From 62c4eb45e157d502463d797c1353802ca8e1e307 Mon Sep 17 00:00:00 2001 From: sg481n Date: Fri, 25 Aug 2017 01:57:24 -0400 Subject: Update project structure for aaf/cadi Update project structure from com.att to org.onap and add distribution management and staging plugin. Issue-id: AAF-22 Change-Id: Idf2b591139e38921ad28782a51486714a05dee92 Signed-off-by: sg481n --- .../java/com/att/cadi/lur/ConfigPrincipal.java | 70 ------- core/src/main/java/com/att/cadi/lur/EpiLur.java | 167 ----------------- core/src/main/java/com/att/cadi/lur/LocalLur.java | 201 --------------------- .../java/com/att/cadi/lur/LocalPermission.java | 51 ------ core/src/main/java/com/att/cadi/lur/NullLur.java | 88 --------- 5 files changed, 577 deletions(-) delete mode 100644 core/src/main/java/com/att/cadi/lur/ConfigPrincipal.java delete mode 100644 core/src/main/java/com/att/cadi/lur/EpiLur.java delete mode 100644 core/src/main/java/com/att/cadi/lur/LocalLur.java delete mode 100644 core/src/main/java/com/att/cadi/lur/LocalPermission.java delete mode 100644 core/src/main/java/com/att/cadi/lur/NullLur.java (limited to 'core/src/main/java/com/att/cadi/lur') diff --git a/core/src/main/java/com/att/cadi/lur/ConfigPrincipal.java b/core/src/main/java/com/att/cadi/lur/ConfigPrincipal.java deleted file mode 100644 index 443d7e7..0000000 --- a/core/src/main/java/com/att/cadi/lur/ConfigPrincipal.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur; - -import java.io.IOException; -import java.security.Principal; - -import com.att.cadi.GetCred; -import com.att.cadi.Symm; - -public class ConfigPrincipal implements Principal, GetCred { - private String name; - private byte[] cred; - private String content; - - public ConfigPrincipal(String name, String passwd) { - this.name = name; - this.cred = passwd.getBytes(); - content = null; - } - - public ConfigPrincipal(String name, byte[] cred) { - this.name = name; - this.cred = cred; - content = null; - } - - public String getName() { - return name; - } - - public byte[] getCred() { - return cred; - } - - public String toString() { - return name; - } - - public String getAsBasicAuthHeader() throws IOException { - if(content ==null) { - String s = name + ':' + new String(cred); - content = "Basic " + Symm.base64.encode(s); - } else if(!content.startsWith("Basic ")) { // content is the saved password from construction - String s = name + ':' + content; - content = "Basic " + Symm.base64.encode(s); - } - return content; - } -} diff --git a/core/src/main/java/com/att/cadi/lur/EpiLur.java b/core/src/main/java/com/att/cadi/lur/EpiLur.java deleted file mode 100644 index 1eff70e..0000000 --- a/core/src/main/java/com/att/cadi/lur/EpiLur.java +++ /dev/null @@ -1,167 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur; - -import java.security.Principal; -import java.util.List; - -import com.att.cadi.CachingLur; -import com.att.cadi.CadiException; -import com.att.cadi.CredVal; -import com.att.cadi.Lur; -import com.att.cadi.Permission; - -/** - * EpiLUR - * - * Short for "Epic LUR". Be able to run through a series of LURs to obtain the validation needed. - * - * The pun is better for the other pattern... "TAF" (aka EpiTaf), but it's still the larger picture of - * LURs that will be accomplished. - * - * FYI, the reason we separate LURs, rather than combine, is that Various User Repository Resources have - * different Caching requirements. For instance, the Local User Repo (with stand alone names), never expire, but might be - * refreshed with a change in Configuration File, while the Remote Service based LURs will need to expire at prescribed intervals - * - * - */ -public final class EpiLur implements Lur { - private final Lur[] lurs; - - /** - * EpiLur constructor - * - * Construct the EpiLur from variable TAF parameters - * @param lurs - * @throws CadiException - */ - public EpiLur(Lur ... lurs) throws CadiException{ - this.lurs = lurs; - if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor"); - } - - public boolean fish(Principal bait, Permission pond) { - if(pond==null) { - return false; - } - boolean rv = false; - Lur lur; - for(int i=0;!rv && i permissions) { - for(Lur lur : lurs) { - lur.fishAll(bait, permissions); - } - } - - public void destroy() { - for(Lur lur : lurs) { - lur.destroy(); - } - } - - /** - * Return the