Code Review / aaf / cadi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
 [AAF-21] Updated Copyright Headers for AAF
[aaf/cadi.git] / aaf / src / src / main / java / com / att / cadi / aaf / v2_0 / AAFTaf.java
1 /*******************************************************************************\r
2  * ============LICENSE_START====================================================\r
3  * * org.onap.aaf\r
4  * * ===========================================================================\r
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
6  * * ===========================================================================\r
7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
8  * * you may not use this file except in compliance with the License.\r
9  * * You may obtain a copy of the License at\r
10  * * \r
11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
12  * * \r
13  *  * Unless required by applicable law or agreed to in writing, software\r
14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
16  * * See the License for the specific language governing permissions and\r
17  * * limitations under the License.\r
18  * * ============LICENSE_END====================================================\r
19  * *\r
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
21  * *\r
22  ******************************************************************************/\r
23 package com.att.cadi.aaf.v2_0;\r
24 \r
25 import java.io.IOException;\r
26 import java.security.Principal;\r
27 \r
28 import javax.servlet.http.HttpServletRequest;\r
29 import javax.servlet.http.HttpServletResponse;\r
30 \r
31 import com.att.cadi.AbsUserCache;\r
32 import com.att.cadi.Access.Level;\r
33 import com.att.cadi.CachedPrincipal;\r
34 import com.att.cadi.CachedPrincipal.Resp;\r
35 import com.att.cadi.GetCred;\r
36 import com.att.cadi.Hash;\r
37 import com.att.cadi.Taf.LifeForm;\r
38 import com.att.cadi.User;\r
39 import com.att.cadi.aaf.AAFPermission;\r
40 import com.att.cadi.client.Future;\r
41 import com.att.cadi.client.Rcli;\r
42 import com.att.cadi.principal.BasicPrincipal;\r
43 import com.att.cadi.principal.CachedBasicPrincipal;\r
44 import com.att.cadi.taf.HttpTaf;\r
45 import com.att.cadi.taf.TafResp;\r
46 import com.att.cadi.taf.TafResp.RESP;\r
47 import com.att.cadi.taf.basic.BasicHttpTafResp;\r
48 \r
49 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {\r
50 //      private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";\r
51 //      private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";\r
52         private AAFCon<CLIENT> aaf;\r
53         private boolean warn;\r
54 \r
55         public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {\r
56                 super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);\r
57                 aaf = con;\r
58                 warn = turnOnWarning;\r
59         }\r
60 \r
61         public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {\r
62                 super(other);\r
63                 aaf = con;\r
64                 warn = turnOnWarning;\r
65         }\r
66 \r
67         public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
68                 //TODO Do we allow just anybody to validate?\r
69 \r
70                 // Note: Either Carbon or Silicon based LifeForms ok\r
71                 String auth = req.getHeader("Authorization");\r
72                 \r
73                 System.out.println("value of auth  ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth);\r
74                 \r
75                 if(auth == null) {\r
76                         return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);\r
77                 } else  {\r
78                         if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");\r
79                         \r
80                         try {\r
81                                 CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval);\r
82                                 System.out.println(" value of aaf.getRealm  --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() );\r
83                                 //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString());\r
84                                 System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString());\r
85                                 System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString());\r
86                                 \r
87                                 // First try Cache\r
88                                 User<AAFPermission> usr = getUser(bp);\r
89                                 \r
90                         //      System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString());\r
91                                 \r
92                                 if(usr != null && usr.principal != null) {\r
93                                         if(usr.principal instanceof GetCred) {\r
94                                                 if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {\r
95                                                         \r
96                                                         return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
97                                                 }\r
98                                         }\r
99                                 }\r
100                                 \r
101                                 Miss miss = missed(bp.getName());\r
102                                  System.out.println(" value of miss before if loop  ---------6----- +++++++++++++++++++++++++++++++++++++" +miss );\r
103                                 if(miss!=null && !miss.mayContinue(bp.getCred())) {\r
104                                         \r
105                                         System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++");\r
106                                         \r
107                                         return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
108                                                         "User/Pass Retry limit exceeded"), \r
109                                                         RESP.FAIL,resp,aaf.getRealm(),true);\r
110                                 }\r
111                                 \r
112                                 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp));\r
113                                 \r
114                                 //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF);\r
115                                 //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.);\r
116                                 Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");\r
117                                 \r
118                                 //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString());\r
119                                 \r
120                                 if(fp.get(aaf.timeout)) {\r
121                                         System.out.println("In fp.get check -----10----- +++++++++++++");\r
122                                         if(usr!=null)usr.principal = bp;\r
123 \r
124                                         else addUser(new User<AAFPermission>(bp,aaf.cleanInterval));\r
125                                         return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
126                                 } else {\r
127                                         // Note: AddMiss checks for miss==null, and is part of logic\r
128                                         \r
129                                         System.out.println(" In the else part --------11--------++++++++++++++ ");\r
130                                         \r
131                                         boolean rv= addMiss(bp.getName(),bp.getCred());\r
132                                         System.out.println(" value of bp.getName() and bp.getCred() before if check  ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred());\r
133 \r
134                                         if(rv) {\r
135                                                 System.out.println("In if(rv) check -----13----- +++++++++++++");\r
136                                                 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
137                                                                 "User/Pass combo invalid via AAF"), \r
138                                                                 RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);\r
139                                         } else {\r
140                                                 System.out.println("In if(rv) else check -----14----- +++++++++++++");\r
141                                                 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
142                                                                 "User/Pass combo invalid via AAF - Retry limit exceeded"), \r
143                                                                 RESP.FAIL,resp,aaf.getRealm(),true);\r
144                                         }\r
145                                 }\r
146                         } catch (IOException e) {\r
147                                 String msg = buildMsg(null,req,"Invalid Auth Token");\r
148                                 System.out.println("In IOException catch block -----15----- +++++++++++++");\r
149                                 e.getStackTrace();\r
150                                 e.printStackTrace();\r
151                                 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
152                                 return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);\r
153                         } catch (Exception e) {\r
154                                 String msg = buildMsg(null,req,"Authenticating Service unavailable");\r
155                                 System.out.println("In Exception catch block  -----16----- +++++++++++++");\r
156                                 e.getStackTrace();\r
157                                 e.printStackTrace();\r
158                                 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
159                                 return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);\r
160                         }\r
161                 }\r
162         }\r
163         \r
164         private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {\r
165                 StringBuilder sb = new StringBuilder();\r
166                 for(Object s : msg) {\r
167                         sb.append(s.toString());\r
168                 }\r
169                 if(pr!=null) {\r
170                         sb.append(" for ");\r
171                         sb.append(pr.getName());\r
172                 }\r
173                 sb.append(" from ");\r
174                 sb.append(req.getRemoteAddr());\r
175                 sb.append(':');\r
176                 sb.append(req.getRemotePort());\r
177                 return sb.toString();\r
178         }\r
179 \r
180 \r
181         \r
182         public Resp revalidate(CachedPrincipal prin) {\r
183                 //  !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal\r
184                 if(prin instanceof BasicPrincipal) {\r
185                         Future<String> fp;\r
186                         try {\r
187                                 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin));\r
188                                 fp = userAAF.read("/authn/basicAuth", "text/plain");\r
189                                 return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;\r
190                         } catch (Exception e) {\r
191                                 aaf.access.log(e, "Cannot Revalidate",prin.getName());\r
192                                 return Resp.INACCESSIBLE;\r
193                         }\r
194                 }\r
195                 return Resp.NOT_MINE;\r
196         }\r
197 \r
198 }\r
ARCHIVED- 2022-02-15 at the request of the project