diff options
| author |   Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-09-22 19:16:10 +0200 |
|---|---|---|
| committer | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-09-22 19:16:10 +0200 |
| commit | 664cab65c4f0454d8e3594653954387923aa397d (patch) | |
| tree | 0bd2652c3d7883342475d8bcb3dc05e8d3235dda | |
| parent | fb6d819a5175e154c56810e47282d7e7fd7ef9d8 (diff) | |
Remove aai-aaf-auth from aai-common
- AAF has been removed from ONAP some time ago,
thus this model is not needed anymore
Issue-ID: AAI-4006
Change-Id: I7943ed2f4c5308cca058c8aead9b0bd3b95ac580
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
50 files changed, 5 insertions, 3155 deletions
diff --git a/aai-aaf-auth/pom.xml b/aai-aaf-auth/pom.xml deleted file mode 100644 index 113ca78f..00000000 --- a/aai-aaf-auth/pom.xml +++ /dev/null @@ -1,77 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.onap.aai.aai-common</groupId> - <artifactId>aai-parent</artifactId> - <version>1.15.0-SNAPSHOT</version> - <relativePath>../aai-parent/pom.xml</relativePath> - </parent> - <artifactId>aai-aaf-auth</artifactId> - <name>aai-aaf-auth</name> - <packaging>jar</packaging> - <dependencies> - <dependency> - <groupId>org.onap.aai.aai-common</groupId> - <artifactId>aai-els-onap-logging</artifactId> - </dependency> - <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-core</artifactId> - </dependency> - <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-aaf</artifactId> - </dependency> - <dependency> - <groupId>org.easymock</groupId> - <artifactId>easymock</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-web</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-context</artifactId> - </dependency> - <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-web</artifactId> - <exclusions> - <exclusion> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-tomcat</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>com.google.code.gson</groupId> - <artifactId>gson</artifactId> - </dependency> - <dependency> - <groupId>commons-io</groupId> - <artifactId>commons-io</artifactId> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <!-- TODO: Migrate tests to junit 5 and remove this dependency --> - <dependency> - <groupId>org.junit.vintage</groupId> - <artifactId>junit-vintage-engine</artifactId> - <scope>test</scope> - <exclusions> - <exclusion> - <groupId>org.hamcrest</groupId> - <artifactId>hamcrest-core</artifactId> - </exclusion> - </exclusions> - </dependency> - </dependencies> -</project> diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java deleted file mode 100644 index a951417b..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java +++ /dev/null @@ -1,389 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - -import java.io.File; -import java.io.FileNotFoundException; -import java.io.UnsupportedEncodingException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Base64; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.Set; -import java.util.Timer; -import java.util.TimerTask; -import java.util.UUID; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import java.util.stream.Collectors; - -import org.eclipse.jetty.util.security.Password; -import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException; -import org.onap.aai.logging.ErrorLogHelper; -import org.onap.aai.util.AAIConfig; -import org.onap.aai.util.AAIConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * The Class AAIAuthCore. - */ -public final class AAIAuthCore { - - private static final Logger LOGGER = LoggerFactory.getLogger(AAIAuthCore.class); - - private static final String ERROR_CODE_AAI_4001 = "AAI_4001"; - - private String globalAuthFileName = AAIConstants.AAI_AUTH_CONFIG_FILENAME; - - private final Pattern authPolicyPattern; - private final Set<String> validFunctions = new HashSet<>(); - private Map<String, AAIUser> users; - private boolean timerSet = false; - private Timer timer = null; - - private String basePath; - - /** - * Instantiates a new AAI auth core. - */ - public AAIAuthCore(String basePath) { - this(basePath, AAIConstants.AAI_AUTH_CONFIG_FILENAME); - } - - public AAIAuthCore(String basePath, String filename) { - this.basePath = basePath; - this.globalAuthFileName = filename; - authPolicyPattern = Pattern.compile("^" + this.basePath + "/v\\d+/([\\w\\-]*)"); - init(); - } - - public AAIAuthCore(String basePath, String filename, String pattern) { - this.basePath = basePath; - this.globalAuthFileName = filename; - authPolicyPattern = Pattern.compile(pattern); - init(); - } - - /** - * Inits the. - */ - private synchronized void init() { - - LOGGER.debug("Initializing Auth Policy Config"); - - reloadUsers(); - - /* - * this timer code is setting up a recurring task that checks if the - * auth config file has been updated and reloads the users if so to get - * the most up to date info (that update check logic is within - * FileWatcher) - * - * the timing this method uses is coarser than the frequency of requests - * AI&I gets so we're looking at better ways of doing this (TODO) - */ - TimerTask task = new FileWatcher(new File(globalAuthFileName)) { - @Override - protected void onChange(File file) { - reloadUsers(); - } - }; - - if (!timerSet) { - timerSet = true; - timer = new Timer(); - - // repeat the check every second - timer.schedule(task, new Date(), 10000); - } - LOGGER.debug("Static Initializiation complete"); - } - - /** - * Cleanup. - */ - // just ends the auth config file update checking timer - public void cleanup() { - timer.cancel(); - } - - /** - * Reload users. - */ - /* - * this essentially takes the data file, which is organized role-first with - * users under each role and converts it to data organized user-first with - * each user containing their role with its associated allowed functions - * this data stored in the class field users - */ - private synchronized void reloadUsers() { - - Map<String, AAIUser> tempUsers = new HashMap<>(); - - try { - LOGGER.debug("Reading from " + globalAuthFileName); - String authFile = new String(Files.readAllBytes(Path.of(globalAuthFileName))); - - JsonObject authObject = JsonParser.parseString(authFile).getAsJsonObject(); - if (authObject.has("roles")) { - JsonArray roles = authObject.getAsJsonArray("roles"); - for (JsonElement role : roles) { - if (role.isJsonObject()) { - JsonObject roleObject = role.getAsJsonObject(); - String roleName = roleObject.get("name").getAsString(); - Map<String, Boolean> usrs = this.getUsernamesFromRole(roleObject); - List<String> aaiFunctions = this.getAAIFunctions(roleObject); - - usrs.forEach((key, value) -> { - final AAIUser au = tempUsers.getOrDefault(key, new AAIUser(key, value)); - au.addRole(roleName); - aaiFunctions.forEach(f -> { - List<String> httpMethods = this.getRoleHttpMethods(f, roleObject); - httpMethods.forEach(hm -> au.setUserAccess(f, hm)); - this.validFunctions.add(f); - }); - - tempUsers.put(key, au); - - }); - } - } - if (!tempUsers.isEmpty()) { - users = tempUsers; - } - } - } catch (FileNotFoundException e) { - ErrorLogHelper.logError(ERROR_CODE_AAI_4001, globalAuthFileName + ". Exception: " + e); - } catch (JsonProcessingException e) { - ErrorLogHelper.logError(ERROR_CODE_AAI_4001, globalAuthFileName + ". Not valid JSON: " + e); - } catch (Exception e) { - ErrorLogHelper.logError(ERROR_CODE_AAI_4001, globalAuthFileName + ". Exception caught: " + e); - } - } - - private List<String> getRoleHttpMethods(String aaiFunctionName, JsonObject roleObject) { - List<String> httpMethods = new ArrayList<>(); - - JsonArray ja = roleObject.getAsJsonArray("functions"); - for (JsonElement je : ja) { - if (je.isJsonObject() && je.getAsJsonObject().has("name") - && je.getAsJsonObject().get("name").getAsString().equals(aaiFunctionName)) { - JsonArray jaMeth = je.getAsJsonObject().getAsJsonArray("methods"); - for (JsonElement jeMeth : jaMeth) { - if (jeMeth.isJsonObject() && jeMeth.getAsJsonObject().has("name")) { - httpMethods.add(jeMeth.getAsJsonObject().get("name").getAsString()); - } - } - } - } - - return httpMethods; - } - - private List<String> getAAIFunctions(JsonObject roleObject) { - List<String> aaiFunctions = new ArrayList<>(); - - JsonArray ja = roleObject.getAsJsonArray("functions"); - for (JsonElement je : ja) { - if (je.isJsonObject() && je.getAsJsonObject().has("name")) { - aaiFunctions.add(je.getAsJsonObject().get("name").getAsString()); - } - } - - return aaiFunctions; - } - - private Map<String, Boolean> getUsernamesFromRole(JsonObject roleObject) throws UnsupportedEncodingException { - Map<String, Boolean> usernames = new HashMap<>(); - - JsonArray uja = roleObject.getAsJsonArray("users"); - for (JsonElement je : uja) { - if (je.isJsonObject()) { - if (je.getAsJsonObject().has("username")) { - if (je.getAsJsonObject().has("is-wildcard-id")) { - usernames.put(je.getAsJsonObject().get("username").getAsString().toLowerCase(), - je.getAsJsonObject().get("is-wildcard-id").getAsBoolean()); - } else { - usernames.put(je.getAsJsonObject().get("username").getAsString().toLowerCase(), false); - } - } else if (je.getAsJsonObject().has("user")) { - String auth = je.getAsJsonObject().get("user").getAsString() + ":" - + Password.deobfuscate(je.getAsJsonObject().get("pass").getAsString()); - String authorizationCode = new String(Base64.getEncoder().encode(auth.getBytes("utf-8"))); - usernames.put(authorizationCode, false); - } - } - } - - return usernames; - } - - public String getAuthPolicyFunctName(String uri) { - String authPolicyFunctionName = ""; - if (uri.startsWith(basePath + "/search")) { - authPolicyFunctionName = "search"; - } else if (uri.startsWith(basePath + "/recents")) { - authPolicyFunctionName = "recents"; - } else if (uri.startsWith(basePath + "/cq2gremlin")) { - authPolicyFunctionName = "cq2gremlin"; - } else if (uri.startsWith(basePath + "/cq2gremlintest")) { - authPolicyFunctionName = "cq2gremlintest"; - } else if (uri.startsWith(basePath + "/util/echo")) { - authPolicyFunctionName = "util"; - } else if (uri.startsWith(basePath + "/tools")) { - authPolicyFunctionName = "tools"; - } else { - Matcher match = authPolicyPattern.matcher(uri); - if (match.find()) { - authPolicyFunctionName = match.group(1); - } - } - return authPolicyFunctionName; - } - - /** - * for backwards compatibility - * - * @param username - * @param uri - * @param httpMethod - * @param haProxyUser - * @return - * @throws AAIUnrecognizedFunctionException - */ - public boolean authorize(String username, String uri, String httpMethod, String haProxyUser) - throws AAIUnrecognizedFunctionException { - return authorize(username, uri, httpMethod, haProxyUser, null); - } - - /** - * - * @param username - * @param uri - * @param httpMethod - * @param haProxyUser - * @param issuer issuer of the cert - * @return - * @throws AAIUnrecognizedFunctionException - */ - public boolean authorize(String username, String uri, String httpMethod, String haProxyUser, String issuer) - throws AAIUnrecognizedFunctionException { - String aaiMethod = this.getAuthPolicyFunctName(uri); - if (!this.validFunctions.contains(aaiMethod) && !