* @brief This file contains implementation of Logic class - main libcynara-client class
*/
+#include <memory>
+
#include <common.h>
+#include <exceptions/ServerConnectionErrorException.h>
+#include <exceptions/UnexpectedErrorException.h>
+#include <log/log.h>
+#include <request/CheckRequest.h>
+#include <request/pointers.h>
+#include <response/CheckResponse.h>
+#include <response/pointers.h>
+#include <types/PolicyKey.h>
+#include <types/PolicyResult.h>
+#include <sockets/SocketClient.h>
#include "Logic.h"
namespace Cynara {
-cynara_api_result Logic::check(const std::string &client UNUSED, const std::string &session UNUSED,
- const std::string &user UNUSED, const std::string &privilege UNUSED)
+Logic::Logic() {
+ m_socketClient = std::make_shared<SocketClient>();
+}
+
+cynara_api_result Logic::check(const std::string &client, const std::string &session UNUSED,
+ const std::string &user, const std::string &privilege) noexcept
{
- //todo - this is a stub
- return cynara_api_result::CYNARA_API_ACCESS_DENIED;
+ //todo Handle session parameter.
+ //todo Check if answer can be get from cache. Update cache.
+
+ //Ask cynara service
+ PolicyResult result(PredefinedPolicyType::DENY);
+ try {
+ RequestPtr request = std::make_shared<CheckRequest>(PolicyKey(client, user, privilege));
+ ResponsePtr response = m_socketClient->askCynaraServer(request);
+ if (!response) {
+ LOGW("Disconnected by cynara server.");
+ onDisconnected();
+ return cynara_api_result::CYNARA_API_SERVICE_NOT_AVAILABLE;
+ }
+ CheckResponsePtr checkResponse = std::dynamic_pointer_cast<CheckResponse>(response);
+ if (!checkResponse) {
+ LOGC("Critical error. Casting Response to CheckResponse failed.");
+ throw UnexpectedErrorException("Error casting Response to CheckResponse");
+ }
+ result = checkResponse->m_resultRef;
+ } catch (const ServerConnectionErrorException &ex) {
+ LOGE("Cynara service not available.");
+ onDisconnected();
+ return cynara_api_result::CYNARA_API_SERVICE_NOT_AVAILABLE;
+ } catch (const std::exception &ex) {
+ LOGE("Error during check of privilege: %s", ex.what());
+ return cynara_api_result::CYNARA_API_ACCESS_DENIED;
+ }
+
+ //todo Interprete result.
+ //todo Update cache.
+
+ //todo return result after more detailed interpretation.
+ if (result.policyType() == PredefinedPolicyType::ALLOW)
+ return cynara_api_result::CYNARA_API_SUCCESS;
+ else
+ return cynara_api_result::CYNARA_API_ACCESS_DENIED;
+}
+
+void Logic::onDisconnected(void) {
+ //todo run special actions when disconnected from cynara service
+ // like cleaning cache
}
} // namespace Cynara
#define SRC_CLIENT_LOGIC_LOGIC_H_
#include <string>
+
#include <api/ApiInterface.h>
+#include <sockets/SocketClient.h>
namespace Cynara {
class Logic : public ApiInterface {
+private:
+ SocketClientPtr m_socketClient;
+
+ void onDisconnected(void);
+
public:
- Logic() = default;
+ Logic();
virtual ~Logic() = default;
virtual cynara_api_result check(const std::string &client, const std::string &session,
- const std::string &user, const std::string &privilege);
+ const std::string &user, const std::string &privilege) noexcept;
};
} // namespace Cynara
projects / platform / core / security / cynara.git / commitdiff