first Lur (if any) which also implements UserPass - * @return - */ - public CredVal getUserPassImpl() { - for(Lur lur : lurs) { - if(lur instanceof CredVal) { - return (CredVal)lur; - } - } - return null; - } - - // Never needed... Only EpiLur uses... - public boolean handlesExclusively(Permission pond) { - return false; - } - - /** - * Get Lur for index. Returns null if out of range - * @param idx - * @return - */ - public Lur get(int idx) { - if(idx>=0 && idx)l).remove(id); - } - } - } - - public Lur subLur(Class cls ) { - for(Lur l : lurs) { - if(l.getClass().isAssignableFrom(cls)) { - return l; - } - } - return null; - } - - @Override - public Permission createPerm(String p) { - return new LocalPermission(p); - } - - /* (non-Javadoc) - * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder) - */ - @Override - public void clear(Principal p, StringBuilder report) { - for(Lur lur : lurs) { - lur.clear(p, report); - } - } - - public String toString() { - StringBuilder sb = new StringBuilder(); - for(Lur lur : lurs) { - sb.append(lur.getClass().getSimpleName()); - sb.append(": Report\n"); - sb.append(lur.toString()); - sb.append('\n'); - } - return sb.toString(); - } -} diff --git a/core/src/main/java/com/att/cadi/lur/LocalLur.java b/core/src/main/java/com/att/cadi/lur/LocalLur.java deleted file mode 100644 index 5980769..0000000 --- a/core/src/main/java/com/att/cadi/lur/LocalLur.java +++ /dev/null @@ -1,201 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur; - -import java.io.IOException; -import java.security.Principal; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeSet; - -import com.att.cadi.AbsUserCache; -import com.att.cadi.Access; -import com.att.cadi.Access.Level; -import com.att.cadi.CredVal; -import com.att.cadi.Hash; -import com.att.cadi.Permission; -import com.att.cadi.StrLur; -import com.att.cadi.User; -import com.att.cadi.config.Config; - - -/** - * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms. - * - * - */ -public final class LocalLur extends AbsUserCache implements StrLur, CredVal { - public static final String SEMI = "\\s*;\\s*"; - public static final String COLON = "\\s*:\\s*"; - public static final String COMMA = "\\s*,\\s*"; - public static final String PERCENT = "\\s*%\\s*"; - - // Use to quickly determine whether any given group is supported by this LUR - private final Set supportingGroups; - private String supportedRealm; - - /** - * Construct by building structure, see "build" - * - * Reconstruct with "build" - * - * @param userProperty - * @param groupProperty - * @param decryptor - * @throws IOException - */ - public LocalLur(Access access, String userProperty, String groupProperty) throws IOException { - super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire - supportedRealm = access.getProperty(Config.BASIC_REALM, "localized"); - supportingGroups = new TreeSet(); - - if(userProperty!=null) { - // For each User name... - for(String user : userProperty.trim().split(SEMI)) { - String[] us = user.split(COLON,2); - String[] userpass = us[0].split(PERCENT,2); - String u; - User usr; - if(userpass.length>1) { - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - - u = userpass[0]; - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - usr = new User(new ConfigPrincipal(u, pass)); - } else { - u = us[0]; - usr = new User(new ConfigPrincipal(u, (byte[])null)); - } - addUser(usr); - access.log(Level.INIT, "Local User:",usr.principal); - - if(us.length>1) { - Map newMap = usr.newMap(); - for(String group : us[1].split(COMMA)) { - supportingGroups.add(group); - usr.add(newMap,new LocalPermission(group)); - } - usr.setMap(newMap); - } - } - } - if(groupProperty!