+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cass;\r
-\r
-import java.io.IOException;\r
-import java.io.UnsupportedEncodingException;\r
-import java.util.Arrays;\r
-import java.util.HashMap;\r
-import java.util.Map;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.apache.cassandra.auth.IAuthenticator;\r
-import org.apache.cassandra.auth.ISaslAwareAuthenticator;\r
-import org.apache.cassandra.exceptions.AuthenticationException;\r
-import org.apache.cassandra.exceptions.InvalidRequestException;\r
-import org.apache.cassandra.exceptions.RequestExecutionException;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CredVal.Type;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator {\r
-\r
- public boolean requireAuthentication() {\r
- return true;\r
- }\r
- \r
- /**\r
- * Invoked to authenticate an user\r
- */\r
- public AuthenticatedUser authenticate(Map<String, String> credentials) throws AuthenticationException {\r
- String username = (String)credentials.get("username");\r
- if (username == null) {\r
- throw new AuthenticationException("'username' is missing");\r
- }\r
- \r
- AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username);\r
- String fullName=aau.getFullName();\r
- access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")");\r
- \r
- String password = (String)credentials.get("password");\r
- if (password == null) {\r
- throw new AuthenticationException("'password' is missing");\r
- } else if(password.startsWith("bsf:")) {\r
- try {\r
- password = Symm.base64noSplit.depass(password);\r
- } catch (IOException e) {\r
- throw new AuthenticationException("AAF bnf: Password cannot be decoded");\r
- }\r
- } else if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new AuthenticationException("AAF Encrypted Password cannot be decrypted");\r
- }\r
- }\r
- \r
- if(localLur!=null) {\r
- access.log(Level.DEBUG, "Validating",fullName, "with LocalTaf", password); \r
- if(localLur.validate(fullName, Type.PASSWORD, password.getBytes())) {\r
- aau.setAnonymous(true);\r
- aau.setLocal(true);\r
- access.log(Level.DEBUG, fullName, "is authenticated locally"); \r
- return aau;\r
- }\r
- }\r
- \r
- String aafResponse;\r
- try {\r
- access.log(Level.DEBUG, "Validating",fullName, "with AAF");//, password); \r
- aafResponse = aafAuthn.validate(fullName, password);\r
- if(aafResponse != null) { // Reason for failing.\r
- access.log(Level.AUDIT, "AAF reports ",fullName,":",aafResponse);\r
- throw new AuthenticationException(aafResponse);\r
- }\r
- access.log(Level.AUDIT, fullName, "is authenticated"); //,password);\r
- // This tells Cassandra to skip checking it's own tables for User Entries.\r
- aau.setAnonymous(true);\r
- } catch (AuthenticationException ex) {\r
- throw ex;\r
- } catch(Exception ex) {\r
- access.log(ex,"Exception validating user"); \r
- throw new AuthenticationException("Exception validating user");\r
- }\r
- \r
- return aau; \r
- }\r
- \r
- public void create(String username, Map<IAuthenticator.Option, Object> options) throws InvalidRequestException, RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to create user");\r
- }\r
- \r
- public void alter(String username, Map<IAuthenticator.Option, Object> options) throws RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to alter user");\r
- }\r
- \r
- public void drop(String username) throws RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to delete user");\r
- }\r
- \r
- public SaslAuthenticator newAuthenticator() {\r
- return new ISaslAwareAuthenticator.SaslAuthenticator() {\r
- private boolean complete = false;\r
- private Map<String, String> credentials;\r
-\r
- public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException {\r
- this.credentials = decodeCredentials(clientResponse);\r
- this.complete = true;\r
- return null;\r
- }\r
-\r
- public boolean isComplete() {\r
- return this.complete;\r
- }\r
-\r
- public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {\r
- return AAFAuthenticator.this.authenticate(this.credentials);\r
- }\r
-\r
- private Map<String, String> decodeCredentials(byte[] bytes) throws AuthenticationException {\r
- access.log(Level.DEBUG,"Decoding credentials from client token");\r
- byte[] user = null;\r
- byte[] pass = null;\r
- int end = bytes.length;\r
- for (int i = bytes.length - 1; i >= 0; i--)\r
- {\r
- if (bytes[i] != 0)\r
- continue;\r
- if (pass == null)\r
- pass = Arrays.copyOfRange(bytes, i + 1, end);\r
- else if (user == null)\r
- user = Arrays.copyOfRange(bytes, i + 1, end);\r
- end = i;\r
- }\r
-\r
- if (user == null)\r
- throw new AuthenticationException("Authentication ID must not be null");\r
- if (pass == null) {\r
- throw new AuthenticationException("Password must not be null");\r
- }\r
- Map<String,String> credentials = new HashMap<String,String>();\r
- try {\r
- credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8));\r
- credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, Config.UTF_8));\r
- } catch (UnsupportedEncodingException e) {\r
- throw new AuthenticationException(e.getMessage());\r
- }\r
- return credentials;\r
- }\r
- }; \r
- }\r
-\r
-}\r
-\r