2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017 European Software Marketing Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 * ECOMP is a trademark and service mark of AT&T Intellectual Property.
23 package org.onap.aai.auth;
25 import java.security.cert.X509Certificate;
26 import javax.inject.Inject;
27 import javax.security.auth.x500.X500Principal;
28 import javax.servlet.http.HttpServletRequest;
29 import javax.ws.rs.core.HttpHeaders;
30 import org.onap.aai.babel.config.BabelAuthConfig;
31 import org.onap.aai.cl.api.Logger;
32 import org.onap.aai.cl.eelf.LoggerFactory;
36 * Public class for authentication and authorization operations. Authorization is applied according to user and role
38 public class AAIMicroServiceAuth {
40 private static Logger applicationLogger = LoggerFactory.getInstance().getLogger(AAIMicroServiceAuth.class);
42 private BabelAuthConfig babelAuthConfig;
45 * @param babelAuthConfig
46 * @throws AAIAuthException
49 public AAIMicroServiceAuth(final BabelAuthConfig babelAuthConfig) throws AAIAuthException {
50 this.babelAuthConfig = babelAuthConfig;
51 if (!babelAuthConfig.isAuthenticationDisable()) {
52 AAIMicroServiceAuthCore.init(babelAuthConfig.getAuthPolicyFile());
58 * @param policyFunction
60 * @throws AAIAuthException
62 public boolean authorize(String username, String policyFunction) throws AAIAuthException {
63 return AAIMicroServiceAuthCore.authorize(username, policyFunction);
68 * @param policyFunction
70 * @throws AAIAuthException
72 public String authenticate(String authUser, String policyFunction) throws AAIAuthException {
73 if (authorize(authUser, policyFunction)) {
86 * @throws AAIAuthException
88 public boolean validateRequest(HttpHeaders headers /* NOSONAR */, HttpServletRequest req,
89 AAIMicroServiceAuthCore.HTTP_METHODS action, String apiPath) throws AAIAuthException {
91 applicationLogger.debug("validateRequest: " + apiPath);
93 .debug("babelAuthConfig.isAuthenticationDisable(): " + babelAuthConfig.isAuthenticationDisable());
95 if (babelAuthConfig.isAuthenticationDisable()) {
99 String[] ps = apiPath.split("/");
100 String authPolicyFunctionName = ps[0];
101 if (ps.length > 1 && authPolicyFunctionName.matches("v\\d+")) {
102 authPolicyFunctionName = ps[1];
105 String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
106 String authUser = null;
108 if (cipherSuite != null) {
109 X509Certificate[] certChain = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
110 X509Certificate clientCert = certChain[0];
111 X500Principal subjectDN = clientCert.getSubjectX500Principal();
112 authUser = subjectDN.toString();
115 if (authUser != null) {
116 return "OK".equals(authenticate(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName));