From 4a51a8f96715ffb2a42189b93b9fa91b453b8530 Mon Sep 17 00:00:00 2001
From: sg481n <sg481n@att.com>
Date: Thu, 3 Aug 2017 17:39:12 -0400
Subject:  [AAF-21] Initial code import
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Ia1dd196befd061f6ba0c2be6bf4456a30ea50f97
Signed-off-by: sg481n <sg481n@att.com>
---
 .../main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java | 275 +++++++++++++++++++++
 1 file changed, 275 insertions(+)
 create mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java

(limited to 'aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java')

diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java
new file mode 100644
index 0000000..0e831b9
--- /dev/null
+++ b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java
@@ -0,0 +1,275 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aai
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * Copyright © 2017 Amdocs
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * * 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ * * 
+ *  * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package com.att.cadi.aaf.v2_0;
+
+import java.net.URISyntaxException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import com.att.aft.dme2.api.DME2Exception;
+import com.att.cadi.AbsUserCache;
+import com.att.cadi.Access.Level;
+import com.att.cadi.CachingLur;
+import com.att.cadi.Permission;
+import com.att.cadi.StrLur;
+import com.att.cadi.Transmutate;
+import com.att.cadi.User;
+import com.att.cadi.config.Config;
+import com.att.cadi.aaf.AAFPermission;
+import com.att.cadi.aaf.AAFTransmutate;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Split;
+
+public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements StrLur, CachingLur<PERM> {
+	protected static final byte[] BLANK_PASSWORD = new byte[0];
+	protected static final Transmutate<Principal> transmutate = new AAFTransmutate();
+	private String[] debug = null;
+	public AAFCon<?> aaf;
+	private String[] supports;
+
+	public AbsAAFLur(AAFCon<?> con) throws DME2Exception, URISyntaxException, APIException {
+		super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);
+		aaf = con;
+		setLur(this);
+		supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
+	}
+
+	public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws DME2Exception, URISyntaxException, APIException {
+		super(auc);
+		aaf = con;
+		setLur(this);
+		supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
+	}
+
+	@Override
+	public void setDebug(String ids) {
+		this.debug = ids==null?null:Split.split(',', ids);
+	}
+	
+	protected abstract User<PERM> loadUser(Principal bait);
+	protected abstract User<PERM> loadUser(String name);
+	public final boolean supports(String userName) {
+		if(userName!=null) {
+			for(String s : supports) {
+				if(userName.endsWith(s))
+					return true;
+			}
+		}
+		return false;
+	}
+	
+	protected abstract boolean isCorrectPermType(Permission pond);
+	
+	// This is where you build AAF CLient Code.  Answer the question "Is principal "bait" in the "pond"
+	public boolean fish(Principal bait, Permission pond) {
+		return fish(bait.getName(), pond);
+	}
+
+	public void fishAll(Principal bait, List<Permission> perms) {
+		fishAll(bait.getName(),perms);
+	}
+
+	// This is where you build AAF CLient Code.  Answer the question "Is principal "bait" in the "pond"
+	public boolean fish(String bait, Permission pond) {
+		if(isDebug(bait)) {
+			boolean rv = false;
+			StringBuilder sb = new StringBuilder("Log for ");
+			sb.append(bait);
+			if(supports(bait)) {
+				User<PERM> user = getUser(bait);
+				if(user==null) {
+					sb.append("\n\tUser is not in Cache");
+				} else {
+					if(user.noPerms())sb.append("\n\tUser has no Perms");
+					if(user.permExpired()) {
+						sb.append("\n\tUser's perm expired [");
+						sb.append(new Date(user.permExpires()));
+						sb.append(']');
+					} else {
+						sb.append("\n\tUser's perm expires [");
+						sb.append(new Date(user.permExpires()));
+						sb.append(']');
+					}
+				}
+				if(user==null || (user.noPerms() && user.permExpired())) {
+					user = loadUser(bait);
+					sb.append("\n\tloadUser called");
+				}
+				if(user==null) {
+					sb.append("\n\tUser was not Loaded");
+				} else if(user.contains(pond)) {
+					sb.append("\n\tUser contains ");
+					sb.append(pond.getKey());
+					rv = true;
+				} else {
+					sb.append("\n\tUser does not contain ");
+					sb.append(pond.getKey());
+					List<Permission> perms = new ArrayList<Permission>();
+					user.copyPermsTo(perms);
+					for(Permission p : perms) {
+						sb.append("\n\t\t");
+						sb.append(p.getKey());
+					}
+				}
+			} else {
+				sb.append("AAF Lur does not support [");
+				sb.append(bait);
+				sb.append("]");
+			}
+			aaf.access.log(Level.INFO, sb);
+			return rv;
+		} else {
+			if(supports(bait)) {
+				User<PERM> user = getUser(bait);
+				if(user==null || (user.noPerms() && user.permExpired())) {
+					user = loadUser(bait);
+				}
+				return user==null?false:user.contains(pond);
+			}
+			return false;
+		}
+	}
+
+	public void fishAll(String bait, List<Permission> perms) {
+		if(isDebug(bait)) {
+			StringBuilder sb = new StringBuilder("Log for ");
+			sb.append(bait);
+			if(supports(bait)) {
+				User<PERM> user = getUser(bait);
+				if(user==null) {
+					sb.append("\n\tUser is not in Cache");
+				} else {
+					if(user.noPerms())sb.append("\n\tUser has no Perms");
+					if(user.permExpired()) {
+						sb.append("\n\tUser's perm expired [");
+						sb.append(new Date(user.permExpires()));
+						sb.append(']');
+					} else {
+						sb.append("\n\tUser's perm expires [");
+						sb.append(new Date(user.permExpires()));
+						sb.append(']');
+					}
+				}
+				if(user==null || (user.noPerms() && user.permExpired())) {
+					user = loadUser(bait);
+					sb.append("\n\tloadUser called");
+				}
+				if(user==null) {
+					sb.append("\n\tUser was not Loaded");
+				} else {
+					sb.append("\n\tCopying Perms ");
+					user.copyPermsTo(perms);
+					for(Permission p : perms) {
+						sb.append("\n\t\t");
+						sb.append(p.getKey());
+					}
+				}
+			} else {
+				sb.append("AAF Lur does not support [");
+				sb.append(bait);
+				sb.append("]");
+			}
+			aaf.access.log(Level.INFO, sb);
+		} else {
+			if(supports(bait)) {
+				User<PERM> user = getUser(bait);
+				if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait);
+				if(user!=null) {
+					user.copyPermsTo(perms);
+				}
+			}
+		}
+	}
+	
+	@Override
+	public void remove(String user) {
+		super.remove(user);
+	}
+
+	private boolean isDebug(String bait) {
+		if(debug!=null) {
+			if(debug.length==1 && "all".equals(debug[0]))return true;
+			for(String s : debug) {
+				if(s.equals(bait))return true;
+			}
+		}
+		return false;
+	}
+	/**
+	 * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.
+	 * 
+	 * @param bait
+	 * @param obj
+	 * @param type
+	 * @param instance
+	 * @param actions
+	 */
+	public<A> void fishOneOf(String bait, A obj, String type, String instance, List<Action<A>> actions) {
+		User<PERM> user = getUser(bait);
+		if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait);
+//		return user==null?false:user.contains(pond);
+		if(user!=null) {
+			ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);
+			for(Action<A> action : actions) {
+				perm.setAction(action.getName());
+				if(user.contains(perm)) {
+					if(action.exec(obj))return;
+				}
+			}
+		}
+	}
+	
+	public static interface Action<A> {
+		public String getName();
+		/**
+		 *  Return false to continue, True to end now
+		 * @return
+		 */
+		public boolean exec(A a);
+	}
+	
+	private class ReuseAAFPermission extends AAFPermission {
+		public ReuseAAFPermission(String type, String instance) {
+			super(type,instance,null);
+		}
+
+		public void setAction(String s) {
+			action = s;
+		}
+		
+		/**
+		 * This function understands that AAF Keys are hierarchical, :A:B:C, 
+		 *  Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit
+		 * @return
+		 */
+//		public boolean setParentInstance() {
+//			int i = instance.lastIndexOf(':');
+//			if(i<0) return false;
+//			instance = instance.substring(0, i);
+//			return true;
+//		}
+	}
+}
-- 
cgit 1.2.3-korg