Now we get the ARP directory from environment.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arpUtil;
51
52 /**
53  *  Attribute Authority & Release Policy
54  *  A utility for managing ARPs
55  *
56  * @author     Parviz Dousti (dousti@cmu.edu)
57  * @created    June, 2002
58  */
59
60 import edu.internet2.middleware.shibboleth.aa.*;
61 import java.io.*;
62 import java.util.*;
63 import java.security.*;
64 import javax.naming.*;
65 import javax.naming.directory.*;
66 import org.apache.log4j.Logger;
67 import org.apache.log4j.PropertyConfigurator;
68
69 class ArpUtil{
70
71     private static Logger log = Logger.getLogger(ArpUtil.class.getName());
72     static Principal user;
73     static ArpFactory arpFactory;
74     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>] [-sql <sql url> <user id>]";
75     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
76     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
77     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
78     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
79
80     public static void main(String [] args)throws AAException{
81
82         arpFactory = ArpRepository.getInstance("file",  System.getProperty("arp.dir"));
83
84         PropertyConfigurator.configure(System.getProperty("log.config"));
85         
86         //user = new KerberosPrincipal(System.getProperty("user.name"));
87         user = new AA_Identity(System.getProperty("user.name"));
88
89         System.out.println("Running as: "+user+" ... \n");
90
91         String usage = "Usage:\n"+listUsage+"\nor\n"+addUsage+"\nor\n"+removeUsage+"\nor\n"+setAclUsage+"\nor\n"+attrUsage;
92
93         if(args.length < 2){
94             System.out.println(usage);
95             return;
96         }
97         if(args[0].equalsIgnoreCase("list")){
98             doList(args);
99         }else if(args[0].equalsIgnoreCase("add")){
100             doAdd(args);
101         }else if(args[0].equalsIgnoreCase("remove")){
102             doRemove(args);
103         }else if(args[0].equalsIgnoreCase("setAcl")){
104             doSetAcl(args);
105         }else if(args[0].equalsIgnoreCase("listAttributes")){
106             doListAttributes(args);
107         }else{
108             System.out.println(usage);
109         }
110     }
111
112     static void doList(String[] args){
113         try{
114             int len = args.length;
115             if(len < 2){
116                 System.out.println("Usage:\n"+listUsage);               
117                 return;
118             }
119             String arpName = args[1];
120             DirContext ctx = null;
121             boolean acls = false;
122             if(len > 2){
123                 if(args[2].equalsIgnoreCase("-acls"))
124                     acls = true;
125                 if(args[2].equalsIgnoreCase("-dir") || args[2].equalsIgnoreCase("-sql"))
126                     if(len < 4){
127                         System.out.println("Usage:\n"+listUsage);                                       return;
128                     }else{
129                         ctx = getUserContext(args);
130                     }
131                 if(ctx == null)
132                     return;
133             }
134
135             Arp arp = arpFactory.getInstance(arpName, false);
136             if(arp.isNew() == true){
137                 System.out.println("Arp not Found: "+arpName);
138             }
139             System.out.println("ARP: "+arp);
140             if(acls)
141                 System.out.println("ACL: "+arp.getAcl());
142             ArpShar[] shars = arp.getShars();
143
144             for(int i=0; i < shars.length; i++){
145                 System.out.println("\tSHAR: "+shars[i]);
146                 if(acls)
147                     System.out.println("\tACL: "+shars[i].getAcl());
148                 ArpResource[] resources = shars[i].getResources();
149                 for(int j=0; j < resources.length; j++){
150                     System.out.println("\t\tURL: "+resources[j]);
151                     if(acls)
152                         System.out.println("\t\tACL: "+resources[j].getAcl());
153                     ArpAttribute[] attributes = resources[j].getAttributes();
154                     for(int k=0; k < attributes.length; k++){
155                         System.out.print("\t\t\t"+attributes[k]);
156                         if(ctx != null){
157                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
158                             System.out.print(" VALUE(S): ");
159                             if(attr == null)
160                                 System.out.print("NULL");
161                             else
162                                 for(Enumeration en = attr.getAll();
163                                     en.hasMoreElements();)
164                                     System.out.print(en.nextElement()+" ");
165                                                         
166                         }
167                         ArpFilter filter = attributes[k].getFilter();
168                         if(filter == null)
169                             System.out.println("");
170                         else
171                             System.out.println(" FILTER: "+filter);
172                     }
173                 }
174             }
175         }catch(Exception e){
176             e.printStackTrace();
177         }
178     }
179
180     static void doAdd(String[] args){
181
182         if(args.length < 5){
183             System.out.println("Usage:\n"+addUsage);
184             return;
185         }
