import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
+import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.InvalidKeyException;
import java.security.Key;
+import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Set;
import java.util.UUID;
+import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathFactory;
+import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.pap.xacml.rest.XACMLPapServlet;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.adapter.PolicyRestAdapter;
+import org.onap.policy.rest.dao.PolicyDBException;
import org.onap.policy.rest.jpa.ActionBodyEntity;
import org.onap.policy.rest.jpa.ConfigurationDataEntity;
import org.onap.policy.rest.jpa.DatabaseLockEntity;
import org.onap.policy.xacml.api.pap.PAPPolicyEngine;
import org.onap.policy.xacml.std.pap.StdPDPGroup;
import org.onap.policy.xacml.std.pap.StdPDPPolicy;
+import org.onap.policy.xacml.util.XACMLPolicyScanner;
import org.onap.policy.xacml.util.XACMLPolicyWriter;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
* @return The new instance of PolicyDBDao or throw exception if the given emf is null.
* @throws IllegalStateException if a PolicyDBDao has already been constructed. Call getPolicyDBDaoInstance() to get this.
*/
- public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf) throws Exception{
+ public static PolicyDBDao getPolicyDBDaoInstance(EntityManagerFactory emf){
logger.debug("getPolicyDBDaoInstance(EntityManagerFactory emf) as getPolicyDBDaoInstance("+emf+") called");
if(currentInstance == null){
if(emf != null){
* @return The instance of PolicyDBDao or throws exception if the given instance is null.
* @throws IllegalStateException if a PolicyDBDao instance is null. Call createPolicyDBDaoInstance(EntityManagerFactory emf) to get this.
*/
- public static PolicyDBDao getPolicyDBDaoInstance() throws Exception{
+ public static PolicyDBDao getPolicyDBDaoInstance(){
logger.debug("getPolicyDBDaoInstance() as getPolicyDBDaoInstance() called");
if(currentInstance != null){
return currentInstance;
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.warn("List of remote PolicyDBDaos will be empty", e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
return urlUserPass;
}
- private static String encryptPassword(String password) throws Exception{
+ private static String encryptPassword(String password) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, aesKey());
byte[] encryption = cipher.doFinal(password.getBytes("UTF-8"));
- System.out.println(encryption);
+ logger.debug("Encryption value is " + encryption);
return new String(Base64.getMimeEncoder().encode(encryption),"UTF-8");
}
- private static String decryptPassword(String encryptedPassword) throws Exception{
+ private static String decryptPassword(String encryptedPassword) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, aesKey());
byte[] password = cipher.doFinal(Base64.getDecoder().decode(encryptedPassword.getBytes("UTF-8")));
try{
newPolicyDBDaoEntity.setPassword(encryptPassword(url[2]));
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password");
}
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.debug(e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
+ logger.debug(e2);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not add new PolicyDBDao to the database");
}
}
try{
encryptedPassword = encryptPassword(url[2]);
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password");
}
if(url[1] != null && !stringEquals(url[1], foundPolicyDBDaoEntity.getUsername())){
try{
em.getTransaction().commit();
} catch(Exception e){
+ logger.debug(e);
try{
em.getTransaction().rollback();
} catch(Exception e2){
+ logger.debug(e2);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e2, "PolicyDBDao", "Could not update PolicyDBDao in the database");
}
}
try{
password = decryptPassword(dbdEntity.getPassword());
} catch(Exception e){
+ logger.debug(e);
//if we can't decrypt, might as well try it anyway
password = dbdEntity.getPassword();
}
readTimeout = Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_NOTIFY_TIMEOUT));
} catch(Exception e){
- logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default.");
+ logger.error("xacml.rest.pap.notify.timeoutms property not set, using a default.", e);
readTimeout = 10000;
}
connection.setReadTimeout(readTimeout);
}
try {
if (connection.getResponseCode() == 200) {
- logger.info("Received response 200 from pap server on notify");
- //notified = true;
+ logger.info("PolicyDBDao: NotifyOtherThread received response 200 from pap server on notify");
} else {
- logger.warn("connection response code not 200, received: "+connection.getResponseCode());
