diff options
Diffstat (limited to 'framework/src/onos/cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java')
-rw-r--r-- | framework/src/onos/cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/framework/src/onos/cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java b/framework/src/onos/cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java new file mode 100644 index 00000000..9d17eb23 --- /dev/null +++ b/framework/src/onos/cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java @@ -0,0 +1,122 @@ +/* + * Copyright 2015 Open Networking Laboratory + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onosproject.cli.security; + +import org.apache.karaf.shell.commands.Argument; +import org.apache.karaf.shell.commands.Command; +import org.onosproject.app.ApplicationAdminService; +import org.onosproject.cli.AbstractShellCommand; +import org.onosproject.core.Application; +import org.onosproject.core.ApplicationId; +import org.onosproject.security.SecurityAdminService; +import org.onosproject.security.SecurityUtil; + +import java.security.Permission; +import java.util.List; +import java.util.Map; + + +/** + * Application security policy review commands. + */ +@Command(scope = "onos", name = "review", + description = "Application security policy review interface") +public class ReviewCommand extends AbstractShellCommand { + + @Argument(index = 0, name = "name", description = "Application name", + required = true, multiValued = false) + String name = null; + + @Argument(index = 1, name = "accept", description = "Option to accept policy", + required = false, multiValued = false) + String accept = null; + + @Override + protected void execute() { + ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class); + ApplicationId appId = applicationAdminService.getId(name); + if (appId == null) { + print("No such application: %s", name); + return; + } + Application app = applicationAdminService.getApplication(appId); + SecurityAdminService smService = SecurityUtil.getSecurityService(); + if (smService == null) { + print("Security Mode is disabled"); + return; + } + if (accept == null) { + smService.review(appId); + printPolicy(smService, app); + } else if (accept.trim().equals("accept")) { + smService.acceptPolicy(appId); + printPolicy(smService, app); + } else { + print("Unknown command"); + } + } + + private void printPolicy(SecurityAdminService smService, Application app) { + print("\n*******************************"); + print(" SM-ONOS APP REVIEW "); + print("*******************************"); + + print("Application name: %s ", app.id().name()); + print("Application role: " + app.role()); + print("\nDeveloper specified permissions: "); + printMap(smService.getPrintableSpecifiedPermissions(app.id())); + print("\nPermissions granted: "); + printMap(smService.getPrintableGrantedPermissions(app.id())); + print("\nAdditional permissions requested on runtime (POLICY VIOLATIONS): "); + printMap(smService.getPrintableRequestedPermissions(app.id())); + print(""); + + } + private void printMap(Map<Integer, List<Permission>> assortedMap) { + for (Integer type : assortedMap.keySet()) { + switch (type) { + case 0: + for (Permission perm: assortedMap.get(0)) { + print("\t[APP PERMISSION] " + perm.getName()); + } + break; + case 1: + for (Permission perm: assortedMap.get(1)) { + print("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")"); + } + break; + case 2: + for (Permission perm: assortedMap.get(2)) { + print("\t[NB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")"); + } + break; + case 3: + for (Permission perm: assortedMap.get(3)) { + print("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")"); + } + break; + case 4: + for (Permission perm: assortedMap.get(4)) { + print("\t[Other] " + perm.getClass().getSimpleName() + + " " + perm.getName() + " (" + perm.getActions() + ")"); + } + default: + break; + } + } + } +} |