- Adding title (or comment) to the Resource object
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arpUtil;
51
52 /**
53  *  Attribute Authority & Release Policy
54  *  A utility for managing ARPs
55  *
56  * @author     Parviz Dousti (dousti@cmu.edu)
57  * @created    June, 2002
58  */
59
60 import edu.internet2.middleware.shibboleth.aa.*;
61 import java.io.*;
62 import java.util.*;
63 import java.security.*;
64 import javax.naming.*;
65 import javax.naming.directory.*;
66 import org.apache.log4j.Logger;
67 import org.apache.log4j.PropertyConfigurator;
68
69 class ArpUtil{
70
71     private static Logger log = Logger.getLogger(ArpUtil.class.getName());
72     static Principal user;
73     static ArpFactory arpFactory;
74     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>]";
75     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> [-title comment] <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
76     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
77     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
78     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
79
80     public static void main(String [] args)throws AAException{
81
82         arpFactory = ArpRepository.getInstance("file",  System.getProperty("arp.dir"));
83
84         PropertyConfigurator.configure(System.getProperty("log.config"));
85         
86         //user = new KerberosPrincipal(System.getProperty("user.name"));
87         user = new AA_Identity(System.getProperty("user.name"));
88
89         System.out.println("Running as: "+user+" ... \n");
90
91         String usage = "Usage:\n"+listUsage+"\nor\n"+addUsage+"\nor\n"+removeUsage+"\nor\n"+setAclUsage+"\nor\n"+attrUsage;
92
93         if(args.length < 2){
94             System.out.println(usage);
95             return;
96         }
97         if(args[0].equalsIgnoreCase("list")){
98             doList(args);
99         }else if(args[0].equalsIgnoreCase("add")){
100             doAdd(args);
101         }else if(args[0].equalsIgnoreCase("remove")){
102             doRemove(args);
103         }else if(args[0].equalsIgnoreCase("setAcl")){
104             doSetAcl(args);
105         }else if(args[0].equalsIgnoreCase("listAttributes")){
106             doListAttributes(args);
107         }else{
108             System.out.println(usage);
109         }
110     }
111
112     static void doList(String[] args){
113         try{
114             int len = args.length;
115             if(len < 2){
116                 System.out.println("Usage:\n"+listUsage);               
117                 return;
118             }
119             String arpName = args[1];
120             DirContext ctx = null;
121             boolean acls = false;
122             if(len > 2){
123                 if(args[2].equalsIgnoreCase("-acls"))
124                     acls = true;
125                 if(args[2].equalsIgnoreCase("-dir")){
126                     if(len < 4){
127                         System.out.println("Usage:\n"+listUsage);
128                         return;
129                     }else{
130                         ctx = getUserContext(args);
131                     }
132                     if(ctx == null){
133                         System.out.println("Failed to get Directory Context.");
134                         return;
135                     }
136                 }
137             }
138
139             Arp arp = arpFactory.getInstance(arpName, false);
140             if(arp.isNew() == true){
141                 System.out.println("Arp not Found: "+arpName);
142             }
143             System.out.println("ARP: "+arp);
144             if(acls)
145                 System.out.println("ACL: "+arp.getAcl());
146             ArpShar[] shars = arp.getShars();
147
148             for(int i=0; i < shars.length; i++){
149                 System.out.println("\tSHAR: "+shars[i]);
150                 if(acls)
151                     System.out.println("\tACL: "+shars[i].getAcl());
152                 ArpResource[] resources = shars[i].getResources();
153                 for(int j=0; j < resources.length; j++){
154                     System.out.println("\t\tURL: "+resources[j]);
155                     if(resources[j].getComment() != null)
156                         System.out.println("\t\tTITLE: "+resources[j].getComment());
157                     if(acls)
158                         System.out.println("\t\tACL: "+resources[j].getAcl());
159                     ArpAttribute[] attributes = resources[j].getAttributes();
160                     for(int k=0; k < attributes.length; k++){
161                         System.out.print("\t\t\t"+attributes[k]);
162                         if(ctx != null){
163                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
164                             System.out.print(" VALUE(S): ");
165                             if(attr == null)
166                                 System.out.print("NULL");
167                             else
168                                 for(Enumeration en = attr.getAll();
169                                     en.hasMoreElements();)
170                                     System.out.print(en.nextElement()+" ");
171                                                         
172                         }
173                         ArpFilter filter = attributes[k].getFilter();
174                         if(filter == null)
175                             System.out.println("");
