2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.oauth;
24 import java.io.IOException;
25 import java.net.HttpURLConnection;
27 import java.net.URISyntaxException;
28 import java.nio.file.Path;
29 import java.security.GeneralSecurityException;
30 import java.security.NoSuchAlgorithmException;
33 import java.util.TreeSet;
34 import java.util.concurrent.ConcurrentHashMap;
35 import java.util.regex.Pattern;
37 import org.onap.aaf.cadi.Access;
38 import org.onap.aaf.cadi.CadiException;
39 import org.onap.aaf.cadi.Hash;
40 import org.onap.aaf.cadi.Locator;
41 import org.onap.aaf.cadi.LocatorException;
42 import org.onap.aaf.cadi.Symm;
43 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
44 import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
45 import org.onap.aaf.cadi.config.Config;
46 import org.onap.aaf.cadi.config.SecurityInfoC;
47 import org.onap.aaf.cadi.configure.Agent;
48 import org.onap.aaf.cadi.locator.PropertyLocator;
49 import org.onap.aaf.cadi.locator.SingleEndpointLocator;
50 import org.onap.aaf.cadi.oauth.TokenClient.AUTHN_METHOD;
51 import org.onap.aaf.cadi.persist.Persist;
52 import org.onap.aaf.cadi.principal.Kind;
53 import org.onap.aaf.misc.env.APIException;
54 import org.onap.aaf.misc.rosetta.env.RosettaEnv;
56 import aafoauth.v2_0.Token;
58 public class TokenClientFactory extends Persist<Token,TimedToken> {
59 private static TokenClientFactory instance;
60 private final Set<String> alts;
61 private Map<String,AAFConHttp> aafcons = new ConcurrentHashMap<>();
62 private SecurityInfoC<HttpURLConnection> hsi;
66 private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
67 super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
69 Map<String, String> aaf_urls = Agent.loadURLs(pa);
70 alts = new TreeSet<>();
72 if (access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
73 access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL)); // Default to AAF
76 if (access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
77 access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL)); // Default to AAF);
80 for(String tag : new String[] {Config.AAF_ALT_OAUTH2_TOKEN_URL, Config.AAF_ALT_OAUTH2_INTROSPECT_URL}) {
81 String value = access.getProperty(tag, null);
88 symm = Symm.encrypt.obtain();
89 hsi = SecurityInfoC.instance(access, HttpURLConnection.class);
92 public synchronized static final TokenClientFactory instance(Access access) throws APIException, GeneralSecurityException, IOException, CadiException {
94 instance = new TokenClientFactory(access);
100 * Pickup Timeout from Properties
104 * @throws CadiException
105 * @throws LocatorException
106 * @throws APIException
108 public<INTR> TokenClient newClient(final String tagOrURL) throws CadiException, LocatorException, APIException {
109 return newClient(tagOrURL,Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF)));
112 public<INTR> TokenClient newClient(final String tagOrURL, final int timeout) throws CadiException, LocatorException, APIException {
114 if (tagOrURL==null) {
115 throw new CadiException("parameter tagOrURL cannot be null.");
117 ach = aafcons.get(tagOrURL);
119 aafcons.put(tagOrURL, ach=new AAFConHttp(access,tagOrURL));
123 if (alts.contains(tagOrURL)) {
126 okind = Kind.AAF_OAUTH;
128 TokenClient tci = new TokenClient(
134 tci.client_creds(access);
138 public TzClient newTzClient(final String locatorURL) throws CadiException, LocatorException {
140 return new TzHClient(access,hsi,bestLocator(locatorURL));
141 } catch (URISyntaxException e) {
142 throw new LocatorException(e);
146 static String getKey(char tokenSource,String client_id, String username, byte[] hash, String scope) throws CadiException {
148 StringBuilder sb = new StringBuilder(client_id);
150 if (username!=null) {
154 sb.append(tokenSource);
155 byte[] tohash=scope.getBytes();
156 if (hash!=null && hash.length>0) {
157 byte temp[] = new byte[hash.length+tohash.length];
158 System.arraycopy(tohash, 0, temp, 0, tohash.length);
159 System.arraycopy(hash, 0, temp, tohash.length, hash.length);
162 if (scope!=null && scope.length()>0) {
163 sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
165 return sb.toString();
166 } catch (NoSuchAlgorithmException e) {
167 throw new CadiException(e);
172 protected TimedToken newCacheable(Token t, long expires, byte[] hash, Path path) throws IOException {
173 return new TimedToken(this,t,expires,hash,path);
176 public TimedToken putTimedToken(String key, Token token, byte[] hash) throws IOException, CadiException {
177 TimedToken tt = new TimedToken(this,token,token.getExpiresIn()+(System.currentTimeMillis()/1000),hash,getPath(key));
182 private static final Pattern locatePattern = Pattern.compile("https://.*/locate/.*");
183 public Locator<URI> bestLocator(final String locatorURL ) throws LocatorException, URISyntaxException {
184 if (locatorURL==null) {
185 throw new LocatorException("Cannot have a null locatorURL in bestLocator");
187 if (locatorURL.startsWith("https://AAF_LOCATE_URL/") || locatePattern.matcher(locatorURL).matches()) {
188 return new AAFLocator(hsi,new URI(locatorURL));
189 } else if (locatorURL.indexOf(',')>0) { // multiple URLs is a Property Locator
190 return new PropertyLocator(locatorURL);
192 return new SingleEndpointLocator(locatorURL);
194 // Note: Removed DME2Locator... If DME2 client is needed, use DME2Clients