("info".equalsIgnoreCase(aaiMethod))) { - throw new AAIUnrecognizedFunctionException(aaiMethod); - } - boolean wildcardCheck = isWildcardIssuer(issuer); - boolean authorized; - LOGGER.debug( - "Authorizing the user for the request cert {}, haproxy header {}, aai method {}, httpMethod {}, cert issuer {}", - username, haProxyUser, aaiMethod, httpMethod, issuer); - Optional<AAIUser> oau = this.getUser(username, wildcardCheck); - if (oau.isPresent()) { - AAIUser au = oau.get(); - if (au.hasRole("HAProxy")) { - LOGGER.debug("User has HAProxy role"); - if ("GET".equalsIgnoreCase(httpMethod) && "util".equalsIgnoreCase(aaiMethod) && haProxyUser.isEmpty()) { - LOGGER.debug("Authorized user has HAProxy role with echo request"); - authorized = this.authorize(au, aaiMethod, httpMethod); - } else { - authorized = this.authorize(haProxyUser, uri, httpMethod, "", issuer); - } - } else { - LOGGER.debug("User doesn't have HAProxy role so assuming its a regular client"); - authorized = this.authorize(au, aaiMethod, httpMethod); - } - } else { - LOGGER.debug("User not found: " + username + " on function " + aaiMethod + " request type " + httpMethod); - authorized = false; - } - - return authorized; - } - - private boolean isWildcardIssuer(String issuer) { - if (issuer != null && !issuer.isEmpty()) { - List<String> validIssuers = Arrays - .asList(AAIConfig.get("aaf.valid.issuer.wildcard", UUID.randomUUID().toString()).split("\\|")); - for (String validIssuer : validIssuers) { - if (issuer.contains(validIssuer)) { - return true; - } - } - } - return false; - } - - /** - * returns aai user either matching the username or containing the wildcard. - * - * @param username - * @return - */ - public Optional<AAIUser> getUser(String username, boolean wildcardCheck) { - if (users.containsKey(username)) { - return Optional.of(users.get(username)); - } else if (wildcardCheck) { - List<AAIUser> laus = - users.entrySet().stream().filter(e -> e.getValue().isWildcard() && username.contains(e.getKey())) - .map(Map.Entry::getValue).collect(Collectors.toList()); - if (!laus.isEmpty()) { - return Optional.of(laus.get(0)); - } - } - return Optional.empty(); - } - - /** - * - * @param aaiUser - * aai user with the username - * @param aaiMethod - * aai function the authorization is required on - * @param httpMethod - * http action user is attempting - * @return true, if successful - */ - private boolean authorize(AAIUser aaiUser, String aaiMethod, String httpMethod) { - if ("info".equalsIgnoreCase(aaiMethod) || aaiUser.hasAccess(aaiMethod, httpMethod)) { - LOGGER.debug("AUTH ACCEPTED: " + aaiUser.getUsername() + " on function " + aaiMethod + " request type " - + httpMethod); - return true; - } else { - LOGGER.debug("AUTH FAILED: " + aaiUser.getUsername() + " on function " + aaiMethod + " request type " - + httpMethod); - return false; - } - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIUser.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIUser.java deleted file mode 100644 index 4512adb0..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIUser.java +++ /dev/null @@ -1,81 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Modifications Copyright © 2018 IBM. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import java.util.*; - -public class AAIUser { - - private String username; - - private boolean isWildcard = false; - private Set<String> roles; - private Map<String, Set<String>> aaiFunctionToHttpMethod; - - public AAIUser(String username) { - this(username, false); - } - - public AAIUser(String username, boolean isWildcard) { - this.username = username; - this.roles = new HashSet<>(); - this.aaiFunctionToHttpMethod = new HashMap<>(); - this.isWildcard = isWildcard; - } - - public boolean isWildcard() { - return isWildcard; - } - - public String getUsername() { - return username; - } - - public void addRole(String role) { - this.roles.add(role); - } - - public boolean hasRole(String role) { - return this.roles.contains(role); - } - - public void setUserAccess(String aaiMethod, String... httpMethods) { - for (String httpMethod : httpMethods) { - this.addUserAccess(aaiMethod, httpMethod); - } - } - - private void addUserAccess(String aaiMethod, String httpMethod) { - Set<String> httpMethods = new HashSet<>(); - if (this.aaiFunctionToHttpMethod.containsKey(aaiMethod)) { - httpMethods = this.aaiFunctionToHttpMethod.get(aaiMethod); - } - httpMethods.add(httpMethod); - this.aaiFunctionToHttpMethod.put(aaiMethod, httpMethods); - } - - public boolean hasAccess(String aaiMethod, String httpMethod) { - return this.aaiFunctionToHttpMethod.getOrDefault(aaiMethod, Collections.emptySet()).contains(httpMethod); - } - -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java deleted file mode 100644 index 2c8aaf28..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java +++ /dev/null @@ -1,115 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import static org.onap.aai.aaf.auth.ResponseFormatter.errorResponse; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.List; -import java.util.Properties; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.cadi.filter.CadiFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * The Class AafRequestFilter provides common auth filter methods - */ -public class AafRequestFilter { - - private static final Logger LOGGER = LoggerFactory.getLogger(AafRequestFilter.class); - - public static void authenticationFilter(HttpServletRequest request, HttpServletResponse response, - FilterChain filterChain, CadiFilter cadiFilter, Properties props, String userChainPattern) - throws IOException, ServletException { - if (!request.getRequestURI().matches("^.*/util/echo$")) { - - List<String> cadiConfiguredIssuers = CertUtil.getCadiCertIssuers(props); - String issuer = CertUtil.getCertIssuer(request); - if (issuer == null || issuer.isEmpty()) { - errorResponse(request, response); - return; - } - issuer = issuer.replaceAll("\\s+", "").toUpperCase(); - - if (cadiConfiguredIssuers.contains(issuer)) { - LOGGER.debug("authenticationFilter CADI issuer " + issuer); - if (CertUtil.isHaProxy(request)) { - // get the end user/client mechid and use it in the user chain header value - String user = CertUtil.getMechId(request); - LOGGER.debug("authenticationFilter haProxy sent end user/mechid " + user); - if (user == null || user.isEmpty()) { - errorResponse(request, response); - return; - } - AafRequestWrapper reqWrapper = new AafRequestWrapper(request); - String userChainHdr = CertUtil.buildUserChainHeader(user, userChainPattern); - LOGGER.debug("User chain header value: " + userChainHdr); - reqWrapper.putHeader(CertUtil.AAF_USER_CHAIN_HDR, userChainHdr); - cadiFilter.doFilter(reqWrapper, response, filterChain); - } else { - cadiFilter.doFilter(request, response, filterChain); - } - if (response.getStatus() == 401 || response.getStatus() == 403) { - LOGGER.debug("authenticationFilter failed CADI authentication"); - errorResponse(request, response); - return; - } - } else { - filterChain.doFilter(request, response); - } - } else { - filterChain.doFilter(request, response); - } - } - - public static void authorizationFilter(HttpServletRequest request, HttpServletResponse response, - FilterChain filterChain, String permission, Properties props) throws IOException, ServletException { - if (request.getRequestURI().matches("^.*/util/echo$")) { - filterChain.doFilter(request, response); - } - List<String> cadiConfiguredIssuers = CertUtil.getCadiCertIssuers(props); - String issuer = CertUtil.getCertIssuer(request); - if (issuer == null || issuer.isEmpty()) { - errorResponse(request, response); - return; - } - issuer = issuer.replaceAll("\\s+", "").toUpperCase(); - Enumeration<String> hdrs = request.getHeaders(CertUtil.AAF_USER_CHAIN_HDR); - while (hdrs.hasMoreElements()) { - String headerValue = (String) hdrs.nextElement(); - LOGGER.debug("authorizationFilter user chain headerValue=" + headerValue); - } - if ((cadiConfiguredIssuers.contains(issuer)) && (!request.isUserInRole(permission))) { - LOGGER.debug( - "authorizationFilter failed CADI authorization issuer=" + issuer + " permission=" + permission); - errorResponse(request, response); - } else { - filterChain.doFilter(request, response); - } - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java deleted file mode 100644 index f74ed3e4..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java +++ /dev/null @@ -1,79 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import java.util.*; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; - -/** - * The AafRequestWrapper sets the user in the principal name - */ -public class AafRequestWrapper extends HttpServletRequestWrapper { - - private final Map<String, String> customHeaders; - - public AafRequestWrapper(HttpServletRequest request) { - super(request); - this.customHeaders = new HashMap<String, String>(); - } - - public void putHeader(String name, String value) { - this.customHeaders.put(name, value); - } - - @Override - public String getHeader(String name) { - String headerValue = customHeaders.get(name); - if (headerValue != null) { - return headerValue; - } - return (((HttpServletRequest) getRequest()).getHeader(name)); - } - - @Override - public Enumeration<String> getHeaderNames() { - Set<String> nameSet = new HashSet<String>(customHeaders.keySet()); - - Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaderNames(); - while (e.hasMoreElements()) { - String headerName = e.nextElement(); - nameSet.add(headerName); - } - return Collections.enumeration(nameSet); - } - - @Override - public Enumeration<String> getHeaders(String name) { - String myHeaderValue = customHeaders.get(name); - Set<String> headerValueSet = new HashSet<String>(); - if (myHeaderValue != null) { - headerValueSet.add(myHeaderValue); - } - Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaders(name); - while (e.hasMoreElements()) { - String headerValue = e.nextElement(); - headerValueSet.add(headerValue); - } - return Collections.enumeration(headerValueSet); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java deleted file mode 100644 index 139e46c8..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java +++ /dev/null @@ -1,164 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import java.io.FileInputStream; -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.Properties; -import java.util.stream.Collectors; - -import javax.servlet.http.HttpServletRequest; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * The Class CertUtil provides cert related utility methods. - */ -public class CertUtil { - public static final String DEFAULT_CADI_ISSUERS = "CN=ATT AAF CADI Test Issuing " - + "CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Test Issuing CA 02, OU=CSO, O=ATT, C=US"; - public static final String CADI_PROP_FILES = "cadi_prop_files"; - public static final String CADI_ISSUERS_PROP_NAME = "cadi_x509_issuers"; - public static final String CADI_ISSUERS_SEPARATOR = ":"; - public static final String AAI_SSL_CLIENT_OU_HDR = "X-AAI-SSL-Client-OU"; - public static final String AAI_SSL_ISSUER_HDR = "X-AAI-SSL-Issuer"; - public static final String AAI_SSL_CLIENT_CN_HDR = "X-AAI-SSL-Client-CN"; - public static final String AAI_SSL_CLIENT_O_HDR = "X-AAI-SSL-Client-O"; - public static final String AAI_SSL_CLIENT_L_HDR = "X-AAI-SSL-Client-L"; - public static final String AAI_SSL_CLIENT_ST_HDR = "X-AAI-SSL-Client-ST"; - public static final String AAI_SSL_CLIENT_C_HDR = "X-AAI-SSL-Client-C"; - public static final String AAF_USER_CHAIN_HDR = "USER_CHAIN"; - public static final String AAF_ID = "<AAF-ID>"; - private static final Logger LOGGER = LoggerFactory.getLogger(CertUtil.class); - - public static String getAaiSslClientOuHeader(HttpServletRequest hsr) { - return (hsr.getHeader(AAI_SSL_CLIENT_OU_HDR)); - } - - public static boolean isHaProxy(HttpServletRequest hsr) { - - String haProxyUser = ""; - if (Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_CN_HDR)) || Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_OU_HDR)) - || Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_O_HDR)) - || Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_L_HDR)) - || Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_ST_HDR)) - || Objects.isNull(hsr.getHeader(AAI_SSL_CLIENT_C_HDR))) { - haProxyUser = ""; - } else { - haProxyUser = String.format("CN=%s, OU=%s, O=\"%s\", L=%s, ST=%s, C=%s", - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_CN_HDR), ""), - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_OU_HDR), ""), - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_O_HDR), ""), - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_L_HDR), ""), - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_ST_HDR), ""), - Objects.toString(hsr.getHeader(AAI_SSL_CLIENT_C_HDR), "")).toLowerCase(); - } - if (!haProxyUser.isEmpty()) { - LOGGER.debug("isHaProxy haProxyUser=" + haProxyUser); - return true; - } - LOGGER.debug("isHaProxy haProxyUser not found"); - return false; - } - - public static String getMechId(HttpServletRequest hsr) { - String mechId = null; - String ou = getAaiSslClientOuHeader(hsr); - if ((ou != null) && (!ou.isEmpty())) { - String[] parts = ou.split(CADI_ISSUERS_SEPARATOR); - if (parts != null && parts.length >= 1) { - mechId = parts[0]; - } - } - LOGGER.debug("getMechId mechId=" + mechId); - return (mechId); - } - - public static String getCertIssuer(HttpServletRequest hsr) { - String issuer = hsr.getHeader(AAI_SSL_ISSUER_HDR); - if (issuer != null && !issuer.isEmpty()) { - LOGGER.debug("getCertIssuer issuer from header " + AAI_SSL_ISSUER_HDR + " " + issuer); - // the haproxy header replaces the ', ' with '/' and reverses on the '/' need to undo that. - List<String> broken = Arrays.asList(issuer.split("/")); - broken = broken.stream().filter(s -> !s.isEmpty()).collect(Collectors.toList()); - Collections.reverse(broken); - issuer = String.join(", ", broken); - } else { - if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) { - X509Certificate[] certChain = - (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate"); - if (certChain != null && certChain.length > 0) { - X509Certificate clientCert = certChain[0]; - issuer = clientCert.getIssuerX500Principal().getName(); - LOGGER.debug("getCertIssuer issuer from client cert " + issuer); - } - } - } - return issuer; - } - - public static List<String> getCadiCertIssuers(Properties cadiProperties) { - - List<String> defaultList = new ArrayList<>(); - List<String> resultList = new ArrayList<String>(); - - String[] cadiIssuers = DEFAULT_CADI_ISSUERS.split(CADI_ISSUERS_SEPARATOR); - for (String issuer : cadiIssuers) { - defaultList.add(issuer.replaceAll("\\s+", "").toUpperCase()); - } - try { - String certPropFileName = cadiProperties.getProperty(CADI_PROP_FILES); - String configuredIssuers = DEFAULT_CADI_ISSUERS; - Properties certProperties = new Properties(); - if (certPropFileName != null) { - try (FileInputStream fis = new FileInputStream(certPropFileName)) { - certProperties.load(fis); - } - configuredIssuers = certProperties.getProperty(CADI_ISSUERS_PROP_NAME); - } - if ((configuredIssuers != null) && (!configuredIssuers.isEmpty())) { - cadiIssuers = configuredIssuers.split(CADI_ISSUERS_SEPARATOR); - for (String issuer : cadiIssuers) { - resultList.add(issuer.replaceAll("\\s+", "").toUpperCase()); - } - } - } catch (IOException ioe) { - return (defaultList); - } - if (resultList.isEmpty()) { - return defaultList; - } - LOGGER.debug("getCadiCertIssuers " + resultList.toString()); - return resultList; - } - - public static String buildUserChainHeader(String user, String userChainPattern) { - // aaf.userchain.pattern=<AAF-ID>:${aaf.userchain.service.reference}:${aaf.userchain.auth.type}:AS - return (userChainPattern.replaceAll(AAF_ID, user)); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/FileWatcher.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/FileWatcher.java deleted file mode 100644 index 45331ed9..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/FileWatcher.java +++ /dev/null @@ -1,60 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import java.io.File; -import java.util.TimerTask; - -public abstract class FileWatcher extends TimerTask { - private long timeStamp; - private File file; - - /** - * Instantiates a new file watcher. - * - * @param file the file - */ - public FileWatcher(File file) { - this.file = file; - this.timeStamp = file.lastModified(); - } - - /** - * runs a timer task - * - * @see TimerTask#run - */ - public final void run() { - long timeStamp = file.lastModified(); - - if ((timeStamp - this.timeStamp) > 500) { - this.timeStamp = timeStamp; - onChange(file); - } - } - - /** - * On change. - * - * @param file the file - */ - protected abstract void onChange(File file); -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java deleted file mode 100644 index 1748ed15..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java +++ /dev/null @@ -1,72 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.core.MediaType; - -import org.onap.aai.exceptions.AAIException; -import org.onap.aai.logging.ErrorLogHelper; - -public class ResponseFormatter { - - private static final String ACCEPT_HEADER = "accept"; - private static final String CONTENT_TYPE_HEADER = "Content-Type"; - - private ResponseFormatter() { - throw new IllegalStateException("Utility class"); - } - - public static void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException { - errorResponse(new AAIException("AAI_3300"), request, response); - } - - public static void errorResponse(AAIException exception, HttpServletRequest request, HttpServletResponse response) - throws IOException { - - if (response.isCommitted()) { - return; - } - - String accept = request.getHeader(ACCEPT_HEADER); - switch (accept != null ? accept : MediaType.APPLICATION_XML) { - case MediaType.APPLICATION_JSON: - response.setHeader(CONTENT_TYPE_HEADER, MediaType.APPLICATION_JSON); - break; - case MediaType.APPLICATION_XML: - default: - response.setHeader(CONTENT_TYPE_HEADER, MediaType.APPLICATION_XML); - } - - response.setStatus(exception.getErrorObject().getHTTPResponseCode().getStatusCode()); - response.resetBuffer(); - - String resp = ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), - exception, new ArrayList<>()); - response.getOutputStream().print(resp); - response.flushBuffer(); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/exceptions/AAIUnrecognizedFunctionException.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/exceptions/AAIUnrecognizedFunctionException.java deleted file mode 100644 index c6a97ac5..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/exceptions/AAIUnrecognizedFunctionException.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Modifications Copyright © 2018 IBM. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth.exceptions; - -import org.onap.aai.exceptions.AAIException; - -public class AAIUnrecognizedFunctionException extends AAIException { - - private static final String AAI_3012 = "AAI_3012"; - private static final long serialVersionUID = 3297064867724071290L; - - public AAIUnrecognizedFunctionException() { - } - - public AAIUnrecognizedFunctionException(String message) { - super(AAI_3012, message); - } - - public AAIUnrecognizedFunctionException(Throwable cause) { - super(AAI_3012, cause); - } - - public AAIUnrecognizedFunctionException(String message, Throwable cause) { - super(AAI_3012, cause, message); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java deleted file mode 100644 index fb7a58e6..