Build cleanups. Removed targets for old "shib target" code.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arpUtil;
51
52 /**
53  *  Attribute Authority & Release Policy
54  *  A utility for managing ARPs
55  *
56  * @author     Parviz Dousti (dousti@cmu.edu)
57  * @created    June, 2002
58  */
59
60 import java.security.Principal;
61 import java.util.Date;
62 import java.util.Enumeration;
63 import java.util.Hashtable;
64 import java.util.Properties;
65
66 import javax.naming.Context;
67 import javax.naming.directory.Attribute;
68 import javax.naming.directory.DirContext;
69 import javax.naming.directory.InitialDirContext;
70
71 import org.apache.log4j.BasicConfigurator;
72 import org.apache.log4j.Logger;
73 import org.apache.log4j.PropertyConfigurator;
74
75 import edu.internet2.middleware.shibboleth.aa.AAAttributes;
76 import edu.internet2.middleware.shibboleth.aa.AAException;
77 import edu.internet2.middleware.shibboleth.aa.AAPermissionException;
78 import edu.internet2.middleware.shibboleth.aa.AA_Identity;
79 import edu.internet2.middleware.shibboleth.aa.Arp;
80 import edu.internet2.middleware.shibboleth.aa.ArpAttribute;
81 import edu.internet2.middleware.shibboleth.aa.ArpFilter;
82 import edu.internet2.middleware.shibboleth.aa.ArpFilterValue;
83 import edu.internet2.middleware.shibboleth.aa.ArpRepository;
84 import edu.internet2.middleware.shibboleth.aa.ArpRepositoryFactory;
85 import edu.internet2.middleware.shibboleth.aa.ArpResource;
86 import edu.internet2.middleware.shibboleth.aa.ArpShar;
87
88 class ArpUtil{
89
90     private static Logger log = Logger.getLogger(ArpUtil.class.getName());
91     static Principal user;
92     static ArpRepository arpFactory;
93     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>]";
94     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> [-title comment] <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
95     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
96     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
97     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
98
99         public static void main(String[] args) throws AAException {
100
101                 if (System.getProperty("log.config") != null) {
102                         PropertyConfigurator.configure(System.getProperty("log.config"));
103                 } else {
104                         BasicConfigurator.configure();
105                 }
106
107                 Properties props = new Properties();
108                 if (System.getProperty("arp.dir") != null) {
109                         props.setProperty(
110                                 "edu.internet2.middleware.shibboleth.aa.FileArpRepository.Path",
111                                 System.getProperty("arp.dir"));
112                 } else {
113                         props.setProperty("edu.internet2.middleware.shibboleth.aa.FileArpRepository.Path", ".");
114                 }
115                 arpFactory =
116                         ArpRepositoryFactory.getInstance(
117                                 "edu.internet2.middleware.shibboleth.aa.FileArpRepository",
118                                 props);
119
120                 //user = new KerberosPrincipal(System.getProperty("user.name"));
121                 user = new AA_Identity(System.getProperty("user.name"));
122
123                 log.info("Running as: (" + user + ").");
124
125                 String usage =
126                         "Usage:\n"
127                                 + listUsage
128                                 + "\nor\n"
129                                 + addUsage
130                                 + "\nor\n"
131                                 + removeUsage
132                                 + "\nor\n"
133                                 + setAclUsage
134                                 + "\nor\n"
135                                 + attrUsage;
136
137                 if (args.length < 2) {
138                         System.out.println(usage);
139                         return;
140                 }
141                 if (args[0].equalsIgnoreCase("list")) {
142                         doList(args);
143                 } else if (args[0].equalsIgnoreCase("add")) {
144                         doAdd(args);
145                 } else if (args[0].equalsIgnoreCase("remove")) {
146                         doRemove(args);
147                 } else if (args[0].equalsIgnoreCase("setAcl")) {
148                         doSetAcl(args);
149                 } else if (args[0].equalsIgnoreCase("listAttributes")) {
150                         doListAttributes(args);
151                 } else {
152                         System.out.println(usage);
153                 }
154         }
155
156     static void doList(String[] args){
157         try{
158             int len = args.length;
159             if(len < 2){