=null) { - // For each Group name... - for(String group : groupProperty.trim().split(SEMI)) { - String[] gs = group.split(COLON,2); - if(gs.length>1) { - supportingGroups.add(gs[0]); - LocalPermission p = new LocalPermission(gs[0]); - // Add all users (known by comma separators) - - for(String grpMem : gs[1].split(COMMA)) { - // look for password, if so, put in passMap - String[] userpass = grpMem.split(PERCENT,2); - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - User usr = getUser(userpass[0]); - if(userpass.length>1) { - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - if(usr==null)addUser(usr=new User(new ConfigPrincipal(userpass[0],pass))); - else usr.principal=new ConfigPrincipal(userpass[0],pass); - } else { - if(usr==null)addUser(usr=new User(new ConfigPrincipal(userpass[0],(byte[])null))); - } - usr.add(p); - access.log(Level.INIT, "Local User:",usr.principal); - } - } - } - } - } - - public boolean validate(String user, CredVal.Type type, byte[] cred) { - User usr = getUser(user); - switch(type) { - case PASSWORD: - // covers null as well as bad pass - if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) { - return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred()); - } - break; - } - return false; - } - - // @Override - public boolean fish(Principal bait, Permission pond) { - if(supports(bait.getName()) && pond instanceof LocalPermission) { // local Users only have LocalPermissions - User user = getUser(bait); - return user==null?false:user.contains((LocalPermission)pond); - } - return false; - } - - public boolean fish(String bait, Permission pond) { - if(supports(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions - User user = getUser(bait); - return user==null?false:user.contains((LocalPermission)pond); - } - return false; - } - - // We do not want to expose the actual Group, so make a copy. - public void fishAll(Principal bait, List perms) { - if(supports(bait.getName())) { - User user = getUser(bait); - if(user!=null) { - user.copyPermsTo(perms); - } - } - } - - public void fishAll(String bait, List perms) { - if(supports(bait)) { - User user = getUser(bait); - if(user!=null) { - user.copyPermsTo(perms); - } - } - } - - public boolean supports(String userName) { - return userName!=null && userName.endsWith(supportedRealm); - } - - public boolean handlesExclusively(Permission pond) { - return supportingGroups.contains(pond.getKey()); - } - - /* (non-Javadoc) - * @see com.att.cadi.Lur#createPerm(java.lang.String) - */ - @Override - public Permission createPerm(String p) { - return new LocalPermission(p); - } - -} diff --git a/core/src/main/java/com/att/cadi/lur/LocalPermission.java b/core/src/main/java/com/att/cadi/lur/LocalPermission.java deleted file mode 100644 index b44f840..0000000 --- a/core/src/main/java/com/att/cadi/lur/LocalPermission.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur; - -import com.att.cadi.Permission; - -public class LocalPermission implements Permission { - private String key; - - public LocalPermission(String role) { - this.key = role; - } - - public String getKey() { - return key; - } - - public String toString() { - return key; - } - - public boolean match(Permission p) { - return key.equals(p.getKey()); - } - - public String permType() { - return "LOCAL"; - } - - -} diff --git a/core/src/main/java/com/att/cadi/lur/NullLur.java b/core/src/main/java/com/att/cadi/lur/NullLur.java deleted file mode 100644 index 7b01f5a..0000000 --- a/core/src/main/java/com/att/cadi/lur/NullLur.java +++ /dev/null @@ -1,88 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur; - -import java.security.Principal; -import java.util.List; - -import com.att.cadi.Lur; -import com.att.cadi.Permission; - -public class NullLur implements Lur { - private static final Permission NULL = new Permission() { - @Override - public String permType() { - return ""; - } - - @Override - public String getKey() { - return ""; - } - - @Override - public boolean match(Permission p) { - return false; - }}; - - public boolean fish(Principal bait, Permission pond) { - // Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own -// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied"); - return false; - } - - public void fishAll(Principal bait, List permissions) { - } - - public void destroy() { - } - - public boolean handlesExclusively(Permission pond) { - return false; - } - - public boolean supports(String userName) { - return false; - } - - /* (non-Javadoc) - * @see com.att.cadi.Lur#createPerm(java.lang.String) - */ - @Override - public Permission createPerm(String p) { - return NULL; - } - - /* (non-Javadoc) - * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder) - */ - @Override - public void clear(Principal p, StringBuilder report) { - report.append(NullLur.class.getSimpleName()); - report.append('\n'); - } - - public String toString() { - return NullLur.class.getSimpleName() + '\n'; - } -} -- cgit 1.2.3-korg