aboutsummaryrefslogtreecommitdiffstats
path: root/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java
diff options
context:
space:
mode:
Diffstat (limited to 'dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java')
-rw-r--r--dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java140
1 files changed, 140 insertions, 0 deletions
diff --git a/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java
new file mode 100644
index 0000000..fa49ae8
--- /dev/null
+++ b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/aaf/AafLurService.java
@@ -0,0 +1,140 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.aaf;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.principal.UnAuthPrincipal;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+
+/*
+ * this service uses the AAF Lur object to lookup identities and perms
+ */
+public class AafLurService extends BaseLoggingClass {
+
+ private static AAFConHttp aafcon;
+ private static AAFLurPerm aafLur;
+ private static AAFAuthn<?> aafAuthn;
+
+
+ /*
+ * singleton pattern suggested by AAF
+ */
+ private static AafLurService singleton;
+ private AafLurService() {}
+
+
+
+ private static void init( Access myAccess ) throws APIException, CadiException, LocatorException {
+ appLogger.info( "myAccess=" + myAccess );
+ try {
+ aafcon = new AAFConHttp( myAccess );
+ } catch ( CadiException | LocatorException e) {
+ appLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
+ errorLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
+ errorLogger.error(e.getMessage());
+
+ throw e;
+ }
+ try {
+ aafLur = aafcon.newLur();
+ } catch ( CadiException e) {
+ appLogger.error( "Failure of newLur(): " + e.getMessage() );
+ errorLogger.error( "Failure of newLur(): " + e.getMessage() );
+ errorLogger.error(e.getMessage());
+
+ throw e;
+ }
+ aafAuthn = aafcon.newAuthn( aafLur );
+ }
+
+ public static synchronized AafLurService getInstance( Access myAccess ) throws APIException, CadiException, LocatorException{
+ if ( singleton == null ) {
+ singleton = new AafLurService();
+ try {
+ init( myAccess );
+ } catch (APIException | CadiException | LocatorException e) {
+ errorLogger.error(e.getMessage());
+ throw e;
+ }
+
+ }
+ return singleton;
+ }
+
+
+ public boolean checkPerm(String ns, String fqi, String pwd, DmaapPerm p) throws IOException, CadiException {
+
+ boolean rc = false;
+
+ if ( aafAuthn == null ) {
+ appLogger.error( "AafLurService: aafAuthn not set as expected.");
+ return rc;
+ }
+
+ String ok = aafAuthn.validate( fqi, pwd );
+ if ( ok != null ) {
+ appLogger.info( "FAILED validation of fqi=" + fqi + "with response:" + ok );
+ return rc;
+ }
+
+ Principal principal = new UnAuthPrincipal( fqi );
+ // if we pass ns as first arg to AAFPermission constructor it gets prpended to the instance...
+ // as in ns|instance|type|action. we don't want that.
+ Permission aafPerm = new AAFPermission( null, p.getPermission(), p.getPtype(), p.getAction());
+ if ( aafLur == null ) {
+ appLogger.error( "AafLurService: aafLur not set as expected.");
+ return rc;
+ }
+ rc = aafLur.fish( principal, aafPerm );
+ boolean flag = true;
+ if (rc == flag ) {
+ return rc;
+ }
+
+ List<Permission> perms = new ArrayList<>();
+ aafLur.fishAll( principal, perms);
+ String key = aafPerm.getKey();
+ for ( Permission prm: perms ) {
+ if ( prm.getKey().equals( key )) {
+ appLogger.info( principal + " has MATCHING perm " + prm.getKey() );
+ } else {
+ appLogger.info( principal + " has non-matching perm " + prm.getKey() );
+ }
+ }
+
+ return rc;
+
+ }
+}