Added ArpUtil scripting.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 package edu.internet2.middleware.shibboleth.aa.arpUtil;
2
3 import edu.internet2.middleware.shibboleth.aa.*;
4 import java.io.*;
5 import java.util.*;
6 import java.security.*;
7 import javax.naming.*;
8 import javax.naming.directory.*;
9 //import javax.security.auth.kerberos.*;
10
11 class ArpUtil{
12     static Principal user;
13     static ArpFactory arpFactory;
14     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>] [-sql <sql url> <user id>]";
15     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
16     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
17     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
18     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
19
20     public static void main(String [] args)throws AAException{
21
22         arpFactory = ArpRepository.getInstance("file", "/tmp/shib2/");
23
24         //user = new KerberosPrincipal(System.getProperty("user.name"));
25         user = new AA_Identity(System.getProperty("user.name"));
26
27         System.out.println("Running as: "+user+" ... \n");
28
29         String usage = "Usage:\n"+listUsage+"\nor\n"+addUsage+"\nor\n"+removeUsage+"\nor\n"+setAclUsage+"\nor\n"+attrUsage;
30
31         if(args.length < 2){
32             System.out.println(usage);
33             return;
34         }
35         if(args[0].equalsIgnoreCase("list")){
36             doList(args);
37         }else if(args[0].equalsIgnoreCase("add")){
38             doAdd(args);
39         }else if(args[0].equalsIgnoreCase("remove")){
40             doRemove(args);
41         }else if(args[0].equalsIgnoreCase("setAcl")){
42             doSetAcl(args);
43         }else if(args[0].equalsIgnoreCase("listAttributes")){
44             doListAttributes(args);
45         }else{
46             System.out.println(usage);
47         }
48     }
49
50     static void doList(String[] args){
51         try{
52             int len = args.length;
53             if(len < 2){
54                 System.out.println("Usage:\n"+listUsage);               
55                 return;
56             }
57             String arpName = args[1];
58             DirContext ctx = null;
59             boolean acls = false;
60             if(len > 2){
61                 if(args[2].equalsIgnoreCase("-acls"))
62                     acls = true;
63                 if(args[2].equalsIgnoreCase("-dir") || args[2].equalsIgnoreCase("-sql"))
64                     if(len < 4){
65                         System.out.println("Usage:\n"+listUsage);                                       return;
66                     }else{
67                         ctx = getUserContext(args);
68                     }
69                 if(ctx == null)
70                     return;
71             }
72
73             Arp arp = arpFactory.getInstance(arpName, false);
74             if(arp.isNew() == true){
75                 System.out.println("Arp not Found: "+arpName);
76             }
77             System.out.println("ARP: "+arp);
78             if(acls)
79                 System.out.println("ACL: "+arp.getAcl());
80             ArpShar[] shars = arp.getShars();
81
82             for(int i=0; i < shars.length; i++){
83                 System.out.println("\tSHAR: "+shars[i]);
84                 if(acls)
85                     System.out.println("\tACL: "+shars[i].getAcl());
86                 ArpResource[] resources = shars[i].getResources();
87                 for(int j=0; j < resources.length; j++){
88                     System.out.println("\t\tURL: "+resources[j]);
89                     if(acls)
90                         System.out.println("\t\tACL: "+resources[j].getAcl());
91                     ArpAttribute[] attributes = resources[j].getAttributes();
92                     for(int k=0; k < attributes.length; k++){
93                         System.out.print("\t\t\t"+attributes[k]);
94                         if(ctx != null){
95                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
96                             System.out.print(" VALUE(S): ");
97                             if(attr == null)
98                                 System.out.print("NULL");
99                             else
100                                 for(Enumeration en = attr.getAll();
101                                     en.hasMoreElements();)
102                                     System.out.print(en.nextElement()+" ");
103                                                         
104                         }
105                         ArpFilter filter = attributes[k].getFilter();
106                         if(filter == null)
107                             System.out.println("");
108                         else
109                             System.out.println(" FILTER: "+filter);
110                     }
111                 }
112             }
113         }catch(Exception e){
114             e.printStackTrace();
115         }
116     }
117
118     static void doAdd(String[] args){
119
120         if(args.length < 5){
121             System.out.println("Usage:\n"+addUsage);
122             return;
123         }
124         int i = 1;
125         boolean isAdmin = false;
126         boolean isDefault = false;
127         boolean doExclude = false;
128         boolean hasFilter = false;
129         String resourceName = null;
130         String sharName = null;
131         String attrName = null;
132