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java +++ /dev/null @@ -1,118 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.stream.Collectors; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aai.aaf.auth.ResponseFormatter; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.context.annotation.PropertySource; -import org.springframework.stereotype.Component; - -/** - * AAF authorization filter - */ - -@Component -@Profile(AafProfiles.AAF_AUTHENTICATION) -@PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true) -@PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true) -public class AafAuthorizationFilter extends OrderedRequestContextFilter { - - private static final String ADVANCED = "advanced"; - private static final String BASIC = "basic"; - - private final String type; - private final String instance; - - private GremlinFilter gremlinFilter; - - private List<String> advancedKeywordsList; - - public AafAuthorizationFilter(GremlinFilter gremlinFilter, @Value("${permission.type}") String type, - @Value("${permission.instance}") String instance, - @Value("${advanced.keywords.list:}") String advancedKeys) { - this.gremlinFilter = gremlinFilter; - this.type = type; - this.instance = instance; - if (advancedKeys == null || advancedKeys.isEmpty()) { - this.advancedKeywordsList = new ArrayList<>(); - } else { - this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList()); - } - this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - if (request.getRequestURI().matches("^.*/util/echo$")) { - filterChain.doFilter(request, response); - } - if (request.getRequestURI().endsWith("/query")) { - gremlinFilter.doBasicAuthFilter(request, response, filterChain); - } else { - - String permission = null; - - if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) { - permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase()); - } else { - - boolean isAdvanced = this.containsAdvancedKeywords(request); - - // if the URI contains advanced.keywords it's an advanced query - String queryType = isAdvanced ? ADVANCED : BASIC; - permission = String.format("%s|%s|%s", type, instance, queryType); - } - - boolean isAuthorized = request.isUserInRole(permission); - - if (!isAuthorized) { - ResponseFormatter.errorResponse(request, response); - } else { - filterChain.doFilter(request, response); - } - - } - } - - private boolean containsAdvancedKeywords(HttpServletRequest request) { - String uri = request.getRequestURI(); - for (String keyword : advancedKeywordsList) { - if (uri.contains(keyword)) { - return true; - } - } - return false; - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java deleted file mode 100644 index f19f4b8e..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java +++ /dev/null @@ -1,103 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.stream.Collectors; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aai.aaf.auth.AafRequestFilter; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.context.annotation.PropertySource; -import org.springframework.stereotype.Component; - -/** - * AAF with client cert authorization filter - */ - -@Component -@Profile(AafProfiles.AAF_CERT_AUTHENTICATION) -@PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true) -@PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true) -public class AafCertAuthorizationFilter extends OrderedRequestContextFilter { - - private static final String ADVANCED = "advanced"; - private static final String BASIC = "basic"; - - String type; - - String instance; - - private CadiProps cadiProps; - - private List<String> advancedKeywordsList; - - public AafCertAuthorizationFilter(@Value("${permission.type}") String type, - @Value("${permission.instance}") String instance, @Value("${advanced.keywords.list:}") String advancedKeys, - CadiProps cadiProps) { - this.type = type; - this.instance = instance; - this.cadiProps = cadiProps; - if (advancedKeys == null || advancedKeys.isEmpty()) { - this.advancedKeywordsList = new ArrayList<>(); - } else { - this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList()); - } - this.setOrder(FilterPriority.AAF_CERT_AUTHORIZATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) { - String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase()); - AafRequestFilter.authorizationFilter(request, response, filterChain, permission, - cadiProps.getCadiProperties()); - } else { - boolean isAdvanced = this.containsAdvancedKeywords(request); - - // if the URI contains advanced.keywords it's an advanced query - String queryType = isAdvanced ? ADVANCED : BASIC; - String permission = String.format("%s|%s|%s", type, instance, queryType); - AafRequestFilter.authorizationFilter(request, response, filterChain, permission, - cadiProps.getCadiProperties()); - } - } - - private boolean containsAdvancedKeywords(HttpServletRequest request) { - String uri = request.getRequestURI(); - for (String keyword : advancedKeywordsList) { - if (uri.contains(keyword)) { - return true; - } - } - return false; - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java deleted file mode 100644 index a3ce12b0..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java +++ /dev/null @@ -1,112 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.aai.aaf.auth.AafRequestFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.context.annotation.PropertySource; -import org.springframework.stereotype.Component; - -/** - * AAF with client cert authentication filter - */ - -@Component -@Profile(AafProfiles.AAF_CERT_AUTHENTICATION) -@PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true) -@PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true) -public class AafCertFilter extends OrderedRequestContextFilter { - - private static final Logger LOGGER = LoggerFactory.getLogger(AafCertFilter.class); - - String aafUserChainPattern; - - private final CadiFilter cadiFilter; - - private final CadiProps cadiProps; - - public AafCertFilter(@Value("${aaf.userchain.pattern}") String aafUserChainPattern, CadiProps cadiProps) - throws IOException, ServletException { - - this.aafUserChainPattern = aafUserChainPattern; - this.cadiProps = cadiProps; - cadiFilter = new CadiFilter(new PropAccess((level, element) -> { - switch (level) { - case DEBUG: - LOGGER.debug(buildMsg(element)); - break; - case INFO: - case AUDIT: - LOGGER.info(buildMsg(element)); - break; - case WARN: - LOGGER.warn(buildMsg(element)); - break; - case ERROR: - LOGGER.error(buildMsg(element)); - break; - case INIT: - LOGGER.info(buildMsg(element)); - break; - case TRACE: - LOGGER.trace(buildMsg(element)); - break; - case NONE: - break; - } - }, new String[] {"cadi_prop_files=" + cadiProps.getCadiFileName()})); - this.setOrder(FilterPriority.AAF_CERT_AUTHENTICATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - AafRequestFilter.authenticationFilter(request, response, filterChain, cadiFilter, cadiProps.getCadiProperties(), - aafUserChainPattern); - } - - private String buildMsg(Object[] objects) { - StringBuilder sb = new StringBuilder(); - boolean first = true; - for (Object o : objects) { - if (first) { - first = false; - } else { - sb.append(' '); - } - sb.append(o.toString()); - } - return (sb.toString()); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java deleted file mode 100644 index ae3a6ca6..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java +++ /dev/null @@ -1,106 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.aai.aaf.auth.ResponseFormatter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Component; - -/** - * AAF authentication filter - */ - -@Component -@Profile(AafProfiles.AAF_AUTHENTICATION) -public class AafFilter extends OrderedRequestContextFilter { - - private static final Logger LOGGER = LoggerFactory.getLogger(AafCertFilter.class); - - private final CadiFilter cadiFilter; - - public AafFilter(CadiProps cadiProps) throws IOException, ServletException { - cadiFilter = new CadiFilter(new PropAccess((level, element) -> { - switch (level) { - case DEBUG: - LOGGER.debug(buildMsg(element)); - break; - case INFO: - case AUDIT: - LOGGER.info(buildMsg(element)); - break; - case WARN: - LOGGER.warn(buildMsg(element)); - break; - case ERROR: - LOGGER.error(buildMsg(element)); - break; - case INIT: - LOGGER.info(buildMsg(element)); - break; - case TRACE: - LOGGER.trace(buildMsg(element)); - break; - case NONE: - break; - } - }, new String[] {"cadi_prop_files=" + cadiProps.getCadiFileName()})); - this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - if (!request.getRequestURI().matches("^.*/util/echo$")) { - cadiFilter.doFilter(request, response, filterChain); - if (response.getStatus() == 401 || response.getStatus() == 403) { - ResponseFormatter.errorResponse(request, response); - } - } else { - filterChain.doFilter(request, response); - } - } - - private String buildMsg(Object[] objects) { - StringBuilder sb = new StringBuilder(); - boolean first = true; - for (Object o : objects) { - if (first) { - first = false; - } else { - sb.append(' '); - } - sb.append(o.toString()); - } - return (sb.toString()); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java deleted file mode 100644 index e87dc4a5..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -public class AafProfiles { - - // AAF Basic Auth - public static final String AAF_AUTHENTICATION = "aaf-auth"; - - // AAF Auth with Client Certs - public static final String AAF_CERT_AUTHENTICATION = "aaf-cert-auth"; - - public static final String TWO_WAY_SSL = "two-way-ssl"; - - private AafProfiles() { - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java deleted file mode 100644 index 01b89148..