X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=blobdiff_plain;f=ONAP-PDP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpdp%2Frest%2Fconfig%2FPDPApiAuth.java;h=16329818658c0192c4648c043eeea34340883b49;hp=246f5a26d4cda21a8fed924fafef068231a2843d;hb=c1b69dfb1297365d35f2ada8690f13f787d38b4f;hpb=c683a67fbf4a50e68bf8736517865b43db75ed4b diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java index 246f5a26d..163298186 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,10 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pdp.rest.config; +import com.att.research.xacml.util.XACMLProperties; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -33,7 +35,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; import java.util.StringTokenizer; - import org.onap.policy.api.PolicyEngineException; import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.flexlogger.FlexLogger; @@ -41,21 +42,20 @@ import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.utils.AAFPolicyClient; import org.onap.policy.utils.AAFPolicyException; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; -import com.att.research.xacml.util.XACMLProperties; - public class PDPApiAuth { private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); private static String environment = null; private static Path clientPath = null; - private static Map> clientMap = null; + private static Map> clientMap = null; private static Long oldModified = null; private static AAFPolicyClient aafClient = null; - private PDPApiAuth(){ + private PDPApiAuth() { // Private Constructor } @@ -65,7 +65,7 @@ public class PDPApiAuth { public static void setProperty() { environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); - if(clientFile!=null){ + if (clientFile != null) { clientPath = Paths.get(clientFile); } try { @@ -76,84 +76,84 @@ public class PDPApiAuth { } /* - * Return Environment value of the PDP servlet. + * Return Environment value of the PDP servlet. */ public static String getEnvironment() { - if(environment==null){ + if (environment == null) { setProperty(); } return environment; } /* - * Security check for authentication and authorizations. + * Security check for authentication and authorizations. */ - public static boolean checkPermissions(String clientEncoding, String requestID, - String resource) { - try{ + public static boolean checkPermissions(String clientEncoding, String requestID, String resource) { + try { String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); - if(userNamePass==null || userNamePass.length==0){ + if (userNamePass == null || userNamePass.length == 0) { String usernameAndPassword = null; byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); usernameAndPassword = new String(decodedBytes, "UTF-8"); StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); String username = tokenizer.nextToken(); String password = tokenizer.nextToken(); - userNamePass= new String[]{username, password}; + userNamePass = new String[] {username, password}; } LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); Boolean result = false; - // Check Backward Compatibility. - try{ + // Check Backward Compatibility. + try { /* - * If AAF is NOT enabled in the properties we will allow the user to - * continue to use the client.properties file to authenticate. - * Note: Disabling AAF is for testing purposes and not intended for production. + * If AAF is NOT enabled in the properties we will allow the user to continue to use the + * client.properties file to authenticate. Note: Disabling AAF is for testing purposes and not intended + * for production. */ if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) { result = clientAuth(userNamePass); } - }catch(Exception e){ + } catch (Exception e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); } - if(!result){ + if (!result) { String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission"); String type = null; - if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ + if (!userNamePass[0].contains("@") && aafPolicyNameSpace != null) { userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace); - }else{ + } else { LOGGER.info("No AAF NameSpace specified in properties"); } - if(aafResource != null){ + if (aafResource != null) { type = aafResource + "." + resource; - }else{ + } else { LOGGER.warn("No AAF Resource specified in properties"); return false; } - LOGGER.info("Contacting AAF in : " + environment); + LOGGER.info("Contacting AAF in : " + environment); result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*"); } return result; - }catch(Exception e){ + } catch (Exception e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); return false; } } - private static Boolean clientAuth(String[] userNamePass){ - if(clientPath==null){ + private static Boolean clientAuth(String[] userNamePass) { + if (clientPath == null) { setProperty(); } if (!clientPath.toFile().exists()) { return false; - }else if(clientPath.toString().endsWith(".properties")) { + } else if (clientPath.toString().endsWith(".properties")) { try { readProps(clientPath); - if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { + if (clientMap.containsKey(userNamePass[0]) + && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { return true; } - }catch(PolicyEngineException e){ + } catch (PolicyEngineException e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); return false; } @@ -163,12 +163,12 @@ public class PDPApiAuth { private static String reverseNamespace(String namespace) { final List components = Arrays.asList(namespace.split("\\.")); - Collections.reverse(components); + Collections.reverse(components); return String.join(".", components); } - private static Map> readProps(Path clientPath) throws PolicyEngineException{ - if(oldModified!=null){ + private static Map> readProps(Path clientPath) throws PolicyEngineException { + if (oldModified != null) { Long newModified = clientPath.toFile().lastModified(); if (newModified == oldModified) { return clientMap; @@ -180,27 +180,31 @@ public class PDPApiAuth { in = new FileInputStream(clientPath.toFile()); clientProp.load(in); } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); - throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR, e); + throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Cannot Load the Properties file", + e); } // Read the Properties and Load the Clients and their scopes. clientMap = new HashMap<>(); - // + // for (Object propKey : clientProp.keySet()) { - String clientID = (String)propKey; + String clientID = (String) propKey; String clientValue = clientProp.getProperty(clientID); if (clientValue != null && clientValue.contains(",")) { ArrayList clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); - if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ + if (clientValues.get(0) != null || clientValues.get(1) != null || clientValues.get(0).isEmpty() + || clientValues.get(1).isEmpty()) { + clientValues.set(0, PeCryptoUtils.decrypt(clientValues.get(0))); clientMap.put(clientID, clientValues); } } } if (clientMap.isEmpty()) { - LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); + LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); throw new PolicyEngineException("Empty Client file"); } oldModified = clientPath.toFile().lastModified(); return clientMap; } -} \ No newline at end of file +}