e32b1270b2e428ceb0976d6110da8a3cdf4bddb6
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arpUtil / ArpUtil.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arpUtil;
51
52 import edu.internet2.middleware.shibboleth.aa.*;
53 import java.io.*;
54 import java.util.*;
55 import java.security.*;
56 import javax.naming.*;
57 import javax.naming.directory.*;
58 //import javax.security.auth.kerberos.*;
59
60 class ArpUtil{
61     static Principal user;
62     static ArpFactory arpFactory;
63     static String listUsage = "\tArpUtil list <arp name> [-acls] [-dir <ldap url> <user id>] [-sql <sql url> <user id>]";
64     static String addUsage = "\tArpUtil add <arp name> [-admin] <shar name> [-default] <url> <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]";    
65     static String removeUsage = "\tArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]";
66     static String setAclUsage = "\tArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]";
67     static String attrUsage = "\tArpUtil listAttributes <jar file name>";
68
69     public static void main(String [] args)throws AAException{
70
71         arpFactory = ArpRepository.getInstance("file", "/tmp/shib2/");
72
73         //user = new KerberosPrincipal(System.getProperty("user.name"));
74         user = new AA_Identity(System.getProperty("user.name"));
75
76         System.out.println("Running as: "+user+" ... \n");
77
78         String usage = "Usage:\n"+listUsage+"\nor\n"+addUsage+"\nor\n"+removeUsage+"\nor\n"+setAclUsage+"\nor\n"+attrUsage;
79
80         if(args.length < 2){
81             System.out.println(usage);
82             return;
83         }
84         if(args[0].equalsIgnoreCase("list")){
85             doList(args);
86         }else if(args[0].equalsIgnoreCase("add")){
87             doAdd(args);
88         }else if(args[0].equalsIgnoreCase("remove")){
89             doRemove(args);
90         }else if(args[0].equalsIgnoreCase("setAcl")){
91             doSetAcl(args);
92         }else if(args[0].equalsIgnoreCase("listAttributes")){
93             doListAttributes(args);
94         }else{
95             System.out.println(usage);
96         }
97     }
98
99     static void doList(String[] args){
100         try{
101             int len = args.length;
102             if(len < 2){
103                 System.out.println("Usage:\n"+listUsage);               
104                 return;
105             }
106             String arpName = args[1];
107             DirContext ctx = null;
108             boolean acls = false;
109             if(len > 2){
110                 if(args[2].equalsIgnoreCase("-acls"))
111                     acls = true;
112                 if(args[2].equalsIgnoreCase("-dir") || args[2].equalsIgnoreCase("-sql"))
113                     if(len < 4){
114                         System.out.println("Usage:\n"+listUsage);                                       return;
115                     }else{
116                         ctx = getUserContext(args);
117                     }
118                 if(ctx == null)
119                     return;
120             }
121
122             Arp arp = arpFactory.getInstance(arpName, false);
123             if(arp.isNew() == true){
124                 System.out.println("Arp not Found: "+arpName);
125             }
126             System.out.println("ARP: "+arp);
127             if(acls)
128                 System.out.println("ACL: "+arp.getAcl());
129             ArpShar[] shars = arp.getShars();
130
131             for(int i=0; i < shars.length; i++){
132                 System.out.println("\tSHAR: "+shars[i]);
133                 if(acls)
134                     System.out.println("\tACL: "+shars[i].getAcl());
135                 ArpResource[] resources = shars[i].getResources();
136                 for(int j=0; j < resources.length; j++){
137                     System.out.println("\t\tURL: "+resources[j]);
138                     if(acls)
139                         System.out.println("\t\tACL: "+resources[j].getAcl());
140                     ArpAttribute[] attributes = resources[j].getAttributes();
141                     for(int k=0; k < attributes.length; k++){
142                         System.out.print("\t\t\t"+attributes[k]);
143                         if(ctx != null){
144                             Attribute attr = attributes[k].getDirAttribute(ctx, true);
145                             System.out.print(" VALUE(S): ");
146                             if(attr == null)
147                                 System.out.print("NULL");
148                             else
149                                 for(Enumeration en = attr.getAll();
150                                     en.hasMoreElements();)
151                                     System.out.print(en.nextElement()+" ");
152                                                         
153                         }
154                         ArpFilter filter = attributes[k].getFilter();
155                         if(filter == null)
156                             System.out.println("");
157                         else
158                             System.out.println(" FILTER: "+filter);
159                     }
160                 }
161             }
162         }catch(Exception e){
163             e.printStackTrace();
164         }
165     }
166
167     static void doAdd(String[] args){
168
169         if(args.length < 5){
170             System.out.println("Usage:\n"+addUsage);
171             return;
172         }
173         int i = 1;
174         boolean isAdmin = false;
175         boolean isDefault = false;
