diff options
Diffstat (limited to 'ecomp-sdk-app/src/main/java/org/openecomp/policy/elk/converter/Xacml2Elk.java')
| -rw-r--r-- | ecomp-sdk-app/src/main/java/org/openecomp/policy/elk/converter/Xacml2Elk.java | 978 |
1 files changed, 0 insertions, 978 deletions
diff --git a/ecomp-sdk-app/src/main/java/org/openecomp/policy/elk/converter/Xacml2Elk.java b/ecomp-sdk-app/src/main/java/org/openecomp/policy/elk/converter/Xacml2Elk.java deleted file mode 100644 index f7aa34ff2..000000000 --- a/ecomp-sdk-app/src/main/java/org/openecomp/policy/elk/converter/Xacml2Elk.java +++ /dev/null @@ -1,978 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ECOMP Policy Engine - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.openecomp.policy.elk.converter; - - -import io.searchbox.core.Update; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.StringReader; -import java.io.StringWriter; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLConnection; -import java.nio.file.FileSystems; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.Result; -import javax.xml.transform.stream.StreamResult; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; - -import org.apache.commons.io.IOUtils; -import org.eclipse.persistence.jaxb.JAXBContextFactory; -import org.eclipse.persistence.jaxb.MarshallerProperties; -import org.eclipse.persistence.jaxb.json.JsonSchemaOutputResolver; - -import com.att.research.xacml.api.Advice; -import com.att.research.xacml.api.AttributeAssignment; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.Obligation; -import org.openecomp.policy.xacml.api.XACMLErrorConstants; -import com.att.research.xacml.util.XACMLPolicyScanner; -import com.att.research.xacml.util.XACMLProperties; -import com.att.research.xacml.util.XACMLPolicyScanner.CallbackResult; -import com.att.research.xacml.util.XACMLPolicyScanner.SimpleCallback; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.SerializationFeature; -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.dataformat.xml.XmlMapper; -import com.fasterxml.jackson.module.jaxb.JaxbAnnotationModule; -import com.fasterxml.jackson.module.jsonSchema.JsonSchema; -import com.fasterxml.jackson.module.jsonSchema.factories.SchemaFactoryWrapper; - -import org.kohsuke.args4j.CmdLineException; -import org.kohsuke.args4j.CmdLineParser; -import org.kohsuke.args4j.Option; -import org.openecomp.policy.elk.client.ElkConnector; -import org.openecomp.policy.elk.client.ElkConnector.PolicyBodyType; -import org.openecomp.policy.rest.XACMLRestProperties; -import org.openecomp.policy.common.logging.flexlogger.FlexLogger; -import org.openecomp.policy.common.logging.flexlogger.Logger; - - -@SuppressWarnings("unused") -public class Xacml2Elk { - public static final String URLID_ATTRIBUTE = "URLID"; - public static final String BODY_ATTRIBUTE = "body"; - - protected static final Logger logger = FlexLogger.getLogger(Xacml2Elk.class); - protected static JAXBContext jaxbContext = jaxbContext(); - - protected static String toConfigsWebDirectory(String policyType) - throws IllegalArgumentException { - if (policyType == null || policyType.isEmpty()) - throw new IllegalArgumentException("Unexpected policy type: " + policyType); - - ElkConnector.PolicyType type = ElkConnector.PolicyType.valueOf(policyType); - switch(type) { - case Config: - return type.name(); - case Action: - return type.name(); - case Decision: - return type.name(); - case Config_Fault: - case Config_PM: - case Config_FW: - case Config_MS: - return ElkConnector.PolicyType.Config.name(); - default: - throw new IllegalArgumentException("Unexpected policy type: " + policyType); - } - } - - protected synchronized static JAXBContext jaxbContext() { - if (jaxbContext != null) { - return jaxbContext; - } - - try { - jaxbContext = JAXBContextFactory.createContext(new Class[] {PolicyType.class}, null); - } catch (JAXBException e) { - logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + ":" + - "JAXB Context cannot be created"); - return null; - } - - return jaxbContext; - } - - protected static class CLIOptions { - @Option(name="-t", usage="policy type", aliases={"-type", "--type"}, required=true) - protected String type; - - @Option(name="-n", usage="policy