1bcc66460816e93af1e8f0ad443d7fa2cdeeaf7d
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 import edu.internet2.middleware.shibboleth.aa.*;
2 import java.io.*;
3 import java.util.*;
4 import java.security.*;
5 import javax.naming.*;
6 import javax.naming.directory.*;
7 //import javax.security.auth.kerberos.*;
8
9 class ArpUtil{
10     static Principal user;
11     static ArpFactory arpFactory;
12     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>] [-sql <sql url> <user id>]";
13     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
14     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
15     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
16     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
17
18     public static void main(String [] args)throws AAException{
19
20         arpFactory = ArpRepository.getInstance("file", "/tmp/shib2/");
21
22         //user = new KerberosPrincipal(System.getProperty("user.name"));
23         user = new AA_Identity(System.getProperty("user.name"));
24
25         System.out.println("Running as: "+user+" ... \n");
26
27         String usage = "Usage:\n"+listUsage+"\nor\n"+addUsage+"\nor\n"+removeUsage+"\nor\n"+setAclUsage+"\nor\n"+attrUsage;
28
29         if(args.length < 2){
30             System.out.println(usage);
31             return;
32         }
33         if(args[0].equalsIgnoreCase("list")){
34             doList(args);
35         }else if(args[0].equalsIgnoreCase("add")){
36             doAdd(args);
37         }else if(args[0].equalsIgnoreCase("remove")){
38             doRemove(args);
39         }else if(args[0].equalsIgnoreCase("setAcl")){
40             doSetAcl(args);
41         }else if(args[0].equalsIgnoreCase("listAttributes")){
42             doListAttributes(args);
43         }else{
44             System.out.println(usage);
45         }
46     }
47
48     static void doList(String[] args){
49         try{
50             int len = args.length;
51             if(len < 2){
52                 System.out.println("Usage:\n"+listUsage);               
53                 return;
54             }
55             String arpName = args[1];
56             DirContext ctx = null;
57             boolean acls = false;
58             if(len > 2){
59                 if(args[2].equalsIgnoreCase("-acls"))
60                     acls = true;
61                 if(args[2].equalsIgnoreCase("-dir") || args[2].equalsIgnoreCase("-sql"))
62                     if(len < 4){
63                         System.out.println("Usage:\n"+listUsage);                                       return;
64                     }else{
65                         ctx = getUserContext(args);
66                     }
67                 if(ctx == null)
68                     return;
69             }
70
71             Arp arp = arpFactory.getInstance(arpName, false);
72             if(arp.isNew() == true){
73                 System.out.println("Arp not Found: "+arpName);
74             }
75             System.out.println("ARP: "+arp);
76             if(acls)
77                 System.out.println("ACL: "+arp.getAcl());
78             ArpShar[] shars = arp.getShars();
79
80             for(int i=0; i < shars.length; i++){
81                 System.out.println("\tSHAR: "+shars[i]);
82                 if(acls)
83                     System.out.println("\tACL: "+shars[i].getAcl());
84                 ArpResource[] resources = shars[i].getResources();
85                 for(int j=0; j < resources.length; j++){
86                     System.out.println("\t\tURL: "+resources[j]);
87                     if(acls)
88                         System.out.println("\t\tACL: "+resources[j].getAcl());
89                     ArpAttribute[] attributes = resources[j].getAttributes();
90                     for(int k=0; k < attributes.length; k++){
91                         System.out.print("\t\t\t"+attributes[k]);
92                         if(ctx != null){
93                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
94                             System.out.print(" VALUE(S): ");
95                             if(attr == null)
96                                 System.out.print("NULL");
97                             else
98                                 for(Enumeration en = attr.getAll();
99                                     en.hasMoreElements();)
100                                     System.out.print(en.nextElement()+" ");
101                                                         
102                         }
103                         ArpFilter filter = attributes[k].getFilter();
104                         if(filter == null)
105                             System.out.println("");
106                         else
107                             System.out.println(" FILTER: "+filter);
108                     }
109                 }
110             }
111         }catch(Exception e){
112             e.printStackTrace();
113         }
114     }
115
116     static void doAdd(String[] args){
117
118         if(args.length < 5){
119             System.out.println("Usage:\n"+addUsage);
120             return;
121         }
122         int i = 1;
123         boolean isAdmin = false;
124         boolean isDefault = false;
125         boolean doExclude = false;
126         boolean hasFilter = false;
127         String resourceName = null;
128         String sharName = null;
129         String attrName = null;
130
131         String arpName = args[i++];
