary."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Invalid Service or Version. The Service Model, " + connection.getHeaderField("modelName") + " of version " + connection.getHeaderField("modelVersion") + " was not found in the dictionary."; } else if (connection.getHeaderField("error").equals("FWDBError")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error when inserting Firewall ConfigBody data into database."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Error when inserting Firewall ConfigBody data into the database."; } else if (connection.getHeaderField("error").equals("savePolicy")){ logger.error(connection.getHeaderField("message")); response = connection.getHeaderField("message"); } } else if (connection.getResponseCode() == 403) { logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is " + connection.getResponseCode() + ". PEP is not Authorized for making this Request!! \n Contact Administrator for this Scope. "); response = XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is " + connection.getResponseCode() + ". PEP is not Authorized for making this Request!! \n Contact Administrator for this Scope. "; } else if (connection.getResponseCode() == 404 && connection.getHeaderField("error")!=null) { if (connection.getHeaderField("error").equals("unknownGroupId")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + connection.getHeaderField("message")); response = XACMLErrorConstants.ERROR_DATA_ISSUE + connection.getHeaderField("message") + " Please check the pdpGroup you are requesting to move the policy to."; } } else if (connection.getResponseCode() == 409 && connection.getHeaderField("error")!=null) { if (connection.getHeaderField("error").equals("modelExistsDB")) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Import Value Exist Error"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Import Value Exist Error: The import value "+connection.getHeaderField("service")+" already exist on the PAP. " + "Please create a new import value."; }else if (connection.getHeaderField("error").equals("policyExists")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy Exist Error"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy Exist Error: The Policy "+connection.getHeaderField("policyName")+" already exist on the PAP. " + "Please create a new policy or use the update API to modify the existing one."; } } else if (connection.getResponseCode() == 500 && connection.getHeaderField("error")!=null) { if (connection.getHeaderField("error").equals("jpautils")){ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Could not create JPAUtils instance on the PAP"); response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Could not create JPAUtils instance on the PAP"; } else if (connection.getHeaderField("error").equals("deleteDB")){ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed to delete Policy from database."); response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Failed to delete Policy from database."; } else if (connection.getHeaderField("error").equals("deleteFile")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot delete the policy file."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot delete the policy file"; } else if (connection.getHeaderField("error").equals("groupUpdate")){ logger.error(connection.getHeaderField("message")); response = connection.getHeaderField("message"); }else if (connection.getHeaderField("error").equals("unknown")){ logger.error(XACMLErrorConstants.ERROR_UNKNOWN + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information."); response = XACMLErrorConstants.ERROR_UNKNOWN + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information."; } else if (connection.getHeaderField("error").equals("deleteConfig")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot delete the configuration or action body file in specified location"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot delete the configuration or action body file in specified location."; }else if (connection.getHeaderField("error").equals("missing")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Failed to create value in database because service does match a value in file"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Failed to create value in database because service does match a value in file"; }else if (connection.getHeaderField("error").equals("importDB")){ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Database errors during policy engine import"); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Database errors during policy engine import"; }else if (connection.getHeaderField("error").equals("policyCopyError")){ logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + connection.getHeaderField("message")); response = XACMLErrorConstants.ERROR_PROCESS_FLOW + connection.getHeaderField("message"); }else if (connection.getHeaderField("error").equals("addGroupError")){ logger.error(connection.getHeaderField("message")); response = connection.getHeaderField("message"); }else if (connection.getHeaderField("error").equals("error")){ logger.error(XACMLErrorConstants.ERROR_UNKNOWN + "Could not create or update the policy for and unknown reason"); response = XACMLErrorConstants.ERROR_UNKNOWN + "Could not create or update the policy for and unknown reason"; } } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "BAD REQUEST: Error occured while attempting perform this operation.. the request may be incorrect."); response = XACMLErrorConstants.ERROR_DATA_ISSUE + "BAD REQUEST: Error occured while attempting perform this operation.. the request may be incorrect."; } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e); response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + e; throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"ERROR in connecting to the PAP ", e); } if (junit){ response = "success"; } return response; } else { response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get valid response from PAP(s) " + paps; return response; } } } // change getSelectedURI method to receive requestID to be used to send to PAP on the GET request so PAP won't generate another // private URI getSelectedURI(String gitPath, String clientScope){ private URI getSelectedURI(String gitPath, String clientScope, UUID requestID){ //Connect to the PAP URI selectedURI = null; HttpURLConnection connection = null; String [] parameters = {"apiflag=uri", "gitPath="+gitPath}; // Checking for the available PDPs is done during the first Request and the List is going to have the connected PDP as first element. // This makes it Real-Time to change the list depending on their availability. if (paps == null || paps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty."); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty."); } catch (Exception e) { logger.error(e.getMessage()); } }else { int papsCount = 0; boolean connected = false; while (papsCount < paps.size()) { try { String fullURL = paps.get(0); if (parameters != null && parameters.length > 0) { String queryString = ""; for (String p : parameters) { queryString += "&" + p; } fullURL += "?" + queryString.substring(1); } URL url = new URL (fullURL); //Open the connection connection = (HttpURLConnection)url.openConnection(); // Setting Content-Type connection.setRequestProperty("Content-Type", "application/json"); // Adding Authorization connection.setRequestProperty("Authorization", "Basic " + encodingPAP.get(0)); connection.setRequestProperty("Environment", environment); connection.setRequestProperty("ClientScope", clientScope); //set the method and headers connection.setRequestMethod("GET"); connection.setUseCaches(false); connection.setInstanceFollowRedirects(false); connection.setDoOutput(true); connection.setDoInput(true); // set requestID in header properties to be used to send to PAP on the GET request so PAP won't generate another connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); //DO the connect connection.connect(); responseCode = connection.getResponseCode(); // If Connected to PAP then break from the loop and continue with the Request if (connection.getResponseCode() > 0) { connected = true; break; } else { logger.debug(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error"); } } catch (Exception e) { // This means that the PAP is not working logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error : " + e); } papsCount++; } if (connected) { //Read the Response logger.debug("connected to the PAP : " + paps.get(0)); logger.debug("--- Response: ---"); Map> headers = connection.getHeaderFields(); for (String key : headers.keySet()) { logger.debug("Header :" + key + " Value: " + headers.get(key)); } try { if (connection.getResponseCode() == 200) { // Check for successful creation of policy String uri = connection.getHeaderField("selectedURI"); logger.debug("URI from Header: " + uri); if (uri != null && !uri.equalsIgnoreCase("")) { selectedURI = URI.create(uri); return selectedURI; } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the gitPath from the PAP"); } } else if (connection.getResponseCode() == 404) { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "response code of the URL is " + connection.getResponseCode() + ". This indicates a problem with getting the gitPath from the PAP"); } else { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "BAD REQUEST: Error occured while getting the gitPath from the PAP. The request may be incorrect."); } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ", e); } catch (Exception e1) { logger.error(e1.getMessage()); } } } else { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get valid response from PAP(s) " + paps); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP "); } catch (Exception e) { logger.error(e.getMessage()); } } } return selectedURI; } // Make a call to the PAP to get the gitPath // change getGitPath method to receive requestID to be used to send to PAP on the GET request so PAP won't generate another // private String getGitPath(String policyScope, String filePrefix, String policyName, String activeVersion, String clientScope){ private String getGitPath(String policyScope, String filePrefix, String policyName, String activeVersion, String clientScope, UUID requestID){ //Connect to the PAP String gitPath = null; HttpURLConnection connection = null; String [] parameters = {"apiflag=gitPath", "policyScope="+policyScope, "filePrefix="+filePrefix, "policyName="+policyName, "activeVersion="+activeVersion}; // Checking for the available PDPs is done during the first Request and the List is going to have the connected PDP as first element. // This makes it Real-Time to change the list depending on their availability. if (paps == null || paps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty."); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty."); } catch (Exception e) { logger.error(e.getMessage()); } }else { int papsCount = 0; boolean connected = false; while (papsCount < paps.size()) { try { String fullURL = paps.get(0); if (parameters != null && parameters.length > 0) { String queryString = ""; for (String p : parameters) { queryString += "&" + p; } fullURL += "?" + queryString.substring(1); } URL url = new URL (fullURL); //Open the connection connection = (HttpURLConnection)url.openConnection(); // Setting Content-Type connection.setRequestProperty("Content-Type", "application/json"); // Adding Authorization connection.setRequestProperty("Authorization", "Basic " + encodingPAP.get(0)); connection.setRequestProperty("Environment", environment); connection.setRequestProperty("ClientScope", clientScope); //set the method and headers connection.setRequestMethod("GET"); connection.setUseCaches(false); connection.setInstanceFollowRedirects(false); connection.setDoOutput(true); connection.setDoInput(true); // set requestID in header properties to be used to send to PAP on the GET request so PAP won't generate another connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); //DO the connect connection.connect(); // If Connected to PAP then break from the loop and continue with the Request if (connection.getResponseCode() > 0) { connected = true; break; } else { logger.debug(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error"); } } catch (Exception e) { // This means that the PAP is not working logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error : " + e); } papsCount++; } if (connected) { //Read the Response logger.debug("connected to the PAP : " + paps.get(0)); logger.debug("--- Response: ---"); Map> headers = connection.getHeaderFields(); for (String key : headers.keySet()) { logger.debug("Header :" + key + " Value: " + headers.get(key)); } try { if (connection.getResponseCode() == 200) { // Check for successful creation of policy gitPath = connection.getHeaderField("gitPath"); this.policyId = connection.getHeaderField("policyId"); this.description = connection.getHeaderField("description"); this.pushVersion = connection.getHeaderField("version"); String isValid = connection.getHeaderField("isValid"); this.isValid = Boolean.parseBoolean(isValid); logger.debug("GitPath from Header: " + gitPath); logger.debug("policyId from Header: " + policyId); logger.debug("description from Header: " + description); logger.debug("version from Header: " + pushVersion); logger.debug("isValid from Header: " + isValid); if (gitPath != null && !gitPath.equalsIgnoreCase("")) { return gitPath; } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "could not retrieve the gitPath from the PAP"); } } else if (connection.getResponseCode() == 404) { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "response code of the URL is " + connection.getResponseCode() + ". This indicates a problem with getting the gitPath from the PAP"); } else { logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "BAD REQUEST: Error occured while getting the gitPath from the PAP. The request may be incorrect."); } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ", e); } catch (Exception e1) { logger.error(e1.getMessage()); } } } else { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get valid response from PAP(s) " + paps); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP "); } catch (Exception e) { logger.error(e.getMessage()); } } } return gitPath; } // change getActiveVersion method to receive requestID to be used to send to PAP on the GET request so PAP won't generate another // private String getActiveVersion(String policyScope, String filePrefix, String policyName, String clientScope) { private String getActiveVersion(String policyScope, String filePrefix, String policyName, String clientScope, UUID requestID) { //Connect to the PAP String version = null; HttpURLConnection connection = null; String [] parameters = {"apiflag=version","policyScope="+policyScope, "filePrefix="+filePrefix, "policyName="+policyName}; // Checking for the available PDPs is done during the first Request and the List is going to have the connected PDP as first element. // This makes it Real-Time to change the list depending on their availability. if (paps == null || paps.isEmpty()) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty."); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty."); } catch (Exception e) { logger.error(e.getMessage()); } }else { int papsCount = 0; boolean connected = false; while (papsCount < paps.size()) { try { String fullURL = paps.get(0); if (parameters != null && parameters.length > 0) { String queryString = ""; for (String p : parameters) { queryString += "&" + p; } fullURL += "?" + queryString.substring(1); } URL url = new URL (fullURL); //Open the connection connection = (HttpURLConnection)url.openConnection(); // Setting Content-Type