133         String arpName = args[i++];
134         if(args[i].equalsIgnoreCase("-admin")){
135             isAdmin = true;
136             i++;
137         }
138         sharName = args[i++];
139         if(args[i].equalsIgnoreCase("-default")){
140             isDefault = true;
141             i++;
142         }
143         if(i < args.length)
144             resourceName = args[i++];
145         if(i < args.length)
146             attrName = args[i++];
147         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
148             doExclude = true;
149             i++;
150         }
151         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
152             if(doExclude){
153                 System.out.println("Cannot set filter for an excluded attribute");
154                 return;
155             }
156             hasFilter = true;
157             i++;
158         }
159
160         if(arpName == null || arpName.startsWith("-") ||
161            sharName == null || sharName.startsWith("-") ||
162            resourceName == null || resourceName.startsWith("-") ||
163            attrName == null || attrName.startsWith("-")){
164             System.out.println("Usage:\n"+addUsage);
165             return;
166         }
167
168         if((isDefault || doExclude) && (!isAdmin)){
169             System.out.println("-admin must be specified for -default or -exclude");
170             return;
171         }
172            
173
174         try{
175             Arp arp = arpFactory.getInstance(arpName, isAdmin);
176             ArpShar s = arp.getShar(sharName);
177
178             if(s == null)
179                 s = new ArpShar(sharName, isDefault);
180             ArpResource r = s.getResource(resourceName);
181             if(r == null)
182                 r = new ArpResource(resourceName);
183             ArpAttribute a = r.getAttribute(attrName);
184             if(a == null)
185                 a = new ArpAttribute(attrName, doExclude);
186
187             if(hasFilter){
188                 ArpFilter filter = new ArpFilter();
189                 while(i < args.length){
190                     String val = args[i++];
191                     boolean include = false;
192                     if(val.startsWith("!")){
193                         val = val.substring(1);
194                         include = true;
195                     }
196                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
197                     filter.addAFilterValue(valFilter, true);
198                 }
199                 a.setFilter(filter, true);
200             }
201                        
202             r.addAnAttribute(a);
203             s.addAResource(r);
204             arp.addAShar(s);
205             arpFactory.write(arp);
206         }catch(AAPermissionException pe){
207             System.out.println("Permission denied: "+pe);
208         }catch(Exception e){
209             e.printStackTrace();
210         }
211     }
212
213     static void doRemove(String[] args){
214
215         if(args.length < 2){
216             System.out.println("Usage:\n"+removeUsage);
217             return;
218         }
219         int i = 1;
220         String arpName = args[i++];
221         String resourceName = null;
222         String sharName = null;
223         String attrName = null;
224
225         if(i < args.length)
226             sharName = args[i++];
227         if(i < args.length)
228             resourceName = args[i++];
229         if(i < args.length)
230             attrName = args[i++];
231
232         if(arpName.startsWith("-") ||
233            (sharName != null && sharName.startsWith("-")) ||
234            (resourceName != null && resourceName.startsWith("-")) ||
235            (attrName != null && attrName.startsWith("-"))){
236             System.out.println("Usage:\n"+removeUsage);
237             return;
238         }
239
240         try{
241             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
242             if(arp.isNew()){
243                 System.out.println("ARP not found: "+arp);
244                 return;
245             }
246             if(sharName == null){
247                 // remove the whole arp
248                 arpFactory.remove(arp);
249                 return;
250             }
251             ArpShar s = arp.getShar(sharName);
252             if(s == null){
253                 System.out.println("SHAR not found for this ARP: "+sharName);
254                 return;
255             }
256             if(resourceName == null){
257                 // remove the whole shar
258                 arp.removeAShar(sharName);
259                 arpFactory.write(arp);
260                 return;
261             }
262             ArpResource r = s.getResource(resourceName);
263             if(r == null){
264                 System.out.println("URL not found for this SHAR: "+resourceName);
265                 return;
266             }
267             if(attrName == null){
268                 // remove the whole resource
269                 s.removeAResource(resourceName);
270                 arpFactory.write(arp);
271                 return;
272             }
273             ArpAttribute a = r.getAttribute(attrName);
274             if(a == null){
275                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
276                 return;
277             }
278             r.removeAnAttribute(attrName);
279             arpFactory.write(arp);