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java +++ /dev/null @@ -1,80 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Properties; - -import javax.annotation.PostConstruct; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Component; - -// This component will be created if and only if any of the following profiles are active -@Component -@Profile({AafProfiles.AAF_CERT_AUTHENTICATION, AafProfiles.AAF_AUTHENTICATION, AafProfiles.TWO_WAY_SSL}) -public class CadiProps { - - private static final Logger LOGGER = LoggerFactory.getLogger(CadiProps.class); - - private String cadiFileName; - - private Properties cadiProperties; - - public CadiProps(@Value("${aaf.cadi.file:./resources/cadi.properties}") String filename) { - cadiFileName = filename; - cadiProperties = new Properties(); - } - - @PostConstruct - public void init() throws IOException { - - File cadiFile = new File(cadiFileName); - - if (!cadiFile.exists()) { - LOGGER.warn("Unable to find the cadi file in the given path {} so loading cadi.properties from classloader", - cadiFileName); - InputStream is = this.getClass().getClassLoader().getResourceAsStream("cadi.properties"); - cadiProperties.load(is); - } else { - LOGGER.info("Successfully found the file {} and started loading the properties from it", cadiFileName); - cadiFileName = cadiFile.getAbsolutePath(); - try (InputStream inputStream = new FileInputStream(cadiFile)) { - cadiProperties.load(inputStream); - } - - } - } - - public String getCadiFileName() { - return cadiFileName; - } - - public Properties getCadiProperties() { - return cadiProperties; - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java deleted file mode 100644 index e2423425..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import org.springframework.core.Ordered; - -public enum FilterPriority { - - AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE), AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1), // higher number - // = lower - // priority - AAF_CERT_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE + 2), AAF_CERT_AUTHORIZATION( - Ordered.HIGHEST_PRECEDENCE + 3), TWO_WAY_SSL_AUTH(Ordered.HIGHEST_PRECEDENCE + 4); - - private final int priority; - - FilterPriority(final int p) { - priority = p; - } - - public int getPriority() { - return priority; - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java deleted file mode 100644 index f800097f..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java +++ /dev/null @@ -1,98 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.util.regex.Pattern; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.io.IOUtils; -import org.onap.aai.aaf.auth.ResponseFormatter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Component; - -@Component -@Profile({AafProfiles.AAF_CERT_AUTHENTICATION, AafProfiles.AAF_AUTHENTICATION}) -public class GremlinFilter { - - private static final Logger LOGGER = LoggerFactory.getLogger(GremlinFilter.class); - - private static final String ADVANCED = "advanced"; - private static final String BASIC = "basic"; - private static final Pattern ECHO_ENDPOINT = Pattern.compile("^.*/util/echo$"); - - String type; - - String instance; - - private CadiProps cadiProps; - - public GremlinFilter(@Value("${permission.type}") String type, @Value("${permission.instance}") String instance, - CadiProps cadiProps) { - this.type = type; - this.instance = instance; - this.cadiProps = cadiProps; - } - - public void doBasicAuthFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - PayloadBufferingRequestWrapper requestBufferWrapper = new PayloadBufferingRequestWrapper(request); - - if (ECHO_ENDPOINT.matcher(request.getRequestURI()).matches()) { - filterChain.doFilter(requestBufferWrapper, response); - } - - String payload = IOUtils.toString(requestBufferWrapper.getInputStream(), StandardCharsets.UTF_8.name()); - boolean containsWordGremlin = payload.contains("\"gremlin\""); - - // if the requestBufferWrapper contains the word "gremlin" it's an "advanced" query needing an "advanced" role - String permissionBasic = String.format("%s|%s|%s", type, instance, BASIC); - String permissionAdvanced = String.format("%s|%s|%s", type, instance, ADVANCED); - - boolean isAuthorized; - - if (containsWordGremlin) { - isAuthorized = requestBufferWrapper.isUserInRole(permissionAdvanced); - } else { - isAuthorized = requestBufferWrapper.isUserInRole(permissionAdvanced) - || requestBufferWrapper.isUserInRole(permissionBasic); - } - - if (!isAuthorized) { - String name = - requestBufferWrapper.getUserPrincipal() != null ? requestBufferWrapper.getUserPrincipal().getName() - : "unknown"; - LOGGER.info("User " + name + " does not have a role for " - + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query"); - ResponseFormatter.errorResponse(request, response); - } else { - filterChain.doFilter(requestBufferWrapper, response); - } - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java deleted file mode 100644 index e8c72dc3..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.ByteArrayInputStream; -import java.io.IOException; - -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; - -import org.apache.commons.io.IOUtils; -import org.onap.aaf.cadi.BufferedServletInputStream; - -/** - * This class buffers the payload of the servlet request. The reason is that we access the payload multiple times, - * which is not supported by the request per se. - */ - -class PayloadBufferingRequestWrapper extends HttpServletRequestWrapper { - - private byte[] buffer; - - PayloadBufferingRequestWrapper(HttpServletRequest req) throws IOException { - super(req); - this.buffer = IOUtils.toByteArray(req.getInputStream()); - } - - @Override - public ServletInputStream getInputStream() { - ByteArrayInputStream bais = new ByteArrayInputStream(this.buffer); - return new BufferedServletInputStream(bais); - } -} diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java deleted file mode 100644 index 3dad92df..00000000 --- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java +++ /dev/null @@ -1,186 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.filters; - -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.util.*; - -import javax.security.auth.x500.X500Principal; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aai.aaf.auth.AAIAuthCore; -import org.onap.aai.aaf.auth.CertUtil; -import org.onap.aai.aaf.auth.ResponseFormatter; -import org.onap.aai.exceptions.AAIException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.core.env.Environment; -import org.springframework.stereotype.Component; - -@Component -@Profile("two-way-ssl") -public class TwoWaySslAuthorization extends OrderedRequestContextFilter { - - private static final Logger LOGGER = LoggerFactory.getLogger(TwoWaySslAuthorization.class); - - public static final String HTTP_METHOD_OVERRIDE = "X-HTTP-Method-Override"; - - public static final String MERGE_PATCH = "MERGE_PATCH"; - - @Autowired - private Environment environment; - - @Autowired - private AAIAuthCore aaiAuthCore; - - @Autowired - private CadiProps cadiProps; - - public TwoWaySslAuthorization() { - this.setOrder(FilterPriority.TWO_WAY_SSL_AUTH.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - - String uri = request.getRequestURI(); - String httpMethod = getHttpMethod(request); - - Optional<String> authUser = getUser(request); - - if (authUser.isPresent()) { - Properties cadiProperties = cadiProps.getCadiProperties(); - - String issuer = CertUtil.getCertIssuer(request); - if (issuer == null || issuer.isEmpty()) { - AAIException aaie = new AAIException("AAI_9107"); - ResponseFormatter.errorResponse(aaie, request, response); - return; - } - issuer = issuer.replaceAll("\\s+", "").toUpperCase(); - - List<String> cadiConfiguredIssuers = CertUtil.getCadiCertIssuers(cadiProperties); - boolean isAafAuthProfileActive = this.isAafAuthProfileActive(); - if ((!isAafAuthProfileActive) || (!cadiConfiguredIssuers.contains(issuer))) { - try { - this.authorize(uri, httpMethod, authUser.get(), this.getHaProxyUser(request), issuer); - } catch (AAIException e) { - ResponseFormatter.errorResponse(e, request, response); - return; - } - } - } else { - AAIException aaie = new AAIException("AAI_9107"); - ResponseFormatter.errorResponse(aaie, request, response); - return; - } - filterChain.doFilter(request, response); - } - - private String getHttpMethod(HttpServletRequest request) { - String httpMethod = request.getMethod(); - if ("POST".equalsIgnoreCase(httpMethod) && "PATCH".equals(request.getHeader(HTTP_METHOD_OVERRIDE))) { - httpMethod = MERGE_PATCH; - } - if (httpMethod.equalsIgnoreCase(MERGE_PATCH) || "patch".equalsIgnoreCase(httpMethod)) { - httpMethod = "PUT"; - } - return httpMethod; - } - - private Optional<String> getUser(HttpServletRequest hsr) { - String authUser = null; - if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) { - X509Certificate[] certChain = (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate"); - - /* - * If the certificate is null or the certificate chain length is zero Then - * retrieve the authorization in the request header Authorization Check that it - * is not null and that it starts with Basic and then strip the basic portion to - * get the base64 credentials Check if this is contained in the AAIBasicAuth - * Singleton class If it is, retrieve the username associated with that - * credentials and set to authUser Otherwise, get the principal from certificate - * and use that authUser - */ - - if (certChain == null || certChain.length == 0) { - - String authorization = hsr.getHeader("Authorization"); - - if (authorization != null && authorization.startsWith("Basic ")) { - authUser = authorization.replace("Basic ", ""); - } - - } else { - X509Certificate clientCert = certChain[0]; - X500Principal subjectDN = clientCert.getSubjectX500Principal(); - authUser = subjectDN.toString().toLowerCase(); - } - } - - return Optional.ofNullable(authUser); - } - - private String getHaProxyUser(HttpServletRequest hsr) { - String haProxyUser; - if (Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-CN")) || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-OU")) - || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-O")) - || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-L")) - || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-ST")) - || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-C"))) { - haProxyUser = ""; - } else { - haProxyUser = String.format("CN=%s, OU=%s, O=\"%s\", L=%s, ST=%s, C=%s", - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-CN"), ""), - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-OU"), ""), - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-O"), ""), - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-L"), ""), - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-ST"), ""), - Objects.toString(hsr.getHeader("X-AAI-SSL-Client-C"), "")).toLowerCase(); - } - return haProxyUser; - } - - private void authorize(String uri, String httpMethod, String authUser, String haProxyUser, String issuer) - throws AAIException { - if (!aaiAuthCore.authorize(authUser, uri, httpMethod, haProxyUser, issuer)) { - throw new AAIException("AAI_9101", "Request on " + httpMethod + " " + uri + " status is not OK"); - } - } - - private boolean isAafAuthProfileActive() { - String[] profiles = environment.getActiveProfiles(); - if (profiles != null) { - if (Arrays.stream(profiles).anyMatch(env -> (env.equalsIgnoreCase(AafProfiles.AAF_CERT_AUTHENTICATION)))) { - return true; - } - } - return false; - } -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java deleted file mode 100644 index 813e8fa1..