Merge "Create an ONAP CADI Example"

author: varun gudisena <vg411h@att.com> 2018-06-14 17:44:55 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2018-06-14 17:44:55 +0000
commit: b78a57b922f79251a03c94af93c1ca0369619265 (patch)
tree: 897d7decf28e4eb143ebb7dc9123b68743c7d89b
parent: 73909c3fc05745feab01fd19b06695849653580c (diff)
parent: 9600ac9fe508b3accd757387681787257c39aa03 (diff)
3 files changed, 234 insertions, 6 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
index 0558e815..0628d4d5 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
@@ -107,7 +107,12 @@ public class TokenClient {
 
 	public void client_creds(Access access) throws CadiException {
 		if(okind=='A') {
-			client_creds(access.getProperty(Config.AAF_APPID, null),access.getProperty(Config.AAF_APPPASS, null));
+			String alias = access.getProperty(Config.CADI_ALIAS, null);
+			if(alias == null) {
+				client_creds(access.getProperty(Config.AAF_APPID, null),access.getProperty(Config.AAF_APPPASS, null));
+			} else {
+				client_creds(alias,null);
+			}
 		} else {
 			client_creds(access.getProperty(Config.AAF_ALT_CLIENT_ID, null),access.getProperty(Config.AAF_ALT_CLIENT_SECRET, null));
 		}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index e52df961..4f3fa87d 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -56,10 +56,18 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
 	private Map<String,AAFConHttp> aafcons = new ConcurrentHashMap<String, AAFConHttp>();
 	private SecurityInfoC<HttpURLConnection> hsi;
 	// Package on purpose
-	final Symm symm;	
+	final Symm symm;
 
 	private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
 		super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
+		
+		if(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
+			access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, "https://AAF_LOCATE_URL/AAF_NS.token/2.0"); // Default to AAF
+		}
+		if(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
+			access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, "https://AAF_LOCATE_URL/AAF_NS.introspect/2.0"); // Default to AAF);
+		}
+
 		symm = Symm.encrypt.obtain();
 		hsi = SecurityInfoC.instance(access, HttpURLConnection.class);
 	}
@@ -70,7 +78,7 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
 		}
 		return instance;
 	}
-
+	
 	/**
 	 * Pickup Timeout from Properties
 	 * 
@@ -95,18 +103,23 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
 			}
 		}
 		char okind;
-		if(Config.AAF_OAUTH2_TOKEN_URL.equals(tagOrURL) || 
-			tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL, null))) {
+		if( Config.AAF_OAUTH2_TOKEN_URL.equals(tagOrURL) ||
+			Config.AAF_OAUTH2_INTROSPECT_URL.equals(tagOrURL) ||
+			tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL, null)) ||
+			tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL, null))
+			) {
 				okind = Kind.AAF_OAUTH;
 			} else {
 				okind = Kind.OAUTH;
 			}
-		return new TokenClient(
+		TokenClient tci = new TokenClient(
 				okind,
 				this,
 				ach,
 				timeout,
 				AUTHN_METHOD.none);
+		tci.client_creds(access);
+		return tci;
 	}
 	
