+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.sso;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.lang.reflect.InvocationTargetException;\r
-import java.lang.reflect.Method;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.util.MyConsole;\r
-import org.onap.aaf.cadi.util.SubStandardConsole;\r
-import org.onap.aaf.cadi.util.TheConsole;\r
-\r
-\r
-public class AAFSSO {\r
- public static final MyConsole cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole();\r
- \r
- private Properties diskprops = null; // use for temp storing User/Password on disk\r
- private File dot_aaf = null, sso=null; // instantiated, if ever, with diskprops\r
- \r
- boolean removeSSO=false;\r
- boolean loginOnly = false;\r
- private PropAccess access;\r
- private StringBuilder err;\r
- private String user,encrypted_pass;\r
- private boolean use_X509;\r
-\r
- private PrintStream os, stdout=null,stderr=null;\r
-\r
- private Method close;\r
-\r
- public AAFSSO(String[] args) throws IOException, CadiException {\r
- List<String> larg = new ArrayList<String>(args.length);\r
-\r
- // Cover for bash's need to escape *... (\\*)\r
- // also, remove SSO if required\r
- for (int i = 0; i < args.length; ++i) {\r
- if ("\\*".equals(args[i])) {\r
- args[i] = "*";\r
- }\r
- \r
- if("-logout".equalsIgnoreCase(args[i])) {\r
- removeSSO=true;\r
- } else if("-login".equalsIgnoreCase(args[i])) {\r
- loginOnly = true;\r
- } else {\r
- larg.add(args[i]);\r
- }\r
- }\r
- \r
- String[] nargs = new String[larg.size()];\r
- larg.toArray(nargs);\r
-\r
- dot_aaf = new File(System.getProperty("user.home")+"/.aaf");\r
- if(!dot_aaf.exists()) {\r
- dot_aaf.mkdirs();\r
- }\r
- File f = new File(dot_aaf,"sso.out");\r
- os = new PrintStream(new FileOutputStream(f,true));\r
- stdout = System.out;\r
- stderr = System.err;\r
- System.setOut(os);\r
- System.setErr(os);\r
-\r
- access = new PropAccess(os,nargs);\r
- Config.setDefaultRealm(access);\r
-\r
- user = access.getProperty(Config.AAF_MECHID);\r
- encrypted_pass = access.getProperty(Config.AAF_MECHPASS);\r
- \r
- File dot_aaf_kf = new File(dot_aaf,"keyfile");\r
- \r
- sso = new File(dot_aaf,"sso.props");\r
- if(removeSSO) {\r
- if(dot_aaf_kf.exists()) {\r
- dot_aaf_kf.setWritable(true,true);\r
- dot_aaf_kf.delete();\r
- }\r
- if(sso.exists()) {\r
- sso.delete();\r
- }\r
- System.out.println("AAF SSO information removed");\r
- System.exit(0);\r
- }\r
- \r
- if(!dot_aaf_kf.exists()) {\r
- FileOutputStream fos = new FileOutputStream(dot_aaf_kf);\r
- try {\r
- fos.write(Symm.encrypt.keygen());\r
- dot_aaf_kf.setExecutable(false,false);\r
- dot_aaf_kf.setWritable(false,false);\r
- dot_aaf_kf.setReadable(false,false);\r
- dot_aaf_kf.setReadable(true, true);\r
- } finally {\r
- fos.close();\r
- }\r
- }\r
-\r
- String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props\r
- if(keyfile==null) {\r
- access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());\r
- }\r
- \r
- String alias = access.getProperty(Config.CADI_ALIAS);\r
- if(user==null && alias!=null && access.getProperty(Config.CADI_KEYSTORE_PASSWORD)!=null) {\r
- user = alias;\r
- access.setProperty(Config.AAF_MECHID, user);\r
- use_X509 = true;\r
- } else {\r
- use_X509 = false;\r
- Symm decryptor = Symm.obtain(dot_aaf_kf);\r
- if (user==null) {\r
- if(sso.exists() && sso.lastModified()>System.currentTimeMillis()-(8*60*60*1000 /* 8 hours */)) {\r
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...\r
- FileInputStream fos = new FileInputStream(sso);\r
- try {\r
- access.load(fos);\r
