2 * ============LICENSE_START===================================================
3 * SPARKY (AAI UI service)
4 * ============================================================================
5 * Copyright © 2017 AT&T Intellectual Property.
6 * Copyright © 2017 Amdocs
8 * ============================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=====================================================
22 * ECOMP and OpenECOMP are trademarks
23 * and service marks of AT&T Intellectual Property.
25 package org.openecomp.sparky.security;
27 import javax.servlet.http.Cookie;
28 import javax.servlet.http.HttpServletRequest;
30 import org.openecomp.cl.api.Logger;
31 import org.openecomp.cl.eelf.LoggerFactory;
32 import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
33 import org.openecomp.sparky.logging.AaiUiMsgs;
34 import org.openecomp.sparky.security.portal.config.PortalAuthenticationConfig;
35 import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
39 * Provides authentication services for onboarded ECOMP applications.
41 public class EcompSso {
43 public static final String EP_SERVICE = "EPService";
44 public static final String CSP_COOKIE_NAME = "csp_cookie_name";
45 public static final String CSP_GATE_KEEPER_PROD_KEY = "csp_gate_keeper_prod_key";
46 public static final String ONAP_ENABLED = "ONAP_ENABLED";
47 private static final Logger LOG = LoggerFactory.getInstance().getLogger(EcompSso.class);
50 * Searches the request for a cookie with the specified name.
54 * @return Cookie, or null if not found.
56 public static Cookie getCookie(HttpServletRequest request, String cookieName) {
57 Cookie[] cookies = request.getCookies();
59 for (Cookie cookie : cookies) {
60 if (cookie.getName().equals(cookieName)) {
69 * Answers whether the ECOMP Portal service cookie is present in the specified request.
72 * @return true if the cookie is found, else false.
74 private static boolean isEPServiceCookiePresent(HttpServletRequest request) {
75 Cookie ep = getCookie(request, EP_SERVICE);
80 * Validates whether the ECOMP Portal sign-on process has completed, which relies the AT&T Global
81 * Log On single-sign on process. Checks for the ECOMP cookie (see {@link #EP_SERVICE}). If found,
82 * then searches for a CSP cookie; if not found, for a WebJunction header.
85 * @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID;
88 public static String validateEcompSso(HttpServletRequest request) {
89 boolean isOnapEnabled = PortalAuthenticationConfig.getInstance().getIsOnapEnabled();
91 if (isEPServiceCookiePresent(request)) {
92 /* This is a "temporary" fix until proper separation
93 * between closed source and open source code is reached */
98 return getLoginIdFromCookie(request);
103 * Searches the specified request for the CSP cookie, decodes it and gets the ATT UID.
106 * @return ATTUID if the cookie is present in the request and can be decoded successfully (expired
107 * cookies do not decode); else null.
109 private static String getLoginIdFromCookie(HttpServletRequest request) {
110 String attuid = null;
112 String[] cspFields = getCspData(request);
113 if (cspFields != null && cspFields.length > 5)
114 attuid = cspFields[5];
115 } catch (Throwable t) {
116 LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
117 "getLoginIdFromCookie failed " + t.getLocalizedMessage());
123 * Searches the specified request for the CSP cookie, decodes it and parses it to a String array.
126 * @return Array of String as parsed from the cookie; null if the cookie is not present; empty
127 * array if the cookie could not be decoded.
129 private static String[] getCspData(HttpServletRequest request) {
130 final String cookieName = PortalApiProperties.getProperty(CSP_COOKIE_NAME);
131 if (cookieName == null) {
132 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
133 "getCspData: Failed to get property " + CSP_COOKIE_NAME);
136 Cookie csp = getCookie(request, cookieName);
138 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName);
141 final String cspCookieEncrypted = csp.getValue();
143 String gateKeeperProdKey = PortalApiProperties.getProperty(CSP_GATE_KEEPER_PROD_KEY);
144 if (gateKeeperProdKey == null) {
145 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
146 "getCspData: failed to get property " + CSP_GATE_KEEPER_PROD_KEY);
149 String cspCookieDecrypted = "";
151 cspCookieDecrypted = CipherUtil.decrypt(cspCookieEncrypted,"");
152 } catch (Exception e) {
153 LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
154 "decrypting cookie failed " + e.getLocalizedMessage());
157 String[] cspData = cspCookieDecrypted.split("\\|");