X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-oauth%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Foauth%2Fservice%2FOAuthService.java;h=4e1dd5b98559b8800cd93c115e58b2ce90daf202;hb=refs%2Fchanges%2F24%2F97124%2F3;hp=1e4b6cbb0d0ea09f8b7b36e99c2e8a93a3252827;hpb=bdce7667a6e272e2fa32e298d957a0d9090c5bc9;p=aaf%2Fauthz.git diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java index 1e4b6cbb..4e1dd5b9 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -54,13 +54,13 @@ import org.onap.aaf.misc.env.APIException; import aafoauth.v2_0.Introspect; public class OAuthService { - + private static final int TOK_EXP = 60*60*1000; // 1 hour, millis. public enum TOKEN_TYPE {unknown,bearer,refresh} public enum GRANT_TYPE {unknown,password,client_credentials,refresh_token}; public enum CLIENT_TYPE {unknown,confidential}; - + // Additional Expires private final DAO[] daos; public final OAuthTokenDAO tokenDAO; @@ -87,7 +87,7 @@ public class OAuthService { String[] split = Split.split(',', alt_url); int timeout = split.length>1?Integer.parseInt(split[1]):3000; altIntrospectClient = tcf.newClient(split[0], timeout); - altIntrospectClient.client_creds(access.getProperty(Config.AAF_ALT_CLIENT_ID,null), + altIntrospectClient.client_creds(access.getProperty(Config.AAF_ALT_CLIENT_ID,null), access.getProperty(Config.AAF_ALT_CLIENT_SECRET,null)); altDomain = '@'+access.getProperty(Config.AAF_ALT_OAUTH2_DOMAIN,null); } else { @@ -97,7 +97,7 @@ public class OAuthService { } catch (GeneralSecurityException | CadiException | LocatorException e) { throw new APIException("Could not construct TokenClientFactory",e); } - + } public Result validate(AuthzTrans trans, OCreds creds) { @@ -119,7 +119,7 @@ public class OAuthService { return Result.err(Result.ERR_BadData, "Unknown Grant Type"); } } - + private Result createBearerToken(AuthzTrans trans, OAuthTokenDAO.Data odd) { if (odd.user==null) { odd.user = trans.user(); @@ -131,7 +131,7 @@ public class OAuthService { odd.expires = new Date(exp=(System.currentTimeMillis()+TOK_EXP)); odd.exp_sec = exp/1000; odd.req_ip = trans.ip(); - + try { Result rd = loadToken(trans, odd); if (rd.notOK()) { @@ -142,7 +142,7 @@ public class OAuthService { } return tokenDAO.create(trans, odd); } - + private Result loadToken(AuthzTrans trans, Data odd) throws APIException, CadiException { Result rs = permLoader.loadJSONPerms(trans,odd.user,odd.scopes(false)); if (rs.isOK()) { @@ -156,8 +156,8 @@ public class OAuthService { return Result.err(Result.ERR_Backend,"Error accessing AAF Info: %s",rs.errorString()); } } - - + + private Result refreshBearerToken(AuthzTrans trans, Data odd) { Result> rld = tokenDAO.readByUser(trans, trans.user()); @@ -189,7 +189,7 @@ public class OAuthService { break; } } - + if (token==null) { trans.audit().printf("Duplicate Refresh Token (%s) attempted for %s. Possible Replay Attack",odd.refresh.toString(),trans.user()); return Result.err(Result.ERR_Security,"Invalid Refresh Token");