295 lines
12 KiB
Java
295 lines
12 KiB
Java
/* Copyright 2012-2015 SAP SE
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package eu.aniketos.securebpmn.xacml.finder;
|
|
|
|
import java.io.BufferedReader;
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.ByteArrayOutputStream;
|
|
import java.io.IOException;
|
|
import java.io.StringReader;
|
|
import java.util.List;
|
|
import java.util.Vector;
|
|
|
|
import org.apache.log4j.Logger;
|
|
import org.tmatesoft.svn.core.SVNException;
|
|
import org.tmatesoft.svn.core.SVNProperties;
|
|
|
|
import eu.aniketos.securebpmn.xacml.SVNPDPConfig;
|
|
import eu.aniketos.securebpmn.xacml.support.finder.FilePolicyModule;
|
|
|
|
import com.sun.xacml.AbstractPolicy;
|
|
import com.sun.xacml.PDPConfig;
|
|
import com.sun.xacml.ParsingException;
|
|
import com.sun.xacml.finder.PolicyFinder;
|
|
import com.sun.xacml.support.finder.PolicyReader;
|
|
|
|
public class SVNPolicyFinderModule extends FilePolicyModule {
|
|
|
|
|
|
protected String svn_url;
|
|
protected long version;
|
|
|
|
private static Logger logger = Logger.getLogger(SVNPolicyFinderModule.class);
|
|
|
|
public static final String XACML_FOLDER = "xacml";
|
|
|
|
protected MySVNClient svn;
|
|
|
|
public SVNPolicyFinderModule(List<String> args) {
|
|
super(args);
|
|
}
|
|
|
|
|
|
public SVNPolicyFinderModule(String svn_url, String username, String password, int version) {
|
|
svn = new MySVNClient(svn_url, username, password, version);
|
|
}
|
|
|
|
public SVNPolicyFinderModule(MySVNClient svnClient) {
|
|
svn = svnClient;
|
|
}
|
|
|
|
public SVNPolicyFinderModule() {
|
|
|
|
}
|
|
|
|
|
|
@Override
|
|
public void init(PolicyFinder finder) {
|
|
|
|
logger.debug("Initializing SVNPolicyFinderModule");
|
|
|
|
svnInit(finder);
|
|
|
|
this.svn_url = svn.getSvn_url();
|
|
this.version = svn.getVersion();
|
|
|
|
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
|
List<String> policyFiles = null;
|
|
try {
|
|
policyFiles = getPolicyFileNames(version, buffer);
|
|
} catch (SVNException e) {
|
|
logger.error("SVNException when reading file " + SVNPDPConfig.POLICY_FILE + " from repository: " + e.getMessage() + ", will not be able to retrieve policies from SVN storage");
|
|
policyFiles = new Vector<String>();
|
|
}
|
|
|
|
List<AbstractPolicy> policies = getPolicies(finder, policyFiles, version, buffer);
|
|
for ( AbstractPolicy policy : policies ) {
|
|
super.addPolicy(policy);
|
|
}
|
|
// svn client is not required any more, release resources locally
|
|
svn = null;
|
|
}
|
|
|
|
/**
|
|
* Does some initialization of for a SVN finder, i.e., getting
|
|
* a SVN client and setting other parameters such as useLines
|
|
* @param finder
|
|
*/
|
|
protected void svnInit(PolicyFinder finder) {
|
|
PDPConfig pdpConfig = finder.getPDPConfiguration();
|
|
|
|
// if we did not get the svn client with the constructor
|
|
if ( svn != null ) {
|
|
svn = getSVNClient(pdpConfig, finder);
|
|
}
|
|
|
|
pdpConfig.setCustomAttr(SVNPDPConfig.SVN_CLIENT, svn);
|
|
|
|
//check if we have to use lines parser
|
|
if ( super.enf_useLines ) {
|
|
useLines = true;
|
|
}
|
|
// check use lines configuration
|
|
else if ( confParams.containsKey(CONF_USELINES)) {
|
|
useLines = getBool(confParams.get(CONF_USELINES));
|
|
logger.debug("Use lines: " + useLines + " (loaded from FinderModule configuration)");
|
|
} else if ( pdpConfig.getCustomAttr(CONF_USELINES) != null ) {
|
|