 	public TzClient newTzClient(final String locatorURL) throws CadiException, LocatorException {
diff --git a/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OnapClientExample.java
new file mode 100644
index 00000000..ca1bb948
--- /dev/null
+++ b/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OnapClientExample.java
@@ -0,0 +1,210 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package com.att.cadi.enduser;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.security.GeneralSecurityException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Result;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.oauth.TimedToken;
+import org.onap.aaf.cadi.oauth.TokenClient;
+import org.onap.aaf.cadi.oauth.TokenClientFactory;
+import org.onap.aaf.cadi.oauth.TzClient;
+import org.onap.aaf.cadi.util.FQI;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.util.Chrono;
+
+import aafoauth.v2_0.Introspect;
+import aafoauth.v2_0.Token;
+
+
+public class OnapClientExample {
+	private static TokenClientFactory tcf;
+	private static PropAccess access;
+
+	public final static void main(final String args[]) {
+		// These Objects are expected to be Long-Lived... Construct once
+		
+		// Property Access
+		// This method will allow you to set "cadi_prop_files" (or any other property) on Command line 
+		access = new PropAccess(args);
+		
+		// access = PropAccess();
+		// Note: This style will load "cadi_prop_files" from VM Args
+		
+		// Token aware Client Factory
+		try {
+			tcf = TokenClientFactory.instance(access);
+		} catch (APIException | GeneralSecurityException | IOException | CadiException e1) {
+			access.log(e1, "Unable to setup OAuth Client Factory, Fail Fast");
+			System.exit(1);
+		}
+		
+		final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
+		
+		try {
+			//////////////////////////////////////////////////////////////////////
+			// Scenario 1:
+			// Get and use an OAuth Client, which understands Token Management
+			//////////////////////////////////////////////////////////////////////
+			// Create a Token Client, that gets its tokens from expected OAuth Server
+			//   In this example, it is AAF, but it can be the Alternate OAuth
+
+			TokenClient tc = tcf.newClient(Config.AAF_OAUTH2_TOKEN_URL); // can set your own timeout here (url, timeoutMilliseconds)
+			
+			// Here's a trick to get the namespace out of a Fully Qualified AAF Identity (your MechID)
+			String ns = FQI.reverseDomain(tc.client_id());
+			System.out.printf("\nNote: The AAF Namespace of FQI (Fully Qualified Identity) %s is %s\n\n",tc.client_id(), ns);
+
+			// Now, we can get a Token.  Note: for "scope", use AAF Namespaces to get AAF Permissions embedded in
+			// Note: getToken checks if Token is expired, if so, then refreshes before handing back.
+			Result<TimedToken> rtt = tc.getToken(ns,"org.onap.test"); // get multiple scopes
+			
+			// Note: you can clear a Token's Disk/Memory presence by
+			//  1) removing the Token from the "token/outgoing" directory on the O/S
+			//  2) programmatically by calling "clearToken" with exact params as "getToken", when it has the same credentials set
+			//       tc.clearToken("org.onap.aaf","org.onap.test");
+			
+			// Result Object can be queried for success
+			if(rtt.isOK()) {
+				TimedToken token = rtt.value;
+				print(token); // Take a look at what's in a Token
+				
+				// Use this Token in your client calls with "Tokenized Client" (TzClient)
+				// These should NOT be used cross thread.
+				// Get Hello Service URL... roll your own in your own world.
+				final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL, 
+						"https://AAF_LOCATE_URL/AAF_NS.hello/2.0");
+
+
+				TzClient helloClient = tcf.newTzClient(endServicesURL);
+				helloClient.setToken(tc.client_id(), token);
+				
+				// This client call style, "best" call with "Retryable" inner class covers finding an available Service 
+				// (when Multi-services exist) for the best service, based (currently) on distance.
+				//
+				// the "Generic" in Type gives a Return Value for the Code, which you can set on the "best" method
+				// Note that variables used in the inner class from this part of the code must be "final", see "CALL_TIMEOUT"
+				String rv = helloClient.best(new Retryable<String>() {
+					@Override
+					public String code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+						Future<String> future = client.read("hello","text/plain");
+						// The "future" calling method allows you to do other processing, such as call more than one backend
+						// client before picking up the result
+						// If "get" matches the HTTP Code for the method (i.e. read HTTP Return value is 200), then 
+						if(future.get(CALL_TIMEOUT)) {
+							// Client Returned expected value
+							return future.value;
+						} else {
+							throw new APIException(future.code()  + future.body());
+						}					
+					}
+				});
+				
+				// You want to do something with returned value.  Here, we say "hello"
+				System.out.printf("\nPositive Response from Hello: %s\n",rv);
+				
+				
+				//////////////////////////////////////////////////////////////////////
+				// Scenario 2:
+				// As a Service, read Introspection information as proof of Authenticated Authorization
+				//////////////////////////////////////////////////////////////////////
+				// CADI Framework (i.e. CadiFilter) works with the Introspection to drive the J2EE interfaces (
+				// i.e. if(isUserInRole("ns.perm|instance|action")) {...
+				//
+				// Here, however, is a way to introspect via Java
+				//
+				// now, call Introspect (making sure right URLs are set in properties)
+				// We need a Different Introspect TokenClient, because different Endpoint (and usually different Services)
+				TokenClient tci = tcf.newClient(Config.AAF_OAUTH2_INTROSPECT_URL);
+				Result<Introspect> is = tci.introspect(token.getAccessToken());
+				if(is.isOK()) {
+					// Note that AAF will add JSON set of Permissions as part of "Content:", legitimate extension of OAuth Structure
+					print(is.value); // do something with Introspect Object
+				} else {
+					access.printf(Level.ERROR, "Unable to introspect OAuth Token %s: %d %s\n",
+							token.getAccessToken(),rtt.code,rtt.error);
+				}
+			} else {
+				access.printf(Level.ERROR, "Unable to obtain OAuth Token: %d %s\n",rtt.code,rtt.error);
+			}
+			
+		} catch (CadiException | LocatorException | APIException | IOException e) {
+			e.printStackTrace();
+		}
+	}
+	
+	/////////////////////////////////////////////////////////////
+	// Examples of Object Access
+	/////////////////////////////////////////////////////////////
+	private static void print(Token t) {
+		GregorianCalendar exp_date = new GregorianCalendar();
+		exp_date.add(GregorianCalendar.SECOND, t.getExpiresIn());
+		System.out.printf("Access Token\n\tToken:\t\t%s\n\tToken Type:\t%s\n\tExpires In:\t%d (%s)\n\tScope:\t\t%s\n\tRefresh Token:\t%s\n",
+		t.getAccessToken(),
+		t.getTokenType(),
+		t.getExpiresIn(),
+		Chrono.timeStamp(new Date(System.currentTimeMillis()+(t.getExpiresIn()*1000))),
+		t.getScope(),
+		t.getRefreshToken());
+	}
+	
+	private static void print(Introspect ti) {
+		if(ti==null || ti.getClientId()==null) {
+			System.out.println("Empty Introspect");
+			return;
+		}
+		Date exp = new Date(ti.getExp()*1000); // seconds
+		System.out.printf("Introspect\n"
+				+ "\tAccessToken:\t%s\n"
+				+ "\tClient-id:\t%s\n"
+				+ "\tClient Type:\t%s\n"
+				+ "\tActive:  \t%s\n"
+				+ "\tUserName:\t%s\n"
+				+ "\tExpires: \t%d (%s)\n"
+				+ "\tScope:\t\t%s\n"
+				+ "\tContent:\t%s\n",
+		ti.getAccessToken(),
+		ti.getClientId(),
+		ti.getClientType(),
+		ti.isActive()?Boolean.TRUE.toString():Boolean.FALSE.toString(),
+		ti.getUsername(),
+		ti.getExp(),
+		Chrono.timeStamp(exp),
+		ti.getScope(),
+		ti.getContent()==null?"":ti.getContent());
+		
+		System.out.println();
+	}
+
+}
author	varun gudisena <vg411h@att.com>	2018-06-14 17:44:55 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2018-06-14 17:44:55 +0000
commit	b78a57b922f79251a03c94af93c1ca0369619265 (patch)
tree	897d7decf28e4eb143ebb7dc9123b68743c7d89b
parent	73909c3fc05745feab01fd19b06695849653580c (diff)
parent	9600ac9fe508b3accd757387681787257c39aa03 (diff)