176         boolean doExclude = false;
177         boolean hasFilter = false;
178         String resourceName = null;
179         String sharName = null;
180         String attrName = null;
181
182         String arpName = args[i++];
183         if(args[i].equalsIgnoreCase("-admin")){
184             isAdmin = true;
185             i++;
186         }
187         sharName = args[i++];
188         if(args[i].equalsIgnoreCase("-default")){
189             isDefault = true;
190             i++;
191         }
192         if(i < args.length)
193             resourceName = args[i++];
194         if(i < args.length)
195             attrName = args[i++];
196         if(i < args.length && args[i].equalsIgnoreCase("-exclude")){
197             doExclude = true;
198             i++;
199         }
200         if(i < args.length && args[i].equalsIgnoreCase("-filter")){
201             if(doExclude){
202                 System.out.println("Cannot set filter for an excluded attribute");
203                 return;
204             }
205             hasFilter = true;
206             i++;
207         }
208
209         if(arpName == null || arpName.startsWith("-") ||
210            sharName == null || sharName.startsWith("-") ||
211            resourceName == null || resourceName.startsWith("-") ||
212            attrName == null || attrName.startsWith("-")){
213             System.out.println("Usage:\n"+addUsage);
214             return;
215         }
216
217         if((isDefault || doExclude) && (!isAdmin)){
218             System.out.println("-admin must be specified for -default or -exclude");
219             return;
220         }
221            
222
223         try{
224             Arp arp = arpFactory.getInstance(arpName, isAdmin);
225             ArpShar s = arp.getShar(sharName);
226
227             if(s == null)
228                 s = new ArpShar(sharName, isDefault);
229             ArpResource r = s.getResource(resourceName);
230             if(r == null)
231                 r = new ArpResource(resourceName);
232             ArpAttribute a = r.getAttribute(attrName);
233             if(a == null)
234                 a = new ArpAttribute(attrName, doExclude);
235
236             if(hasFilter){
237                 ArpFilter filter = new ArpFilter();
238                 while(i < args.length){
239                     String val = args[i++];
240                     boolean include = false;
241                     if(val.startsWith("!")){
242                         val = val.substring(1);
243                         include = true;
244                     }
245                     ArpFilterValue valFilter = new ArpFilterValue(val, include);
246                     filter.addAFilterValue(valFilter, true);
247                 }
248                 a.setFilter(filter, true);
249             }
250                        
251             r.addAnAttribute(a);
252             s.addAResource(r);
253             arp.addAShar(s);
254             arpFactory.write(arp);
255         }catch(AAPermissionException pe){
256             System.out.println("Permission denied: "+pe);
257         }catch(Exception e){
258             e.printStackTrace();
259         }
260     }
261
262     static void doRemove(String[] args){
263
264         if(args.length < 2){
265             System.out.println("Usage:\n"+removeUsage);
266             return;
267         }
268         int i = 1;
269         String arpName = args[i++];
270         String resourceName = null;
271         String sharName = null;
272         String attrName = null;
273
274         if(i < args.length)
275             sharName = args[i++];
276         if(i < args.length)
277             resourceName = args[i++];
278         if(i < args.length)
279             attrName = args[i++];
280
281         if(arpName.startsWith("-") ||
282            (sharName != null && sharName.startsWith("-")) ||
283            (resourceName != null && resourceName.startsWith("-")) ||
284            (attrName != null && attrName.startsWith("-"))){
285             System.out.println("Usage:\n"+removeUsage);
286             return;
287         }
288
289         try{
290             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
291             if(arp.isNew()){
292                 System.out.println("ARP not found: "+arp);
293                 return;
294             }
295             if(sharName == null){
296                 // remove the whole arp
297                 arpFactory.remove(arp);
298                 return;
299             }
300             ArpShar s = arp.getShar(sharName);
301             if(s == null){
302                 System.out.println("SHAR not found for this ARP: "+sharName);
303                 return;
304             }
305             if(resourceName == null){
306                 // remove the whole shar
307                 arp.removeAShar(sharName);
308                 arpFactory.write(arp);
309                 return;
310             }
311             ArpResource r = s.getResource(resourceName);
312             if(r == null){
313                 System.out.println("URL not found for this SHAR: "+resourceName);
314                 return;
315             }
316             if(attrName == null){
317                 // remove the whole resource
318                 s.removeAResource(resourceName);
319                 arpFactory.write(arp);
320                 return;
321             }
322             ArpAttribute a = r.getAttribute(attrName);
323             if(a == null){
324                 System.out.println("ATTRIBUTE not found for this URL: "+attrName);
325                 return;
326             }