name", aliases={"-name", "--name"}, required=true) - protected String name; - - @Option(name="-o", usage="git repository owner", aliases={"-owner", "--owner"}, required=true) - protected String owner; - - @Option(name="-s", usage="enclosing scope", aliases={"-scope", "--scope"}, required=true) - protected String scope; - - @Option(name="-x", usage="xacml input file", aliases={"-xacml", "--xacml"}, required=true, metaVar="<xacml input file>") - protected File xacmlFile; - - @Option(name="-p", usage="payload body type", aliases={"-payloadType", "--payloadType"}, required=false, metaVar="<bayload body type>", depends={"-b"}) - protected PolicyBodyType bodyType; - - @Option(name="-b", usage="payload body", aliases={"-body", "--body"}, required=false, metaVar="<bayload body type>", depends={"-p"}) - protected String body; - - @Option(name="-d", usage="elk record output directory", aliases={"-d", "--directory"}, required=true, metaVar="<elk directory>") - protected File elkDirectory; - - @Option(name = "-h", aliases = {"-help", "--help"}, usage = "print this message") - private boolean help = false; - }; - - class AttributeAssignmentFinderProcessor extends SimpleCallback { - protected final String attributeId; - protected String attributeValue = null; - - public AttributeAssignmentFinderProcessor(String attributeId) { - this.attributeId = attributeId; - } - - public String getAttributeValue() { - return attributeValue; - } - - public boolean isAttributeValue() { - return (this.attributeValue != null && !this.attributeValue.isEmpty()); - } - - private boolean processAssignments( - List<AttributeAssignmentExpressionType> assignments) { - if (logger.isTraceEnabled()) - logger.trace("ENTER"); - - for (AttributeAssignmentExpressionType assignment : assignments) { - if (!assignment.getAttributeId().equals(attributeId)) { - if (logger.isDebugEnabled()) - logger.debug("Ignoring: " + assignment.getAttributeId()); - continue; - } - - if (logger.isDebugEnabled()) - logger.debug("Found Attribute ID: " + assignment.getAttributeId()); - - JAXBElement<?> jaxbExp = assignment.getExpression(); - Object assignmentObject = jaxbExp.getValue(); - if (assignmentObject instanceof AttributeValueType) { - AttributeValueType avt = (AttributeValueType) assignmentObject; - if (avt.getContent().size() <= 0) { - logger.warn("Ignoring: " + assignment.getAttributeId() + ": No values"); - continue; - } - - this.attributeValue = avt.getContent().get(0).toString(); - if (logger.isInfoEnabled()) - logger.info("Found: " + this.attributeValue); - - return true; - } - } - return false; - } - - @Override - public CallbackResult onAdvice(Object parent, AdviceExpressionType expression, Advice advice) { - if (logger.isTraceEnabled()) - logger.trace("ENTER"); - - List<AttributeAssignmentExpressionType> assignments = - expression.getAttributeAssignmentExpression(); - - if (assignments != null) { - boolean found = processAssignments(assignments); - if (found) - return CallbackResult.STOP; - } - - return super.onAdvice(parent, expression, advice); - } - - @Override - public CallbackResult onObligation(Object parent, ObligationExpressionType expression, Obligation obligation) { - if (logger.isTraceEnabled()) - logger.trace("ENTER"); - - List<AttributeAssignmentExpressionType> assignments = - expression.getAttributeAssignmentExpression(); - - if (assignments != null) { - boolean found = processAssignments(assignments); - if (found) - return CallbackResult.STOP; - } - - return super.onObligation(parent, expression, obligation); - - } - } - - final protected String type; - final protected String name; - final protected String owner; - final protected String scope; - final protected File xacmlFile; - final protected File elkDirectory; - - final protected JAXBElement<PolicyType> policy; - - protected PolicyBodyType bodyType; - protected String body; - - - public Xacml2Elk(String type, String name, - String owner, String scope, - File xacmlFile, File elkDirectory) - throws IllegalArgumentException { - - this.type = type; - this.name = name; - this.owner = owner; - this.scope = scope; - this.xacmlFile = xacmlFile; - this.elkDirectory = elkDirectory; - - this.policy = jaxbXacml(xacmlFile); - - this.body = ""; - this.bodyType = PolicyBodyType.none; - bodyFromXacml(); - } - - public Xacml2Elk(CLIOptions args) throws IllegalArgumentException { - this.type = args.type; - this.name = args.name; - this.owner = args.owner; - this.scope = args.scope; - this.xacmlFile = args.xacmlFile; - this.elkDirectory = args.elkDirectory; - - this.policy = jaxbXacml(xacmlFile); - - if (args.body == null || args.body.isEmpty()) { - this.body = ""; - this.bodyType = PolicyBodyType.none; - bodyFromXacml(); - } else { - this.body = args.body; - this.bodyType = args.bodyType; - } - } - - public Xacml2Elk(String type, String name, String owner, - String scope, File xacmlFile, PolicyBodyType bodyType, - String body, File destinationDir) - throws IllegalArgumentException { - this.type = type; - this.name = name; - this.owner = owner; - this.scope = scope; - this.xacmlFile = xacmlFile; - this.bodyType = bodyType; - this.body = body; - this.elkDirectory = destinationDir; - - this.policy = jaxbXacml(xacmlFile); - } - - public Xacml2Elk(File xacmlFile, boolean skipBody) - throws IllegalArgumentException { - this.policy = jaxbXacml(xacmlFile); - PolicyType jPolicy = this.policy.getValue(); - - this.xacmlFile = xacmlFile; - - this.type = ElkConnector.toPolicyType(xacmlFile.getName()).name(); - String fileName = xacmlFile.getName().replaceFirst(this.type + "_", ""); - if (fileName.indexOf(".") > 0) - this.name = fileName.substring(0, fileName.lastIndexOf(".")); - else - this.name = fileName; - - this.owner = "admin"; - this.scope = getScope(xacmlFile.getParent()); - this.elkDirectory = null; - - this.body = ""; - this.bodyType = PolicyBodyType.none; - if (!skipBody) { - bodyFromXacml(); - } - } - - @SuppressWarnings("unchecked") - protected JAXBElement<PolicyType> jaxbXacml(File xacmlFile) throws IllegalArgumentException { - Path xacmlPath = xacmlFile.toPath(); - if (!Files.isReadable(xacmlPath) || !Files.isRegularFile(xacmlPath)) { - if (logger.isWarnEnabled()) { - logger.warn("Error: " + xacmlPath + " is invalid."); - } - throw new IllegalArgumentException("Error: " + xacmlPath + " is invalid."); - } - - try { - Unmarshaller u = jaxbContext.createUnmarshaller(); - return (JAXBElement<PolicyType>) u.unmarshal(xacmlFile); - } catch (Exception e) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_DATA_ISSUE + " - error: " + xacmlPath + " is invalid."); - } - throw new IllegalArgumentException(xacmlFile.getAbsolutePath() + " does not contain valid XACML"); - } - } - - public JAXBElement<PolicyType> getPolicy() { - return policy; - } - - protected String getScope(String xacmlDirPath) { - if (logger.isTraceEnabled()) logger.trace("ENTER"); - - xacmlDirPath = xacmlDirPath.replaceAll("//", "/"); - xacmlDirPath = xacmlDirPath.replaceAll("\\\\", "/"); - xacmlDirPath = xacmlDirPath.replace('\\', '/'); - - String ws = XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_WORKSPACE); - String adminRepo = XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_REPOSITORY); - Path wsPath = Paths.get(ws, "admin", adminRepo); - File repoDir = wsPath.toFile(); - String repoPath = repoDir.getPath(); - repoPath = repoPath.replaceAll("//", "/"); - repoPath = repoPath.replaceAll("\\\\", "/"); - repoPath = repoPath.replace('\\', '/'); - - int startIndex = xacmlDirPath.indexOf(repoPath.toString()) + repoPath.toString().length() + 1; - String scope = xacmlDirPath.substring(startIndex, xacmlDirPath.length()); - - if (logger.isInfoEnabled()) - logger.info("xacml-policy-path=" + xacmlDirPath + "|" + - "repository-path=" + repoPath + "|" + - "scope=" + scope); - - return scope; - } - - @SuppressWarnings("deprecation") - private boolean bodyFromXacml() { - if (logger.isTraceEnabled()) - logger.trace("ENTER"); - - String urlAttribute = URLID_ATTRIBUTE; - try { - switch (ElkConnector.toPolicyType(this.type)) { - case Action: - urlAttribute = BODY_ATTRIBUTE; - break; - case Decision: - case none: - /* no body attached to decision policies */ - if (logger.isInfoEnabled()) - logger.info("No body attached for this type of policy: " + this.xacmlFile.getAbsolutePath()); - return false; - default: - /* a flavour of a config policy - default is fine */ - break; - } - } catch (IllegalArgumentException iae) { - if (logger.isWarnEnabled()) { - logger.warn(this.type + " cannot be converted to a valid type: " + iae.getMessage(), iae); - } - return false; - } - - AttributeAssignmentFinderProcessor - processor = new AttributeAssignmentFinderProcessor(urlAttribute); - XACMLPolicyScanner xacmlScanner = - new XACMLPolicyScanner(this.policy.getValue(), processor); - xacmlScanner.scan(); - if (!processor.isAttributeValue()) { - if (logger.isInfoEnabled()) - logger.info(urlAttribute + " not found in " + this.xacmlFile.getAbsolutePath()); - return false; - } - - String configsUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_CONFIG_URL); - if (configsUrl == null || configsUrl.isEmpty() || !configsUrl.startsWith("http")) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLRestProperties.PROP_CONFIG_URL + " property is not set."); - } - configsUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL); - if (configsUrl == null || configsUrl.isEmpty() || !configsUrl.startsWith("http")) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLRestProperties.PROP_PAP_URL + " property is not set."); - } - return false; - } else { - configsUrl = configsUrl.replaceFirst("/pap", ""); - } - } - - if (!configsUrl.endsWith("/")) { - configsUrl += "/"; - } - - String urlXacml = processor.getAttributeValue(); - if (logger.isDebugEnabled()) { - logger.debug("configs url is " + configsUrl + "and url in xacml is " + urlXacml); - } - - if (urlXacml.startsWith("http")) { - // assuming this an unescaped url - } else if (urlXacml.startsWith("$URLConfig/")) { - urlXacml = urlXacml.replace("$URLConfig/", configsUrl); - } else if (urlXacml.startsWith("$URL/")) { - urlXacml = urlXacml.replace("$URL/", configsUrl); - } else{ - if (logger.isWarnEnabled()) { - logger.warn("XACML url is not in the expected format: " + urlXacml); - } - return false; - } - - if (urlXacml.endsWith(".properties")) { - this.bodyType = PolicyBodyType.properties; - } else if (urlXacml.endsWith(".json")) { - this.bodyType = PolicyBodyType.json; - } else if (urlXacml.endsWith(".xml")) { - this.bodyType = PolicyBodyType.xml; - } else if (urlXacml.endsWith(".txt")) { - this.bodyType = PolicyBodyType.txt; - } - - if (logger.isDebugEnabled()) { - logger.debug("converted url from xacml is " + urlXacml + ", body-type is " + this.bodyType); - } - - InputStream inConfigs = null; - try { - URL url = new URL(urlXacml); - URLConnection connection = url.openConnection(); - inConfigs = connection.getInputStream(); - String encoding = connection.getContentEncoding(); - encoding = (encoding == null ? "UTF-8" : encoding); - this.body = IOUtils.toString(inConfigs, encoding); - if (logger.isInfoEnabled()) { - logger.info("The following document of type " + this.bodyType.toString() + - " has been fetched from " + urlXacml + System.lineSeparator() + - this.body); - } - try { - inConfigs.close(); - } catch (IOException e) { - // ignore - logger.warn("Unexpected error closing stream to " + urlXacml, e); - } - return true; - } catch (Exception e) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- XACML url is not in the expected format: " + e.getMessage() + - ": " + urlXacml, e); - } - // continue - } finally { - if (inConfigs != null) { - try { - inConfigs.close(); - } catch (IOException e) { - // ignore - logger.warn("Unexpected error closing stream to " + urlXacml, e); - } - } - } - - // if retrieval through PAP url was not possible, try to retrieve it from - // filesystem instead. - - if (this.body == null || this.body.isEmpty()) { - Path webappsPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS)); - if (webappsPath == null) { - logger.error("Invalid Webapps Path Location property : " + - XACMLRestProperties.PROP_PAP_WEBAPPS); - return false; - } - String waPath = webappsPath.toFile().getAbsolutePath(); - - String typeDir = null; - try { - typeDir = Xacml2Elk.toConfigsWebDirectory(this.type); - } catch (IllegalArgumentException iae) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- " + this.type + - " cannot be converted to body-directory: " + iae.getMessage(), - iae); - } - this.bodyType = PolicyBodyType.none; - return false; - } - - String scopePrefix = this.scope.replace('/', '.'); - Path bodyPath = Paths.get(waPath, - typeDir, - scopePrefix + "." + this.type + "_" + - this.name + "." + this.bodyType.name()); - File bodyFile = bodyPath.toFile(); - if (Files.notExists(bodyPath)) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "The following document of type " + this.bodyType.toString() + - " does not exist at filesystem location " + bodyFile.getAbsolutePath()); - } - this.bodyType = PolicyBodyType.none; - return false; - } else { - if (logger.isInfoEnabled()) { - logger.info("The following document of type " + this.bodyType.toString() + - " will be fetched from filesystem location " + bodyFile.getAbsolutePath()); - } - } - - try { - inConfigs = new FileInputStream(bodyFile); - this.body = IOUtils.toString(inConfigs); - inConfigs.close(); - if (logger.isInfoEnabled()) { - logger.info("The document of type " + this.bodyType.toString() + - " has been found at filesystem location " + bodyFile.getAbsolutePath()); - } - } catch (Exception e) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- XACML Body File cannot be read: " + bodyFile.getAbsolutePath(), e); - } - this.bodyType = PolicyBodyType.none; - return false; - } finally { - if (inConfigs != null) { - try { - inConfigs.close(); - } catch (IOException e) { - // ignore - logger.warn("Unexpected error closing stream to " + urlXacml, e); - } - } else { - return false; - } - } - } - return true; - } - - public boolean attachJsonBody(JsonNode jPolicy) { - if (this.body == null) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body expected but none provided from " + - this.scope + ":" + this.type + ":" + this.name); - } - return true; - } - - ObjectNode jPolicyRoot = (ObjectNode) jPolicy; - - // verify the json is valid - final ObjectMapper mapper = new ObjectMapper(); - JsonNode jBodyContent; - try { - jBodyContent = mapper.readTree(this.body); - } catch (IOException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body is invalid in " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + System.lineSeparator() + this.body, e); - return false; - } - - String jBodyName = this.type + "_" + "Body"; - ObjectNode jBodyContainer = mapper.createObjectNode(); - jBodyContainer.set(jBodyName, jBodyContent); - - jPolicyRoot.set("Body", jBodyContainer); - - if (logger.isDebugEnabled()) - logger.debug("Attaching JSON to " + - this.scope + ":" + - this.type + ":" + this.name + ":" + - jBodyName + System.lineSeparator() + - jBodyContent); - - return true; - } - - @SuppressWarnings("unchecked") - public boolean attachXmlBody(JsonNode jPolicy) { - if (this.body == null) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body expected but none provided from " + - this.scope + ":" + this.type + ":" + this.name); - } - return true; - } - - XmlMapper xmlMapper = new XmlMapper(); - xmlMapper.setConfig(xmlMapper.getSerializationConfig().withRootName("")); - Map<Object, Object> map; - try { - map = xmlMapper.readValue(this.body, Map.class); - } catch (IOException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- XML Body is invalid in " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + System.lineSeparator() + this.body, e); - return false; - } - - final ObjectMapper mapper = new ObjectMapper(); - String jXmlBody; - try { - jXmlBody = mapper.writeValueAsString(map); - } catch (JsonProcessingException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- Cannot convert XML Body to JSON in " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + System.lineSeparator() + this.body, e); - return false; - } - - if (logger.isDebugEnabled()) - logger.debug("XML-to-JSON Body conversion: " + this.scope + ":" + - this.type + ":" + this.name +jXmlBody); - - JsonNode jBodyContent; - try { - jBodyContent = mapper.readTree(jXmlBody); - } catch (IOException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body (converted from XML) is invalid in " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + System.lineSeparator() + jXmlBody, e); - return false; - } - - ObjectNode jPolicyRoot = (ObjectNode) jPolicy; - - String jBodyName = this.type + "_" + "Body"; - ObjectNode jBodyContainer = mapper.createObjectNode(); - jBodyContainer.set(jBodyName, jBodyContent); - - jPolicyRoot.set("Body", jBodyContainer); - - - if (logger.isDebugEnabled()) - logger.debug("Attaching JSON to " + - this.scope + ":" + - this.type + ":" + this.name + ":" + - jBodyName + System.lineSeparator() + - jBodyContent); - - return true; - } - - protected boolean attachPropertiesBody(JsonNode jPolicy) { - if (this.body == null) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body expected but none provided from " + - this.scope + ":" + this.type + ":" + this.name); - } - return true; - } - - final Properties propBody = new Properties(); - try { - propBody.load(new StringReader(this.body)); - } catch (IOException e) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body is invalid in " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + System.lineSeparator() + this.body, e); - return false; - } - - if (propBody.isEmpty()) { - if (logger.isInfoEnabled()) { - logger.info("Empty set of properties: " + - this.scope + ":" + this.type + ":" + this.name + - System.lineSeparator() + this.body); - } - return true; - } - - - final ObjectMapper mapper = new ObjectMapper(); - - ObjectNode jPolicyRoot = (ObjectNode) jPolicy; - ObjectNode jBody = jPolicyRoot.putObject("Body"); - String jBodyName = this.type + "_" + "Body"; - ObjectNode jBodyContainer = jBody.putObject(jBodyName); - - // ObjectNode jBodyContainer = mapper.createObjectNode(); - - for(String key : propBody.stringPropertyNames()) { - String value = propBody.getProperty(key); - if (logger.isDebugEnabled()) { - logger.debug("Attaching JSON field to " + jBodyName + " for " + - this.type.toString() + ":" + - this.scope + ":" + this.name + ":" + jBodyName + ":" + - " <" + key +"," + value + ">"); - } - jBodyContainer.put(key, propBody.getProperty(key)); - } - - return true; - } - - public boolean attachTextBody(JsonNode jPolicy) { - if (this.body == null) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- JSON Body expected but none provided from " + - this.scope + ":" + this.type + ":" + this.name); - } - return true; - } - - final ObjectMapper mapper = new ObjectMapper(); - StringWriter jsonEscapedTextWriter = new StringWriter(); - try { - mapper.writer().writeValue(jsonEscapedTextWriter, this.body); - } catch (IOException e) { - if (logger.isWarnEnabled()) { - logger.warn(XACMLErrorConstants.ERROR_SYSTEM_ERROR + - "- Text Body cannot be converted from " + - this.scope + ":" + this.type + ":" + this.name + ":" + - e.getMessage() + ":" + jsonEscapedTextWriter , e); - } - return false; - } - String jTextBody = jsonEscapedTextWriter.toString(); - - if (logger.isDebugEnabled()) - logger.debug("XML 2JSON Body conversion: " + this.scope + ":" + - this.type + ":" + this.name + ":" + jTextBody); - - ObjectNode jPolicyRoot = (ObjectNode) jPolicy; - - String jBodyName = this.type + "_" + "Body"; - ObjectNode jBodyContainer = mapper.createObjectNode(); - jBodyContainer.put(jBodyName, jTextBody); - - jPolicyRoot.set("Body", jBodyContainer); - - if (logger.isDebugEnabled()) - logger.debug("Attaching JSON to " + - this.scope + ":" + - this.type + ":" + this.name + ":" + - jBodyName + ":" + - jTextBody); - - return true; - } - - protected boolean attachBody(JsonNode jPolicy) { - if (logger.isTraceEnabled()) logger.trace("ENTER"); - - if (this.bodyType == PolicyBodyType.none) { - if (logger.isInfoEnabled()) - logger.info("No body to attach for policy " + - this.scope + "/" + this.type + "_" + this.name); - - return true; - } - - if (this.body == null || this.body.isEmpty()) { - if (logger.isWarnEnabled()) - logger.warn("No body to attach for policy " + - this.bodyType + this.type + this.scope + this.name); - - return true; - } - - switch (this.bodyType) { - case json: - return attachJsonBody(jPolicy); - case properties: - return attachPropertiesBody(jPolicy); - case xml: - return attachXmlBody(jPolicy); - case txt: - return attachTextBody(jPolicy); - case none: - default: - if (logger.isWarnEnabled()) - logger.warn("Unexpected body type: " + this.bodyType + - this.bodyType + this.type + this.scope + this.name); - return false; - } - } - - public ElkRecord record() throws JAXBException, JsonProcessingException, - IOException, IllegalArgumentException { - if (logger.isTraceEnabled()) logger.trace("ENTER"); - - Marshaller m = jaxbContext.createMarshaller(); - m.setProperty(MarshallerProperties.MEDIA_TYPE, "application/json"); - m.setProperty(MarshallerProperties.JSON_INCLUDE_ROOT, true); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - m.setProperty(MarshallerProperties.JSON_REDUCE_ANY_ARRAYS, true); - m.setProperty(MarshallerProperties.JSON_MARSHAL_EMPTY_COLLECTIONS, false); - - StringWriter policyStringWriter = new StringWriter(); - m.marshal(policy, policyStringWriter); - - // add metadata to elk record - - final ObjectMapper mapper = new ObjectMapper(); - JsonNode jRoot = mapper.readTree(policyStringWriter.toString()); - JsonNode jPolicy = jRoot.path("Policy"); - if (jPolicy.isMissingNode()) { - logger.warn("Aborting: Policy root node is missing."); - throw new IllegalArgumentException("Missing policy root node"); - } - - ((ObjectNode) jPolicy).put("PolicyType", this.type.toString()); - ((ObjectNode) jPolicy).put("PolicyName", this.name); - ((ObjectNode) jPolicy).put("Owner", this.owner); - ((ObjectNode) jPolicy).put("Scope", this.scope); - - JsonNode jPolicyId = jPolicy.path("PolicyId"); - if (jPolicyId.isMissingNode()) { - logger.warn("Aborting: Policy ID node is missing."); - throw new IllegalArgumentException("Missing policy id"); - } - - if (!jPolicyId.isTextual() || !jPolicyId.isValueNode()) { - logger.warn("Aborting: Policy ID invalid."); - throw new IllegalArgumentException("Invalid policy id"); - } - - String xacmlPolicyId = jPolicyId.asText(); - String policyId = xacmlPolicyId.substring(xacmlPolicyId.lastIndexOf(":")+1); - - boolean success = attachBody(jPolicy); - - mapper.configure(SerializationFeature.INDENT_OUTPUT, true); - mapper.configure(SerializationFeature.WRITE_ENUMS_USING_TO_STRING, true); - mapper.configure(SerializationFeature.WRITE_EMPTY_JSON_ARRAYS, false); - mapper.configure(SerializationFeature.WRITE_SINGLE_ELEM_ARRAYS_UNWRAPPED, true); - - String recordText = mapper.writeValueAsString(jRoot); - if (logger.isDebugEnabled()) { - logger.debug("ELK Record: " + System.lineSeparator() + recordText); - } - - ElkRecord elkRecord = new ElkRecord(policyId, recordText, jRoot, success); - return elkRecord; - } - - public void store(String policyId, String record) throws IOException { - if (logger.isTraceEnabled()) logger.trace("ENTER"); - - if (this.elkDirectory != null) { - Files.createDirectories(this.elkDirectory.toPath());; - Path elkPolicyFile = Paths.get(this.elkDirectory.getPath(), policyId + ".json"); - - if (logger.isDebugEnabled()) { - logger.info("Output: " + elkPolicyFile.toAbsolutePath().toString()); - logger.info("---------------------------------------------------"); - } - - Files.write(elkPolicyFile, record.getBytes()); - } - } - - public static void main(String args[]) - throws JAXBException, IOException, CmdLineException, IllegalStateException { - - CLIOptions cliOptions = new CLIOptions(); - CmdLineParser cliParser= new CmdLineParser(cliOptions); - - try { - cliParser.parseArgument(args); - } catch (CmdLineException e) { - System.err.println("Usage: Xacml2elk"); - cliParser.printUsage(System.err); - throw e; - } - - System.out.println("---------------------------------------------------"); - System.out.println("Converting " + cliOptions.xacmlFile.getName() + " to ELK format"); - System.out.println("Metadata=" + "[type:" + cliOptions.type + - "|name:" + cliOptions.name + - "|owner:" + cliOptions.owner + - "|scope:" + cliOptions.scope + "]"); - - // generate json from jaxb input file - - Path xacmlPath = cliOptions.xacmlFile.toPath(); - if (!Files.isReadable(xacmlPath) || !Files.isRegularFile(xacmlPath)) { - System.out.println("Error: " + xacmlPath + " is invalid."); - throw new IllegalArgumentException("Error: " + xacmlPath + " is invalid."); - } - - - Xacml2Elk convertor = new Xacml2Elk(cliOptions); - ElkRecord elkRecord = convertor.record(); - System.out.println(elkRecord.record); - - Path elkOutDir = cliOptions.elkDirectory.toPath(); - if (!Files.isReadable(elkOutDir) || !Files.isDirectory(elkOutDir) || - !Files.isWritable(elkOutDir) || !Files.isExecutable(elkOutDir)) { - System.out.println("Error: " + elkOutDir.getFileName() + " is invalid."); - throw new IllegalArgumentException("Error: " + elkOutDir.getFileName() + " is invalid."); - } - - convertor.store(elkRecord.policyId, elkRecord.record); - } -} |