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java +++ /dev/null @@ -1,235 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import org.junit.Before; -import org.junit.Test; -import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException; - -public class AAIAuthCoreTest extends AAISetup { - - private AAIAuthCore authCore; - - @Before - public void setup() { - authCore = new AAIAuthCore("/aai"); - } - - @Test - public void getAuthPolicyFunctionNameTest() { - - String uri = "/aai/v3/search/edge-tag-query"; - assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/v10/search/edge-tag-query"; - assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/search/model"; - assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/v9/cloud-infrastructure/cloud-regions/cloud-region/somecloudregion/some-cloud-owner"; - assertEquals("Get aai function name from " + uri, "cloud-infrastructure", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/v8/network/pnfs/pnf/ff4ca01orc/p-interfaces"; - assertEquals("Get aai function name from " + uri, "network", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/util/echo"; - assertEquals("Get aai function name from " + uri, "util", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/tools"; - assertEquals("Get aai function name from " + uri, "tools", authCore.getAuthPolicyFunctName(uri)); - - uri = "/aai/v12/bulk/single-transaction"; - assertEquals("Get aai function name from " + uri, "bulk", authCore.getAuthPolicyFunctName(uri)); - - } - - @Test - public void validUsernameAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("testUser".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void validUsernameInvalidHttpMethodAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("testUser".toLowerCase(), "/aai/v0/testFunction/someUri", "POST", "")); - } - - @Test(expected = AAIUnrecognizedFunctionException.class) - public void validUsernameInvalidFunctionInURIAuthTest() throws AAIUnrecognizedFunctionException { - authCore.authorize("testUser".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", ""); - } - - @Test - public void invalidUsernameAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("invlaidTestUser".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void validUsernameIsTheExactWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("testWildcardId".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void validUsernameContainsTheWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("cn=blah, testWildcardId, O=".toLowerCase(), "/aai/v0/testFunction/someUri", - "PUT", "", "aafWildCardIssuer")); - } - - @Test - public void validUsernameContainsTheWildcardIdInvalidIssuerAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, testWildcardId, O=".toLowerCase(), "/aai/v0/testFunction/someUri", - "PUT", "", "invalidIssuer")); - } - - @Test - public void invalidUsernameContainsRegularUsernameAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse( - authCore.authorize("cn=blah, testUser, O=".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void haProxyUsernameAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/util/echo", "GET", "")); - } - - @Test - public void haProxyUsernameInvalidFunctionAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void validUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "testUser".toLowerCase())); - } - - @Test - public void validUsernameInvalidHttpMethodViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "POST", - "testUser".toLowerCase())); - } - - @Test(expected = AAIUnrecognizedFunctionException.class) - public void validUsernameInvalidFunctionInURIViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", - "testUser".toLowerCase()); - } - - @Test - public void invalidUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "invlaidTestUser".toLowerCase())); - } - - @Test - public void validUsernameIsTheExactWildcardIdViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "testWildcardId".toLowerCase())); - } - - @Test - public void validUsernameContainsTheWildcardIdViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "cn=blah, testWildcardId, O=".toLowerCase(), "aafWildCardIssuer")); - } - - @Test - public void invalidUsernameContainsRegularUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "cn=blah, testUser, O=".toLowerCase())); - } - - @Test - public void haProxyUsernameTwiceAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", - "ha-proxy-user".toLowerCase())); - } - - @Test - public void haProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/util/echo", "GET", "", - "aafWildCardIssuer")); - } - - @Test - public void haProxyWildcardIdInvalidFunctionAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), - "/aai/v0/testFunction/someUri", "PUT", "")); - } - - @Test - public void validUsernameViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", - "PUT", "testUser".toLowerCase(), "aafWildCardIssuer")); - } - - @Test - public void validUsernameInvalidHttpMethodViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), - "/aai/v0/testFunction/someUri", "POST", "testUser".toLowerCase())); - } - - @Test(expected = AAIUnrecognizedFunctionException.class) - public void validUsernameInvalidFunctionInURIViaHaProxyWildcardIdAuthTest() - throws AAIUnrecognizedFunctionException { - authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", - "testUser".toLowerCase()); - } - - @Test - public void invalidUsernameViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), - "/aai/v0/testFunction/someUri", "PUT", "invlaidTestUser".toLowerCase())); - } - - @Test - public void validUsernameIsTheExactWildcardIdViaHaProxyWildcardIdAuthTest() - throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", - "PUT", "testWildcardId".toLowerCase(), "aafWildCardIssuer")); - } - - @Test - public void validUsernameContainsTheWildcardIdViaHaProxyWildcardIdAuthTest() - throws AAIUnrecognizedFunctionException { - assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", - "PUT", "cn=blah, testWildcardId, O=".toLowerCase(), "aafWildCardIssuer")); - } - - @Test - public void validUsernameContainsTheWildcardIdViaHaProxyWildcardIdInvalidIssuerAuthTest() - throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), - "/aai/v0/testFunction/someUri", "PUT", "cn=blah, testWildcardId, O=".toLowerCase(), "invalidIssuer")); - } - - @Test - public void invalidUsernameContainsRegularUsernameViaHaProxyWildcardIdAuthTest() - throws AAIUnrecognizedFunctionException { - assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), - "/aai/v0/testFunction/someUri", "PUT", "cn=blah, testUser, O=".toLowerCase())); - } - -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java deleted file mode 100644 index 3284d7a1..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java +++ /dev/null @@ -1,32 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import org.junit.BeforeClass; - -public class AAISetup { - - @BeforeClass - public static void preSetup() { - System.setProperty("AJSC_HOME", "."); - System.setProperty("BUNDLECONFIG_DIR", "src/test/resources/bundleconfig-local"); - } -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java deleted file mode 100644 index 5f02f1aa..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import static org.junit.Assert.assertEquals; - -import org.junit.Test; - -public class AAIUserTest extends AAISetup { - - @Test - public void testIsAuth() { - AAIUser usr = new AAIUser("testUser"); - usr.addRole("testRole"); - usr.setUserAccess("auth", "GET"); - usr.setUserAccess("auth", "PUT"); - usr.setUserAccess("authentication", "PUT", "GET", "POST"); - - assertEquals(true, usr.hasAccess("auth", "GET")); - assertEquals(true, usr.hasAccess("auth", "PUT")); - assertEquals(true, usr.hasAccess("authentication", "POST")); - } - - @Test - public void testIsNotAuth() { - AAIUser usr = new AAIUser("testUser"); - usr.addRole("testRole"); - - assertEquals(false, usr.hasAccess("auth", "GET")); - - usr.setUserAccess("auth", "GET"); - assertEquals(false, usr.hasAccess("auth", "PUT")); - } - -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AafRequestWrapperTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AafRequestWrapperTest.java deleted file mode 100644 index 46389d02..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AafRequestWrapperTest.java +++ /dev/null @@ -1,60 +0,0 @@ -/*- - * ============LICENSE_START============================================ - * ONAP Portal - * ===================================================================== - * Copyright (C) 2020 IBM Intellectual Property. All rights reserved. - * ===================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END================================================ - * - * - */ - -package org.onap.aai.aaf.auth; - -import static org.easymock.EasyMock.