[AAF-21] Initial code import

[aaf/cadi.git] / aaf / src / main / java / com / att / cadi / aaf / v2_0 / AAFTrustChecker.java

/*******************************************************************************\r
 * ============LICENSE_START====================================================\r
 * * org.onap.aai\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * Copyright © 2017 Amdocs\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * * \r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * * \r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
package com.att.cadi.aaf.v2_0;\r
\r
import javax.servlet.http.HttpServletRequest ;\r
\r
import com.att.cadi.Access;\r
import com.att.cadi.Lur;\r
import com.att.cadi.TrustChecker;\r
import com.att.cadi.aaf.AAFPermission;\r
import com.att.cadi.config.Config;\r
import com.att.cadi.principal.TrustPrincipal;\r
import com.att.cadi.taf.TafResp;\r
import com.att.cadi.taf.TrustNotTafResp;\r
import com.att.cadi.taf.TrustTafResp;\r
import com.att.inno.env.Env;\r
import com.att.inno.env.util.Split;\r
\r
public class AAFTrustChecker implements TrustChecker {\r
        private final String tag, id;\r
        private final AAFPermission perm;\r
        private Lur lur;\r
\r
        /**\r
         * \r
         * Instance will be replaced by Identity\r
         * @param lur \r
         *    \r
         * @param tag\r
         * @param perm\r
         */\r
        public AAFTrustChecker(final Env env) {\r
                tag = env.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);\r
                id = env.getProperty(Config.CADI_ALIAS,env.getProperty(Config.AAF_MECHID)); // share between components\r
                String str = env.getProperty(Config.CADI_TRUST_PERM);\r
                AAFPermission temp=null;\r
                if(str!=null) {\r
                        String[] sp = Split.splitTrim('|', str);\r
                        if(sp.length==3) {\r
                                temp = new AAFPermission(sp[0],sp[1],sp[2]);\r
                        }\r
                }\r
                perm=temp;\r
        }\r
\r
        public AAFTrustChecker(final Access access) {\r
                tag = access.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);\r
                id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_MECHID,null)); // share between components\r
                String str = access.getProperty(Config.CADI_TRUST_PERM,null);\r
                AAFPermission temp=null;\r
                if(str!=null) {\r
                        String[] sp = Split.splitTrim('|', str);\r
                        if(sp.length==3) {\r
                                temp = new AAFPermission(sp[0],sp[1],sp[2]);\r
                        }\r
                }\r
                perm=temp;\r
        }\r
\r
        /* (non-Javadoc)\r
         * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur)\r
         */\r
        @Override\r
        public void setLur(Lur lur) {\r
                this.lur = lur;\r
        }\r
\r
        @Override\r
        public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {\r
                String user_info = req.getHeader(tag);\r
                if(user_info !=null ) {\r
                        String[] info = Split.split(',', user_info);\r
                        if(info.length>0) {\r
                                String[] flds = Split.splitTrim(':',info[0]);\r
                                if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS"\r
                                        String pn = tresp.getPrincipal().getName();\r
                                        if(pn.equals(id)  // We do trust our own App Components: if a trust entry is made with self, always accept\r
                                           || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM\r
                                                return new TrustTafResp(tresp,\r
                                                                new TrustPrincipal(tresp.getPrincipal(), flds[0]),\r
                                                                "  " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','\r
                                                        );\r
                                        } else if(pn.equals(flds[0])) { // Ignore if same identity \r
                                                return tresp;\r
                                        } else {\r
                                                return new TrustNotTafResp(tresp, tresp.getPrincipal().getName() + " requested trust as "\r
                                                                + flds[0] + ", but does not have Authorization");\r
                                        }\r
                                }\r
                        }\r
                }\r
                return tresp;\r
        }\r
\r
}\r