client/src/main/java/org/onap/aaf/cadi/client/AbsBasicAuth.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package org.onap.aaf.cadi.client;\r
  24 \r
  25 import java.io.IOException;\r
  26 \r
  27 import org.onap.aaf.cadi.SecuritySetter;\r
  28 import org.onap.aaf.cadi.Symm;\r
  29 import org.onap.aaf.cadi.config.SecurityInfoC;\r
  30 \r
  31 public abstract class AbsBasicAuth<CLIENT> implements SecuritySetter<CLIENT> {\r
  32                 protected static final String REPEAT_OFFENDER="This call is aborted because of repeated usage of invalid Passwords";\r
  33                 private static final int MAX_TEMP_COUNT = 10;\r
  34                 private static final int MAX_SPAM_COUNT = 10000;\r
  35                 private static final long WAIT_TIME = 1000*60*4;\r
  36                 \r
  37                 protected final String headValue;\r
  38                 protected SecurityInfoC<CLIENT> securityInfo;\r
  39                 protected String user;\r
  40                 private long lastMiss;\r
  41                 private int count;\r
  42 \r
  43                 public AbsBasicAuth(String user, String pass, SecurityInfoC<CLIENT> si) throws IOException {\r
  44                         this.user = user;\r
  45                         headValue = "Basic " + Symm.base64.encode(user + ':' + pass);\r
  46                         securityInfo = si;\r
  47                         lastMiss=0L;\r
  48                         count=0;\r
  49                 }\r
  50 \r
  51                 /* (non-Javadoc)\r
  52                  * @see com.att.cadi.SecuritySetter#getID()\r
  53                  */\r
  54                 @Override\r
  55                 public String getID() {\r
  56                         return user;\r
  57                 }\r
  58                 \r
  59                 public boolean isDenied() {\r
  60                         if(lastMiss>0 && lastMiss>System.currentTimeMillis()) {\r
  61                                 return true;\r
  62                         } else {\r
  63                                 lastMiss=0L;\r
  64                                 return false;\r
  65                         }\r
  66                 }\r
  67                 \r
  68                 public synchronized int setLastResponse(int httpcode) {\r
  69                         if(httpcode == 401) {\r
  70                                 ++count;\r
  71                                 if(lastMiss==0L && count>MAX_TEMP_COUNT) {\r
  72                                         lastMiss=System.currentTimeMillis()+WAIT_TIME;\r
  73                                 }\r
  74 //                              if(count>MAX_SPAM_COUNT) {\r
  75 //                                      System.err.printf("Your service has %d consecutive bad service logins to AAF. \nIt will now exit\n",\r
  76 //                                                      count);\r
  77 //                                      System.exit(401);\r
  78 //                              }\r
  79                                 if(count%1000==0) {\r
  80                                         System.err.printf("Your service has %d consecutive bad service logins to AAF. AAF Access will be disabled after %d\n",\r
  81                                                 count,MAX_SPAM_COUNT);\r
  82                                 }\r
  83 \r
  84                         } else {\r
  85                                 lastMiss=0;\r
  86                         }\r
  87                         return count;\r
  88                 }\r
  89                 \r
  90                 public int count() {\r
  91                         return count;\r
  92                 }\r
  93 }\r