160                 System.out.println("Usage:\n"+listUsage);               
161                 return;
162             }
163             String arpName = args[1];
164             DirContext ctx = null;
165             boolean acls = false;
166             if(len > 2){
167                 if(args[2].equalsIgnoreCase("-acls"))
168                     acls = true;
169                 if(args[2].equalsIgnoreCase("-dir")){
170                     if(len < 4){
171                         System.out.println("Usage:\n"+listUsage);
172                         return;
173                     }else{
174                         ctx = getUserContext(args);
175                     }
176                     if(ctx == null){
177                         System.out.println("Failed to get Directory Context.");
178                         return;
179                     }
180                 }
181             }
182
183             Arp arp = arpFactory.lookupArp(arpName, false);
184             if(arp.isNew() == true){
185                 System.out.println("Arp not Found: "+arpName);
186             }
187             System.out.println("ARP: "+arp);
188             if(acls)
189                 System.out.println("ACL: "+arp.getAcl());
190             ArpShar[] shars = arp.getShars();
191
192             for(int i=0; i < shars.length; i++){
193                 System.out.println("\tSHAR: "+shars[i]);
194                 if(acls)
195                     System.out.println("\tACL: "+shars[i].getAcl());
196                 ArpResource[] resources = shars[i].getResources();
197                 for(int j=0; j < resources.length; j++){
198                     System.out.println("\t\tURL: "+resources[j]);
199                     if(resources[j].getComment() != null)
200                         System.out.println("\t\tTITLE: "+resources[j].getComment());
201                     if(acls)
202                         System.out.println("\t\tACL: "+resources[j].getAcl());
203                     ArpAttribute[] attributes = resources[j].getAttributes();
204                     for(int k=0; k < attributes.length; k++){
205                         System.out.print("\t\t\t"+attributes[k]);
206                         if(ctx != null){
207                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
208                             System.out.print(" VALUE(S): ");
209                             if(attr == null)
210                                 System.out.print("NULL");
211                             else
212                                 for(Enumeration en = attr.getAll();
213                                     en.hasMoreElements();)
214                                     System.out.print(en.nextElement()+" ");
215                                                         
216                         }
217                         ArpFilter filter = attributes[k].getFilter();
218                         if(filter == null)
219                             System.out.println("");
220                         else
221                             System.out.println(" FILTER: "+filter);
222                     }
223                 }
224             }
225         }catch(Exception e){
226             e.printStackTrace();
227         }
228     }
229
230     static void doAdd(String[] args){
231
232         if(args.length < 5){
233             System.out.println("Usage:\n"+addUsage);
234             return;
235         }
236         int i = 1;
237         boolean isAdmin = false;
238         boolean isDefault = false;
239         boolean doExclude = false;
240         boolean hasFilter = false;
241         boolean showTitle = false;
242         String resourceName = null;
243         String sharName = null;
244         String attrName = null;
245         String title = null;
246
247         String arpName = args[i++];
248         if(args[i].equalsIgnoreCase("-admin")){
249             isAdmin = true;
250             i++;
251         }
252         
253         sharName = args[i++];
254         if(args[i].equalsIgnoreCase("-default")){
255             isDefault = true;
256             i++;
257         }
258         
259         if(i < args.length)
260             resourceName = args[i++];
261
262         if(i < args.length && args[i].equalsIgnoreCase("-title")){
263             showTitle = true;
264             i++;
265             if(i <args.length)
266                 title = args[i++];
267         }
268         
269         if(i < args.length)
270             attrName = args[i++];
271         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
272             doExclude = true;
273             i++;
274         }
275         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
276             if(doExclude){
277                 System.out.println("Cannot set filter for an excluded attribute");
278                 return;
279             }
280             hasFilter = true;
281             i++;
