X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Ftaf%2Fcert%2FX509Taf.java;h=914c57b51dfbc672d5912db9d896dc7f7e38231c;hb=3d1706fcbe7f95830ff6fd23cf679ee55c6d0595;hp=5f5ff574cbfde4d197e846022380ca9fdea38914;hpb=078325f8ef05a6216292f5331ef0805a5bdd9ef1;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java index 5f5ff574..914c57b5 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java @@ -137,52 +137,52 @@ public class X509Taf implements HttpTaf { access.printf(Level.DEBUG,"Client Certificate found\n Subject '%s'\n Issuer '%s'",subject,issuer); if (cadiIssuers.contains(issuer)) { // avoiding extra object creation, since this is validated EVERY transaction with a Cert - int start = 0; - int end = 1; - int comma; - int length = subject.length(); - - compare: - while(startlength) { - break compare; - } - } - comma = subject.indexOf(',',start); - if(comma<0) { - end = subject.length(); - } else { - end = comma<=0?0:comma-1; - } - while(Character.isWhitespace(subject.charAt(end))) { - if(--end < 0) { - break compare; - } - } - if(subject.regionMatches(start, "OU=", 0, 3) || - subject.regionMatches(start, "CN=", 0, 3)) { - int at = subject.indexOf('@', start); - if(at=0) { + int start = 0; + int end = 1; + int comma; + int length = subject.length(); + + compare: + while(startlength) { + break compare; + } + } + comma = subject.indexOf(',',start); + if(comma<0) { + end = subject.length(); + } else { + end = comma<=0?0:comma-1; + } + while(Character.isWhitespace(subject.charAt(end))) { + if(--end < 0) { + break compare; + } + } + if(subject.regionMatches(start, "OU=", 0, 3) || + subject.regionMatches(start, "CN=", 0, 3)) { + int at = subject.indexOf('@', start); + if(at=0) { String[] sa = Split.splitTrim(':', subject, start+3,end+1); if (sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment return new X509HttpTafResp(access, new X509Principal(sa[0], certarr[0],(byte[])null,bht), "X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED); } else { - access.printf(Level.DEBUG,"Certificate is not for environment '%s'",env); - break; + access.printf(Level.DEBUG,"Certificate is not for environment '%s'",env); + break; } - } - } - start = comma+1; - } - access.log(Level.DEBUG,"Certificate is not acceptable for Authentication"); + } + } + start = comma+1; + } + access.log(Level.DEBUG,"Certificate is not acceptable for Authentication"); } else { - access.log(Level.DEBUG,"Issuer is not trusted for Authentication"); + access.log(Level.DEBUG,"Issuer is not trusted for Authentication"); } } else { - access.log(Level.DEBUG,"There is no client certificate on the transaction"); + access.log(Level.DEBUG,"There is no client certificate on the transaction"); } @@ -266,7 +266,7 @@ public class X509Taf implements HttpTaf { // if Principal is found, check for "AS_USER" and whether this entity is trusted to declare if (prin!=null) { - // Note: Tag for Certs is Fingerprint, but that takes computation... leaving off + // Note: Tag for Certs is Fingerprint, but that takes computation... leaving off return new X509HttpTafResp( access, prin,