connection.setRequestProperty("Content-Type", "application/json"); // Adding Authorization connection.setRequestProperty("Authorization", "Basic " + encodingPAP.get(0)); connection.setRequestProperty("Environment", environment); connection.setRequestProperty("ClientScope", clientScope); //set the method and headers connection.setRequestMethod("GET"); connection.setUseCaches(false); connection.setInstanceFollowRedirects(false); connection.setDoOutput(true); connection.setDoInput(true); // set requestID in header properties to be used to send to PAP on the GET request so PAP won't generate another connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); //DO the connect connection.connect(); // If Connected to PAP then break from the loop and continue with the Request if (connection.getResponseCode() > 0) { connected = true; break; } else { logger.debug(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error"); } } catch (Exception e) { // This means that the PAP is not working logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error : " + e); } papsCount++; } if (connected) { //Read the Response logger.debug("connected to the PAP : " + paps.get(0)); logger.debug("--- Response: ---"); Map> headers = connection.getHeaderFields(); for (String key : headers.keySet()) { logger.debug("Header :" + key + " Value: " + headers.get(key)); } try { if (connection.getResponseCode() == 200) { // Check for successful creation of policy version = connection.getHeaderField("version"); logger.debug("ActiveVersion from the Header: " + version); } else if (connection.getResponseCode() == 403) { logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is " + connection.getResponseCode() + ". PEP is not Authorized for making this Request!! \n Contact Administrator for this Scope. "); version = "pe100"; } else if (connection.getResponseCode() == 404) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is " + connection.getResponseCode() + ". This indicates a problem with getting the version from the PAP"); version = "pe300"; } else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "BAD REQUEST: Error occured while getting the version from the PAP. The request may be incorrect."); } } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ", e); } catch (Exception e1) { logger.error(e1.getMessage()); } } } else { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get valid response from PAP(s) " + paps); try { throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP "); } catch (Exception e) { logger.error(e.getMessage()); } } } return version; } // Validation for json inputs public static boolean isJSONValid(String data) { try { new JSONObject(data); InputStream stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)); JsonReader jsonReader = Json.createReader(stream); logger.debug("Json Value is: " + jsonReader.read().toString() ); } catch (Exception e) { return false; } return true; } /* * Rotate the PDP list upon WEBsocket Failures */ public static void rotateList() { Collections.rotate(pdps, -1); Collections.rotate(encoding, -1); /* not required for 1510. //TODO uncomment when PAP API has been implemented * This Broke the PyPDP :( Since there is no PAP LIST yet. Collections.rotate(paps, -1); Collections.rotate(encodingPAP, -1); */ } /* * Get the latest PDP */ public static String getPDPURL() { return pdps.get(0); } /* * Get the latest PAP */ public static String getPAPURL() { return paps.get(0); } private JsonObject stringToJsonObject(String value) throws Exception{ JsonReader jsonReader = Json.createReader(new StringReader(value)); JsonObject object = jsonReader.readObject(); jsonReader.close(); return object; } private String getJsonResponseString() { String jsonString = "{\"Response\":[{\"Status\":{\"StatusCode\":{\"Value\":\"urn:oasis:names:tc:xacml:1.0:status:ok\"}}," + "\"AssociatedAdvice\":[{\"AttributeAssignment\":[{\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\"," + "\"Issuer\":\"\",\"AttributeId\":\"type\",\"Value\":\"Configuration\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"}," + "{\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"URLID\",\"Value\":" + "\"$URL/Config/JunitTest.Config_testing.1.json\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#anyURI\"},{\"Category\":" + "\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"PolicyName\",\"Value\":" + "\"JunitTest.Config_testing.1.xml\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"},{\"Category\":" + "\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"VersionNumber\",\"Value\":" + "\"1\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"},{\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\"," + "\"Issuer\":\"\",\"AttributeId\":\"matching:ECOMPName\",\"Value\":\"test\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"}," + "{\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"matching:ConfigName\"," + "\"Value\":\"TestName\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"},{\"Category\":" + "\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"matching:service\"," + "\"Value\":\"ControllerServiceOpendcaeCapsuleServiceInstance\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"}," + "{\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"matching:uuid\"," + "\"Value\":\"TestUUID\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"},{\"Category\":" + "\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"matching:Location\"," + "\"Value\":\"Edge\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\"},{\"Category\":" + "\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\",\"Issuer\":\"\",\"AttributeId\":\"Priority\",\"Value\":\"1\",\"DataType\":" + "\"http://www.w3.org/2001/XMLSchema#string\"}],\"Id\":\"MSID\"}],\"Decision\":\"Permit\"}]}"; return