+ logger.warn("PolicyDBDao: NotifyOtherThread connection response code not 200, received: "+connection.getResponseCode());
}
} catch (Exception e) {
logger.warn("Caught Exception on: connection.getResponseCode() ", e);
}
-
connection.disconnect();
}
}
handleIncomingPolicyChange(url, entityId,extraData);
break;
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPolicyChange("+url+", "+entityId+", "+extraData+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
handleIncomingPdpChange(url, entityId, transaction);
break;
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingPdpChange("+url+", "+entityId+", "+transaction+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
handleIncomingGroupChange(url, entityId, extraData, transaction, xacmlPapServlet);
break;
}catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught exception on handleIncomingGroupChange("+url+", "+entityId+", "+extraData+", "+transaction+", "+xacmlPapServlet+")");
}
try{
Thread.sleep(pauseBetweenRetries);
}catch(InterruptedException ie){
+ Thread.currentThread().interrupt();
break;
}
}
//no changes should be being made in this function, we still need to close
transaction.rollbackTransaction();
}
- private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException{
+ private void handleIncomingGroupChange(String url, String groupId, String extraData,PolicyDBDaoTransaction transaction,XACMLPapServlet xacmlPapServlet) throws PAPException, PolicyDBException{
GroupEntity groupRecord = null;
long groupIdLong = -1;
try{
//set default if it should be
if(!localGroupClone.isDefaultGroup() && groupRecord.isDefaultGroup()){
try {
- papEngine.SetDefaultGroup(localGroup);
+ papEngine.setDefaultGroup(localGroup);
return;
} catch (PAPException e) {
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught PAPException trying to set default group with papEngine.SetDefaultGroup("+localGroupClone+");");
//call command that corresponds to the change that was made
}
//this will also handle removes, since incoming pdpGroup has no policies internally, we are just going to add them all in from the db
- private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException{
+ private boolean updateGroupPoliciesInFileSystem(OnapPDPGroup pdpGroup,OnapPDPGroup oldPdpGroup, GroupEntity groupRecord, PolicyDBDaoTransaction transaction) throws PAPException, PolicyDBException{
if(!(pdpGroup instanceof StdPDPGroup)){
throw new PAPException("group is not a StdPDPGroup");
}
if(currentPolicySet.containsKey(pdpPolicyName)){
newPolicySet.add(currentPolicySet.get(pdpPolicyName));
} else{
+ logger.info("PolicyDBDao: Adding the new policy to the PDP group after notification: " + pdpPolicyName);
InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes());
group.copyPolicyToFile(pdpPolicyName,policyStream);
- ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(policy.getPolicyName()));
+ ((StdPDPPolicy)(group.getPolicy(pdpPolicyName))).setName(removeExtensionAndVersionFromPolicyName(pdpPolicyName));
try {
policyStream.close();
} catch (IOException e) {
}
}
}
+ logger.info("PolicyDBDao: Adding updated policies to group after notification.");
if(didUpdate){
newPolicySet.addAll(group.getPolicies());
group.setPolicies(newPolicySet);
return didUpdate;
}
- private String removeExtensionAndVersionFromPolicyName(String originalPolicyName){
+
+ /*
+ * This method is called during all pushPolicy transactions and makes sure the file system
+ * group is in sync with the database groupentity
+ */
+ private StdPDPGroup synchronizeGroupPoliciesInFileSystem(StdPDPGroup pdpGroup, GroupEntity groupentity) throws PAPException, PolicyDBException{
+
+ HashMap<String,PDPPolicy> currentPolicyMap = new HashMap<>();
+ HashSet<String> newPolicyIdSet = new HashSet<>();
+ HashSet<PDPPolicy> newPolicySet = new HashSet<>();
+
+ for(PDPPolicy pdpPolicy : pdpGroup.getPolicies()){
+ currentPolicyMap.put(pdpPolicy.getId(), pdpPolicy);
+ }
+
+ for(PolicyEntity policy : groupentity.getPolicies()){
+ String pdpPolicyId = getPdpPolicyName(policy.getPolicyName(), policy.getScope());
+ newPolicyIdSet.add(pdpPolicyId);
+
+ if(currentPolicyMap.containsKey(pdpPolicyId)){
+ newPolicySet.add(currentPolicyMap.get(pdpPolicyId));
+ } else {
+
+ //convert PolicyEntity object to PDPPolicy
+ String name = pdpPolicyId.replace(".xml", "");
+ name = name.substring(0, name.lastIndexOf("."));
+ InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes());
+ pdpGroup.copyPolicyToFile(pdpPolicyId,name,policyStream);
+ URI location = Paths.get(pdpGroup.getDirectory().toAbsolutePath().toString(), pdpPolicyId).toUri();
+ StdPDPPolicy newPolicy = null;
+ try {
+ newPolicy = new StdPDPPolicy(pdpPolicyId, true, removeExtensionAndVersionFromPolicyName(pdpPolicyId),location);