useLines = getBool( (String) pdpConfig.getCustomAttr(CONF_USELINES));
|
|
logger.debug("Use lines: " + useLines + " (loaded from PDP wide configuration)");
|
|
}
|
|
}
|
|
|
|
protected MySVNClient getSVNClient(PDPConfig pdpConfig, PolicyFinder finder) {
|
|
|
|
// first, check if there is a local configuration
|
|
List<String> confArgs = null;
|
|
if ( confParams.containsKey(SVNPDPConfig.SVN_URL) && confParams.containsKey(SVNPDPConfig.USERNAME) &&
|
|
confParams.containsKey(SVNPDPConfig.PASSWORD) ) {
|
|
confArgs = new Vector<String>();
|
|
confArgs.add(confParams.get(SVNPDPConfig.SVN_URL));
|
|
confArgs.add(confParams.get(SVNPDPConfig.USERNAME));
|
|
confArgs.add(confParams.get(SVNPDPConfig.PASSWORD));
|
|
if (confParams.get(SVNPDPConfig.VERSION) != null ) {
|
|
confArgs.add(confParams.get(SVNPDPConfig.VERSION));
|
|
}
|
|
logger.info("Loading SVN configuration from FinderModule configuration: " +
|
|
confParams.get(SVNPDPConfig.SVN_URL) +" in version " + confParams.get(SVNPDPConfig.VERSION));
|
|
}
|
|
// check if we can reuse an existing client
|
|
else if (pdpConfig.getCustomAttr(SVNPDPConfig.SVN_CLIENT) != null) {
|
|
MySVNClient client = (MySVNClient) pdpConfig.getCustomAttr(SVNPDPConfig.SVN_CLIENT);
|
|
logger.info("Using PDP wide SVN client and configuration: " + svn.getSvn_url() +
|
|
" in version " + svn.getVersion());
|
|
return client;
|
|
}
|
|
// check if there is a pdp wide svn configuration
|
|
else if (pdpConfig.getCustomAttr(SVNPDPConfig.SVN_URL) != null && pdpConfig.getCustomAttr(SVNPDPConfig.USERNAME) != null &&
|
|
pdpConfig.getCustomAttr(SVNPDPConfig.PASSWORD) != null ) {
|
|
confArgs = new Vector<String>();
|
|
confArgs.add( (String) pdpConfig.getCustomAttr(SVNPDPConfig.SVN_URL));
|
|
confArgs.add( (String) pdpConfig.getCustomAttr(SVNPDPConfig.USERNAME));
|
|
confArgs.add( (String) pdpConfig.getCustomAttr(SVNPDPConfig.PASSWORD));
|
|
if ( pdpConfig.getCustomAttr(SVNPDPConfig.VERSION) != null ) {
|
|
confArgs.add( (String) pdpConfig.getCustomAttr(SVNPDPConfig.VERSION));
|
|
}
|
|
logger.info("Loading SVN configuration from PDP wide configuration: " +
|
|
pdpConfig.getCustomAttr(SVNPDPConfig.SVN_URL) +" in version " + pdpConfig.getCustomAttr(SVNPDPConfig.VERSION));
|
|
} else {
|
|
logger.fatal("No configuration for SVN access found; No policies will be loaded");
|
|
}
|
|
|
|
if (confArgs != null ) {
|
|
return new MySVNClient(confArgs);
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
protected List<String> getPolicyFileNames(long version, ByteArrayOutputStream buffer) throws SVNException {
|
|
List<String> fileNames = new Vector<String>();
|
|
|
|
String policiesFile = svn.getTextFile(XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE, version, null, buffer);
|
|
if ( policiesFile == null ) {
|
|
logger.error("Could not find policies file (" + svn_url + "/" + XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE);
|
|
throw new RuntimeException("Could not find policies file (" + svn_url + "/" + XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE);
|
|
}
|
|
|
|
BufferedReader reader = new BufferedReader(new StringReader(policiesFile));
|
|
try {
|
|
String filePolicy = null;
|
|
while ( (filePolicy = reader.readLine()) != null ) {
|
|
if ( ! ( filePolicy.startsWith("#") || filePolicy.length() == 0) ) {
|
|
fileNames.add(filePolicy.trim());
|
|
}
|
|
}
|
|
} catch (IOException e) {
|
|
// must not happen as stream is got from a string...