186         int i = 1;
187         boolean isAdmin = false;
188         boolean isDefault = false;
189         boolean doExclude = false;
190         boolean hasFilter = false;
191         String resourceName = null;
192         String sharName = null;
193         String attrName = null;
194
195         String arpName = args[i++];
196         if(args[i].equalsIgnoreCase("-admin")){
197             isAdmin = true;
198             i++;
199         }
200         sharName = args[i++];
201         if(args[i].equalsIgnoreCase("-default")){
202             isDefault = true;
203             i++;
204         }
205         if(i < args.length)
206             resourceName = args[i++];
207         if(i < args.length)
208             attrName = args[i++];
209         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
210             doExclude = true;
211             i++;
212         }
213         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
214             if(doExclude){
215                 System.out.println("Cannot set filter for an excluded attribute");
216                 return;
217             }
218             hasFilter = true;
219             i++;
220         }
221
222         if(arpName == null || arpName.startsWith("-") ||
223            sharName == null || sharName.startsWith("-") ||
224            resourceName == null || resourceName.startsWith("-") ||
225            attrName == null || attrName.startsWith("-")){
226             System.out.println("Usage:\n"+addUsage);
227             return;
228         }
229
230         if((isDefault || doExclude) && (!isAdmin)){
231             System.out.println("-admin must be specified for -default or -exclude");
232             return;
233         }
234            
235
236         try{
237             Arp arp = arpFactory.getInstance(arpName, isAdmin);
238             ArpShar s = arp.getShar(sharName);
239
240             if(s == null)
241                 s = new ArpShar(sharName, isDefault);
242             ArpResource r = s.getResource(resourceName);
243             if(r == null)
244                 r = new ArpResource(resourceName);
245             ArpAttribute a = r.getAttribute(attrName);
246             if(a == null)
247                 a = new ArpAttribute(attrName, doExclude);
248
249             if(hasFilter){
250                 ArpFilter filter = new ArpFilter();
251                 while(i < args.length){
252                     String val = args[i++];
253                     boolean include = false;
254                     if(val.startsWith("!")){
255                         val = val.substring(1);
256                         include = true;
257                     }
258                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
259                     filter.addAFilterValue(valFilter, true);
260                 }
261                 a.setFilter(filter, true);
262             }
263                        
264             r.addAnAttribute(a);
265             s.addAResource(r);
266             arp.addAShar(s);
267             arpFactory.write(arp);
268         }catch(AAPermissionException pe){
269             System.out.println("Permission denied: "+pe);
270         }catch(Exception e){
271             e.printStackTrace();
272         }
273     }
274
275     static void doRemove(String[] args){
276
277         if(args.length < 2){
278             System.out.println("Usage:\n"+removeUsage);
279             return;
280         }
281         int i = 1;
282         String arpName = args[i++];
283         String resourceName = null;
284         String sharName = null;
285         String attrName = null;
286
287         if(i < args.length)
288             sharName = args[i++];
289         if(i < args.length)
290             resourceName = args[i++];
291         if(i < args.length)
292             attrName = args[i++];
293
294         if(arpName.startsWith("-") ||
295            (sharName != null && sharName.startsWith("-")) ||
296            (resourceName != null && resourceName.startsWith("-")) ||
297            (attrName != null && attrName.startsWith("-"))){
298             System.out.println("Usage:\n"+removeUsage);
299             return;
300         }
301
302         try{
303             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
304             if(arp.isNew()){
305                 System.out.println("ARP not found: "+arp);
306                 return;
307             }
308             if(sharName == null){
309                 // remove the whole arp
310                 arpFactory.remove(arp);
311                 return;
312             }
313             ArpShar s = arp.getShar(sharName);
314             if(s == null){
315                 System.out.println("SHAR not found for this ARP: "+sharName);
316                 return;
317             }
318             if(resourceName == null){
319                 // remove the whole shar
320                 arp.removeAShar(sharName);
321                 arpFactory.write(arp);
322                 return;
323             }
324             ArpResource r = s.getResource(resourceName);
325             if(r == null){
326                 System.out.println("URL not found for this SHAR: "+resourceName);
327                 return;
328             }
329             if(attrName == null){
330                 // remove the whole resource
331                 s.removeAResource(resourceName);
332                 arpFactory.write(arp);
333                 return;
334             }
335             ArpAttribute a = r.getAttribute(attrName);
336             if(a == null){
337                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
