aboutsummaryrefslogtreecommitdiffstats
path: root/core/src/main/java/org/onap/aaf/cadi/lur
diff options
context:
space:
mode:
Diffstat (limited to 'core/src/main/java/org/onap/aaf/cadi/lur')
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java70
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java167
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java201
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java51
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java88
5 files changed, 0 insertions, 577 deletions
diff --git a/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java b/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java
deleted file mode 100644
index 32e4816..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur;
-
-import java.io.IOException;
-import java.security.Principal;
-
-import org.onap.aaf.cadi.GetCred;
-import org.onap.aaf.cadi.Symm;
-
-public class ConfigPrincipal implements Principal, GetCred {
- private String name;
- private byte[] cred;
- private String content;
-
- public ConfigPrincipal(String name, String passwd) {
- this.name = name;
- this.cred = passwd.getBytes();
- content = null;
- }
-
- public ConfigPrincipal(String name, byte[] cred) {
- this.name = name;
- this.cred = cred;
- content = null;
- }
-
- public String getName() {
- return name;
- }
-
- public byte[] getCred() {
- return cred;
- }
-
- public String toString() {
- return name;
- }
-
- public String getAsBasicAuthHeader() throws IOException {
- if(content ==null) {
- String s = name + ':' + new String(cred);
- content = "Basic " + Symm.base64.encode(s);
- } else if(!content.startsWith("Basic ")) { // content is the saved password from construction
- String s = name + ':' + content;
- content = "Basic " + Symm.base64.encode(s);
- }
- return content;
- }
-}
diff --git a/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java b/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
deleted file mode 100644
index 0e612e9..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
+++ /dev/null
@@ -1,167 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur;
-
-import java.security.Principal;
-import java.util.List;
-
-import org.onap.aaf.cadi.CachingLur;
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.CredVal;
-import org.onap.aaf.cadi.Lur;
-import org.onap.aaf.cadi.Permission;
-
-/**
- * EpiLUR
- *
- * Short for "Epic LUR". Be able to run through a series of LURs to obtain the validation needed.
- *
- * The pun is better for the other pattern... "TAF" (aka EpiTaf), but it's still the larger picture of
- * LURs that will be accomplished.
- *
- * FYI, the reason we separate LURs, rather than combine, is that Various User Repository Resources have
- * different Caching requirements. For instance, the Local User Repo (with stand alone names), never expire, but might be
- * refreshed with a change in Configuration File, while the Remote Service based LURs will need to expire at prescribed intervals
- *
- *
- */
-public final class EpiLur implements Lur {
- private final Lur[] lurs;
-
- /**
- * EpiLur constructor
- *
- * Construct the EpiLur from variable TAF parameters
- * @param lurs
- * @throws CadiException
- */
- public EpiLur(Lur ... lurs) throws CadiException{
- this.lurs = lurs;
- if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor");
- }
-
- public boolean fish(Principal bait, Permission pond) {
- if(pond==null) {
- return false;
- }
- boolean rv = false;
- Lur lur;
- for(int i=0;!rv && i<lurs.length;++i) {
- rv = (lur = lurs[i]).fish(bait, pond);
- if(!rv && lur.handlesExclusively(pond)) break;
- }
- return rv;
- }
-
- public void fishAll(Principal bait, List<Permission> permissions) {
- for(Lur lur : lurs) {
- lur.fishAll(bait, permissions);
- }
- }
-
- public void destroy() {
- for(Lur lur : lurs) {
- lur.destroy();
- }
- }
-
- /**
- * Return the first Lur (if any) which also implements UserPass
- * @return
- */
- public CredVal getUserPassImpl() {
- for(Lur lur : lurs) {
- if(lur instanceof CredVal) {
- return (CredVal)lur;
- }
- }
- return null;
- }
-
- // Never needed... Only EpiLur uses...