176                         else
177                             System.out.println(" FILTER: "+filter);
178                     }
179                 }
180             }
181         }catch(Exception e){
182             e.printStackTrace();
183         }
184     }
185
186     static void doAdd(String[] args){
187
188         if(args.length < 5){
189             System.out.println("Usage:\n"+addUsage);
190             return;
191         }
192         int i = 1;
193         boolean isAdmin = false;
194         boolean isDefault = false;
195         boolean doExclude = false;
196         boolean hasFilter = false;
197         boolean showTitle = false;
198         String resourceName = null;
199         String sharName = null;
200         String attrName = null;
201         String title = null;
202
203         String arpName = args[i++];
204         if(args[i].equalsIgnoreCase("-admin")){
205             isAdmin = true;
206             i++;
207         }
208         sharName = args[i++];
209         if(args[i].equalsIgnoreCase("-default")){
210             isDefault = true;
211             i++;
212         }
213         if(i < args.length)
214             resourceName = args[i++];
215
216         if(i < args.length && args[i].equalsIgnoreCase("-title")){
217             showTitle = true;
218             i++;
219             if(i <args.length)
220                 title = args[i++];
221         }
222         
223         if(i < args.length)
224             attrName = args[i++];
225         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
226             doExclude = true;
227             i++;
228         }
229         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
230             if(doExclude){
231                 System.out.println("Cannot set filter for an excluded attribute");
232                 return;
233             }
234             hasFilter = true;
235             i++;
236         }
237
238         if(arpName == null || arpName.startsWith("-") ||
239            sharName == null || sharName.startsWith("-") ||
240            resourceName == null || resourceName.startsWith("-") ||
241            attrName == null || attrName.startsWith("-")){
242             System.out.println("Usage:\n"+addUsage);
243             return;
244         }
245
246         if((isDefault || doExclude) && (!isAdmin)){
247             System.out.println("-admin must be specified for -default or -exclude");
248             return;
249         }
250            
251
252         try{
253             Arp arp = arpFactory.getInstance(arpName, isAdmin);
254             ArpShar s = arp.getShar(sharName);
255
256             if(s == null)
257                 s = new ArpShar(sharName, isDefault);
258             ArpResource r = s.getResource(resourceName);
259             if(r == null)
260                 r = new ArpResource(resourceName, title);
261             ArpAttribute a = r.getAttribute(attrName);
262             if(a == null)
263                 a = new ArpAttribute(attrName, doExclude);
264
265             if(hasFilter){
266                 ArpFilter filter = new ArpFilter();
267                 while(i < args.length){
268                     String val = args[i++];
269                     boolean include = false;
270                     if(val.startsWith("!")){
271                         val = val.substring(1);
272                         include = true;
273                     }
274                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
275                     filter.addAFilterValue(valFilter, true);
276                 }
277                 a.setFilter(filter, true);
278             }
279                        
280             r.addAnAttribute(a);
281             s.addAResource(r);
282             arp.addAShar(s);
283             arpFactory.write(arp);
284         }catch(AAPermissionException pe){
285             System.out.println("Permission denied: "+pe);
286         }catch(Exception e){
287             e.printStackTrace();
288         }
289     }
290
291     static void doRemove(String[] args){
292
293         if(args.length < 2){
294             System.out.println("Usage:\n"+removeUsage);
295             return;
296         }
297         int i = 1;
298         String arpName = args[i++];
299         String resourceName = null;
300         String sharName = null;
301         String attrName = null;
302
303         if(i < args.length)
304             sharName = args[i++];
305         if(i < args.length)
306             resourceName = args[i++];
307         if(i < args.length)
308             attrName = args[i++];
309
310         if(arpName.startsWith("-") ||
311            (sharName != null && sharName.startsWith("-")) ||
312            (resourceName != null && resourceName.startsWith("-")) ||
313            (attrName != null && attrName.startsWith("-"))){
314             System.out.println("Usage:\n"+removeUsage);
315             return;
316         }
317
318         try{
319             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
320             if(arp.isNew()){
321                 System.out.println("ARP not found: "+arp);
322                 return;
323             }
324             if(sharName == null){
325                 // remove the whole arp
326                 arpFactory.remove(arp);
327                 return;
328             }
329             ArpShar s = arp.getShar(sharName);
330             if(s == null){