338                 return;
339             }
340             r.removeAnAttribute(attrName);
341             arpFactory.write(arp);
342         }catch(AAPermissionException pe){
343             System.out.println("Permission denied: "+pe);
344         }catch(Exception e){
345             e.printStackTrace();
346         }       
347     }
348
349     public static void doSetAcl(String[] args){
350         int len = args.length;
351         if(len < 4){
352             System.out.println("Usage:\n"+setAclUsage);
353             return;
354         }
355         int i = 1;
356         String user = args[i++];
357         String acl = args[i++];
358         String arpName = args[i++];
359
360         String resourceName = null;
361         String sharName = null;
362
363         if(i < args.length)
364             sharName = args[i++];
365         if(i < args.length)
366             resourceName = args[i++];
367
368         if(arpName.startsWith("-") ||
369            (sharName != null && sharName.startsWith("-")) ||
370            (resourceName != null && resourceName.startsWith("-"))){
371             System.out.println("Usage:\n"+setAclUsage);
372             return;
373         }
374         if(acl.equalsIgnoreCase("LOOKUP") ||
375            acl.equalsIgnoreCase("INSERT") ||
376            acl.equalsIgnoreCase("READ") ||
377            acl.equalsIgnoreCase("WRITE") ||
378            acl.equalsIgnoreCase("DELETE") ||
379            acl.equalsIgnoreCase("ALL"))
380             ;
381         else{
382             System.out.println("Invalid ACL : "+acl);
383             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
384             return;
385         }
386
387           
388
389         try{
390             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
391             if(arp.isNew()){
392                 System.out.println("ARP not found: "+arp);
393                 return;
394             }
395             if(sharName == null){
396                 // set ACL fo the whole arp
397                 arp.setAcl(user, acl);
398                 arpFactory.write(arp);
399                 return;
400             }
401             ArpShar s = arp.getShar(sharName);
402             if(s == null){
403                 System.out.println("SHAR not found for this ARP: "+sharName);
404                 return;
405             }
406             if(resourceName == null){
407                 // set ACL the whole shar
408                 s.setAcl(user, acl);
409                 arpFactory.write(arp);
410                 return;
411             }
412             ArpResource r = s.getResource(resourceName);
413             if(r == null){
414                 System.out.println("URL not found for this SHAR: "+resourceName);
415                 return;
416             }
417             // set ACL the resource
418             r.setAcl(user, acl);
419             arpFactory.write(arp);
420             return;
421         }catch(AAPermissionException pe){
422             System.out.println("Permission denied: "+pe);
423         }catch(Exception e){
424             e.printStackTrace();
425         }
426     }
427
428     static void doListAttributes(String[] args){
429         try{
430             int len = args.length;
431             if(len < 2){
432                 System.out.println("Usage:\n"+attrUsage);               
433                 return;
434             }
435             String jarFile = args[1];
436             AAAttributes aaa = new AAAttributes(jarFile);
437             System.out.println("List of all known attributes:");
438             String[] list = aaa.list();
439             for(int i=0; i<list.length; i++)
440                 System.out.println("\t"+list[i]);
441         }catch(Exception e){
442             e.printStackTrace();
443         }
444     }
445
446     public static DirContext getUserContext(String[] args)
447     throws Exception{
448
449         String dirUrl = args[3];
450         String uid = args[4];
451         
452         Hashtable env = new Hashtable(11);
453
454         if(args[2].equalsIgnoreCase("-dir")){
455             env.put(Context.INITIAL_CONTEXT_FACTORY,
456                     "com.sun.jndi.ldap.LdapCtxFactory");
457             env.put(Context.PROVIDER_URL, dirUrl);
458
459             DirContext ctx = new InitialDirContext(env);
460             
461             NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
462             if(ne.hasMoreElements()){
463                 SearchResult rs = (SearchResult)ne.nextElement();
464                 String guid = (String)rs.getAttributes().get("GUID").get();
465                 return (DirContext)ctx.lookup("guid="+guid);
466             }else{
467                 System.out.println("Search for "+uid+" failed!");
468                 return null;
469             }
470
471         }else if(args[2].equalsIgnoreCase("-sql")){
472             env.put(Context.INITIAL_CONTEXT_FACTORY,
473                     "SQLCtxFactory");
474
475             // a Sample of possible args to pass to context
476             env.put(Context.PROVIDER_URL, dirUrl);
477             env.put("SQL_DRIVER", "oracle.jdbc.OracleDriver");
478             env.put("SECURITY_PRINCIPAL", "dousti");
479             env.put("SECURITY_CREDENTIALS", "foobar");
480             env.put("USER_IDENTIFIER", args[4]);
481             DirContext ctx = new InitialDirContext(env);
482             return ctx;
483
484         }else{
485             System.out.println("Usage:\n"+listUsage);
486             return null;
487         }
488         
489     }
490         
491 }
492
493
494
495
496