Google Git
Sign in
apache / geode / refs/heads/next-gen-native-client-software-grant / . / src / tests / cpp / security / XmlAuthzCredentialGenerator.hpp
blob: 51c5e07a0aad5ab7ba82ac5c387148558930b94a [file] [log] [blame]
#pragma once
#ifndef APACHE_GEODE_GUARD_a14b9dccb3fd9b3b05214dc60326e629
#define APACHE_GEODE_GUARD_a14b9dccb3fd9b3b05214dc60326e629
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <gfcpp/SharedBase.hpp>
#include <gfcpp/Properties.hpp>
#include "typedefs.hpp"
#include <algorithm>
#include <time.h>
#include <stdlib.h>
namespace apache {
namespace geode {
namespace client {
namespace testframework {
namespace security {
const opCodeList::value_type RArr[] = {
OP_GET, OP_GETALL, OP_REGISTER_INTEREST, OP_UNREGISTER_INTEREST,
OP_KEY_SET, OP_CONTAINS_KEY};
const opCodeList::value_type WArr[] = {
OP_CREATE, OP_UPDATE, OP_PUTALL, OP_DESTROY,
OP_INVALIDATE, OP_REGION_CLEAR, OP_EXECUTE_FUNCTION};
const opCodeList::value_type QArr[] = {OP_QUERY, OP_REGISTER_CQ};
const stringList::value_type QRArr[] = {"Portfolios", "Positions"};
const char* PRiUsnm = "%s%d";
class XmlAuthzCredentialGenerator;
typedef SharedPtr<XmlAuthzCredentialGenerator> XmlAuthzCredentialGeneratorPtr;
class XmlAuthzCredentialGenerator : public SharedBase {
private:
ID m_id;
opCodeList* m_opCode;
stringList* m_regionNames;
PropertiesPtr* m_prop;
opCodeList Readers;
opCodeList Writers;
opCodeList Query;
stringList QueryRegions;
public:
XmlAuthzCredentialGenerator(ID id)
: m_id(id),
Readers(RArr, RArr + sizeof RArr / sizeof *RArr),
Writers(WArr, WArr + sizeof WArr / sizeof *WArr),
Query(QArr, QArr + sizeof QArr / sizeof *QArr),
QueryRegions(QRArr, QRArr + sizeof QRArr / sizeof *QRArr) {
m_opCode = NULL;
m_regionNames = NULL;
m_prop = NULL;
/* initialize random seed: */
srand(static_cast<unsigned int>(time(NULL)));
}
virtual ~XmlAuthzCredentialGenerator() { ; }
virtual void getAllowedCredentials(opCodeList& opCode, PropertiesPtr& prop,
stringList* regionNames) {
try {
m_opCode = &opCode;
m_regionNames = regionNames;
m_prop = &prop;
switch (m_id) {
case ID_DUMMY:
getAllowedDummyAuthz(NO_ROLE);
break;
case ID_LDAP:
getAllowedLdapAuthz(NO_ROLE);
break;
case ID_PKI:
getAllowedPkcsAuthz(NO_ROLE);
break;
default:
break;
};
} catch (...) {
reset();
}
reset();
}
void reset() {
m_opCode = NULL;
m_regionNames = NULL;
m_prop = NULL;
}
virtual void getDisallowedCredentials(opCodeList& opCode, PropertiesPtr& prop,
stringList* regionNames) {
try {
m_opCode = &opCode;
m_regionNames = regionNames;
m_prop = &prop;
ROLES role = getRequiredRole();
switch (role) {
case READER_ROLE:
role = WRITER_ROLE;
case WRITER_ROLE:
role = READER_ROLE;
case QUERY_ROLE:
role = WRITER_ROLE;
case ADMIN_ROLE:
role = QUERY_ROLE;
default:
/* UNNECESSARY role = role*/ break;
};
switch (m_id) {
case ID_DUMMY:
getAllowedDummyAuthz(role);
break;
case ID_LDAP:
getAllowedLdapAuthz(role);
break;
case ID_PKI:
getAllowedPkcsAuthz(role);
break;
default:
break;
};
} catch (...) {
reset();
}
reset();
}
private:
void getAllowedDummyAuthz(ROLES role) {
const char* adminUsers[] = {"admin", "root", "administrator"};
const int adminUsrSz = (sizeof adminUsers / sizeof *adminUsers) - 1;
std::string validity = "invalid";
if (role == NO_ROLE) {
role = getRequiredRole();
validity = "valid";
}
char userName[100];
switch (role) {
case READER_ROLE:
sprintf(userName, PRiUsnm, "reader", rand() % 3);
break;
case WRITER_ROLE:
sprintf(userName, PRiUsnm, "writer", rand() % 3);
break;
case QUERY_ROLE:
sprintf(userName, PRiUsnm, "reader", (rand() % 2) + 3);
break;
case ADMIN_ROLE:
sprintf(userName, "%s", adminUsers[rand() % adminUsrSz]);
break;
default:
sprintf(userName, PRiUsnm, "user", rand() % 3);
break;
};
(*m_prop)->insert("security-username", userName);
(*m_prop)->insert("security-password", userName);
FWKINFO("inserted " << validity << " dummy security-username "
<< (*m_prop)->find("security-username")->asChar()
<< " password "
<< ((*m_prop)->find("security-password") != NULLPTR
? (*m_prop)->find("security-password")->asChar()
: "not set"));
}
std::string getAllowedUser(ROLES role) {
const std::string userPrefix = "geode";
const int readerIndices[] = {3, 4, 5};
const int writerIndices[] = {6, 7, 8};
const int queryIndices[] = {9, 10};
const int adminIndices[] = {1, 2};
const int readerIndSz = (sizeof readerIndices / sizeof *readerIndices) - 1;
const int writerIndSz = (sizeof writerIndices / sizeof *writerIndices) - 1;
const int queryIndSz = (sizeof queryIndices / sizeof *queryIndices) - 1;
const int adminIndSz = (sizeof adminIndices / sizeof *adminIndices) - 1;
std::string validity = "invalid";
if (role == NO_ROLE) {
role = getRequiredRole();
validity = "valid";
}
char userName[256];
switch (role) {
case READER_ROLE:
sprintf(userName, PRiUsnm, userPrefix.c_str(),
readerIndices[rand() % readerIndSz]);
break;
case WRITER_ROLE:
sprintf(userName, PRiUsnm, userPrefix.c_str(),
writerIndices[rand() % writerIndSz]);
break;
case QUERY_ROLE:
sprintf(userName, PRiUsnm, userPrefix.c_str(),
queryIndices[rand() % queryIndSz]);
break;
case ADMIN_ROLE:
default:
sprintf(userName, PRiUsnm, userPrefix.c_str(),
adminIndices[rand() % adminIndSz]);
break;
};
FWKINFO("inserted " << validity << " username " << userName);
return std::string(userName);
}
void getAllowedLdapAuthz(ROLES role) {
const std::string userName = getAllowedUser(role);
(*m_prop)->insert("security-username", userName.c_str());
(*m_prop)->insert("security-password", userName.c_str());
FWKINFO("inserted ldap security-username "
<< (*m_prop)->find("security-username")->asChar() << " password "
<< ((*m_prop)->find("security-password") != NULLPTR
? (*m_prop)->find("security-password")->asChar()
: "not set"));
}
void getAllowedPkcsAuthz(ROLES role) {
const std::string userName = getAllowedUser(role);
(*m_prop)->insert("security-alias", userName.c_str());
(*m_prop)->insert("security-keystorepass", "geode");
FWKINFO("inserted PKCS security-alias"
<< (*m_prop)->find("security-alias")->asChar() << " password "
<< ((*m_prop)->find("security-keystorepass") != NULLPTR
? (*m_prop)->find("security-keystorepass")->asChar()
: "not set"));
}
ROLES getRequiredRole() {
bool requireReaders = true, requireWriters = true, requireQuery = true;
ROLES role = ADMIN_ROLE;
for (opCodeList::iterator it = m_opCode->begin(); it != m_opCode->end();
it++) {
if (requireReaders &&
std::find(Readers.begin(), Readers.end(), (*it)) == Readers.end()) {
requireReaders = false;
}
if (requireWriters &&
std::find(Writers.begin(), Writers.end(), (*it)) == Writers.end()) {
requireWriters = false;
}
if (requireQuery &&
std::find(Query.begin(), Query.end(), (*it)) == Query.end()) {
requireQuery = false;
}
}
if (requireReaders) {
role = READER_ROLE;
} else if (requireWriters) {
role = WRITER_ROLE;
} else if (requireQuery) {
role = QUERY_ROLE;
/*
if( m_regionNames != NULL && m_regionNames->size() > 0 ) {
bool queryUsers = true;
for( stringList::iterator rit = m_regionNames->begin(); rit !=
m_regionNames->end(); rit++) {
if( queryUsers && std::find(QueryRegions.begin(),
QueryRegions.end(),(*rit)) == QueryRegions.end() ) {
queryUsers = false;
}
}
if( queryUsers ) {
role = QUERY_ROLE;
}
}
*/
}
return role;
} // end of requireRole
};
} // namespace security
} // namespace testframework
} // namespace client
} // namespace geode
} // namespace apache
#endif // APACHE_GEODE_GUARD_a14b9dccb3fd9b3b05214dc60326e629