Add ability for BAuth by domain

[aaf/authz.git] / cadi / core / src / main / java / org / onap / aaf / cadi / taf / cert / X509Taf.java
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java

index b5ed7ad..dc07bb9 100644 (file)
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
@@ -36,12 +36,13 @@ import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  
  import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
  import org.onap.aaf.cadi.CachedPrincipal;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
  import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.CredVal;
  import org.onap.aaf.cadi.Lur;
  import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
  import org.onap.aaf.cadi.Taf.LifeForm;
  import org.onap.aaf.cadi.config.Config;
  import org.onap.aaf.cadi.config.SecurityInfo;
@@ -51,6 +52,7 @@ import org.onap.aaf.cadi.principal.X509Principal;
  import org.onap.aaf.cadi.taf.HttpTaf;
  import org.onap.aaf.cadi.taf.TafResp;
  import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
  import org.onap.aaf.cadi.util.Split;
  
  public class X509Taf implements HttpTaf {
@@ -65,12 +67,13 @@ public class X509Taf implements HttpTaf {
         private ArrayList<String> cadiIssuers;
         private String env;
         private SecurityInfo si;
+       private BasicHttpTaf bht;
  
         static {
                 try {
                         certFactory = CertificateFactory.getInstance("X.509");
                         messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone
-                       tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm);
+                       tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM);
                 } catch (Exception e) {
                         throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);
                 }
@@ -130,7 +133,8 @@ public class X509Taf implements HttpTaf {
                         if(certarr!=null && certarr.length>0) {
                                 si.checkClientTrusted(certarr);
                                 // Note: If the Issuer is not in the TrustStore, it's not added to the Cert list
-                               if(cadiIssuers.contains(certarr[0].getIssuerDN().toString())) {
+                               String issuer = certarr[0].getIssuerDN().toString();
+                               if(cadiIssuers.contains(issuer)) {
                                         String subject = certarr[0].getSubjectDN().getName();
                                         // avoiding extra object creation, since this is validated EVERY transaction with a Cert
                                         int at = subject.indexOf('@');
@@ -149,7 +153,7 @@ public class X509Taf implements HttpTaf {
                                                         String[] sa = Split.splitTrim(':', subject, temp+3,end);
                                                         if(sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment 
                                                                 return new X509HttpTafResp(access, 
-                                                                               new X509Principal(sa[0], certarr[0],(byte[])null), 
+                                                                               new X509Principal(sa[0], certarr[0],(byte[])null,bht), 
                                                                                 "X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED);
                                                         }
                                                 }
@@ -258,4 +262,16 @@ public class X509Taf implements HttpTaf {
                 return null;
         }
  
+       public void add(BasicHttpTaf bht) {
+               this.bht = bht;
+       }
+       
+       public CredVal getCredVal(final String key) {
+               if(bht==null) {
+                       return null;
+               } else {
+                       return bht.getCredVal(key);
+               }
+       }
+       
  }