1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.cadi.aaf.v2_0;
\r
25 import java.io.IOException;
\r
26 import java.security.Principal;
\r
28 import javax.servlet.http.HttpServletRequest;
\r
29 import javax.servlet.http.HttpServletResponse;
\r
31 import com.att.cadi.AbsUserCache;
\r
32 import com.att.cadi.Access.Level;
\r
33 import com.att.cadi.CachedPrincipal;
\r
34 import com.att.cadi.CachedPrincipal.Resp;
\r
35 import com.att.cadi.GetCred;
\r
36 import com.att.cadi.Hash;
\r
37 import com.att.cadi.Taf.LifeForm;
\r
38 import com.att.cadi.User;
\r
39 import com.att.cadi.aaf.AAFPermission;
\r
40 import com.att.cadi.client.Future;
\r
41 import com.att.cadi.client.Rcli;
\r
42 import com.att.cadi.principal.BasicPrincipal;
\r
43 import com.att.cadi.principal.CachedBasicPrincipal;
\r
44 import com.att.cadi.taf.HttpTaf;
\r
45 import com.att.cadi.taf.TafResp;
\r
46 import com.att.cadi.taf.TafResp.RESP;
\r
47 import com.att.cadi.taf.basic.BasicHttpTafResp;
\r
49 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
\r
50 // private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";
\r
51 // private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";
\r
52 private AAFCon<CLIENT> aaf;
\r
53 private boolean warn;
\r
55 public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
\r
56 super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
\r
58 warn = turnOnWarning;
\r
61 public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
\r
64 warn = turnOnWarning;
\r
67 public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {
\r
68 //TODO Do we allow just anybody to validate?
\r
70 // Note: Either Carbon or Silicon based LifeForms ok
\r
71 String auth = req.getHeader("Authorization");
\r
73 System.out.println("value of auth ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth);
\r
76 return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
\r
78 if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
\r
81 CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval);
\r
82 System.out.println(" value of aaf.getRealm --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() );
\r
83 //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString());
\r
84 System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString());
\r
85 System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString());
\r
88 User<AAFPermission> usr = getUser(bp);
\r
90 // System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString());
\r
92 if(usr != null && usr.principal != null) {
\r
93 if(usr.principal instanceof GetCred) {
\r
94 if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {
\r
96 return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
\r
101 Miss miss = missed(bp.getName());
\r
102 System.out.println(" value of miss before if loop ---------6----- +++++++++++++++++++++++++++++++++++++" +miss );
\r
103 if(miss!=null && !miss.mayContinue(bp.getCred())) {
\r
105 System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++");
\r
107 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
108 "User/Pass Retry limit exceeded"),
\r
109 RESP.FAIL,resp,aaf.getRealm(),true);
\r
112 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp));
\r
114 //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF);
\r
115 //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.);
\r
116 Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");
\r
118 //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString());
\r
120 if(fp.get(aaf.timeout)) {
\r
121 System.out.println("In fp.get check -----10----- +++++++++++++");
\r
122 if(usr!=null)usr.principal = bp;
\r
124 else addUser(new User<AAFPermission>(bp,aaf.cleanInterval));
\r
125 return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
\r
127 // Note: AddMiss checks for miss==null, and is part of logic
\r
129 System.out.println(" In the else part --------11--------++++++++++++++ ");
\r
131 boolean rv= addMiss(bp.getName(),bp.getCred());
\r
132 System.out.println(" value of bp.getName() and bp.getCred() before if check ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred());
\r
135 System.out.println("In if(rv) check -----13----- +++++++++++++");
\r
136 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
137 "User/Pass combo invalid via AAF"),
\r
138 RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
\r
140 System.out.println("In if(rv) else check -----14----- +++++++++++++");
\r
141 return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
\r
142 "User/Pass combo invalid via AAF - Retry limit exceeded"),
\r
143 RESP.FAIL,resp,aaf.getRealm(),true);
\r
146 } catch (IOException e) {
\r
147 String msg = buildMsg(null,req,"Invalid Auth Token");
\r
148 System.out.println("In IOException catch block -----15----- +++++++++++++");
\r
150 e.printStackTrace();
\r
151 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');
\r
152 return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
\r
153 } catch (Exception e) {
\r
154 String msg = buildMsg(null,req,"Authenticating Service unavailable");
\r
155 System.out.println("In Exception catch block -----16----- +++++++++++++");
\r
157 e.printStackTrace();
\r
158 aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');
\r
159 return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);
\r
164 private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {
\r
165 StringBuilder sb = new StringBuilder();
\r
166 for(Object s : msg) {
\r
167 sb.append(s.toString());
\r
170 sb.append(" for ");
\r
171 sb.append(pr.getName());
\r
173 sb.append(" from ");
\r
174 sb.append(req.getRemoteAddr());
\r
176 sb.append(req.getRemotePort());
\r
177 return sb.toString();
\r
182 public Resp revalidate(CachedPrincipal prin) {
\r
183 // !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal
\r
184 if(prin instanceof BasicPrincipal) {
\r
187 Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin));
\r
188 fp = userAAF.read("/authn/basicAuth", "text/plain");
\r
189 return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;
\r
190 } catch (Exception e) {
\r
191 aaf.access.log(e, "Cannot Revalidate",prin.getName());
\r
192 return Resp.INACCESSIBLE;
\r
195 return Resp.NOT_MINE;
\r