Enhancements for the aai-common library

[aai/aai-common.git] / aai-aaf-auth / src / main / java / org / onap / aai / aaf / auth / AAIAuthCore.java

diff --git a/aai-core/src/main/java/org/onap/aai/auth/AAIAuthCore.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
similarity index 93%
rename from aai-core/src/main/java/org/onap/aai/auth/AAIAuthCore.java
rename to aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
index cde2faa..c64251a 100644 (file)
--- a/aai-core/src/main/java/org/onap/aai/auth/AAIAuthCore.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
@@ -18,15 +18,20 @@
  * ============LICENSE_END=========================================================
  */
 
-package org.onap.aai.auth;
+package org.onap.aai.aaf.auth;
 
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
+import org.eclipse.jetty.util.security.Password;
+import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException;
+import org.onap.aai.logging.ErrorLogHelper;
+import org.onap.aai.util.AAIConfig;
+import org.onap.aai.util.AAIConstants;
 
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -38,22 +43,12 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
-import org.eclipse.jetty.util.security.Password;
-import org.eclipse.persistence.internal.oxm.conversion.Base64;
-import org.onap.aai.auth.exceptions.AAIUnrecognizedFunctionException;
-import org.onap.aai.logging.ErrorLogHelper;
-import org.onap.aai.logging.LoggingContext;
-import org.onap.aai.logging.LoggingContext.StatusCode;
-import org.onap.aai.util.AAIConfig;
-import org.onap.aai.util.AAIConstants;
-import org.onap.aai.util.FileWatcher;
-
 /**
  * The Class AAIAuthCore.
  */
 public final class AAIAuthCore {
 
-    private static final EELFLogger LOGGER = EELFManager.getInstance().getLogger(AAIAuthCore.class);
+    private static final Logger LOGGER = LoggerFactory.getLogger(AAIAuthCore.class);
 
     private static final String ERROR_CODE_AAI_4001 = "AAI_4001";
 
@@ -71,11 +66,23 @@ public final class AAIAuthCore {
      * Instantiates a new AAI auth core.
      */
     public AAIAuthCore(String basePath) {
+        this(basePath, AAIConstants.AAI_AUTH_CONFIG_FILENAME);
+    }
+
+    public AAIAuthCore(String basePath, String filename){
         this.basePath = basePath;
+        this.globalAuthFileName = filename;
         AUTH_POLICY_PATTERN = Pattern.compile("^" + this.basePath + "/v\\d+/([\\w\\-]*)");
         init();
     }
 
+    public AAIAuthCore(String basePath, String filename, String pattern){
+        this.basePath = basePath;
+        this.globalAuthFileName = filename;
+        AUTH_POLICY_PATTERN = Pattern.compile(pattern);
+        init();
+    }
+
     /**
      * Inits the.
      */
@@ -90,7 +97,7 @@ public final class AAIAuthCore {
          * auth config file has been updated and reloads the users if so to get
          * the most up to date info (that update check logic is within
          * FileWatcher)
-         * 
+         *
          * the timing this method uses is coarser than the frequency of requests
          * AI&I gets so we're looking at better ways of doing this (TODO)
          */
@@ -222,7 +229,7 @@ public final class AAIAuthCore {
                 } else if (je.getAsJsonObject().has("user")) {
                     String auth = je.getAsJsonObject().get("user").getAsString() + ":"
                             + Password.deobfuscate(je.getAsJsonObject().get("pass").getAsString());
-                    String authorizationCode = new String(Base64.base64Encode(auth.getBytes("utf-8")));
+                    String authorizationCode = new String(Base64.getEncoder().encode(auth.getBytes("utf-8")));
                     usernames.put(authorizationCode, false);
                 }
             }
@@ -256,7 +263,7 @@ public final class AAIAuthCore {
 
     /**
      * for backwards compatibility
-     * 
+     *
      * @param username
      * @param uri
      * @param httpMethod
@@ -282,7 +289,7 @@ public final class AAIAuthCore {
     public boolean authorize(String username, String uri, String httpMethod, String haProxyUser, String issuer)
             throws AAIUnrecognizedFunctionException {
         String aaiMethod = this.getAuthPolicyFunctName(uri);
-        if (!this.validFunctions.contains(aaiMethod)) {
+        if (!this.validFunctions.contains(aaiMethod) && !("info".equalsIgnoreCase(aaiMethod))) {
             throw new AAIUnrecognizedFunctionException(aaiMethod);
         }
         boolean wildcardCheck = isWildcardIssuer(issuer);
@@ -328,7 +335,7 @@ public final class AAIAuthCore {
 
     /**
      * returns aai user either matching the username or containing the wildcard.
-     * 
+     *
      * @param username
      * @return
      */
@@ -357,13 +364,11 @@ public final class AAIAuthCore {
      * @return true, if successful
      */
     private boolean authorize(AAIUser aaiUser, String aaiMethod, String httpMethod) {
-        if (aaiUser.hasAccess(aaiMethod, httpMethod)) {
-            LoggingContext.statusCode(StatusCode.COMPLETE);
+        if ("info".equalsIgnoreCase(aaiMethod)|| aaiUser.hasAccess(aaiMethod, httpMethod)) {
             LOGGER.debug("AUTH ACCEPTED: " + aaiUser.getUsername() + " on function " + aaiMethod + " request type "
                     + httpMethod);
             return true;
         } else {
-            LoggingContext.statusCode(StatusCode.ERROR);
             LOGGER.debug("AUTH FAILED: " + aaiUser.getUsername() + " on function " + aaiMethod + " request type "
                     + httpMethod);
             return false;