132         if(args[i].equalsIgnoreCase("-admin")){
133             isAdmin = true;
134             i++;
135         }
136         sharName = args[i++];
137         if(args[i].equalsIgnoreCase("-default")){
138             isDefault = true;
139             i++;
140         }
141         if(i < args.length)
142             resourceName = args[i++];
143         if(i < args.length)
144             attrName = args[i++];
145         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
146             doExclude = true;
147             i++;
148         }
149         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
150             if(doExclude){
151                 System.out.println("Cannot set filter for an excluded attribute");
152                 return;
153             }
154             hasFilter = true;
155             i++;
156         }
157
158         if(arpName == null || arpName.startsWith("-") ||
159            sharName == null || sharName.startsWith("-") ||
160            resourceName == null || resourceName.startsWith("-") ||
161            attrName == null || attrName.startsWith("-")){
162             System.out.println("Usage:\n"+addUsage);
163             return;
164         }
165
166         if((isDefault || doExclude) && (!isAdmin)){
167             System.out.println("-admin must be specified for -default or -exclude");
168             return;
169         }
170            
171
172         try{
173             Arp arp = arpFactory.getInstance(arpName, isAdmin);
174             ArpShar s = arp.getShar(sharName);
175
176             if(s == null)
177                 s = new ArpShar(sharName, isDefault);
178             ArpResource r = s.getResource(resourceName);
179             if(r == null)
180                 r = new ArpResource(resourceName);
181             ArpAttribute a = r.getAttribute(attrName);
182             if(a == null)
183                 a = new ArpAttribute(attrName, doExclude);
184
185             if(hasFilter){
186                 ArpFilter filter = new ArpFilter();
187                 while(i < args.length){
188                     String val = args[i++];
189                     boolean include = false;
190                     if(val.startsWith("!")){
191                         val = val.substring(1);
192                         include = true;
193                     }
194                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
195                     filter.addAFilterValue(valFilter, true);
196                 }
197                 a.setFilter(filter, true);
198             }
199                        
200             r.addAnAttribute(a);
201             s.addAResource(r);
202             arp.addAShar(s);
203             arpFactory.write(arp);
204         }catch(AAPermissionException pe){
205             System.out.println("Permission denied: "+pe);
206         }catch(Exception e){
207             e.printStackTrace();
208         }
209     }
210
211     static void doRemove(String[] args){
212
213         if(args.length < 2){
214             System.out.println("Usage:\n"+removeUsage);
215             return;
216         }
217         int i = 1;
218         String arpName = args[i++];
219         String resourceName = null;
220         String sharName = null;
221         String attrName = null;
222
223         if(i < args.length)
224             sharName = args[i++];
225         if(i < args.length)
226             resourceName = args[i++];
227         if(i < args.length)
228             attrName = args[i++];
229
230         if(arpName.startsWith("-") ||
231            (sharName != null && sharName.startsWith("-")) ||
232            (resourceName != null && resourceName.startsWith("-")) ||
233            (attrName != null && attrName.startsWith("-"))){
234             System.out.println("Usage:\n"+removeUsage);
235             return;
236         }
237
238         try{
239             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
240             if(arp.isNew()){
241                 System.out.println("ARP not found: "+arp);
242                 return;
243             }
244             if(sharName == null){
245                 // remove the whole arp
246                 arpFactory.remove(arp);
247                 return;
248             }
249             ArpShar s = arp.getShar(sharName);
250             if(s == null){
251                 System.out.println("SHAR not found for this ARP: "+sharName);
252                 return;
253             }
254             if(resourceName == null){
255                 // remove the whole shar
256                 arp.removeAShar(sharName);
257                 arpFactory.write(arp);
258                 return;
259             }
260             ArpResource r = s.getResource(resourceName);
261             if(r == null){
262                 System.out.println("URL not found for this SHAR: "+resourceName);
263                 return;
264             }
265             if(attrName == null){
266                 // remove the whole resource
267                 s.removeAResource(resourceName);
268                 arpFactory.write(arp);
269                 return;
270             }
271             ArpAttribute a = r.getAttribute(attrName);
272             if(a == null){
273                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
274                 return;
275             }
276             r.removeAnAttribute(attrName);
277             arpFactory.write(arp);