- public boolean handlesExclusively(Permission pond) {
- return false;
- }
-
- /**
- * Get Lur for index. Returns null if out of range
- * @param idx
- * @return
- */
- public Lur get(int idx) {
- if(idx>=0 && idx<lurs.length) {
- return lurs[idx];
- }
- return null;
- }
-
- public boolean supports(String userName) {
- for(Lur l : lurs) {
- if(l.supports(userName))return true;
- }
- return false;
- }
-
- public void remove(String id) {
- for(Lur l : lurs) {
- if(l instanceof CachingLur) {
- ((CachingLur<?>)l).remove(id);
- }
- }
- }
-
- public Lur subLur(Class<? extends Lur> cls ) {
- for(Lur l : lurs) {
- if(l.getClass().isAssignableFrom(cls)) {
- return l;
- }
- }
- return null;
- }
-
- @Override
- public Permission createPerm(String p) {
- return new LocalPermission(p);
- }
-
- /* (non-Javadoc)
- * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder)
- */
- @Override
- public void clear(Principal p, StringBuilder report) {
- for(Lur lur : lurs) {
- lur.clear(p, report);
- }
- }
-
- public String toString() {
- StringBuilder sb = new StringBuilder();
- for(Lur lur : lurs) {
- sb.append(lur.getClass().getSimpleName());
- sb.append(": Report\n");
- sb.append(lur.toString());
- sb.append('\n');
- }
- return sb.toString();
- }
-}
diff --git a/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
deleted file mode 100644
index 4086b51..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
+++ /dev/null
@@ -1,201 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.onap.aaf.cadi.AbsUserCache;
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.CredVal;
-import org.onap.aaf.cadi.Hash;
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.StrLur;
-import org.onap.aaf.cadi.User;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.config.Config;
-
-
-/**
- * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms.
- *
- *
- */
-public final class LocalLur extends AbsUserCache<LocalPermission> implements StrLur, CredVal {
- public static final String SEMI = "\\s*;\\s*";
- public static final String COLON = "\\s*:\\s*";
- public static final String COMMA = "\\s*,\\s*";
- public static final String PERCENT = "\\s*%\\s*";
-
- // Use to quickly determine whether any given group is supported by this LUR
- private final Set<String> supportingGroups;
- private String supportedRealm;
-
- /**
- * Construct by building structure, see "build"
- *
- * Reconstruct with "build"
- *
- * @param userProperty
- * @param groupProperty
- * @param decryptor
- * @throws IOException
- */
- public LocalLur(Access access, String userProperty, String groupProperty) throws IOException {
- super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire
- supportedRealm = access.getProperty(Config.BASIC_REALM, "localized");
- supportingGroups = new TreeSet<String>();
-
- if(userProperty!=null) {
- // For each User name...
- for(String user : userProperty.trim().split(SEMI)) {
- String[] us = user.split(COLON,2);
- String[] userpass = us[0].split(PERCENT,2);
- String u;
- User<LocalPermission> usr;
- if(userpass.length>1) {
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
-
- u = userpass[0];
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- usr = new User<LocalPermission>(new ConfigPrincipal(u, pass));
- } else {
- u = us[0];
- usr = new User<LocalPermission>(new ConfigPrincipal(u, (byte[])null));
- }
- addUser(usr);
- access.log(Level.INIT, "Local User:",usr.principal);
-
- if(us.length>1) {
- Map<String, Permission> newMap = usr.newMap();
- for(String group : us[1].split(COMMA)) {
- supportingGroups.add(group);
- usr.add(newMap,new LocalPermission(group));
- }
- usr.setMap(newMap);
- }
- }
- }
- if(groupProperty!=null) {
- // For each Group name...
