2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.sso;
25 import java.io.FileInputStream;
26 import java.io.FileOutputStream;
27 import java.io.IOException;
28 import java.io.PrintStream;
29 import java.lang.reflect.InvocationTargetException;
30 import java.lang.reflect.Method;
31 import java.util.ArrayList;
32 import java.util.List;
33 import java.util.Properties;
35 import org.onap.aaf.cadi.CadiException;
36 import org.onap.aaf.cadi.PropAccess;
37 import org.onap.aaf.cadi.Symm;
38 import org.onap.aaf.cadi.Access.Level;
39 import org.onap.aaf.cadi.config.Config;
40 import org.onap.aaf.cadi.util.MyConsole;
41 import org.onap.aaf.cadi.util.SubStandardConsole;
42 import org.onap.aaf.cadi.util.TheConsole;
45 public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
46 private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
48 private Properties diskprops = null; // use for temp storing User/Password on disk
49 private File dot_aaf = null;
50 private File sso = null; // instantiated, if ever, with diskprops
52 boolean removeSSO = false;
53 boolean loginOnly = false;
54 boolean doExit = true;
55 private PropAccess access;
56 private StringBuilder err;
58 private String encrypted_pass;
59 private boolean use_X509;
61 private PrintStream os;
65 public AAFSSO(String[] args) throws IOException, CadiException {
66 String[] nargs = parseArgs(args);
68 dot_aaf = new File(System.getProperty("user.home") + "/.aaf");
69 if (!dot_aaf.exists()) {
72 File f = new File(dot_aaf, "sso.out");
73 os = new PrintStream(new FileOutputStream(f, true));
77 access = new PropAccess(os, nargs);
78 Config.setDefaultRealm(access);
80 user = access.getProperty(Config.AAF_APPID);
81 encrypted_pass = access.getProperty(Config.AAF_APPPASS);
83 File dot_aaf_kf = new File(dot_aaf, "keyfile");
85 sso = new File(dot_aaf, "sso.props");
87 if (dot_aaf_kf.exists()) {
88 dot_aaf_kf.setWritable(true, true);
94 System.out.println("AAF SSO information removed");
100 if (!dot_aaf_kf.exists()) {
101 FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
103 fos.write(Symm.keygen());
104 setReadonly(dot_aaf_kf);
110 String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
111 if (keyfile == null) {
112 access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
115 String alias = access.getProperty(Config.CADI_ALIAS);
116 if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) {
118 access.setProperty(Config.AAF_APPID, user);
122 Symm decryptor = Symm.obtain(dot_aaf_kf);
124 if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) {
125 String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
126 FileInputStream fos = new FileInputStream(sso);
129 user = access.getProperty(Config.AAF_APPID);
130 encrypted_pass = access.getProperty(Config.AAF_APPPASS);
131 // decrypt with .aaf, and re-encrypt with regular Keyfile
132 access.setProperty(Config.AAF_APPPASS,
133 access.encrypt(decryptor.depass(encrypted_pass)));
134 if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
135 access.setProperty(Config.CM_URL, cm_url);
141 diskprops = new Properties();
142 String realm = Config.getDefaultRealm();
143 // Turn on Console Sysout
144 System.setOut(System.out);
145 user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
147 user = System.getProperty("user.name") + '@' + realm;
148 } else if (user.length() == 0) { //
149 user = System.getProperty("user.name") + '@' + realm;
150 } else if ((user.indexOf('@') < 0) && (realm != null)) {
151 user = user + '@' + realm;
153 access.setProperty(Config.AAF_APPID, user);
154 diskprops.setProperty(Config.AAF_APPID, user);
155 encrypted_pass = new String(cons.readPassword("aaf_password: "));
157 encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
158 access.setProperty(Config.AAF_APPPASS, encrypted_pass);
159 diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
160 diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
165 err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
168 if (encrypted_pass == null && alias == null) {
170 err = new StringBuilder();
174 err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
178 public void setLogDefault() {
179 this.setLogDefault(PropAccess.DEFAULT);
182 public void setStdErrDefault() {
183 access.setLogLevel(PropAccess.DEFAULT);
184 System.setErr(System.err);
187 public void setLogDefault(Level level) {
188 access.setLogLevel(level);
189 System.setOut(System.out);
192 public boolean loginOnly() {
196 public void addProp(String key, String value) {
197 if (diskprops != null) {
198 diskprops.setProperty(key, value);
202 public void writeFiles() throws IOException {
203 // Store Creds, if they work
204 if (diskprops != null) {
205 if (!dot_aaf.exists()) {
208 FileOutputStream fos = new FileOutputStream(sso);
210 diskprops.store(fos, "AAF Single Signon");
218 sso.setWritable(true, true);
222 public PropAccess access() {
226 public StringBuilder err() {
230 public String user() {
234 public String enc_pass() {
235 return encrypted_pass;
238 public boolean useX509() {
242 public void close() {
246 } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
247 // nothing to do here.
253 private String[] parseArgs(String[] args)
255 List<String> larg = new ArrayList<String>(args.length);
257 // Cover for bash's need to escape *.. (\\*)
258 // also, remove SSO if required
259 for (int i = 0; i < args.length; ++i) {
260 if ("\\*".equals(args[i])) {
264 if ("-logout".equalsIgnoreCase(args[i])) {
266 } else if ("-login".equalsIgnoreCase(args[i])) {
268 } else if ("-noexit".equalsIgnoreCase(args[i])) {
274 String[] nargs = new String[larg.size()];
279 private void setReadonly(File file) {
280 file.setExecutable(false, false);
281 file.setWritable(false, false);
282 file.setReadable(false, false);
283 file.setReadable(true, true);