Remove Tabs, per Jococo

[aaf/authz.git] / cadi / aaf / src / main / java / org / onap / aaf / cadi / aaf / v2_0 / AAFTaf.java
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java

index d4d11bb..81b5550 100644 (file)
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
@@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0;
  
  import java.io.IOException;
  import java.security.Principal;
+
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
+
  import org.onap.aaf.cadi.AbsUserCache;
  import org.onap.aaf.cadi.Access.Level;
  import org.onap.aaf.cadi.CachedPrincipal;
@@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future;
  import org.onap.aaf.cadi.client.Rcli;
  import org.onap.aaf.cadi.client.Retryable;
  import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
  import org.onap.aaf.cadi.principal.BasicPrincipal;
  import org.onap.aaf.cadi.principal.CachedBasicPrincipal;
  import org.onap.aaf.cadi.taf.HttpTaf;
  import org.onap.aaf.cadi.taf.TafResp;
  import org.onap.aaf.cadi.taf.TafResp.RESP;
  import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;
+import org.onap.aaf.cadi.util.CSV;
  import org.onap.aaf.misc.env.APIException;
  
  public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
      private AAFCon<CLIENT> aaf;
      private boolean warn;
-
+    private MapBathConverter mapIds;
+    
      public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
          super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
          aaf = con;
          warn = turnOnWarning;
+        initMapBathConverter();
      }
  
      public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
          super(other);
          aaf = con;
          warn = turnOnWarning;
+        initMapBathConverter();
+
      }
      
      // Note: Needed for Creation of this Object with Generics
@@ -78,16 +86,35 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
          this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning);
      }
  
+    private void initMapBathConverter() {
+        String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null);
+        if(csvFile==null) {
+            mapIds=null;
+        } else {
+            try {
+                mapIds = new MapBathConverter(access, new CSV(access,csvFile));
+                access.log(Level.INIT,"Basic Auth Conversion using",csvFile,"enabled" );
+            } catch (IOException | CadiException e) {
+                access.log(e,"Bath Map Conversion is not initialized (non fatal)");
+            }
+        }
+
+    }
  
      public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) {
          //TODO Do we allow just anybody to validate?
  
          // Note: Either Carbon or Silicon based LifeForms ok
          String authz = req.getHeader("Authorization");
+        String target = "invalid";
          if (authz != null && authz.startsWith("Basic ")) {
              if (warn&&!req.isSecure()) {
                  aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
              }
+            if(mapIds != null) {
+                authz = mapIds.convert(access, authz);
+            }
+
              try {
                  final CachedBasicPrincipal bp;
                  if (req.getUserPrincipal() instanceof CachedBasicPrincipal) {
@@ -105,7 +132,7 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
  
                  Miss miss = missed(bp.getName(), bp.getCred());
                  if (miss!=null && !miss.mayContinue()) {
-                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                    return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
                              "User/Pass Retry limit exceeded"), 
                              RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
                  }
@@ -131,11 +158,11 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
                                  // Note: AddMiss checks for miss==null, and is part of logic
                                  boolean rv= addMiss(bp.getName(),bp.getCred());
                                  if (rv) {
-                                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                                    return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
                                              "user/pass combo invalid via AAF from " + req.getRemoteAddr()), 
                                              RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
                                  } else {
-                                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                                    return new BasicHttpTafResp(aaf.access,bp.getName(),buildMsg(bp,req,
                                              "user/pass combo invalid via AAF from " + req.getRemoteAddr() + " - Retry limit exceeded"), 
                                              RESP.FAIL,resp,aaf.getRealm(),true);
                                  }
@@ -146,7 +173,7 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
              } catch (IOException e) {
                  String msg = buildMsg(null,req,"Invalid Auth Token");
                  aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
-                return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
+                return new BasicHttpTafResp(aaf.access,target,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
              } catch (Exception e) {
                  String msg = buildMsg(null,req,"Authenticating Service unavailable");
                  try {
@@ -155,10 +182,10 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
                      aaf.access.log(e1, "Error Invalidating Client");
                  }
                  aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
-                return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);
+                return new BasicHttpTafResp(aaf.access,target,msg, RESP.FAIL, resp, aaf.getRealm(),false);
              }
          }
-        return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
+        return new BasicHttpTafResp(aaf.access,target,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
      }
      
      private String buildMsg(Principal pr, HttpServletRequest req, Object... msg) {
@@ -184,7 +211,7 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
          if (prin instanceof BasicPrincipal) {
              Future<String> fp;
              try {
-                Rcli<CLIENT> userAAF = aaf.client(Config.AAF_DEFAULT_VERSION).forUser(aaf.transferSS((BasicPrincipal)prin));
+                Rcli<CLIENT> userAAF = aaf.client().forUser(aaf.transferSS((BasicPrincipal)prin));
                  fp = userAAF.read("/authn/basicAuth", "text/plain");
                  return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;
              } catch (Exception e) {