X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Ftaf%2Fcert%2FX509Taf.java;h=dc07bb90cf3cd61ef770ac6c5304eadc5b9dc6cc;hb=ca76fbda94492f1b0c895ff0f4070381f17472f0;hp=b5ed7ad17aa9ef10f15fcd2ac045ac1eb92243e5;hpb=a20accc73189d8e5454cd26049c0e6fae75da16f;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java index b5ed7ad1..dc07bb90 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java @@ -36,12 +36,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CachedPrincipal; +import org.onap.aaf.cadi.CachedPrincipal.Resp; import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.CredVal; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.CachedPrincipal.Resp; import org.onap.aaf.cadi.Taf.LifeForm; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.config.SecurityInfo; @@ -51,6 +52,7 @@ import org.onap.aaf.cadi.principal.X509Principal; import org.onap.aaf.cadi.taf.HttpTaf; import org.onap.aaf.cadi.taf.TafResp; import org.onap.aaf.cadi.taf.TafResp.RESP; +import org.onap.aaf.cadi.taf.basic.BasicHttpTaf; import org.onap.aaf.cadi.util.Split; public class X509Taf implements HttpTaf { @@ -65,12 +67,13 @@ public class X509Taf implements HttpTaf { private ArrayList cadiIssuers; private String env; private SecurityInfo si; + private BasicHttpTaf bht; static { try { certFactory = CertificateFactory.getInstance("X.509"); messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone - tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm); + tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM); } catch (Exception e) { throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e); } @@ -130,7 +133,8 @@ public class X509Taf implements HttpTaf { if(certarr!=null && certarr.length>0) { si.checkClientTrusted(certarr); // Note: If the Issuer is not in the TrustStore, it's not added to the Cert list - if(cadiIssuers.contains(certarr[0].getIssuerDN().toString())) { + String issuer = certarr[0].getIssuerDN().toString(); + if(cadiIssuers.contains(issuer)) { String subject = certarr[0].getSubjectDN().getName(); // avoiding extra object creation, since this is validated EVERY transaction with a Cert int at = subject.indexOf('@'); @@ -149,7 +153,7 @@ public class X509Taf implements HttpTaf { String[] sa = Split.splitTrim(':', subject, temp+3,end); if(sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment return new X509HttpTafResp(access, - new X509Principal(sa[0], certarr[0],(byte[])null), + new X509Principal(sa[0], certarr[0],(byte[])null,bht), "X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED); } } @@ -258,4 +262,16 @@ public class X509Taf implements HttpTaf { return null; } + public void add(BasicHttpTaf bht) { + this.bht = bht; + } + + public CredVal getCredVal(final String key) { + if(bht==null) { + return null; + } else { + return bht.getCredVal(key); + } + } + }