282         }
283
284         if(arpName == null || arpName.startsWith("-") ||
285            sharName == null || sharName.startsWith("-") ||
286            resourceName == null || resourceName.startsWith("-") ||
287            attrName == null || attrName.startsWith("-")){
288             System.out.println("Usage:\n"+addUsage);
289             return;
290         }
291
292         if((isDefault || doExclude) && (!isAdmin)){
293             System.out.println("-admin must be specified for -default or -exclude");
294             return;
295         }
296           
297         log.debug("Admin arp?: " + isAdmin);
298         log.debug("Default arp?: " + isDefault);
299         log.debug("Resource name: " + resourceName);
300         log.debug("SHAR name: " + sharName);
301         log.debug("Attribute name: " + attrName);
302         
303
304         try{
305             Arp arp = arpFactory.lookupArp(arpName, isAdmin);
306             if (arp == null) {
307                 arp = new Arp(arpName, isAdmin);
308                         arp.setNew(true);
309                         arp.setLastRead(new Date());
310                         log.info("Creating new ARP.");
311             } else {
312                 log.info("Editing existing ARP.");
313             }
314             
315             ArpShar s = arp.getShar(sharName);
316
317             if(s == null)
318                 s = new ArpShar(sharName, isDefault);
319             ArpResource r = s.getResource(resourceName);
320             if(r == null)
321                 r = new ArpResource(resourceName, title);
322             ArpAttribute a = r.getAttribute(attrName);
323             if(a == null)
324                 a = new ArpAttribute(attrName, doExclude);
325
326             if(hasFilter){
327                 ArpFilter filter = new ArpFilter();
328                 while(i < args.length){
329                     String val = args[i++];
330                     boolean include = false;
331                     if(val.startsWith("!")){
332                         val = val.substring(1);
333                         include = true;
334                     }
335                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
336                     filter.addAFilterValue(valFilter, true);
337                 }
338                 a.setFilter(filter, true);
339             }
340                        
341             r.addAnAttribute(a);
342             s.addAResource(r);
343             arp.addAShar(s);
344             arpFactory.update(arp);
345         }catch(AAPermissionException pe){
346             System.out.println("Permission denied: "+pe);
347         }catch(Exception e){
348             e.printStackTrace();
349         }
350     }
351
352     static void doRemove(String[] args){
353
354         if(args.length < 2){
355                 log.fatal("Not enough arguments.");
356             System.out.println("Usage:\n"+removeUsage);
357             return;
358         }
359         int i = 1;
360         String arpName = args[i++];
361         String resourceName = null;
362         String sharName = null;
363         String attrName = null;
364
365         if(i < args.length)
366             sharName = args[i++];
367         if(i < args.length)
368             resourceName = args[i++];
369         if(i < args.length)
370             attrName = args[i++];
371
372         if(arpName.startsWith("-") ||
373            (sharName != null && sharName.startsWith("-")) ||
374            (resourceName != null && resourceName.startsWith("-")) ||
375            (attrName != null && attrName.startsWith("-"))){
376                 log.fatal("Unrecognized argument.");
377             System.out.println("Usage:\n"+removeUsage);
378             return;
379         }
380
381         try{
382             Arp arp = arpFactory.lookupArp(arpName, false/* does not matter here */);
383             if(arp.isNew()){
384                 System.out.println("ARP not found: "+arp);
385                 return;
386             }
387             if(sharName == null){
388                 // remove the whole arp
389                 arpFactory.remove(arp);
390                 return;
391             }
392             ArpShar s = arp.getShar(sharName);
393             if(s == null){
394                 System.out.println("SHAR not found for this ARP: "+sharName);
395                 return;
396             }
397             if(resourceName == null){
398                 // remove the whole shar
399                 arp.removeAShar(sharName);
400                 arpFactory.update(arp);
401                 return;
402             }
403             ArpResource r = s.getResource(resourceName);
404             if(r == null){
405                 System.out.println("URL not found for this SHAR: "+resourceName);
406                 return;
407             }
408             if(attrName == null){
