ID Translate onto AAFTaf

Clients user "AAFTaf", need the Translation there, more than AAF Service

Issue-ID: AAF-556
Change-Id: I8467e2a5e25f264ddb056db2fb10ecee098a0f94
Signed-off-by: Instrumental <jonathan.gathman@att.com>

diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 4f2d967..e038d93 100644 (file)
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -117,7 +117,7 @@ public class DefaultOrg implements Organization {
                 identities = new Identities(fIdentities);
             } else {
                 if (fIdentities==null) {
-                    throw new OrganizationException("No Identities");
+                    throw new OrganizationException("No Identities: set \"" + AAF_DATA_DIR + '"');
                 } else {
                     throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
                 }

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
index d4d11bb..83b66a0 100644 (file)
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
@@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0;
 
 import java.io.IOException;
 import java.security.Principal;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import org.onap.aaf.cadi.AbsUserCache;
 import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.CachedPrincipal;
@@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future;
 import org.onap.aaf.cadi.client.Rcli;
 import org.onap.aaf.cadi.client.Retryable;
 import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
 import org.onap.aaf.cadi.principal.BasicPrincipal;
 import org.onap.aaf.cadi.principal.CachedBasicPrincipal;
 import org.onap.aaf.cadi.taf.HttpTaf;
 import org.onap.aaf.cadi.taf.TafResp;
 import org.onap.aaf.cadi.taf.TafResp.RESP;
 import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;
+import org.onap.aaf.cadi.util.CSV;
 import org.onap.aaf.misc.env.APIException;
 
 public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
     private AAFCon<CLIENT> aaf;
     private boolean warn;
-
+    private MapBathConverter mapIds;
+    
     public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
         super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
         aaf = con;
         warn = turnOnWarning;
+        initMapBathConverter();
     }
 
     public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
         super(other);
         aaf = con;
         warn = turnOnWarning;
+        initMapBathConverter();
+
     }
     
     // Note: Needed for Creation of this Object with Generics
@@ -78,6 +86,19 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
         this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning);
     }
 
+    private void initMapBathConverter() {
+        String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null);
+        if(csvFile==null) {
+               mapIds=null;
+        } else {
+               try {
+                               mapIds = new MapBathConverter(access, new CSV(csvFile));
+                       } catch (IOException | CadiException e) {
+                               access.log(e,"Bath Map Conversion is not initialzed (non fatal)");
+                       }
+        }
+
+    }
 
     public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) {
         //TODO Do we allow just anybody to validate?
@@ -88,6 +109,10 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
             if (warn&&!req.isSecure()) {
                 aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
             }
+            if(mapIds != null) {
+               authz = mapIds.convert(access, authz);
+            }
+
             try {
                 final CachedBasicPrincipal bp;
                 if (req.getUserPrincipal() instanceof CachedBasicPrincipal) {

diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
index 7a138e9..9307493 100644 (file)
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
@@ -139,6 +139,7 @@ public class MapBathConverter {
     public String convert(Access access, final String bath) {
        String rv = map.get(bath);
                String cred=null;
+               String tcred=null;
                Holder<String> hpass=null;
                try {
                        if(rv==null || !rv.startsWith(BASIC)) {
@@ -154,9 +155,8 @@ public class MapBathConverter {
                        // for SAFETY REASONS, we WILL NOT allow a non validated cred to 
                                // pass a password from file. Should be caught from Instation, but...
                        if(rv!=null) {
-                                       if(rv.startsWith(BASIC)) {
-                                               return bath;
-                                       } else {
+                                       if(!rv.startsWith(BASIC)) {
+                                               tcred = rv;
                                                rv = BASIC + Symm.base64noSplit.encode(rv+':'+hpass.value);
                                        }
                        }
@@ -164,7 +164,22 @@ public class MapBathConverter {
                } catch (IOException | CadiException e) {
                        access.log(e,"Invalid Authorization");
                }
-
-       return rv;
+               
+               if(rv==null) {
+                       rv=bath;
+               } else {
+                       try {
+                               if(cred==null) {
+                                       cred = idFromBasic(bath,null);
+                               }
+                               if(tcred==null) {
+                                       tcred = idFromBasic(rv,null);
+                               }
+                       } catch (IOException | CadiException e) {
+                               access.log(Level.ERROR,"Invalid Basic Authentication for conversion");
+                       }
+                       access.printf(Level.AUDIT, "ID %s converted to %s",cred,tcred);
+               }
+       return rv==null?bath:rv;
     }
 }