2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.sso;
25 import java.io.FileInputStream;
26 import java.io.FileOutputStream;
27 import java.io.IOException;
28 import java.io.PrintStream;
29 import java.lang.reflect.InvocationTargetException;
30 import java.lang.reflect.Method;
31 import java.util.ArrayList;
32 import java.util.List;
33 import java.util.Properties;
35 import org.onap.aaf.cadi.CadiException;
36 import org.onap.aaf.cadi.PropAccess;
37 import org.onap.aaf.cadi.Symm;
38 import org.onap.aaf.cadi.Access.Level;
39 import org.onap.aaf.cadi.config.Config;
40 import org.onap.aaf.cadi.util.MyConsole;
41 import org.onap.aaf.cadi.util.SubStandardConsole;
42 import org.onap.aaf.cadi.util.TheConsole;
46 public static final MyConsole cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole();
48 private Properties diskprops = null; // use for temp storing User/Password on disk
49 private File dot_aaf = null, sso=null; // instantiated, if ever, with diskprops
51 boolean removeSSO=false;
52 boolean loginOnly = false;
53 private PropAccess access;
54 private StringBuilder err;
55 private String user,encrypted_pass;
56 private boolean use_X509;
58 private PrintStream os, stdout=null,stderr=null;
62 public AAFSSO(String[] args) throws IOException, CadiException {
63 List<String> larg = new ArrayList<String>(args.length);
65 // Cover for bash's need to escape *.. (\\*)
66 // also, remove SSO if required
67 for (int i = 0; i < args.length; ++i) {
68 if ("\\*".equals(args[i])) {
72 if("-logout".equalsIgnoreCase(args[i])) {
74 } else if("-login".equalsIgnoreCase(args[i])) {
81 String[] nargs = new String[larg.size()];
84 dot_aaf = new File(System.getProperty("user.home")+"/.aaf");
85 if(!dot_aaf.exists()) {
88 File f = new File(dot_aaf,"sso.out");
89 os = new PrintStream(new FileOutputStream(f,true));
95 access = new PropAccess(os,nargs);
96 Config.setDefaultRealm(access);
98 user = access.getProperty(Config.AAF_APPID);
99 encrypted_pass = access.getProperty(Config.AAF_APPPASS);
101 File dot_aaf_kf = new File(dot_aaf,"keyfile");
103 sso = new File(dot_aaf,"sso.props");
105 if(dot_aaf_kf.exists()) {
106 dot_aaf_kf.setWritable(true,true);
112 System.out.println("AAF SSO information removed");
116 if(!dot_aaf_kf.exists()) {
117 FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
119 fos.write(Symm.keygen());
120 dot_aaf_kf.setExecutable(false,false);
121 dot_aaf_kf.setWritable(false,false);
122 dot_aaf_kf.setReadable(false,false);
123 dot_aaf_kf.setReadable(true, true);
129 String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
131 access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
134 String alias = access.getProperty(Config.CADI_ALIAS);
135 if(user==null && alias!=null && access.getProperty(Config.CADI_KEYSTORE_PASSWORD)!=null) {
137 access.setProperty(Config.AAF_APPID, user);
141 Symm decryptor = Symm.obtain(dot_aaf_kf);
143 if(sso.exists() && sso.lastModified()>System.currentTimeMillis()-(8*60*60*1000 /* 8 hours */)) {
144 String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
145 FileInputStream fos = new FileInputStream(sso);
148 user = access.getProperty(Config.AAF_APPID);
149 encrypted_pass = access.getProperty(Config.AAF_APPPASS);
150 // decrypt with .aaf, and re-encrypt with regular Keyfile
151 access.setProperty(Config.AAF_APPPASS,
152 access.encrypt(decryptor.depass(encrypted_pass)));
153 if(cm_url!=null) { //Command line CM_URL Overwrites ssofile.
154 access.setProperty(Config.CM_URL, cm_url);
160 diskprops = new Properties();
161 String realm = Config.getDefaultRealm();
162 // Turn on Console Sysout
163 System.setOut(stdout);
164 user=cons.readLine("aaf_id(%s@%s): ",System.getProperty("user.name"),realm);
166 user = System.getProperty("user.name")+'@'+realm;
167 } else if(user.length()==0) { //
168 user = System.getProperty("user.name")+'@' + realm;
169 } else if(user.indexOf('@')<0 && realm!=null) {
170 user = user+'@'+realm;
172 access.setProperty(Config.AAF_APPID,user);
173 diskprops.setProperty(Config.AAF_APPID,user);
174 encrypted_pass = new String(cons.readPassword("aaf_password: "));
176 encrypted_pass = Symm.ENC+decryptor.enpass(encrypted_pass);
177 access.setProperty(Config.AAF_APPPASS,encrypted_pass);
178 diskprops.setProperty(Config.AAF_APPPASS,encrypted_pass);
179 diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
184 err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
187 if (encrypted_pass == null && alias==null) {
189 err = new StringBuilder();
193 err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
197 public void setLogDefault() {
198 access.setLogLevel(PropAccess.DEFAULT);
200 System.setOut(stdout);
204 public void setStdErrDefault() {
205 access.setLogLevel(PropAccess.DEFAULT);
207 System.setErr(stderr);
211 public void setLogDefault(Level level) {
212 access.setLogLevel(level);
214 System.setOut(stdout);
218 public boolean loginOnly() {
222 public void addProp(String key, String value) {
223 if(diskprops!=null) {
224 diskprops.setProperty(key, value);
228 public void writeFiles() throws IOException {
229 // Store Creds, if they work
230 if(diskprops!=null) {
231 if(!dot_aaf.exists()) {
234 FileOutputStream fos = new FileOutputStream(sso);
236 diskprops.store(fos, "AAF Single Signon");
239 sso.setWritable(false,false);
240 sso.setExecutable(false,false);
241 sso.setReadable(false,false);
242 sso.setReadable(true,true);
246 sso.setReadable(false,false);
247 sso.setWritable(false,false);
248 sso.setExecutable(false,false);
249 sso.setReadable(true,true);
250 sso.setWritable(true,true);
254 public PropAccess access() {
258 public StringBuilder err() {
262 public String user() {
266 public String enc_pass() {
267 return encrypted_pass;
270 public boolean useX509() {
274 public void close() {
278 } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
279 // nothing to do here.