X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=blobdiff_plain;f=auth%2Fauth-service%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fservice%2Fapi%2FAPI_Creds.java;h=c23471a0037f6b1a7700dbd7d56458880370d0e2;hp=fbc1baa245c4fe93e356eaac36b31b40b0d076a4;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hpb=bdce7667a6e272e2fa32e298d957a0d9090c5bc9 diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index fbc1baa2..c23471a0 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -61,25 +61,25 @@ public class API_Creds { // needed to validate Creds even when already Authenticated x509 /** * TIME SENSITIVE APIs - * + * * These will be first in the list - * + * * @param env * @param authzAPI * @param facade - * @param directAAFUserPass + * @param directAAFUserPass * @throws Exception */ public static void timeSensitiveInit(Env env, AAF_Service authzAPI, AuthzFacade facade, final DirectAAFUserPass directAAFUserPass) throws Exception { /** * Basic Auth, quick Validation - * + * * Responds OK or NotAuthorized */ authzAPI.route(env, HttpMethods.GET, "/authn/basicAuth", new Code(facade,"Is given BasicAuth valid?",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { @@ -92,7 +92,7 @@ public class API_Creds { // have to check Basic Auth here, because it might be CSP. String authz = req.getHeader("Authorization"); if (authz.startsWith("Basic ")) { - BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); + BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); if (bht!=null) { BasicPrincipal bp = new BasicPrincipal(authz,""); CredVal cv = bht.getCredVal(bp.getDomain()); @@ -109,8 +109,8 @@ public class API_Creds { TimeTaken tt = trans.start("Direct Validation", Env.REMOTE); try { if (directAAFUserPass.validate( - decoded.substring(0,colon), - CredVal.Type.PASSWORD , + decoded.substring(0,colon), + CredVal.Type.PASSWORD , decoded.substring(colon+1).getBytes(),trans)) { resp.setStatus(HttpStatus.OK_200); } else { @@ -133,58 +133,58 @@ public class API_Creds { } } },"text/plain","*/*","*"); - - /** + + /** * returns whether a given Credential is valid */ authzAPI.route(POST, "/authn/validate", API.CRED_REQ, new Code(facade,"Is given Credential valid?",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { // will be a valid Entity. Do we need to add permission - //if(trans.fish("ns","password","request")) or the like + //if(trans.fish("ns","password","request")) or the like Result r = context.doesCredentialMatch(trans, req, resp); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden // Can't do "401", because that is on the call itself - // 403 Implies you MAY NOT Ask. + // 403 Implies you MAY NOT Ask. resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406); } } - }); + }); - /** + /** * returns whether a given Credential is valid */ authzAPI.route(GET, "/authn/cert/id/:id", API.CERTS, new Code(facade,"Get Cert Info by ID",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result r = context.getCertInfoByID(trans, req, resp, pathParam(req,":id") ); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden resp.setStatus(HttpStatus.FORBIDDEN_403); } } - }); + }); } - + /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -195,7 +195,7 @@ public class API_Creds { */ authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) { @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result r = context.createUserCred(trans, req); if (r.isOK()) { resp.setStatus(HttpStatus.CREATED_201); @@ -204,40 +204,40 @@ public class API_Creds { } } }); - - /** + + /** * gets all credentials by Namespace */ authzAPI.route(GET, "/authn/creds/ns/:ns", API.USERS, new Code(facade,"Get Creds for a Namespace",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result r = context.getCredsByNS(trans, resp, pathParam(req, "ns")); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); } } }); - - /** + + /** * gets all credentials by ID */ authzAPI.route(GET, "/authn/creds/id/:id", API.USERS, new Code(facade,"Get Creds by ID",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result r = context.getCredsByID(trans, resp, pathParam(req, "id")); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); } @@ -252,7 +252,7 @@ public class API_Creds { authzAPI.route(PUT,"/authn/cred",API.CRED_REQ,new Code(facade,"Update an ID/Credential", true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result r = context.changeUserCred(trans, req); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); @@ -266,7 +266,7 @@ public class API_Creds { * Extend ID/Credential * This behavior will accelerate getting out of P1 outages due to ignoring renewal requests, or * other expiration issues. - * + * * Scenario is that people who are solving Password problems at night, are not necessarily those who * know what the passwords are supposed to be. Also, changing Password, without changing Configurations * using that password only exacerbates the P1 Issue.