aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTaf.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.cadi.aaf.v2_0;\r
  25 \r
  26 import java.io.IOException;\r
  27 import java.security.Principal;\r
  28 \r
  29 import javax.servlet.http.HttpServletRequest;\r
  30 import javax.servlet.http.HttpServletResponse;\r
  31 \r
  32 import com.att.cadi.AbsUserCache;\r
  33 import com.att.cadi.Access.Level;\r
  34 import com.att.cadi.CachedPrincipal;\r
  35 import com.att.cadi.CachedPrincipal.Resp;\r
  36 import com.att.cadi.GetCred;\r
  37 import com.att.cadi.Hash;\r
  38 import com.att.cadi.Taf.LifeForm;\r
  39 import com.att.cadi.User;\r
  40 import com.att.cadi.aaf.AAFPermission;\r
  41 import com.att.cadi.client.Future;\r
  42 import com.att.cadi.client.Rcli;\r
  43 import com.att.cadi.principal.BasicPrincipal;\r
  44 import com.att.cadi.principal.CachedBasicPrincipal;\r
  45 import com.att.cadi.taf.HttpTaf;\r
  46 import com.att.cadi.taf.TafResp;\r
  47 import com.att.cadi.taf.TafResp.RESP;\r
  48 import com.att.cadi.taf.basic.BasicHttpTafResp;\r
  49 \r
  50 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {\r
  51 //      private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";\r
  52 //      private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";\r
  53         private AAFCon<CLIENT> aaf;\r
  54         private boolean warn;\r
  55 \r
  56         public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {\r
  57                 super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);\r
  58                 aaf = con;\r
  59                 warn = turnOnWarning;\r
  60         }\r
  61 \r
  62         public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {\r
  63                 super(other);\r
  64                 aaf = con;\r
  65                 warn = turnOnWarning;\r
  66         }\r
  67 \r
  68         public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
  69                 //TODO Do we allow just anybody to validate?\r
  70 \r
  71                 // Note: Either Carbon or Silicon based LifeForms ok\r
  72                 String auth = req.getHeader("Authorization");\r
  73                 \r
  74                 System.out.println("value of auth  ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth);\r
  75                 \r
  76                 if(auth == null) {\r
  77                         return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);\r
  78                 } else  {\r
  79                         if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");\r
  80                         \r
  81                         try {\r
  82                                 CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval);\r
  83                                 System.out.println(" value of aaf.getRealm  --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() );\r
  84                                 //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString());\r
  85                                 System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString());\r
  86                                 System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString());\r
  87                                 \r
  88                                 // First try Cache\r
  89                                 User<AAFPermission> usr = getUser(bp);\r
  90                                 \r
  91                         //      System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString());\r
  92                                 \r
  93                                 if(usr != null && usr.principal != null) {\r
  94                                         if(usr.principal instanceof GetCred) {\r
  95                                                 if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {\r
  96                                                         \r
  97                                                         return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
  98                                                 }\r
  99                                         }\r
 100                                 }\r
 101                                 \r
 102                                 Miss miss = missed(bp.getName());\r
 103                                  System.out.println(" value of miss before if loop  ---------6----- +++++++++++++++++++++++++++++++++++++" +miss );\r
 104                                 if(miss!=null && !miss.mayContinue(bp.getCred())) {\r
 105                                         \r
 106                                         System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++");\r
 107                                         \r
 108                                         return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
 109                                                         "User/Pass Retry limit exceeded"), \r
 110                                                         RESP.FAIL,resp,aaf.getRealm(),true);\r
 111                                 }\r
 112                                 \r
 113                                 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp));\r
 114                                 \r
 115                                 //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF);\r
 116                                 //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.);\r
 117                                 Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");\r
 118                                 \r
 119                                 //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString());\r
 120                                 \r
 121                                 if(fp.get(aaf.timeout)) {\r
 122                                         System.out.println("In fp.get check -----10----- +++++++++++++");\r
 123                                         if(usr!=null)usr.principal = bp;\r
 124 \r
 125                                         else addUser(new User<AAFPermission>(bp,aaf.cleanInterval));\r
 126                                         return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
 127                                 } else {\r
 128                                         // Note: AddMiss checks for miss==null, and is part of logic\r
 129                                         \r
 130                                         System.out.println(" In the else part --------11--------++++++++++++++ ");\r
 131                                         \r
 132                                         boolean rv= addMiss(bp.getName(),bp.getCred());\r
 133                                         System.out.println(" value of bp.getName() and bp.getCred() before if check  ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred());\r
 134 \r
 135                                         if(rv) {\r
 136                                                 System.out.println("In if(rv) check -----13----- +++++++++++++");\r
 137                                                 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
 138                                                                 "User/Pass combo invalid via AAF"), \r
 139                                                                 RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);\r
 140                                         } else {\r
 141                                                 System.out.println("In if(rv) else check -----14----- +++++++++++++");\r
 142                                                 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
 143                                                                 "User/Pass combo invalid via AAF - Retry limit exceeded"), \r
 144                                                                 RESP.FAIL,resp,aaf.getRealm(),true);\r
 145                                         }\r
 146                                 }\r
 147                         } catch (IOException e) {\r
 148                                 String msg = buildMsg(null,req,"Invalid Auth Token");\r
 149                                 System.out.println("In IOException catch block -----15----- +++++++++++++");\r
 150                                 e.getStackTrace();\r
 151                                 e.printStackTrace();\r
 152                                 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
 153                                 return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);\r
 154                         } catch (Exception e) {\r
 155                                 String msg = buildMsg(null,req,"Authenticating Service unavailable");\r
 156                                 System.out.println("In Exception catch block  -----16----- +++++++++++++");\r
 157                                 e.getStackTrace();\r
 158                                 e.printStackTrace();\r
 159                                 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
 160                                 return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);\r
 161                         }\r
 162                 }\r
 163         }\r
 164         \r
 165         private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {\r
 166                 StringBuilder sb = new StringBuilder();\r
 167                 for(Object s : msg) {\r
 168                         sb.append(s.toString());\r
 169                 }\r
 170                 if(pr!=null) {\r
 171                         sb.append(" for ");\r
 172                         sb.append(pr.getName());\r
 173                 }\r
 174                 sb.append(" from ");\r
 175                 sb.append(req.getRemoteAddr());\r
 176                 sb.append(':');\r
 177                 sb.append(req.getRemotePort());\r
 178                 return sb.toString();\r
 179         }\r
 180 \r
 181 \r
 182         \r
 183         public Resp revalidate(CachedPrincipal prin) {\r
 184                 //  !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal\r
 185                 if(prin instanceof BasicPrincipal) {\r
 186                         Future<String> fp;\r
 187                         try {\r
 188                                 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin));\r
 189                                 fp = userAAF.read("/authn/basicAuth", "text/plain");\r
 190                                 return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;\r
 191                         } catch (Exception e) {\r
 192                                 aaf.access.log(e, "Cannot Revalidate",prin.getName());\r
 193                                 return Resp.INACCESSIBLE;\r
 194                         }\r
 195                 }\r
 196                 return Resp.NOT_MINE;\r
 197         }\r
 198 \r
 199 }\r