1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cadi.aaf.v2_0;
\r
26 import java.io.IOException;
\r
27 import java.security.Principal;
\r
29 import javax.servlet.http.HttpServletRequest;
\r
30 import javax.servlet.http.HttpServletResponse;
\r
32 import com.att.cadi.AbsUserCache;
\r
33 import com.att.cadi.Access.Level;
\r
34 import com.att.cadi.CachedPrincipal;
\r
35 import com.att.cadi.CachedPrincipal.Resp;
\r
36 import com.att.cadi.GetCred;
\r
37 import com.att.cadi.Hash;
\r
38 import com.att.cadi.Taf.LifeForm;
\r
39 import com.att.cadi.User;
\r
40 import com.att.cadi.aaf.AAFPermission;
\r
41 import com.att.cadi.client.Future;
\r
42 import com.att.cadi.client.Rcli;
\r
43 import com.att.cadi.principal.BasicPrincipal;
\r
44 import com.att.cadi.principal.CachedBasicPrincipal;
\r
45 import com.att.cadi.taf.HttpTaf;
\r
46 import com.att.cadi.taf.TafResp;
\r
47 import com.att.cadi.taf.TafResp.RESP;
\r
48 import com.att.cadi.taf.basic.BasicHttpTafResp;
\r
50 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
\r
51 // private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";
\r
52 // private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";
\r
53 private AAFCon<CLIENT> aaf;
\r
54 private boolean warn;
\r
56 public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
\r
57 super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
\r
59 warn = turnOnWarning;
\r
62 public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
\r
65 warn = turnOnWarning;
\r
68 public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {
\r
69 //TODO Do we allow just anybody to validate?
\r
71 // Note: Either Carbon or Silicon based LifeForms ok
\r
72 String auth = req.getHeader("Authorization");
\r
74 System.out.println("value of auth ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth);
\r
77 return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
\r
79 if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
\r
82 CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval);
\r
83 System.out.println(" value of aaf.getRealm --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() );
\r
84 //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString());
\r
85 System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString());
\r
86 System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString());
\r
89 User<AAFPermission> usr = getUser(bp);
\r
91 // System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString());
\r
93 if(usr != null && usr.principal != null) {
\r
94 if(usr.principal instanceof GetCred) {
\r
95 if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {
\r
97 return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
\r
102 Miss miss = missed(bp.getName());
\r
103 System.out.println(" value of miss before if loop ---------6----- +++++++++++++++++++++++++++++++++++++" +miss );
\r
104 if(miss!=null && !miss.mayContinue(bp.getCred())) {
\r
106 System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++");
\r
108 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
109 "User/Pass Retry limit exceeded"),
\r
110 RESP.FAIL,resp,aaf.getRealm(),true);
\r
113 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp));
\r
115 //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF);
\r
116 //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.);
\r
117 Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");
\r
119 //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString());
\r
121 if(fp.get(aaf.timeout)) {
\r
122 System.out.println("In fp.get check -----10----- +++++++++++++");
\r
123 if(usr!=null)usr.principal = bp;
\r
125 else addUser(new User<AAFPermission>(bp,aaf.cleanInterval));
\r
126 return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
\r
128 // Note: AddMiss checks for miss==null, and is part of logic
\r
130 System.out.println(" In the else part --------11--------++++++++++++++ ");
\r
132 boolean rv= addMiss(bp.getName(),bp.getCred());
\r
133 System.out.println(" value of bp.getName() and bp.getCred() before if check ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred());
\r
136 System.out.println("In if(rv) check -----13----- +++++++++++++");
\r
137 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
138 "User/Pass combo invalid via AAF"),
\r
139 RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
\r
141 System.out.println("In if(rv) else check -----14----- +++++++++++++");
\r
142 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
143 "User/Pass combo invalid via AAF - Retry limit exceeded"),
\r
144 RESP.FAIL,resp,aaf.getRealm(),true);
\r
147 } catch (IOException e) {
\r
148 String msg = buildMsg(null,req,"Invalid Auth Token");
\r
149 System.out.println("In IOException catch block -----15----- +++++++++++++");
\r
151 e.printStackTrace();
\r
152 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');
\r
153 return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
\r
154 } catch (Exception e) {
\r
155 String msg = buildMsg(null,req,"Authenticating Service unavailable");
\r
156 System.out.println("In Exception catch block -----16----- +++++++++++++");
\r
158 e.printStackTrace();
\r
159 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');
\r
160 return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);
\r
165 private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {
\r
166 StringBuilder sb = new StringBuilder();
\r
167 for(Object s : msg) {
\r
168 sb.append(s.toString());
\r
171 sb.append(" for ");
\r
172 sb.append(pr.getName());
\r
174 sb.append(" from ");
\r
175 sb.append(req.getRemoteAddr());
\r
177 sb.append(req.getRemotePort());
\r
178 return sb.toString();
\r
183 public Resp revalidate(CachedPrincipal prin) {
\r
184 // !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal
\r
185 if(prin instanceof BasicPrincipal) {
\r
188 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin));
\r
189 fp = userAAF.read("/authn/basicAuth", "text/plain");
\r
190 return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;
\r
191 } catch (Exception e) {
\r
192 aaf.access.log(e, "Cannot Revalidate",prin.getName());
\r
193 return Resp.INACCESSIBLE;
\r
196 return Resp.NOT_MINE;
\r