From e9312923e96a2678f794fcf08ff5918d1b005bbd Mon Sep 17 00:00:00 2001 From: Michael Mokry Date: Fri, 21 Sep 2018 15:56:43 -0500 Subject: CADI AAF changes for policy/engine Added cadi properties and modified policy aaf client code. Fixed issue with namespace and modified code to reverse it for structuring the username sent in AAF API call Added properties for keystore and keystore password after getting error response from AAF when setting up the connection to AAF Missed a fix for one of Jorge's comments in last patch, here it is. Change-Id: Ic164ade8aa34da95a560c1592656e0caf990a595 Issue-ID: POLICY-913 Signed-off-by: Michael Mokry --- .../onap/policy/pdp/rest/config/PDPApiAuth.java | 278 +++++++++++---------- 1 file changed, 144 insertions(+), 134 deletions(-) (limited to 'ONAP-PDP-REST/src/main') diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java index 1e3a41aeb..d06321d64 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java @@ -27,7 +27,9 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; import java.util.Base64; +import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Properties; import java.util.StringTokenizer; @@ -45,145 +47,153 @@ import org.onap.policy.xacml.api.XACMLErrorConstants; import com.att.research.xacml.util.XACMLProperties; public class PDPApiAuth { - private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); + private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); - private static String environment = null; - private static Path clientPath = null; - private static Map> clientMap = null; - private static Long oldModified = null; - private static AAFPolicyClient aafClient = null; + private static String environment = null; + private static Path clientPath = null; + private static Map> clientMap = null; + private static Long oldModified = null; + private static AAFPolicyClient aafClient = null; - private PDPApiAuth(){ - // Private Constructor - } + private PDPApiAuth(){ + // Private Constructor + } - /* - * Set Property by reading the properties File. - */ - public static void setProperty() { - environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); - String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); - if(clientFile!=null){ - clientPath = Paths.get(clientFile); - } - try { - aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); - } catch (AAFPolicyException | IOException e) { - LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); - } - } + /* + * Set Property by reading the properties File. + */ + public static void setProperty() { + environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); + String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); + if(clientFile!=null){ + clientPath = Paths.get(clientFile); + } + try { + aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); + } catch (AAFPolicyException | IOException e) { + LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); + } + } - /* - * Return Environment value of the PDP servlet. - */ - public static String getEnvironment() { - if(environment==null){ - setProperty(); - } - return environment; - } + /* + * Return Environment value of the PDP servlet. + */ + public static String getEnvironment() { + if(environment==null){ + setProperty(); + } + return environment; + } - /* - * Security check for authentication and authorizations. - */ - public static boolean checkPermissions(String clientEncoding, String requestID, - String resource) { - try{ - String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); - if(userNamePass==null || userNamePass.length==0){ - String usernameAndPassword = null; - byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); - usernameAndPassword = new String(decodedBytes, "UTF-8"); - StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); - String username = tokenizer.nextToken(); - String password = tokenizer.nextToken(); - userNamePass= new String[]{username, password}; - } - LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); - Boolean result = false; - // Check Backward Compatibility. - try{ - result = clientAuth(userNamePass); - }catch(Exception e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - } - if(!result){ - String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); - String aafResource = XACMLProperties.getProperty("policy.aaf.resource"); - if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ - userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace; - }else{ - LOGGER.info("No AAF NameSpace specified in properties"); - } - if(aafResource != null){ - resource = aafResource + resource; - }else{ - LOGGER.info("No AAF Resource specified in properties"); - } - LOGGER.info("Contacting AAF in : " + environment); - result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*"); - } - return result; - }catch(Exception e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - return false; - } - } + /* + * Security check for authentication and authorizations. + */ + public static boolean checkPermissions(String clientEncoding, String requestID, + String resource) { + try{ + String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); + if(userNamePass==null || userNamePass.length==0){ + String usernameAndPassword = null; + byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); + usernameAndPassword = new String(decodedBytes, "UTF-8"); + StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); + String username = tokenizer.nextToken(); + String password = tokenizer.nextToken(); + userNamePass= new String[]{username, password}; + } + LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); + Boolean result = false; + // Check Backward Compatibility. + try{ + result = clientAuth(userNamePass); + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + } + if(!result){ + String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); + String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission"); + String type = null; + if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ + userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace); + }else{ + LOGGER.info("No AAF NameSpace specified in properties"); + } + if(aafResource != null){ + type = aafResource + "." + resource; + }else{ + LOGGER.warn("No AAF Resource specified in properties"); + return false; + } + LOGGER.info("Contacting AAF in : " + environment); + result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*"); + } + return result; + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } - private static Boolean clientAuth(String[] userNamePass){ - if(clientPath==null){ - setProperty(); - } - if (!clientPath.toFile().exists()) { - return false; - }else if(clientPath.toString().endsWith(".properties")) { - try { - readProps(clientPath); - if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { - return true; - } - }catch(PolicyEngineException e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - return false; - } - } - return false; - } + private static Boolean clientAuth(String[] userNamePass){ + if(clientPath==null){ + setProperty(); + } + if (!clientPath.toFile().exists()) { + return false; + }else if(clientPath.toString().endsWith(".properties")) { + try { + readProps(clientPath); + if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { + return true; + } + }catch(PolicyEngineException e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } + return false; + } - private static Map> readProps(Path clientPath) throws PolicyEngineException{ - if(oldModified!=null){ - Long newModified = clientPath.toFile().lastModified(); - if (newModified == oldModified) { - return clientMap; - } - } - InputStream in; - Properties clientProp = new Properties(); - try { - in = new FileInputStream(clientPath.toFile()); - clientProp.load(in); - } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); - throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); - } - // Read the Properties and Load the Clients and their scopes. - clientMap = new HashMap<>(); - // - for (Object propKey : clientProp.keySet()) { - String clientID = (String)propKey; - String clientValue = clientProp.getProperty(clientID); - if (clientValue != null && clientValue.contains(",")) { - ArrayList clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); - if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ - clientMap.put(clientID, clientValues); - } - } - } - if (clientMap.isEmpty()) { - LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); - throw new PolicyEngineException("Empty Client file"); - } - oldModified = clientPath.toFile().lastModified(); - return clientMap; - } + private static String reverseNamespace(String namespace) { + final List components = Arrays.asList(namespace.split("\\.")); + Collections.reverse(components); + return String.join(".", components); + } + + private static Map> readProps(Path clientPath) throws PolicyEngineException{ + if(oldModified!=null){ + Long newModified = clientPath.toFile().lastModified(); + if (newModified == oldModified) { + return clientMap; + } + } + InputStream in; + Properties clientProp = new Properties(); + try { + in = new FileInputStream(clientPath.toFile()); + clientProp.load(in); + } catch (IOException e) { + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); + throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); + } + // Read the Properties and Load the Clients and their scopes. + clientMap = new HashMap<>(); + // + for (Object propKey : clientProp.keySet()) { + String clientID = (String)propKey; + String clientValue = clientProp.getProperty(clientID); + if (clientValue != null && clientValue.contains(",")) { + ArrayList clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); + if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ + clientMap.put(clientID, clientValues); + } + } + } + if (clientMap.isEmpty()) { + LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); + throw new PolicyEngineException("Empty Client file"); + } + oldModified = clientPath.toFile().lastModified(); + return clientMap; + } } \ No newline at end of file -- cgit 1.2.3-korg