327             r.removeAnAttribute(attrName);
328             arpFactory.write(arp);
329         }catch(AAPermissionException pe){
330             System.out.println("Permission denied: "+pe);
331         }catch(Exception e){
332             e.printStackTrace();
333         }       
334     }
335
336     public static void doSetAcl(String[] args){
337         int len = args.length;
338         if(len < 4){
339             System.out.println("Usage:\n"+setAclUsage);
340             return;
341         }
342         int i = 1;
343         String user = args[i++];
344         String acl = args[i++];
345         String arpName = args[i++];
346
347         String resourceName = null;
348         String sharName = null;
349
350         if(i < args.length)
351             sharName = args[i++];
352         if(i < args.length)
353             resourceName = args[i++];
354
355         if(arpName.startsWith("-") ||
356            (sharName != null && sharName.startsWith("-")) ||
357            (resourceName != null && resourceName.startsWith("-"))){
358             System.out.println("Usage:\n"+setAclUsage);
359             return;
360         }
361         if(acl.equalsIgnoreCase("LOOKUP") ||
362            acl.equalsIgnoreCase("INSERT") ||
363            acl.equalsIgnoreCase("READ") ||
364            acl.equalsIgnoreCase("WRITE") ||
365            acl.equalsIgnoreCase("DELETE") ||
366            acl.equalsIgnoreCase("ALL"))
367             ;
368         else{
369             System.out.println("Invalid ACL : "+acl);
370             System.out.println("Valid ACLs are: LOOKUP, INSERT, READ, WRITE, DELETE, and ALL");
371             return;
372         }
373
374           
375
376         try{
377             Arp arp = arpFactory.getInstance(arpName, false/* does not matter here */);
378             if(arp.isNew()){
379                 System.out.println("ARP not found: "+arp);
380                 return;
381             }
382             if(sharName == null){
383                 // set ACL fo the whole arp
384                 arp.setAcl(user, acl);
385                 arpFactory.write(arp);
386                 return;
387             }
388             ArpShar s = arp.getShar(sharName);
389             if(s == null){
390                 System.out.println("SHAR not found for this ARP: "+sharName);
391                 return;
392             }
393             if(resourceName == null){
394                 // set ACL the whole shar
395                 s.setAcl(user, acl);
396                 arpFactory.write(arp);
397                 return;
398             }
399             ArpResource r = s.getResource(resourceName);
400             if(r == null){
401                 System.out.println("URL not found for this SHAR: "+resourceName);
402                 return;
403             }
404             // set ACL the resource
405             r.setAcl(user, acl);
406             arpFactory.write(arp);
407             return;
408         }catch(AAPermissionException pe){
409             System.out.println("Permission denied: "+pe);
410         }catch(Exception e){
411             e.printStackTrace();
412         }
413     }
414
415     static void doListAttributes(String[] args){
416         try{
417             int len = args.length;
418             if(len < 2){
419                 System.out.println("Usage:\n"+attrUsage);               
420                 return;
421             }
422             String jarFile = args[1];
423             AAAttributes aaa = new AAAttributes(jarFile);
424             System.out.println("List of all known attributes:");
425             String[] list = aaa.list();
426             for(int i=0; i<list.length; i++)
427                 System.out.println("\t"+list[i]);
428         }catch(Exception e){
429             e.printStackTrace();
430         }
431     }
432
433     public static DirContext getUserContext(String[] args)
434     throws Exception{
435
436         String dirUrl = args[3];
437         String uid = args[4];
438         
439         Hashtable env = new Hashtable(11);
440
441         if(args[2].equalsIgnoreCase("-dir")){
442             env.put(Context.INITIAL_CONTEXT_FACTORY,
443                     "com.sun.jndi.ldap.LdapCtxFactory");
444             env.put(Context.PROVIDER_URL, dirUrl);
445
446             DirContext ctx = new InitialDirContext(env);
447             
448             NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
449             if(ne.hasMoreElements()){
450                 SearchResult rs = (SearchResult)ne.nextElement();
451                 String guid = (String)rs.getAttributes().get("GUID").get();
452                 return (DirContext)ctx.lookup("guid="+guid);
453             }else{
454                 System.out.println("Search for "+uid+" failed!");
455                 return null;
456             }
457
458         }else if(args[2].equalsIgnoreCase("-sql")){
459             env.put(Context.INITIAL_CONTEXT_FACTORY,
460                     "SQLCtxFactory");
461
462             // a Sample of possible args to pass to context
463             env.put(Context.PROVIDER_URL, dirUrl);
464             env.put("SQL_DRIVER", "oracle.jdbc.OracleDriver");
465             env.put("SECURITY_PRINCIPAL", "dousti");
466             env.put("SECURITY_CREDENTIALS", "foobar");
467             env.put("USER_IDENTIFIER", args[4]);
468             DirContext ctx = new InitialDirContext(env);
469             return ctx;
470
471         }else{
472             System.out.println("Usage:\n"+listUsage);
473             return null;
474         }
475         
476     }
477         
478 }
479
480
481
482
483