diff options
author | Ashlee Young <ashlee@onosfw.com> | 2015-09-09 22:15:21 -0700 |
---|---|---|
committer | Ashlee Young <ashlee@onosfw.com> | 2015-09-09 22:15:21 -0700 |
commit | 13d05bc8458758ee39cb829098241e89616717ee (patch) | |
tree | 22a4d1ce65f15952f07a3df5af4b462b4697cb3a /framework/src/onos/core/api/src/main/java/org/onosproject/security | |
parent | 6139282e1e93c2322076de4b91b1c85d0bc4a8b3 (diff) |
ONOS checkin based on commit tag e796610b1f721d02f9b0e213cf6f7790c10ecd60
Change-Id: Ife8810491034fe7becdba75dda20de4267bd15cd
Diffstat (limited to 'framework/src/onos/core/api/src/main/java/org/onosproject/security')
6 files changed, 404 insertions, 0 deletions
diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppGuard.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppGuard.java new file mode 100644 index 00000000..800135f4 --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppGuard.java @@ -0,0 +1,38 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.security; + + +/** + * Aids SM-ONOS to perform API-level permission checking. + */ +public final class AppGuard { + + private AppGuard() { + } + + /** + * Checks if the caller has the required permission only when security-mode is enabled. + * @param permission permission to be checked + */ + public static void checkPermission(AppPermission.Type permission) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + System.getSecurityManager().checkPermission(new AppPermission(permission)); + } + } +} diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppPermission.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppPermission.java new file mode 100644 index 00000000..21a70d2b --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/AppPermission.java @@ -0,0 +1,110 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.security; + +import java.security.BasicPermission; + +/** + * Implementation of API access permission. + */ +public class AppPermission extends BasicPermission { + + public enum Type { + APP_READ, + APP_EVENT, + CONFIG_READ, + CONFIG_WRITE, + CLUSTER_READ, + CLUSTER_WRITE, + CLUSTER_EVENT, + DEVICE_READ, + DEVICE_EVENT, + DRIVER_READ, + DRIVER_WRITE, + FLOWRULE_READ, + FLOWRULE_WRITE, + FLOWRULE_EVENT, + GROUP_READ, + GROUP_WRITE, + GROUP_EVENT, + HOST_READ, + HOST_WRITE, + HOST_EVENT, + INTENT_READ, + INTENT_WRITE, + INTENT_EVENT, + LINK_READ, + LINK_WRITE, + LINK_EVENT, + PACKET_READ, + PACKET_WRITE, + PACKET_EVENT, + STATISTIC_READ, + TOPOLOGY_READ, + TOPOLOGY_EVENT, + TUNNEL_READ, + TUNNEL_WRITE, + TUNNEL_EVENT, + STORAGE_WRITE + } + + protected Type type; + /** + * Creates new application permission using the supplied data. + * @param name permission name + */ + public AppPermission(String name) { + super(name.toUpperCase(), ""); + try { + type = Type.valueOf(name); + } catch (IllegalArgumentException e) { + type = null; + } + } + + /** + * Creates new application permission using the supplied data. + * @param name permission name + * @param actions permission action + */ + public AppPermission(String name, String actions) { + super(name.toUpperCase(), actions); + try { + type = Type.valueOf(name); + } catch (IllegalArgumentException e) { + type = null; + } + } + + /** + * Crates new application permission using the supplied data. + * @param type permission type + */ + public AppPermission(Type type) { + super(type.name(), ""); + this.type = type; + } + + /** + * Returns type of permission. + * @return application permission type + */ + public Type getType() { + return this.type; + } + +} diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/Permission.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/Permission.java new file mode 100644 index 00000000..75d9433f --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/Permission.java @@ -0,0 +1,77 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.security; + +public class Permission { + + protected String classname; + protected String name; + protected String actions; + + public Permission(String classname, String name, String actions) { + this.classname = classname; + this.name = name; + if (actions == null) { + this.actions = ""; + } else { + this.actions = actions; + } + } + + public Permission(String classname, String name) { + this.classname = classname; + this.name = name; + this.actions = ""; + } + + public String getClassName() { + return classname; + } + + public String getName() { + return name; + } + + public String getActions() { + return actions; + } + + @Override + public int hashCode() { + return 0; + } + + @Override + public boolean equals(Object thatPerm) { + if (this == thatPerm) { + return true; + } + + if (!