278         }catch(AAPermissionException pe){
279             System.out.println("Permission denied: "+pe);
280         }catch(Exception e){
281             e.printStackTrace();
282         }       
283     }
284
285     public static void doSetAcl(String[] args){
286         int len = args.length;
287         if(len < 4){
288             System.out.println("Usage:\n"+setAclUsage);
289             return;
290         }
291         int i = 1;
292         String user = args[i++];
293         String acl = args[i++];
294         String arpName = args[i++];
295
296         String resourceName = null;
297         String sharName = null;
298
299         if(i < args.length)
300             sharName = args[i++];
301         if(i < args.length)
302             resourceName = args[i++];
303
304         if(arpName.startsWith("-") ||
305            (sharName != null && sharName.startsWith("-")) ||
306            (resourceName != null && resourceName.startsWith("-"))){
307             System.out.println("Usage:\n"+setAclUsage);
308             return;
309         }
310         if(acl.equalsIgnoreCase("LOOKUP") ||
311            acl.equalsIgnoreCase("INSERT") ||
312            acl.equalsIgnoreCase("READ") ||
313            acl.equalsIgnoreCase("WRITE") ||
314            acl.equalsIgnoreCase("DELETE") ||
315            acl.equalsIgnoreCase("ALL"))
316             ;
317         else{
318             System.out.println("Invalid ACL : "+acl);
319             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
320             return;
321         }
322
323           
324
325         try{
326             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
327             if(arp.isNew()){
328                 System.out.println("ARP not found: "+arp);
329                 return;
330             }
331             if(sharName == null){
332                 // set ACL fo the whole arp
333                 arp.setAcl(user, acl);
334                 arpFactory.write(arp);
335                 return;
336             }
337             ArpShar s = arp.getShar(sharName);
338             if(s == null){
339                 System.out.println("SHAR not found for this ARP: "+sharName);
340                 return;
341             }
342             if(resourceName == null){
343                 // set ACL the whole shar
344                 s.setAcl(user, acl);
345                 arpFactory.write(arp);
346                 return;
347             }
348             ArpResource r = s.getResource(resourceName);
349             if(r == null){
350                 System.out.println("URL not found for this SHAR: "+resourceName);
351                 return;
352             }
353             // set ACL the resource
354             r.setAcl(user, acl);
355             arpFactory.write(arp);
356             return;
357         }catch(AAPermissionException pe){
358             System.out.println("Permission denied: "+pe);
359         }catch(Exception e){
360             e.printStackTrace();
361         }
362     }
363
364     static void doListAttributes(String[] args){
365         try{
366             int len = args.length;
367             if(len < 2){
368                 System.out.println("Usage:\n"+attrUsage);               
369                 return;
370             }
371             String jarFile = args[1];
372             AAAttributes aaa = new AAAttributes(jarFile);
373             System.out.println("List of all known attributes:");
374             String[] list = aaa.list();
375             for(int i=0; i<list.length; i++)
376                 System.out.println("\t"+list[i]);
377         }catch(Exception e){
378             e.printStackTrace();
379         }
380     }
381
382     public static DirContext getUserContext(String[] args)
383     throws Exception{
384
385         String dirUrl = args[3];
386         String uid = args[4];
387         
388         Hashtable env = new Hashtable(11);
389
390         if(args[2].equalsIgnoreCase("-dir")){
391             env.put(Context.INITIAL_CONTEXT_FACTORY,
392                     "com.sun.jndi.ldap.LdapCtxFactory");
393             env.put(Context.PROVIDER_URL, dirUrl);
394
395             DirContext ctx = new InitialDirContext(env);
396             
397             NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
398             if(ne.hasMoreElements()){
399                 SearchResult rs = (SearchResult)ne.nextElement();
400                 String guid = (String)rs.getAttributes().get("GUID").get();
401                 return (DirContext)ctx.lookup("guid="+guid);
402             }else{
403                 System.out.println("Search for "+uid+" failed!");
404                 return null;
405             }
406
407         }else if(args[2].equalsIgnoreCase("-sql")){
408             env.put(Context.INITIAL_CONTEXT_FACTORY,
409                     "SQLCtxFactory");
410
411             // a Sample of possible args to pass to context
412             env.put(Context.PROVIDER_URL, dirUrl);
413             env.put("SQL_DRIVER", "oracle.jdbc.OracleDriver");
414             env.put("SECURITY_PRINCIPAL", "dousti");
415             env.put("SECURITY_CREDENTIALS", "foobar");
416             env.put("USER_IDENTIFIER", args[4]);
417             DirContext ctx = new InitialDirContext(env);
418             return ctx;
419
420         }else{
421             System.out.println("Usage:\n"+listUsage);
422             return null;
423         }
424         
425     }
426         
427 }
428
429
430
431
432