331                 System.out.println("SHAR not found for this ARP: "+sharName);
332                 return;
333             }
334             if(resourceName == null){
335                 // remove the whole shar
336                 arp.removeAShar(sharName);
337                 arpFactory.write(arp);
338                 return;
339             }
340             ArpResource r = s.getResource(resourceName);
341             if(r == null){
342                 System.out.println("URL not found for this SHAR: "+resourceName);
343                 return;
344             }
345             if(attrName == null){
346                 // remove the whole resource
347                 s.removeAResource(resourceName);
348                 arpFactory.write(arp);
349                 return;
350             }
351             ArpAttribute a = r.getAttribute(attrName);
352             if(a == null){
353                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
354                 return;
355             }
356             r.removeAnAttribute(attrName);
357             arpFactory.write(arp);
358         }catch(AAPermissionException pe){
359             System.out.println("Permission denied: "+pe);
360         }catch(Exception e){
361             e.printStackTrace();
362         }       
363     }
364
365     public static void doSetAcl(String[] args){
366         int len = args.length;
367         if(len < 4){
368             System.out.println("Usage:\n"+setAclUsage);
369             return;
370         }
371         int i = 1;
372         String user = args[i++];
373         String acl = args[i++];
374         String arpName = args[i++];
375
376         String resourceName = null;
377         String sharName = null;
378
379         if(i < args.length)
380             sharName = args[i++];
381         if(i < args.length)
382             resourceName = args[i++];
383
384         if(arpName.startsWith("-") ||
385            (sharName != null && sharName.startsWith("-")) ||
386            (resourceName != null && resourceName.startsWith("-"))){
387             System.out.println("Usage:\n"+setAclUsage);
388             return;
389         }
390         if(acl.equalsIgnoreCase("LOOKUP") ||
391            acl.equalsIgnoreCase("INSERT") ||
392            acl.equalsIgnoreCase("READ") ||
393            acl.equalsIgnoreCase("WRITE") ||
394            acl.equalsIgnoreCase("DELETE") ||
395            acl.equalsIgnoreCase("ALL"))
396             ;
397         else{
398             System.out.println("Invalid ACL : "+acl);
399             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
400             return;
401         }
402
403           
404
405         try{
406             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
407             if(arp.isNew()){
408                 System.out.println("ARP not found: "+arp);
409                 return;
410             }
411             if(sharName == null){
412                 // set ACL fo the whole arp
413                 arp.setAcl(user, acl);
414                 arpFactory.write(arp);
415                 return;
416             }
417             ArpShar s = arp.getShar(sharName);
418             if(s == null){
419                 System.out.println("SHAR not found for this ARP: "+sharName);
420                 return;
421             }
422             if(resourceName == null){
423                 // set ACL the whole shar
424                 s.setAcl(user, acl);
425                 arpFactory.write(arp);
426                 return;
427             }
428             ArpResource r = s.getResource(resourceName);
429             if(r == null){
430                 System.out.println("URL not found for this SHAR: "+resourceName);
431                 return;
432             }
433             // set ACL the resource
434             r.setAcl(user, acl);
435             arpFactory.write(arp);
436             return;
437         }catch(AAPermissionException pe){
438             System.out.println("Permission denied: "+pe);
439         }catch(Exception e){
440             e.printStackTrace();
441         }
442     }
443
444     static void doListAttributes(String[] args){
445         try{
446             int len = args.length;
447             if(len < 2){
448                 System.out.println("Usage:\n"+attrUsage);               
449                 return;
450             }
451             String jarFile = args[1];
452             AAAttributes aaa = new AAAttributes(jarFile);
453             System.out.println("List of all known attributes:");
454             String[] list = aaa.list();
455             for(int i=0; i<list.length; i++)
456                 System.out.println("\t"+list[i]);
457         }catch(Exception e){
458             e.printStackTrace();
459         }
460     }
461
462     public static DirContext getUserContext(String[] args)
463     throws Exception{
464
465         if(args.length <5){
466             System.out.println("Usage:\n"+listUsage);
467             return null;
468         }
469
470         String dirUrl = args[3];
471         String uid = args[4];
472         
473         Hashtable env = new Hashtable(11);
474
475         env.put(Context.INITIAL_CONTEXT_FACTORY,
476                 "com.sun.jndi.ldap.LdapCtxFactory");
477         env.put(Context.PROVIDER_URL, dirUrl);
478         DirContext ctx = new InitialDirContext(env);
479         return (DirContext)ctx.lookup("uid="+uid);
480                 
481     }
482         
483 }
484
485
486
487
488