280         }catch(AAPermissionException pe){
281             System.out.println("Permission denied: "+pe);
282         }catch(Exception e){
283             e.printStackTrace();
284         }       
285     }
286
287     public static void doSetAcl(String[] args){
288         int len = args.length;
289         if(len < 4){
290             System.out.println("Usage:\n"+setAclUsage);
291             return;
292         }
293         int i = 1;
294         String user = args[i++];
295         String acl = args[i++];
296         String arpName = args[i++];
297
298         String resourceName = null;
299         String sharName = null;
300
301         if(i < args.length)
302             sharName = args[i++];
303         if(i < args.length)
304             resourceName = args[i++];
305
306         if(arpName.startsWith("-") ||
307            (sharName != null && sharName.startsWith("-")) ||
308            (resourceName != null && resourceName.startsWith("-"))){
309             System.out.println("Usage:\n"+setAclUsage);
310             return;
311         }
312         if(acl.equalsIgnoreCase("LOOKUP") ||
313            acl.equalsIgnoreCase("INSERT") ||
314            acl.equalsIgnoreCase("READ") ||
315            acl.equalsIgnoreCase("WRITE") ||
316            acl.equalsIgnoreCase("DELETE") ||
317            acl.equalsIgnoreCase("ALL"))
318             ;
319         else{
320             System.out.println("Invalid ACL : "+acl);
321             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
322             return;
323         }
324
325           
326
327         try{
328             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
329             if(arp.isNew()){
330                 System.out.println("ARP not found: "+arp);
331                 return;
332             }
333             if(sharName == null){
334                 // set ACL fo the whole arp
335                 arp.setAcl(user, acl);
336                 arpFactory.write(arp);
337                 return;
338             }
339             ArpShar s = arp.getShar(sharName);
340             if(s == null){
341                 System.out.println("SHAR not found for this ARP: "+sharName);
342                 return;
343             }
344             if(resourceName == null){
345                 // set ACL the whole shar
346                 s.setAcl(user, acl);
347                 arpFactory.write(arp);
348                 return;
349             }
350             ArpResource r = s.getResource(resourceName);
351             if(r == null){
352                 System.out.println("URL not found for this SHAR: "+resourceName);
353                 return;
354             }
355             // set ACL the resource
356             r.setAcl(user, acl);
357             arpFactory.write(arp);
358             return;
359         }catch(AAPermissionException pe){
360             System.out.println("Permission denied: "+pe);
361         }catch(Exception e){
362             e.printStackTrace();
363         }
364     }
365
366     static void doListAttributes(String[] args){
367         try{
368             int len = args.length;
369             if(len < 2){
370                 System.out.println("Usage:\n"+attrUsage);               
371                 return;
372             }
373             String jarFile = args[1];
374             AAAttributes aaa = new AAAttributes(jarFile);
375             System.out.println("List of all known attributes:");
376             String[] list = aaa.list();
377             for(int i=0; i<list.length; i++)
378                 System.out.println("\t"+list[i]);
379         }catch(Exception e){
380             e.printStackTrace();
381         }
382     }
383
384     public static DirContext getUserContext(String[] args)
385     throws Exception{
386
387         String dirUrl = args[3];
388         String uid = args[4];
389         
390         Hashtable env = new Hashtable(11);
391
392         if(args[2].equalsIgnoreCase("-dir")){
393             env.put(Context.INITIAL_CONTEXT_FACTORY,
394                     "com.sun.jndi.ldap.LdapCtxFactory");
395             env.put(Context.PROVIDER_URL, dirUrl);
396
397             DirContext ctx = new InitialDirContext(env);
398             
399             NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
400             if(ne.hasMoreElements()){
401                 SearchResult rs = (SearchResult)ne.nextElement();
402                 String guid = (String)rs.getAttributes().get("GUID").get();
403                 return (DirContext)ctx.lookup("guid="+guid);
404             }else{
405                 System.out.println("Search for "+uid+" failed!");
406                 return null;
407             }
408
409         }else if(args[2].equalsIgnoreCase("-sql")){
410             env.put(Context.INITIAL_CONTEXT_FACTORY,
411                     "SQLCtxFactory");
412
413             // a Sample of possible args to pass to context
414             env.put(Context.PROVIDER_URL, dirUrl);
415             env.put("SQL_DRIVER", "oracle.jdbc.OracleDriver");
416             env.put("SECURITY_PRINCIPAL", "dousti");
417             env.put("SECURITY_CREDENTIALS", "foobar");
418             env.put("USER_IDENTIFIER", args[4]);
419             DirContext ctx = new InitialDirContext(env);
420             return ctx;
421
422         }else{
423             System.out.println("Usage:\n"+listUsage);
424             return null;
425         }
426         
427     }
428         
429 }
430
431
432
433
434