X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Ftaf%2Fcert%2FX509Taf.java;h=a06fb8e1d6538d3948e6dbfe4e1d9d2e4dd89dee;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=914c57b51dfbc672d5912db9d896dc7f7e38231c;hpb=bdce7667a6e272e2fa32e298d957a0d9090c5bc9;p=aaf%2Fauthz.git

diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
index 914c57b5..a06fb8e1 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -77,7 +77,7 @@ public class X509Taf implements HttpTaf {
             throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);
         }
     }
-    
+
     public X509Taf(Access access, Lur lur, CertIdentity ... cis) throws CertificateException, NoSuchAlgorithmException, CadiException {
         this.access = access;
         env = access.getProperty(Config.AAF_ENV,null);
@@ -103,7 +103,7 @@ public class X509Taf implements HttpTaf {
         } catch (Exception e) {
             certIdents = cis;
         }
-        
+
         si = new SecurityInfo(access);
     }
 
@@ -141,7 +141,7 @@ public class X509Taf implements HttpTaf {
                     int end = 1;
                     int comma;
                     int length = subject.length();
-                    
+
                     compare:
                     while(start<length) {
                         while(Character.isWhitespace(subject.charAt(start))) {
@@ -165,9 +165,9 @@ public class X509Taf implements HttpTaf {
                            int at = subject.indexOf('@', start);
                            if(at<end && at>=0) {
                                String[] sa = Split.splitTrim(':', subject, start+3,end+1);
-                               if (sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment 
-                                   return new X509HttpTafResp(access, 
-                                           new X509Principal(sa[0], certarr[0],(byte[])null,bht), 
+                               if (sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment
+                                   return new X509HttpTafResp(access,
+                                           new X509Principal(sa[0], certarr[0],(byte[])null,bht),
                                            "X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED);
                                } else {
                                      access.printf(Level.DEBUG,"Certificate is not for environment '%s'",env);
@@ -184,7 +184,7 @@ public class X509Taf implements HttpTaf {
             } else {
                 access.log(Level.DEBUG,"There is no client certificate on the transaction");
             }
-        
+
 
             byte[] array = null;
             byte[] certBytes = null;
@@ -213,30 +213,30 @@ public class X509Taf implements HttpTaf {
                                 Symm.base64noSplit.decode(bais, baos, 5);
                                 certBytes = baos.toByteArray();
                                 cert = getCert(certBytes);
-                                
-                                /** 
+
+                                /**
                                  * Identity from CERT if well know CA and specific encoded information
                                  */
                                 // If found Identity doesn't work, try SignedStuff Protocol
         //                                    cert.checkValidity();
         //                                    cert.--- GET FINGERPRINT?
                                 String stuff = req.getHeader("Signature");
-                                if (stuff==null) 
+                                if (stuff==null)
                                     return new X509HttpTafResp(access, null, "Header entry 'Signature' required to validate One way X509 Certificate", RESP.TRY_ANOTHER_TAF);
-                                String data = req.getHeader("Data"); 
-        //                                    if (data==null) 
+                                String data = req.getHeader("Data");
+        //                                    if (data==null)
         //                                        return new X509HttpTafResp(access, null, "No signed Data to validate with X509 Certificate", RESP.TRY_ANOTHER_TAF);
-        
+
                                 // Note: Data Pos shows is "<signatureType> <data>"
         //                                    int dataPos = (stuff.indexOf(' ')); // determine what is Algorithm
-                                // Get Signature 
+                                // Get Signature
                                 bais = new ByteArrayInputStream(stuff.getBytes());
                                 baos = new ByteArrayOutputStream(stuff.length());
                                 Symm.base64noSplit.decode(bais, baos);
                                 array = baos.toByteArray();
         //                                    Signature sig = Signature.getInstance(stuff.substring(0, dataPos)); // get Algorithm from first part of Signature
-                                
-                                Signature sig = Signature.getInstance(cert.getSigAlgName()); 
+
+                                Signature sig = Signature.getInstance(cert.getSigAlgName());
                                 sig.initVerify(cert.getPublicKey());
                                 sig.update(data.getBytes());
                                 if (!sig.verify(array)) {
@@ -254,16 +254,16 @@ public class X509Taf implements HttpTaf {
                 if (cert==null) {
                     return new X509HttpTafResp(access, null, "No Certificate Info on Transaction", RESP.TRY_ANOTHER_TAF);
                 }
-                
+
                 // A cert has been found, match Identify
                 TaggedPrincipal prin=null;
-                
+
                 for (int i=0;prin==null && i<certIdents.length;++i) {
                     if ((prin=certIdents[i].identity(req, cert, certBytes))!=null) {
                         responseText = prin.getName() + " matches Certificate " + cert.getSubjectX500Principal().getName() + responseText;
                     }
                 }
-    
+
                 // if Principal is found, check for "AS_USER" and whether this entity is trusted to declare
                 if (prin!=null) {
                     // Note: Tag for Certs is Fingerprint, but that takes computation... leaving off
@@ -275,9 +275,9 @@ public class X509Taf implements HttpTaf {
                 }
             }
         } catch (Exception e) {
-            return new X509HttpTafResp(access, null, e.getMessage(), RESP.TRY_ANOTHER_TAF);    
+            return new X509HttpTafResp(access, null, e.getMessage(), RESP.TRY_ANOTHER_TAF);
         }
-    
+
         return new X509HttpTafResp(access, null, "Certificate cannot be used for authentication", RESP.TRY_ANOTHER_TAF);
     }
 
@@ -289,7 +289,7 @@ public class X509Taf implements HttpTaf {
     public void add(BasicHttpTaf bht) {
         this.bht = bht;
     }
-    
+
     public CredVal getCredVal(final String key) {
         if (bht==null) {
             return null;