- for(String group : groupProperty.trim().split(SEMI)) {
- String[] gs = group.split(COLON,2);
- if(gs.length>1) {
- supportingGroups.add(gs[0]);
- LocalPermission p = new LocalPermission(gs[0]);
- // Add all users (known by comma separators)
-
- for(String grpMem : gs[1].split(COMMA)) {
- // look for password, if so, put in passMap
- String[] userpass = grpMem.split(PERCENT,2);
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
- User<LocalPermission> usr = getUser(userpass[0]);
- if(userpass.length>1) {
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],pass)));
- else usr.principal=new ConfigPrincipal(userpass[0],pass);
- } else {
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],(byte[])null)));
- }
- usr.add(p);
- access.log(Level.INIT, "Local User:",usr.principal);
- }
- }
- }
- }
- }
-
- public boolean validate(String user, CredVal.Type type, byte[] cred) {
- User<LocalPermission> usr = getUser(user);
- switch(type) {
- case PASSWORD:
- // covers null as well as bad pass
- if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) {
- return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred());
- }
- break;
- }
- return false;
- }
-
- // @Override
- public boolean fish(Principal bait, Permission pond) {
- if(supports(bait.getName()) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- return user==null?false:user.contains((LocalPermission)pond);
- }
- return false;
- }
-
- public boolean fish(String bait, Permission pond) {
- if(supports(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- return user==null?false:user.contains((LocalPermission)pond);
- }
- return false;
- }
-
- // We do not want to expose the actual Group, so make a copy.
- public void fishAll(Principal bait, List<Permission> perms) {
- if(supports(bait.getName())) {
- User<LocalPermission> user = getUser(bait);
- if(user!=null) {
- user.copyPermsTo(perms);
- }
- }
- }
-
- public void fishAll(String bait, List<Permission> perms) {
- if(supports(bait)) {
- User<LocalPermission> user = getUser(bait);
- if(user!=null) {
- user.copyPermsTo(perms);
- }
- }
- }
-
- public boolean supports(String userName) {
- return userName!=null && userName.endsWith(supportedRealm);
- }
-
- public boolean handlesExclusively(Permission pond) {
- return supportingGroups.contains(pond.getKey());
- }
-
- /* (non-Javadoc)
- * @see com.att.cadi.Lur#createPerm(java.lang.String)
- */
- @Override
- public Permission createPerm(String p) {
- return new LocalPermission(p);
- }
-
-}
diff --git a/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java b/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java
deleted file mode 100644
index cccb74c..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur;
-
-import org.onap.aaf.cadi.Permission;
-
-public class LocalPermission implements Permission {
- private String key;
-
- public LocalPermission(String role) {
- this.key = role;
- }
-
- public String getKey() {
- return key;
- }
-
- public String toString() {
- return key;
- }
-
- public boolean match(Permission p) {
- return key.equals(p.getKey());
- }
-
- public String permType() {
- return "LOCAL";
- }
-
-
-}
diff --git a/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java b/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
deleted file mode 100644
index 94080df..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.lur;
-
-import java.security.Principal;
-import java.util.List;
-
-import org.onap.aaf.cadi.Lur;
-import org.onap.aaf.cadi.Permission;
-
-public class NullLur implements Lur {
- private static final Permission NULL = new Permission() {
- @Override
- public String permType() {
- return "";
- }
-
- @Override
- public String getKey() {
- return "";
- }
-
- @Override
- public boolean match(Permission p) {
- return false;
- }};
-
- public boolean fish(Principal bait, Permission pond) {
- // Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own
-// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied");
- return false;
- }
-
- public void fishAll(Principal bait, List<Permission> permissions) {
- }
-
- public void destroy() {
- }
-
- public boolean handlesExclusively(Permission pond) {
- return false;
- }
-
- public boolean supports(String userName) {
- return false;
- }
-
- /* (non-Javadoc)
- * @see com.att.cadi.Lur#createPerm(java.lang.String)
- */
- @Override
- public Permission createPerm(String p) {
- return NULL;
- }
-
- /* (non-Javadoc)
- * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder)
- */
- @Override
- public void clear(Principal p, StringBuilder report) {
- report.append(NullLur.class.getSimpleName());
- report.append('\n');
- }
-
- public String toString() {
- return NullLur.class.getSimpleName() + '\n';
- }
-}