- user = access.getProperty(Config.AAF_MECHID);\r
- encrypted_pass = access.getProperty(Config.AAF_MECHPASS);\r
- // decrypt with .aaf, and re-encrypt with regular Keyfile\r
- access.setProperty(Config.AAF_MECHPASS, \r
- access.encrypt(decryptor.depass(encrypted_pass)));\r
- if(cm_url!=null) { //Command line CM_URL Overwrites ssofile.\r
- access.setProperty(Config.CM_URL, cm_url);\r
- }\r
- } finally {\r
- fos.close();\r
- }\r
- } else {\r
- diskprops = new Properties();\r
- String realm = Config.getDefaultRealm();\r
- // Turn on Console Sysout\r
- System.setOut(stdout);\r
- user=cons.readLine("aaf_id(%s@%s): ",System.getProperty("user.name"),realm);\r
- if(user==null) {\r
- user = System.getProperty("user.name")+'@'+realm;\r
- } else if(user.length()==0) { // \r
- user = System.getProperty("user.name")+'@' + realm;\r
- } else if(user.indexOf('@')<0 && realm!=null) {\r
- user = user+'@'+realm;\r
- }\r
- access.setProperty(Config.AAF_MECHID,user);\r
- diskprops.setProperty(Config.AAF_MECHID,user);\r
- encrypted_pass = new String(cons.readPassword("aaf_password: "));\r
- System.setOut(os);\r
- encrypted_pass = Symm.ENC+decryptor.enpass(encrypted_pass);\r
- access.setProperty(Config.AAF_MECHPASS,encrypted_pass);\r
- diskprops.setProperty(Config.AAF_MECHPASS,encrypted_pass);\r
- diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));\r
- }\r
- }\r
- }\r
- if (user == null) {\r
- err = new StringBuilder("Add -D" + Config.AAF_MECHID + "=<id> ");\r
- }\r
- \r
- if (encrypted_pass == null && alias==null) {\r
- if (err == null) {\r
- err = new StringBuilder();\r
- } else {\r
- err.append("and ");\r
- }\r
- err.append("-D" + Config.AAF_MECHPASS + "=<passwd> ");\r
- }\r
- }\r
- \r
- public void setLogDefault() {\r
- access.setLogLevel(PropAccess.DEFAULT);\r
- if(stdout!=null) {\r
- System.setOut(stdout);\r
- }\r
- }\r
-\r
- public void setStdErrDefault() {\r
- access.setLogLevel(PropAccess.DEFAULT);\r
- if(stderr!=null) {\r
- System.setErr(stderr);\r
- }\r
- }\r
-\r
- public void setLogDefault(Level level) {\r
- access.setLogLevel(level);\r
- if(stdout!=null) {\r
- System.setOut(stdout);\r
- }\r
- }\r
- \r
- public boolean loginOnly() {\r
- return loginOnly;\r
- }\r
-\r
- public void addProp(String key, String value) {\r
- if(diskprops!=null) {\r
- diskprops.setProperty(key, value);\r
- }\r
- }\r
- \r
- public void writeFiles() throws IOException {\r
- // Store Creds, if they work \r
- if(diskprops!=null) {\r
- if(!dot_aaf.exists()) {\r
- dot_aaf.mkdirs();\r
- }\r
- FileOutputStream fos = new FileOutputStream(sso);\r
- try {\r
- diskprops.store(fos, "AAF Single Signon");\r
- } finally {\r
- fos.close();\r
- sso.setWritable(false,false);\r
- sso.setExecutable(false,false);\r
- sso.setReadable(false,false);\r
- sso.setReadable(true,true);\r
- }\r
- }\r
- if(sso!=null) {\r
- sso.setReadable(false,false);\r
- sso.setWritable(false,false);\r
- sso.setExecutable(false,false);\r
- sso.setReadable(true,true);\r
- sso.setWritable(true,true);\r
- }\r
- }\r
-\r
- public PropAccess access() {\r
- return access;\r
- }\r
-\r
- public StringBuilder err() {\r
- return err;\r
- }\r
- \r
- public String user() {\r
- return user;\r
- }\r
- \r
- public String enc_pass() {\r
- return encrypted_pass;\r
- }\r
- \r
- public boolean useX509() {\r
- return use_X509;\r
- }\r
- \r
- public void close() {\r
- if(close!=null) {\r
- try {\r
- close.invoke(null);\r
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {\r
- // nothing to do here.\r
- }\r
- close = null;\r
- }\r
- }\r
-}\r