+ newPolicySet.add(newPolicy);
+ } catch (Exception e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Exception occurred while creating the StdPDPPolicy newPolicy object " + e.getMessage());
+ }
+
+ }
+
+ }
+
+ for(String id : currentPolicyMap.keySet()) {
+ if(!newPolicyIdSet.contains(id)){
+ try {
+ Files.delete(Paths.get(currentPolicyMap.get(id).getLocation()));
+ } catch (Exception e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Exception occurred while attempting to delete the old version of the policy file from the group. " + e.getMessage());
+ }
+ }
+ }
+
+ logger.info("PolicyDBDao: Adding new policy set to group to keep filesystem and DB in sync");
+ pdpGroup.setPolicies(newPolicySet);
+
+ return pdpGroup;
+ }
+
+ private String removeExtensionAndVersionFromPolicyName(String originalPolicyName) throws PolicyDBException{
return getPolicyNameAndVersionFromPolicyFileName(originalPolicyName)[0];
}
* @param originalPolicyName: a policy file name ex: Config_policy.2.xml
* @return An array [0]: The policy name, [1]: the policy version, as a string
*/
- private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){
+ private String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{
String policyName = originalPolicyName;
String[] nameAndVersion = new String[2];
try{
policyName = removeFileExtension(policyName);
nameAndVersion[0] = policyName.substring(0,policyName.lastIndexOf('.'));
if(isNullOrEmpty(nameAndVersion[0])){
- throw new Exception();
+ throw new PolicyDBException();
}
} catch(Exception e){
nameAndVersion[0] = originalPolicyName;
try{
nameAndVersion[1] = policyName.substring(policyName.lastIndexOf('.')+1);
if(isNullOrEmpty(nameAndVersion[1])){
- throw new Exception();
+ throw new PolicyDBException();
}
} catch(Exception e){
nameAndVersion[1] = "1";
}
}
+
+ public StdPDPGroup auditLocalFileSystem(StdPDPGroup group){
+
+ logger.info("Starting Local File System group audit");
+ EntityManager em = emf.createEntityManager();
+ em.getTransaction().begin();
+
+ StdPDPGroup updatedGroup = null;
+ try {
+ Query groupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted");
+ groupQuery.setParameter("groupId", group.getId());
+ groupQuery.setParameter("deleted", false);
+ List<?> groupQueryList = groupQuery.getResultList();
+ if(groupQueryList!=null){
+ GroupEntity dbgroup = (GroupEntity)groupQueryList.get(0);
+ updatedGroup = synchronizeGroupPoliciesInFileSystem(group, dbgroup);
+ }
+ } catch (PAPException e) {
+ logger.error(e);
+ } catch (PolicyDBException e) {
+ logger.error(e);
+ } catch (Exception e) {
+ logger.error(e);
+ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if group exists groupQuery.getResultList()");
+ throw new PersistenceException("Query failed trying to check if group "+group.getId()+" exists");
+ }
+
+ em.getTransaction().commit();
+ em.close();
+
+ logger.info("Group was updated during file system audit: " + updatedGroup.toString());
+ return updatedGroup;
+
+ }
+
public void deleteAllGroupTables(){
logger.debug("PolicyDBDao.deleteAllGroupTables() called");
EntityManager em = emf.createEntityManager();
try{
startTransactionSynced(this.em,transactionWaitTime);
} catch(Exception e){
+ logger.debug(e);
throw new PersistenceException("Could not lock transaction within "+transactionWaitTime+" milliseconds");
}
}
+ "\n TimeStamp = " + date.getTime()
+ "\n\n");
}
+ Thread.currentThread().interrupt();
return;
}
if(logger.isDebugEnabled()){
try{
em.close();
}catch(Exception e){
- logger.warn("Could not close already closed transaction");
+ logger.warn("Could not close already closed transaction", e);
}
}
try{
configPath = Paths.get(configPath).toString();
} catch(InvalidPathException e){
- logger.error("Invalid config path: "+configPath);
+ logger.error("Invalid config path: "+configPath, e);
throw new IllegalArgumentException("Invalid config path: "+configPath);
}
return configPath;
String prefix = null;
if (policy.policyAdapter.getPolicyType().equalsIgnoreCase("Config")) {
- prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.indexOf(policy.policyAdapter.getPolicyName()));
+ prefix = configPath.substring(configPath.indexOf(policyScope+".")+policyScope.concat(".").length(), configPath.lastIndexOf(policy.policyAdapter.getPolicyName()));
if(isNullOrEmpty(policy.policyAdapter.getConfigBodyData())){
String configData = "";
try{
@Override
- public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PAPException {
+ public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PolicyDBException {
logger.debug("deleteGroup(PDPGroup group, PDPGroup moveToGroup, String username) as deleteGroup("+group+", "+moveToGroup+","+username+") called");
if(group == null){
throw new IllegalArgumentException("PDPGroup group cannot be null");
if(group.isDefaultGroup()){
PolicyLogger.error("The default group "+group.getId()+" was attempted to be deleted. It cannot be.");
- throw new PAPException("You cannot delete the default group.");
+ throw new PolicyDBException("You cannot delete the default group.");
}
synchronized(emLock){
checkBeforeOperationRun();
}
} else {
PolicyLogger.error("Group "+group.getId()+" is trying to be delted with PDPs. No group was provided to move them to");
- throw new PAPException("Group has PDPs. Must provide a group for them to move to");
+ throw new PolicyDBException("Group has PDPs. Must provide a group for them to move to");
}
}
}
@Override
- public void addPolicyToGroup(String groupID, String policyID, String username) {
- logger.debug("addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called");
+ public StdPDPGroup addPolicyToGroup(String groupID, String policyID, String username) throws PolicyDBException {
+ logger.info("PolicyDBDao: addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup("+groupID+", "+policyID+","+username+") called");
if(isNullOrEmpty(groupID, policyID, username)){
throw new IllegalArgumentException("groupID, policyID, and username must not be null or empty");
}
PolicyLogger.error("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted");
throw new PersistenceException("Somehow, more than one group with the id "+groupID+" were found in the database that are not deleted");
}
+
//we need to convert the form of the policy id that is used groups into the form that is used
//for the database. (com.Config_mypol.1.xml) to (Config_mypol.xml)
String[] policyNameScopeAndVersion = getNameScopeAndVersionFromPdpPolicy(policyID);
try{
policyQueryList = policyQuery.getResultList();
} catch(Exception e){
+ logger.debug(e);
PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if policy exists policyQuery.getResultList()");
throw new PersistenceException("Query failed trying to check if policy "+policyNameScopeAndVersion[0]+" exists");
}
PolicyLogger.error("Somehow, more than one policy with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted");
throw new PersistenceException("Somehow, more than one group with the id "+policyNameScopeAndVersion[0]+" were found in the database that are not deleted");
}
+ logger.info("PolicyDBDao: Getting group and policy from database");
GroupEntity group = (GroupEntity)groupQueryList.get(0);
PolicyEntity policy = (PolicyEntity)policyQueryList.get(0);
Iterator<PolicyEntity> policyIt = group.getPolicies().iterator();
String policyName = getPolicyNameAndVersionFromPolicyFileName(policy.getPolicyName())[0];
+
+ logger.info("PolicyDBDao: policyName retrieved is " + policyName);
try{
- while(policyIt.hasNext()){
- PolicyEntity pol = policyIt.next();
- if(getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)){
- policyIt.remove();
- }
- }
+ while(policyIt.hasNext()){
+ PolicyEntity pol = policyIt.next();
+ if(getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)){
+ policyIt.remove();
+ }
+ }
}catch(Exception e){
+ logger.debug(e);
PolicyLogger.error("Could not delete old versions for policy "+policy.getPolicyName()+", ID: "+policy.getPolicyId());
}
group.addPolicyToGroup(policy);
em.flush();
+
+ // After adding policy to the db group we need to make sure the filesytem group is in sync with the db group
+ try {
+ StdPDPGroup pdpGroup = (StdPDPGroup) papEngine.getGroup(group.getGroupId());
+ return synchronizeGroupPoliciesInFileSystem(pdpGroup, group);
+ } catch (PAPException e) {
+ logger.debug(e);
+ PolicyLogger.error("PolicyDBDao: Could not synchronize the filesystem group with the database group. " + e.getMessage());
+ }
+
+ return null;
}
}
String computeScope(String fullPath, String pathToExclude){
return PolicyDBDao.computeScope(fullPath, pathToExclude);
}
- String encryptPassword(String password) throws Exception{
+ String encryptPassword(String password) throws InvalidKeyException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException{
return PolicyDBDao.encryptPassword(password);
}
- String decryptPassword(String password) throws Exception{
+ String decryptPassword(String password) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{
return PolicyDBDao.decryptPassword(password);
}
String getDescriptionFromXacml(String xacmlData){
return PolicyDBDao.getDescriptionFromXacml(xacmlData);
}
- String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName){
+ String[] getPolicyNameAndVersionFromPolicyFileName(String originalPolicyName) throws PolicyDBException{
return PolicyDBDao.this.getPolicyNameAndVersionFromPolicyFileName(originalPolicyName);
}
}