409                 // remove the whole resource
410                 s.removeAResource(resourceName);
411                 arpFactory.update(arp);
412                 return;
413             }
414             ArpAttribute a = r.getAttribute(attrName);
415             if(a == null){
416                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
417                 return;
418             }
419             r.removeAnAttribute(attrName);
420             arpFactory.update(arp);
421         }catch(AAPermissionException pe){
422             System.out.println("Permission denied: "+pe);
423         }catch(Exception e){
424             e.printStackTrace();
425         }       
426     }
427
428     public static void doSetAcl(String[] args){
429         int len = args.length;
430         if(len < 4){
431             System.out.println("Usage:\n"+setAclUsage);
432             return;
433         }
434         int i = 1;
435         String user = args[i++];
436         String acl = args[i++];
437         String arpName = args[i++];
438
439         String resourceName = null;
440         String sharName = null;
441
442         if(i < args.length)
443             sharName = args[i++];
444         if(i < args.length)
445             resourceName = args[i++];
446
447         if(arpName.startsWith("-") ||
448            (sharName != null && sharName.startsWith("-")) ||
449            (resourceName != null && resourceName.startsWith("-"))){
450             System.out.println("Usage:\n"+setAclUsage);
451             return;
452         }
453         if(acl.equalsIgnoreCase("LOOKUP") ||
454            acl.equalsIgnoreCase("INSERT") ||
455            acl.equalsIgnoreCase("READ") ||
456            acl.equalsIgnoreCase("WRITE") ||
457            acl.equalsIgnoreCase("DELETE") ||
458            acl.equalsIgnoreCase("ALL"))
459             ;
460         else{
461             System.out.println("Invalid ACL : "+acl);
462             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
463             return;
464         }
465
466           
467
468         try{
469             Arp arp = arpFactory.lookupArp(arpName, false/* does not matter here */);
470             if(arp.isNew()){
471                 System.out.println("ARP not found: "+arp);
472                 return;
473             }
474             if(sharName == null){
475                 // set ACL fo the whole arp
476                 arp.setAcl(user, acl);
477                 arpFactory.update(arp);
478                 return;
479             }
480             ArpShar s = arp.getShar(sharName);
481             if(s == null){
482                 System.out.println("SHAR not found for this ARP: "+sharName);
483                 return;
484             }
485             if(resourceName == null){
486                 // set ACL the whole shar
487                 s.setAcl(user, acl);
488                 arpFactory.update(arp);
489                 return;
490             }
491             ArpResource r = s.getResource(resourceName);
492             if(r == null){
493                 System.out.println("URL not found for this SHAR: "+resourceName);
494                 return;
495             }
496             // set ACL the resource
497             r.setAcl(user, acl);
498             arpFactory.update(arp);
499             return;
500         }catch(AAPermissionException pe){
501             System.out.println("Permission denied: "+pe);
502         }catch(Exception e){
503             e.printStackTrace();
504         }
505     }
506
507     static void doListAttributes(String[] args){
508         try{
509             int len = args.length;
510             if(len < 2){
511                 System.out.println("Usage:\n"+attrUsage);               
512                 return;
513             }
514             String jarFile = args[1];
515             AAAttributes aaa = new AAAttributes(jarFile);
516             System.out.println("List of all known attributes:");
517             String[] list = aaa.list();
518             for(int i=0; i<list.length; i++)
519                 System.out.println("\t"+list[i]);
520         }catch(Exception e){
521             e.printStackTrace();
522         }
523     }
524
525     public static DirContext getUserContext(String[] args)
526     throws Exception{
527
528         if(args.length <5){
529             System.out.println("Usage:\n"+listUsage);
530             return null;
531         }
532
533         String dirUrl = args[3];
534         String uid = args[4];
535         
536         Hashtable env = new Hashtable(11);
537
538         env.put(Context.INITIAL_CONTEXT_FACTORY,
539                 "com.sun.jndi.ldap.LdapCtxFactory");
540         env.put(Context.PROVIDER_URL, dirUrl);
541         DirContext ctx = new InitialDirContext(env);
542         return (DirContext)ctx.lookup("uid="+uid);
543                 
544     }
545         
546 }
547
548
549
550
551