|
|
}
|
|
return fileNames;
|
|
}
|
|
|
|
protected List<AbstractPolicy> getPolicies(PolicyFinder finder,
|
|
List<String> policyFileNames, long version, ByteArrayOutputStream buffer) {
|
|
List<AbstractPolicy> policies = new Vector<AbstractPolicy>();
|
|
|
|
SVNProperties props = new SVNProperties();
|
|
PolicyReader reader = new PolicyReader(finder,
|
|
java.util.logging.Logger.getLogger(this.getClass().getName()), null);
|
|
if ( buffer == null ) {
|
|
buffer = new ByteArrayOutputStream();
|
|
}
|
|
|
|
for ( String policyFile : policyFileNames ) {
|
|
String policy;
|
|
try {
|
|
policy = svn.getTextFile(XACML_FOLDER + "/" + policyFile, version, props, buffer);
|
|
|
|
if ( policy == null ) {
|
|
logger.error("Could not retreive " + policyFile + " from SVN repository. WARNING: This policy will not be loaded");
|
|
} else {
|
|
policies.add(reader.readPolicy(new ByteArrayInputStream(policy.getBytes())));
|
|
logger.info("Loaded policies from " + policyFile + " (checked in with version " +
|
|
props.getStringValue(MySVNClient.COMMIT_VERSION) + " on " +
|
|
props.getStringValue(MySVNClient.COMMIT_DATE) + ")"); //
|
|
props.clear();
|
|
}
|
|
} catch (SVNException e) {
|
|
logger.error("SVN Error at retreiving " + policyFile + ": " + e.getMessage() + ". WARNING: This policy will not be loaded");
|
|
} catch (ParsingException e) {
|
|
logger.error("ParsingException at parsing " + policyFile + ": " + e.getMessage() + ". WARNING: This policy will not be loaded");
|
|
e.printStackTrace();
|
|
}
|
|
}
|
|
return policies;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// try {
|
|
// String policiesFile = svn.getTextFile(XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE, version, props, buffer);
|
|
//
|
|
// if ( policiesFile == null ) {
|
|
// logger.error("Could not find policies file (" + svn_url + "/" + XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE);
|
|
// throw new RuntimeException("Could not find policies file (" + svn_url + "/" + XACML_FOLDER + "/" + SVNPDPConfig.POLICY_FILE);
|
|
// }
|
|
//
|
|
// BufferedReader reader = new BufferedReader(new StringReader(policiesFile));
|
|
//
|
|
//
|
|
// String filePolicy = null;
|
|
// try {
|
|
// while ( (filePolicy = reader.readLine()) != null ) {
|
|
// if ( ! ( filePolicy.startsWith("#") || filePolicy.length() == 0) ) {
|
|
// policyFiles.add(filePolicy.trim());
|
|
// }
|
|
// }
|
|
// } catch (IOException e) {
|
|
// logger.error("IOExeption when reading file " + SVNPDPConfig.POLICY_FILE + " from repository: " + e.getMessage());
|
|
// e.printStackTrace();
|
|
// }
|
|
// } catch (SVNException e) {
|
|
// logger.error("SVNException when reading file " + SVNPDPConfig.POLICY_FILE + " from repository: " + e.getMessage());
|
|
// e.printStackTrace();
|
|
// }
|
|
|
|
// SVNProperties props = new SVNProperties();
|
|
// PolicyReader reader = new PolicyReader(finder,
|
|
// java.util.logging.Logger.getLogger(this.getClass().getName()), null);
|
|
//
|
|
// for ( String policyFile : policyFiles ) {
|
|
// String policy;
|
|
// try {
|
|
// policy = svn.getTextFile(XACML_FOLDER + "/" + policyFile, version, props, buffer);
|
|
//
|
|
// if ( policy == null ) {
|
|
// logger.error("Could not retreive " + policyFile + " from SVN repository. WARNING: This policy will not be loaded");
|
|
// } else {
|
|
// super.addPolicy(reader.readPolicy(new ByteArrayInputStream(policy.getBytes())));
|
|
// logger.info("Loaded policies from " + policyFile + " (checked in with version " +
|
|
// props.getStringValue(MySVNClient.COMMIT_VERSION) + " on " +
|
|
// props.getStringValue(MySVNClient.COMMIT_DATE) + ")"); //
|
|
// props.clear();
|
|
// }
|
|
// } catch (SVNException e) {
|
|
// logger.error("SVN Error at retreiving " + policyFile + ": " + e.getMessage() + ". WARNING: This policy will not be loaded");
|
|
// } catch (ParsingException e) {
|
|
// logger.error("ParsingException at parsing " + policyFile + ": " + e.getMessage() + ". WARNING: This policy will not be loaded");
|
|
// e.printStackTrace();
|
|
// }
|
|
// }
|
|
|
|
|
|
// private void checkForConfig() {
|
|
//
|
|
// }
|
|
|
|
}
|