X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2Fv2_0%2FAAFTaf.java;h=d4d11bbbe1e2438e2be333e147f45362f8a6d49b;hb=7e966914050e66219689001ff4ab601a49eef0ac;hp=6159726b3decb37a0ed1b7ebd0fbe55dd0d8f2d3;hpb=047edb5a4312cc7dfb3172b7e11ab1a9e2315ba2;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
index 6159726b..d4d11bbb 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
@@ -51,148 +51,148 @@ import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;
 import org.onap.aaf.misc.env.APIException;
 
 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
-	private AAFCon<CLIENT> aaf;
-	private boolean warn;
+    private AAFCon<CLIENT> aaf;
+    private boolean warn;
 
-	public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
-		super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
-		aaf = con;
-		warn = turnOnWarning;
-	}
+    public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
+        super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
+        aaf = con;
+        warn = turnOnWarning;
+    }
 
-	public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
-		super(other);
-		aaf = con;
-		warn = turnOnWarning;
-	}
-	
-	// Note: Needed for Creation of this Object with Generics
-	@SuppressWarnings("unchecked")
-	public AAFTaf(Connector mustBeAAFCon, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
-		this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning,other);
-	}
+    public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
+        super(other);
+        aaf = con;
+        warn = turnOnWarning;
+    }
+    
+    // Note: Needed for Creation of this Object with Generics
+    @SuppressWarnings("unchecked")
+    public AAFTaf(Connector mustBeAAFCon, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
+        this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning,other);
+    }
 
-	// Note: Needed for Creation of this Object with Generics
-	@SuppressWarnings("unchecked")
-	public AAFTaf(Connector mustBeAAFCon, boolean turnOnWarning) {
-		this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning);
-	}
+    // Note: Needed for Creation of this Object with Generics
+    @SuppressWarnings("unchecked")
+    public AAFTaf(Connector mustBeAAFCon, boolean turnOnWarning) {
+        this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning);
+    }
 
 
-	public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) {
-		//TODO Do we allow just anybody to validate?
+    public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) {
+        //TODO Do we allow just anybody to validate?
 
-		// Note: Either Carbon or Silicon based LifeForms ok
-		String authz = req.getHeader("Authorization");
-		if(authz != null && authz.startsWith("Basic ")) {
-			if(warn&&!req.isSecure()) {
-				aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
-			}
-			try {
-				final CachedBasicPrincipal bp;
-				if(req.getUserPrincipal() instanceof CachedBasicPrincipal) {
-					bp = (CachedBasicPrincipal)req.getUserPrincipal();
-				} else {
-					bp = new CachedBasicPrincipal(this,authz,aaf.getRealm(),aaf.userExpires);
-				}
-				// First try Cache
-				final User<AAFPermission> usr = getUser(bp);
-				if(usr != null
-					&& usr.principal instanceof GetCred
-					&& Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {
-					return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
-				}
+        // Note: Either Carbon or Silicon based LifeForms ok
+        String authz = req.getHeader("Authorization");
+        if (authz != null && authz.startsWith("Basic ")) {
+            if (warn&&!req.isSecure()) {
+                aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
+            }
+            try {
+                final CachedBasicPrincipal bp;
+                if (req.getUserPrincipal() instanceof CachedBasicPrincipal) {
+                    bp = (CachedBasicPrincipal)req.getUserPrincipal();
+                } else {
+                    bp = new CachedBasicPrincipal(this,authz,aaf.getRealm(),aaf.userExpires);
+                }
+                // First try Cache
+                final User<AAFPermission> usr = getUser(bp);
+                if (usr != null
+                    && usr.principal instanceof GetCred
+                    && Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {
+                    return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
+                }
 
