aai-core/src/main/java/org/openecomp/aai/logging/CNName.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * org.openecomp.aai
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8 you may not use this file except in compliance with the License.
   9 You may obtain a copy of the License at
  10
  11      http://www.apache.org/licenses/LICENSE-2.0
  12
  13 Unless required by applicable law or agreed to in writing, software
  14 distributed under the License is distributed on an "AS IS" BASIS,
  15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 See the License for the specific language governing permissions and
  17 limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.openecomp.aai.logging;
  22
  23 import ch.qos.logback.access.pattern.AccessConverter;
  24 import ch.qos.logback.access.spi.IAccessEvent;
  25
  26 import javax.security.auth.x500.X500Principal;
  27 import javax.servlet.http.HttpServletRequest;
  28 import java.security.cert.X509Certificate;
  29
  30 import static java.util.Base64.getDecoder;
  31
  32 public class CNName extends AccessConverter {
  33
  34         /**
  35          * Converts access events to String response codes
  36          *
  37          * @param accessEvent the IAccessEvent
  38          */
  39         public String convert(IAccessEvent accessEvent) {
  40                 if (!isStarted()) {
  41                         return "INACTIVE_HEADER_CONV";
  42                 }
  43
  44                 String cipherSuite = (String) accessEvent.getRequest().getAttribute("javax.servlet.request.cipher_suite");
  45                 String authUser = null;
  46                 if (cipherSuite != null) {
  47                         try {
  48                 X509Certificate certChain[] = (X509Certificate[]) accessEvent.getRequest()
  49                         .getAttribute("javax.servlet.request.X509Certificate");
  50                                 if(certChain == null || certChain.length == 0){
  51
  52                                         HttpServletRequest request = accessEvent.getRequest();
  53
  54                                         String authorization = request.getHeader("Authorization");
  55
  56                     // Set the auth user to "-" so if the authorization header is not found
  57                                         // Or if the decoded basic auth credentials are not found in the format required
  58                                         // it should return "-"
  59                                         // If the decoded string is in the right format, find the index of ":"
  60                     // Then get the substring of the starting point to the colon not including the colon
  61
  62                     authUser = "-";
  63
  64                                         if(authorization != null && authorization.startsWith("Basic ")){
  65                                                 String credentials = authorization.replace("Basic ", "");
  66                         byte[] userCredentials = getDecoder().decode(credentials.getBytes("utf-8"));
  67                         credentials = new String(userCredentials);
  68
  69                                                 int codePoint = credentials.indexOf(':');
  70
  71                                                 if(codePoint != -1){
  72                             authUser = credentials.substring(0, codePoint);
  73                                                 }
  74
  75                                         }
  76
  77                                         return authUser;
  78
  79                                 } else {
  80                                         X509Certificate clientCert = certChain[0];
  81                                         X500Principal subjectDN = clientCert.getSubjectX500Principal();
  82                                         authUser = subjectDN.toString();
  83                                         return authUser;
  84                                 }
  85                         } catch(Exception ex){
  86                                 return "-";
  87                         }
  88                 } else {
  89                         return "-";
  90                 }
  91         }
  92
  93 }