jsonString; } public PolicyChangeResponse policyEngineImport(ImportParameters importParameters) throws Exception { return policyEngineImport(importParameters, userName, pass); } public PolicyChangeResponse policyEngineImport(ImportParameters importParameters, String userID, String passcode) throws Exception { StdPolicyChangeResponse response = new StdPolicyChangeResponse(); String resource= "policyEngineImport"; if(!checkPermissions(userID, passcode, resource)){ logger.error(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseMessage(XACMLErrorConstants.ERROR_PERMISSIONS + "You are not allowed to Make this Request. Please contact PolicyAdmin to give access to:" + resource); response.setResponseCode(401); return response; } InputStream targetStream = null; if(importParameters.getServiceName()!=null && importParameters.getVersion()!=null && importParameters.getServiceType()!=null){ // This is Config Class Policy. if(importParameters.getFilePath()!=null){ File input = new File(importParameters.getFilePath()); if (input.getName().endsWith(".xmi") || input.getName().endsWith(".zip")){ try { if (input.exists()){ targetStream = new FileInputStream(input); }else { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "File provided in ImportParameters does not exists."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "File provided in ImportParameters does not exist."); return response; } } catch (Exception e) { logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error reading in File"); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error in reading in the file provided"); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect File Data type."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "Incorrect File Type Given. Please use a file of type .xmi or .zip."); return response; } String[] parameters = new String[] {"importService=" + importParameters.getServiceType(), "serviceName=" + importParameters.getServiceName(), "fileName=" + input.getName(), "version=" + importParameters.getVersion()}; String responseMessage = (String) callPAP(targetStream, parameters, importParameters.getRequestID(), "importMS"); response.setResponseMessage(responseMessage); }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing required ImportParameters value."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing required ImportParameters value."); } }else{ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing required ImportParameters value."); response.setResponseMessage(XACMLErrorConstants.ERROR_DATA_ISSUE + "Missing required ImportParameters value."); } return response; } /* * Give userID, Passcode and the Resoruce they are requesting for. */ private boolean checkPermissions(String userID, String passcode, String resource){ Boolean result = false; if(pyPDPClientFile!=null){ // Backward compatible pyPDP called us. So validate the user names and scope. Path clientPath = Paths.get(pyPDPClientFile); if (Files.notExists(clientPath)) { result = false; }else if(clientPath.toString().endsWith(".properties")) { try { HashMap> clientMap = readProps(clientPath); if (clientMap.containsKey(userID) && clientMap.get(userID).get(0).equals(passcode)) { result= true; } } catch (Exception e) { result = false; } } }else{ //Allowing Every Client who ever don't have access for AAF and Backup Client file result = true; } return result; } private HashMap> readProps(Path clientPath) throws Exception{ InputStream in; Properties clientProp = new Properties(); try { in = new FileInputStream(clientPath.toFile()); clientProp.load(in); } catch (IOException e) { logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e); throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); } // Read the Properties and Load the Clients and their scopes. HashMap>clientMap = new HashMap>(); // for (Object propKey : clientProp.keySet()) { String clientID = (String)propKey; String clientValue = clientProp.getProperty(clientID); if (clientValue != null) { if (clientValue.contains(",")) { ArrayList clientValues = new ArrayList(Arrays.asList(clientValue.split("\\s*,\\s*"))); if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ clientMap.put(clientID, clientValues); } } } } if (clientMap == null || clientMap.isEmpty()) { logger.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); throw new Exception("Empty Client file"); } return clientMap; } protected boolean isNumeric(String str) { for (char c : str.toCharArray()) { if (!Character.isDigit(c)) return false; } return true; } private String ConvertDate(Date date){ String strDate = null; if (date!=null) { SimpleDateFormat dateformatJava = new SimpleDateFormat("dd-MM-yyyy"); strDate = dateformatJava.format(date); } return strDate; } }