(thatPerm instanceof Permission)) { + return false; + } + + Permission that = (Permission) thatPerm; + return (this.classname.equals(that.classname)) && (this.name.equals(that.name)) + && (this.actions.equals(that.actions)); + } + + @Override + public String toString() { + return String.format("(%s, %s, %s)", classname, name, actions); + } +} diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityAdminService.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityAdminService.java new file mode 100644 index 00000000..16ea94d1 --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityAdminService.java @@ -0,0 +1,77 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.security; + +import org.onosproject.core.ApplicationId; + +import java.security.Permission; +import java.util.List; +import java.util.Map; + +/** + * Security-Mode ONOS service. + */ +public interface SecurityAdminService { + + /** + * Returns true if security policy has been enforced to specified application. + * @param appId application identifier + * @return true if secured. + */ + boolean isSecured(ApplicationId appId); + + /** + * Changes SecurityModeState of specified application to REVIEWED. + * @param appId application identifier + */ + void review(ApplicationId appId); + + /** + * Accepts and enforces security policy to specified application. + * @param appId application identifier + */ + void acceptPolicy(ApplicationId appId); + + /** + * Register application to SM-ONOS subsystem. + * @param appId application identifier + */ + void register(ApplicationId appId); + + /** + * Returns sorted developer specified permission Map. + * @param appId application identifier + * @return Map of list of permissions sorted by permission type + */ + Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId); + + /** + * Returns sorted granted permission Map. + * @param appId application identifier + * @return Map of list of permissions sorted by permission type + */ + Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId); + + /** + * Returns sorted requested permission Map. + * @param appId application identifier + * @return Map of list of permissions sorted by permission type + */ + Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId); + + +} diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityUtil.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityUtil.java new file mode 100644 index 00000000..34b4e78a --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/SecurityUtil.java @@ -0,0 +1,82 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.security; + +import org.onlab.osgi.DefaultServiceDirectory; +import org.onlab.osgi.ServiceDirectory; +import org.onlab.osgi.ServiceNotFoundException; +import org.onosproject.core.ApplicationId; + +/** + * Utility class to aid Security-Mode ONOS. + */ +public final class SecurityUtil { + + protected static ServiceDirectory serviceDirectory = new DefaultServiceDirectory(); + + private SecurityUtil() { + } + + public static boolean isSecurityModeEnabled() { + if (System.getSecurityManager() != null) { + try { + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class); + if (securityService != null) { + return true; + } + } catch (ServiceNotFoundException e) { + return false; + } + } + return false; + } + + public static SecurityAdminService getSecurityService() { + if (System.getSecurityManager() != null) { + try { + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class); + if (securityService != null) { + return securityService; + } + } catch (ServiceNotFoundException e) { + return null; + } + } + return null; + } + + public static boolean isAppSecured(ApplicationId appId) { + SecurityAdminService service = getSecurityService(); + if (service != null) { + if (!service.isSecured(appId)) { + System.out.println("\n*******************************"); + System.out.println(" SM-ONOS APP WARNING "); + System.out.println("*******************************"); + System.out.println(appId.name() + " has not been secured."); + System.out.println("Please review before activating."); + return false; + } + } + return true; + } + public static void register(ApplicationId appId) { + SecurityAdminService service = getSecurityService(); + if (service != null) { + service.register(appId); + } + } +} diff --git a/framework/src/onos/core/api/src/main/java/org/onosproject/security/package-info.java b/framework/src/onos/core/api/src/main/java/org/onosproject/security/package-info.java new file mode 100644 index 00000000..88c3529d --- /dev/null +++ b/framework/src/onos/core/api/src/main/java/org/onosproject/security/package-info.java @@ -0,0 +1,20 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Application security constructs. + */ +package org.onosproject.security;
\ No newline at end of file |