import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CachedPrincipal;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.CredVal;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.Taf.LifeForm;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfo;
import org.onap.aaf.cadi.taf.HttpTaf;
import org.onap.aaf.cadi.taf.TafResp;
import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
import org.onap.aaf.cadi.util.Split;
public class X509Taf implements HttpTaf {
private ArrayList<String> cadiIssuers;
private String env;
private SecurityInfo si;
+ private BasicHttpTaf bht;
static {
try {
certFactory = CertificateFactory.getInstance("X.509");
messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone
- tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm);
+ tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM);
} catch (Exception e) {
throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);
}
if(certarr!=null && certarr.length>0) {
si.checkClientTrusted(certarr);
// Note: If the Issuer is not in the TrustStore, it's not added to the Cert list
- if(cadiIssuers.contains(certarr[0].getIssuerDN().toString())) {
+ String issuer = certarr[0].getIssuerDN().toString();
+ if(cadiIssuers.contains(issuer)) {
String subject = certarr[0].getSubjectDN().getName();
// avoiding extra object creation, since this is validated EVERY transaction with a Cert
int at = subject.indexOf('@');
String[] sa = Split.splitTrim(':', subject, temp+3,end);
if(sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment
return new X509HttpTafResp(access,
- new X509Principal(sa[0], certarr[0],(byte[])null),
+ new X509Principal(sa[0], certarr[0],(byte[])null,bht),
"X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED);
}
}
return null;
}
+ public void add(BasicHttpTaf bht) {
+ this.bht = bht;
+ }
+
+ public CredVal getCredVal(final String key) {
+ if(bht==null) {
+ return null;
+ } else {
+ return bht.getCredVal(key);
+ }
+ }
+
}