-				Miss miss = missed(bp.getName(), bp.getCred());
-				if(miss!=null && !miss.mayContinue()) {
-					return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
-							"User/Pass Retry limit exceeded"), 
-							RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
-				}
-				
-				return aaf.bestForUser(
-					new GetSetter() {
-						@Override
-						public <CL> SecuritySetter<CL> get(AAFCon<CL> con) throws CadiException {
-							return con.basicAuthSS(bp);
-						}
-					},new Retryable<BasicHttpTafResp>() {
-						@Override
-						public BasicHttpTafResp code(Rcli<?> client) throws CadiException, APIException {
-							Future<String> fp = client.read("/authn/basicAuth", "text/plain");
-							if(fp.get(aaf.timeout)) {
-								if(usr!=null) {
-									usr.principal = bp;
-								} else {
-									addUser(new User<AAFPermission>(bp,aaf.userExpires));
-								}
-								return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
-							} else {
-								// Note: AddMiss checks for miss==null, and is part of logic
-								boolean rv= addMiss(bp.getName(),bp.getCred());
-								if(rv) {
-									return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
-											"user/pass combo invalid via AAF from " + req.getRemoteAddr()), 
-											RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
-								} else {
-									return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
-											"user/pass combo invalid via AAF from " + req.getRemoteAddr() + " - Retry limit exceeded"), 
-											RESP.FAIL,resp,aaf.getRealm(),true);
-								}
-							}
-						}
-					}
-				);
-			} catch (IOException e) {
-				String msg = buildMsg(null,req,"Invalid Auth Token");
-				aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
-				return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
-			} catch (Exception e) {
-				String msg = buildMsg(null,req,"Authenticating Service unavailable");
-				try {
-					aaf.invalidate();
-				} catch (CadiException e1) {
-					aaf.access.log(e1, "Error Invalidating Client");
-				}
-				aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
-				return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);
-			}
-		}
-		return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
-	}
-	
-	private String buildMsg(Principal pr, HttpServletRequest req, Object... msg) {
-		StringBuilder sb = new StringBuilder();
-		for(Object s : msg) {
-			sb.append(s.toString());
-		}
-		if(pr!=null) {
-			sb.append(" for ");
-			sb.append(pr.getName());
-		}
-		sb.append(" from ");
-		sb.append(req.getRemoteAddr());
-		sb.append(':');
-		sb.append(req.getRemotePort());
-		return sb.toString();
-	}
+                Miss miss = missed(bp.getName(), bp.getCred());
+                if (miss!=null && !miss.mayContinue()) {
+                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                            "User/Pass Retry limit exceeded"), 
+                            RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
+                }
+                
+                return aaf.bestForUser(
+                    new GetSetter() {
+                        @Override
+                        public <CL> SecuritySetter<CL> get(AAFCon<CL> con) throws CadiException {
+                            return con.basicAuthSS(bp);
+                        }
+                    },new Retryable<BasicHttpTafResp>() {
+                        @Override
+                        public BasicHttpTafResp code(Rcli<?> client) throws CadiException, APIException {
+                            Future<String> fp = client.read("/authn/basicAuth", "text/plain");
+                            if (fp.get(aaf.timeout)) {
+                                if (usr!=null) {
+                                    usr.principal = bp;
+                                } else {
+                                    addUser(new User<AAFPermission>(bp,aaf.userExpires));
+                                }
+                                return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);
+                            } else {
+                                // Note: AddMiss checks for miss==null, and is part of logic
+                                boolean rv= addMiss(bp.getName(),bp.getCred());
+                                if (rv) {
+                                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                                            "user/pass combo invalid via AAF from " + req.getRemoteAddr()), 
+                                            RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);
+                                } else {
+                                    return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,
+                                            "user/pass combo invalid via AAF from " + req.getRemoteAddr() + " - Retry limit exceeded"), 
+                                            RESP.FAIL,resp,aaf.getRealm(),true);
+                                }
+                            }
+                        }
+                    }
+                );
+            } catch (IOException e) {
+                String msg = buildMsg(null,req,"Invalid Auth Token");
+                aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
+                return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);
+            } catch (Exception e) {
+                String msg = buildMsg(null,req,"Authenticating Service unavailable");
+                try {
+                    aaf.invalidate();
+                } catch (CadiException e1) {
+                    aaf.access.log(e1, "Error Invalidating Client");
+                }
+                aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');
+                return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);
+            }
+        }
+        return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);
+    }
+    
+    private String buildMsg(Principal pr, HttpServletRequest req, Object... msg) {
+        StringBuilder sb = new StringBuilder();
+        for (Object s : msg) {
+            sb.append(s.toString());
+        }
+        if (pr!=null) {
+            sb.append(" for ");
+            sb.append(pr.getName());
+        }
+        sb.append(" from ");
+        sb.append(req.getRemoteAddr());
+        sb.append(':');
+        sb.append(req.getRemotePort());
+        return sb.toString();
+    }
 
 
-	
-	public Resp revalidate(CachedPrincipal prin, Object state) {
-		//  !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal
-		if(prin instanceof BasicPrincipal) {
-			Future<String> fp;
-			try {
-				Rcli<CLIENT> userAAF = aaf.client(Config.AAF_DEFAULT_VERSION).forUser(aaf.transferSS((BasicPrincipal)prin));
-				fp = userAAF.read("/authn/basicAuth", "text/plain");
-				return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;
-			} catch (Exception e) {
-				aaf.access.log(e, "Cannot Revalidate",prin.getName());
-				return Resp.INACCESSIBLE;
-			}
-		}
-		return Resp.NOT_MINE;
-	}
+    
+    public Resp revalidate(CachedPrincipal prin, Object state) {
+        //  !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal
+        if (prin instanceof BasicPrincipal) {
+            Future<String> fp;
+            try {
+                Rcli<CLIENT> userAAF = aaf.client(Config.AAF_DEFAULT_VERSION).forUser(aaf.transferSS((BasicPrincipal)prin));
+                fp = userAAF.read("/authn/basicAuth", "text/plain");
+                return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;
+            } catch (Exception e) {
+                aaf.access.log(e, "Cannot Revalidate",prin.getName());
+                return Resp.INACCESSIBLE;
+            }
+        }
+        return Resp.NOT_MINE;
+    }
 
 }