*; -import static org.junit.Assert.assertEquals; - -import javax.servlet.http.HttpServletRequest; - -import org.junit.Test; - -public class AafRequestWrapperTest { - - @Test - public void testGetHeader() { - HttpServletRequest mockRequest = createMock(HttpServletRequest.class); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_OU_HDR)).andReturn("m55555@org.onap.com:TEST").times(1, 4); - replay(mockRequest); - AafRequestWrapper af = new AafRequestWrapper(mockRequest); - assertEquals(af.getHeader("X-AAI-SSL-Client-OU"), "m55555@org.onap.com:TEST"); - af.putHeader("X-AAI-SSL-Client-C", "test@org.onap.com:test"); - assertEquals(af.getHeader("X-AAI-SSL-Client-C"), "test@org.onap.com:test"); - } -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java deleted file mode 100644 index 81a9c1b6..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java +++ /dev/null @@ -1,87 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.aaf.auth; - -import static org.easymock.EasyMock.*; -import static org.junit.Assert.assertTrue; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.util.List; -import java.util.Properties; - -import javax.servlet.http.HttpServletRequest; - -import org.junit.Test; - -/** - * The Class CertUtilTest - */ -public class CertUtilTest extends AAISetup { - - @Test - public void testCadiCertIssuers() throws IOException { - String propFile = System.getProperty("BUNDLECONFIG_DIR") + "/aaf/cadi.properties"; - Properties cadiProperties = new Properties(); - cadiProperties.load(new FileInputStream(new File(propFile))); - - List<String> issuersList = CertUtil.getCadiCertIssuers(cadiProperties); - assertTrue("issuersList isn't populated", !issuersList.isEmpty()); - - int x = issuersList.get(0).indexOf(" "); - assertTrue("issuer contains spaces", x < 0); - } - - @Test - public void testAaiSslClientOuHeader() { - - HttpServletRequest mockRequest = createMock(HttpServletRequest.class); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_OU_HDR)).andReturn("m55555@org.onap.com:TEST").times(1, 4); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_CN_HDR)).andReturn("CN").times(1, 2); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_O_HDR)).andReturn("O").times(1, 2); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_L_HDR)).andReturn("L").times(1, 2); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_ST_HDR)).andReturn("ST").times(1, 2); - expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_C_HDR)).andReturn("C").times(1, 2); - - replay(mockRequest); - String ou = CertUtil.getAaiSslClientOuHeader(mockRequest); - assertTrue("OU Header value is not as expected", ou.equals("m55555@org.onap.com:TEST")); - - assertTrue("Unexpected isHaProxy() return value", CertUtil.isHaProxy(mockRequest)); - - String mechId = CertUtil.getMechId(mockRequest); - assertTrue("mechid value is not as expected", mechId.equals("m55555@org.onap.com")); - - } - - @Test - public void testBuildUserChain() { - - // aaf.userchain.pattern=<AAF-ID>:${aaf.userchain.service.reference}:${aaf.userchain.auth.type}:AS - String aafUserChainPattern = "<AAF-ID>:org.onap.haproxy:X509:AS"; - String mechid = "m11111@onap.org"; - String result = CertUtil.buildUserChainHeader(mechid, aafUserChainPattern); - - assertTrue("user chain value is not as expected", "m11111@onap.org:org.onap.haproxy:X509:AS".equals(result)); - - } -} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/filters/CadiPropsTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/filters/CadiPropsTest.java deleted file mode 100644 index 601b8292..00000000 --- a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/filters/CadiPropsTest.java +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright (C) 2020 IBM Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ - -package org.onap.aai.aaf.filters; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import org.junit.Test; -import org.springframework.beans.factory.annotation.Autowired; - -public class CadiPropsTest { - @Autowired - CadiProps ca = new CadiProps("src/test/resources/bundleconfig-local/aaf/org.onap.aai.props"); - - @Test - public void testGetCadiFileName() { - assertEquals(ca.getCadiFileName(), "src/test/resources/bundleconfig-local/aaf/org.onap.aai.props"); - assertNotNull(ca.getCadiProperties()); - } -} diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/cadi.properties b/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/cadi.properties deleted file mode 100644 index 8f7004ff..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/cadi.properties +++ /dev/null @@ -1,14 +0,0 @@ -## Location properties -## -## Localized Machine Information -## -cadi_loglevel=DEBUG -cadi_latitude=38.0 -cadi_longitude=-72.0 - -# Locate URL (which AAF Env) - Use lower case -aaf_locate_url=https://aafist.test.org:8095 -# AAF URL - Use upper case -aaf_url=https://AAF_LOCATE_URL/service:2.0 -# -cadi_prop_files=src/test/resources/bundleconfig-local/aaf/org.onap.aai.props diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/org.onap.aai.props b/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/org.onap.aai.props deleted file mode 100644 index 3056e5f9..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/aaf/org.onap.aai.props +++ /dev/null @@ -1,4 +0,0 @@ -cm_url=cm_url -hostname=hostname -aaf_env=IST -cadi_x509_issuers=CN=AAF CADI Test Issuing CA 01, OU=CSO, O=CO, C=US:CN=AAF CADI Test Issuing CA 02, OU=CSO, O=CO, C=US
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/aaiconfig.properties b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/aaiconfig.properties deleted file mode 100644 index 0239e2ef..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/aaiconfig.properties +++ /dev/null @@ -1,58 +0,0 @@ -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -aai.config.checktime=1000 - -# this could come from siteconfig.pl? -aai.config.nodename=AutomaticallyOverwritten - -aai.transaction.logging=true -aai.transaction.logging.get=true -aai.transaction.logging.post=true - -aai.server.url.base=https://localhost:8443/aai/ -aai.server.url=https://localhost:8443/aai/v10/ -aai.oldserver.url.base=https://localhost:8443/aai/servers/ -aai.oldserver.url=https://localhost:8443/aai/servers/v2/ -aai.global.callback.url=https://localhost:8443/aai/ - -aai.notification.current.version=v10 -aai.notificationEvent.default.status=UNPROCESSED -aai.notificationEvent.default.eventType=AAI-EVENT -aai.notificationEvent.default.domain=devINT1 -aai.notificationEvent.default.sourceName=aai -aai.notificationEvent.default.sequenceNumber=0 -aai.notificationEvent.default.severity=NORMAL -aai.notificationEvent.default.version=v10 -# This one lets us enable/disable resource-version checking on updates/deletes -aai.resourceversion.enableflag=true -aai.default.api.version=v10 - -aai.example.passwd.x=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 -aai.example.string=hello -aai.example.int=7748 - -aai.realtime.clients=RO,SDNC,SO - -aai.jms.enable=false - -aai.rest.getall.depthparam=someuuid - -aaf.valid.issuer.wildcard=aaf wild card issuer|aafWildCardIssuer|OU=another - diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/error.properties b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/error.properties deleted file mode 100644 index 3a5671c2..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/error.properties +++ /dev/null @@ -1,160 +0,0 @@ -# Adding comment trying to trigger a build -#------------------------------------------------------------------------------- ---------- -#Key=Disposition:Category:Severity:Error Code:HTTP ResponseCode:RESTError Code:Error Message -#------------------------------------------------------------------------------- ---------- -# testing code, please don't change unless error utility source code changes -AAI_TESTING=5:2:WARN:0000:400:0001:Error code for testing - -# General success -AAI_0000=0:0:INFO:0000:200:0000:Success - -# health check success -AAI_0001=0:0:INFO:0001:200:0001:Success X-FromAppId=%1 X-TransactionId=%2 -AAI_0002=0:0:INFO:0002:200:0001:Successful health check - -# Success with additional info -AAI_0003=0:3:INFO:0003:202:0003:Success with additional info performing %1 on %2. Added %3 with key %4 -AAI_0004=0:3:INFO:0004:202:0003:Added prerequisite object to db - -#--- aairest: 3000-3299 -# svc errors -AAI_3000=5:2:INFO:3000:400:3000:Invalid input performing %1 on %2 -AAI_3001=5:6:INFO:3001:404:3001:Resource not found for %1 using id %2 -AAI_3002=5:1:WARN:3002:400:3002:Error writing output performing %1 on %2 -AAI_3003=5:1:WARN:3003:400:3003:Failed to make edge to missing target node of type %3 with keys %4 performing %1 on %2 -AAI_3005=5:6:WARN:3005:404:3001:Node cannot be directly accessed for read, must be accessed via ancestor(s) -AAI_3006=5:6:WARN:3006:404:3001:Node cannot be directly accessed for write, must be accessed via ancestor(s) -AAI_3007=5:6:INFO:3007:410:3007:This version (%1) of the API is retired, please migrate to %2 -AAI_3008=5:6:ERROR:3008:400:3008:URI is not encoded in UTF-8 -AAI_3009=5:6:ERROR:3009:400:3002:Malformed URL -# pol errors -AAI_3100=5:1:WARN:3100:400:3100:Unsupported operation %1 -AAI_3101=5:1:WARN:3101:403:3101:Attempt by client %1 to execute API %2 -AAI_3102=5:1:WARN:3102:400:3102:Error parsing input performing %1 on %2 -AAI_3300=5:1:WARN:3300:403:3300:Unauthorized -AAI_3301=5:1:WARN:3301:401:3301:Stale credentials -AAI_3302=5:1:WARN:3302:401:3301:Not authenticated -AAI_3303=5:1:ERROR:3303:403:3300:Too many objects would be returned by this request, please refine your request and retry - -#--- aaigen: 4000-4099 -AAI_4000=5:4:ERROR:4000:500:3002:Internal Error -AAI_4001=5:4:FATAL:4001:500:3002:Configuration file not found -AAI_4002=5:4:FATAL:4002:500:3002:Error reading Configuration file -AAI_4003=5:4:ERROR:4003:500:3002:Error writing to log file -AAI_4004=5:4:FATAL:4004:500:3002:Error reading/parsing the error properties file -AAI_4005=5:4:FATAL:4005:500:3002:Missing or invalid configuration parameter -AAI_4006=5:4:FATAL:4006:500:3002:Unexpected error in service -AAI_4007=5:4:ERROR:4007:500:3102:Input parsing error -AAI_4008=5:4:ERROR:4008:500:3002:Output parsing error -AAI_4009=4:0:ERROR:4009:400:3000:Invalid X-FromAppId in header -AAI_4010=4:0:ERROR:4010:400:3000:Invalid X-TransactionId in header -AAI_4011=5:4:ERROR:4011:500:3002:Missing data for REST error response -AAI_4014=4:0:ERROR:4014:400:3000:Invalid Accept header -AAI_4015=4:0:ERROR:4015:400:3000:You must provide at least one indexed property -AAI_4016=4:0:ERROR:4016:400:3000:The depth parameter must be a number or the string "all" -AAI_4017=5:2:INFO:4017:400:3000:Could not set property -AAI_4018=5:2:ERROR:4018:400:3000:Unable to convert the string to integer -#--- aaidbmap: 5102-5199 -AAI_5102=5:4:FATAL:5102:500:3002:Graph database is null after open -AAI_5105=5:4:ERROR:5105:500:3002:Unexpected error reading/updating database -AAI_5106=5:4:WARN:5106:404:3001:Node not found -AAI_5107=5:2:WARN:5107:400:3000:Required information missing -AAI_5108=5:2:WARN:5108:200:0:Unexpected information in request being ignored - -#--- aaidbgen: 6101-6199 -AAI_6101=5:4:ERROR:6101:500:3002:null JanusGraph object passed -AAI_6102=5:4:WARN:6102:400:3000:Passed-in property is not valid for this nodeType -AAI_6103=5:4:WARN:6103:400:3000:Required Node-property not found in input data -AAI_6104=5:4:WARN:6104:400:3000:Required Node-property was passed with no data -AAI_6105=5:4:WARN:6105:400:3000:Node-Key-Property not defined in DbMaps -AAI_6106=5:4:WARN:6106:400:3000:Passed-in property is not valid for this edgeType -AAI_6107=5:4:WARN:6107:400:3000:Required Edge-property not found in input data -AAI_6108=5:4:WARN:6108:400:3000:Required Edge-property was passed with no data -AAI_6109=5:4:WARN:6109:400:3000:Bad dependent Node value -AAI_6110=5:4:ERROR:6110:400:3100:Node cannot be deleted -AAI_6111=5:4:ERROR:6111:400:3000:JSON processing error -AAI_6112=5:4:ERROR:6112:400:3000:More than one node found by getUniqueNode() -AAI_6114=5:4:INFO:6114:404:3001:Node Not Found -AAI_6115=5:4:ERROR:6115:400:3000:Unrecognized NodeType -AAI_6116=5:4:ERROR:6116:400:3000:Unrecognized Property -AAI_6117=5:4:ERROR:6117:400:3000:Uniqueness constraint violated -AAI_6118=5:4:ERROR:6118:400:3000:Required Field not passed. -AAI_6120=5:4:ERROR:6120:400:3000:Bad Parameter Passed -AAI_6121=5:4:ERROR:6121:400:3000:Problem with internal AAI reference data -AAI_6122=5:4:ERROR:6122:400:3000:Data Set not complete in DB for this request -AAI_6123=5:4:ERROR:6123:500:3000:Bad Data found by DataGrooming Tool - Investigate -AAI_6124=5:4:ERROR:6124:500:3000:File read/write error -AAI_6125=5:4:WARN:6125:500:3000:Problem Pulling Data Set -AAI_6126=5:4:ERROR:6126:400:3000:Edge cannot be deleted -AAI_6127=5:4:INFO:6127:404:3001:Edge Not Found -AAI_6128=5:4:INFO:6128:500:3000:Unexpected error -AAI_6129=5:4:INFO:6129:404:3003:Error making edge to target node -AAI_6130=5:4:WARN:6130:412:3000:Precondition Required -AAI_6131=5:4:WARN:6131:412:3000:Precondition Failed -AAI_6132=5:4:WARN:6132:400:3000:Bad Model Definition -AAI_6133=5:4:WARN:6133:400:3000:Bad Named Query Definition -AAI_6134=5:4:ERROR:6134:500:6134:Could not persist transaction to storage back end. Exhausted retry amount -AAI_6135=5:4:WARN:6135:412:3000:Resource version specified on create -AAI_6136=5:4:ERROR:6136:400:3000:Object cannot hold multiple items -AAI_6137=5:4:ERROR:6137:400:3000:Cannot perform writes on multiple vertices -AAI_6138=5:4:ERROR:6138:400:3000:Cannot delete multiple vertices -AAI_6139=5:4:ERROR:6139:404:3000:Attempted to add edge to vertex that does not exist -AAI_6140=5:4:ERROR:6140:400:3000:Edge multiplicity violated -AAI_6141=5:4:WARN:6141:400:3000:Please Refine Query -AAI_6142=5:4:INFO:6142:400:3000:Retrying transaction -AAI_6143=5:4:INFO:6143:400:3000:Ghost vertex found -AAI_6144=5:4:WARN:6144:400:3000:Cycle found in graph -AAI_6145=5:4:ERROR:6145:400:3000:Cannot create a nested/containment edge via relationship -AAI_6146=5:4:ERROR:6146:400:3000:Ambiguous identity map found, use a URI instead - -#--- aaicsvp: 7101-7199 -AAI_7101=5:4:ERROR:7101:500:3002:Unexpected error in CSV file processing -AAI_7102=5:4:ERROR:7102:500:3002:Error in cleanup temporary directory -#AAI_7103=4:2:ERROR:7103:500:3002:Unsupported user -AAI_7104=5:4:ERROR:7104:500:3002:Failed to create directory -AAI_7105=5:4:ERROR:7105:500:3002:Temporary directory exists -AAI_7106=5:4:ERROR:7106:500:3002:Cannot delete -AAI_7107=5:4:ERROR:7107:500:3002:Input file does not exist -AAI_7108=5:4:ERROR:7108:500:3002:Output file does not exist -AAI_7109=5:4:ERROR:7109:500:3002:Error closing file -AAI_7110=5:4:ERROR:7110:500:3002:Error loading/reading properties file -AAI_7111=5:4:ERROR:7111:500:3002:Error executing shell script -AAI_7112=5:4:ERROR:7112:500:3002:Error creating output file -AAI_7113=5:4:ERROR:7113:500:3002:Trailer record error -AAI_7114=5:4:ERROR:7114:500:3002:Input file error -AAI_7115=5:4:ERROR:7115:500:3002:Unexpected error -AAI_7116=5:4:ERROR:7116:500:3002:Request error -AAI_7117=5:4:ERROR:7117:500:3002:Error in get http client object -AAI_7118=5:4:ERROR:7118:500:3002:Script Error -AAI_7119=5:4:ERROR:7119:500:3002:Unknown host - -#--- aaisdnc: 7201-7299 -AAI_7202=5:4:ERROR:7202:500:3002:Error getting connection to odl -AAI_7203=5:4:ERROR:7203:500:3002:Unexpected error calling DataChangeNotification API -AAI_7204=5:4:ERROR:7204:500:3002:Error returned by DataChangeNotification API -AAI_7205=5:4:ERROR:7205:500:3002:Unexpected error running notifySDNCOnUpdate -AAI_7206=5:4:ERROR:7206:500:3002:Invalid data returned from ODL - -#--- NotificationEvent, using UEB space -AAI_7350=5:4:ERROR:7305:500:3002:Notification event creation failed - -#--- aairestctlr: 7401-7499 -AAI_7401=5:4:ERROR:7401:500:3002:Error connecting to AAI REST API -AAI_7402=5:4:ERROR:7402:500:3002:Unexpected error -AAI_7403=5:4:WARN:7403:400:3001:Request error -AAI_7404=5:4:INFO:7404:404:3001:Node not found -AAI_7405=5:4:WARN:7405:200:0:UUID not formatted correctly, generating UUID - -#--- aaiauth: 9101-9199 -AAI_9101=5:0:WARN:9101:403:3300:User is not authorized to perform function -AAI_9102=5:0:WARN:9102:401:3301:Refresh credentials from source -AAI_9103=5:0:WARN:9103:403:3300:User not found -AAI_9104=5:0:WARN:9104:401:3302:Authentication error -AAI_9105=5:0:WARN:9105:403:3300:Authorization error -AAI_9106=5:0:WARN:9106:403:3300:Invalid AppId -#AAI_9107=5:0:WARN:9107:403:3300:No Username in Request -AAI_9107=5:0:WARN:9107:403:3300:SSL is not provided in request, please contact admin - -#--- aaiinstar: 9201-9299 -AAI_9201=5:4:ERROR:9201:500:3002:Unable to send notification -AAI_9202=5:4:ERROR:9202:500:3002:Unable to start a thread diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-cached.properties b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-cached.properties deleted file mode 100644 index aa3c0631..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-cached.properties +++ /dev/null @@ -1,36 +0,0 @@ -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2017-18 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -query.fast-property=true -# the following parameters are not reloaded automatically and require a manual bounce -storage.backend=inmemory -storage.hostname=localhost - -#schema.default=none -storage.lock.wait-time=300 -storage.hbase.table=aaigraph-dev1.dev -storage.hbase.ext.zookeeper.znode.parent=/hbase-unsecure -#caching on -cache.db-cache = true -cache.db-cache-clean-wait = 20 -cache.db-cache-time = 180000 -cache.db-cache-size = 0.3 - -#load graphson file on startup -load.snapshot.file=false diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-realtime.properties b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-realtime.properties deleted file mode 100644 index 05394334..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/appprops/janusgraph-realtime.properties +++ /dev/null @@ -1,33 +0,0 @@ -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2017-18 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -query.fast-property=true -# the following parameters are not reloaded automatically and require a manual bounce -storage.backend=inmemory -storage.hostname=localhost - -#schema.default=none -storage.lock.wait-time=300 -storage.hbase.table=aaigraph-dev1.dev -storage.hbase.ext.zookeeper.znode.parent=/hbase-unsecure -# Setting db-cache to false ensure the fastest propagation of changes across servers -cache.db-cache = false - -#load graphson file on startup -load.snapshot.file=false diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/auth/aai_policy.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/auth/aai_policy.json deleted file mode 100644 index 9335a7bb..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/auth/aai_policy.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "roles": [ - { - "name": "testRole", - "functions": [ - { - "name": "testFunction", - "methods": [ - { - "name": "GET" - }, - { - "name": "DELETE" - }, - { - "name": "PUT" - } - ] - } - ], - "users": [ - { - "username": "testUser" - }, - { - "username": "testWildcardId", - "is-wildcard-id": true - } - ] - }, - { - "name": "HAProxy", - "functions": [ - { - "name": "util", - "methods": [ - { - "name": "GET" - } - ] - } - ], - "users": [ - { - "username": "ha-proxy-user" - }, - { - "username": "ha-proxy-wildcard-id", - "is-wildcard-id": true - } - ] - }, - { - "name": "testBasicAuth", - "functions": [ - { - "name": "testBasicAuthFunction", - "methods": [ - { - "name": "GET" - } - ] - } - ], - "users": [ - { - "user": "testBasicAuthUser", - "pass": "OBF:1ytc1vu91v2p1rxf1mqh1v8s1z0d1msn1san1mqf1z0h1v9u1msl1rvf1v1p1vv11yta" - } - ] - } - ] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/graphson/resource.graphson b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/graphson/resource.graphson deleted file mode 100644 index 04f48174..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/graphson/resource.graphson +++ /dev/null @@ -1,2 +0,0 @@ -{"id": 386506928,"label": "vertex","properties": {"aai-last-mod-ts": [{"id": "ob632u-6e46nk-5j45","value": 1488308500413}],"aai-uri": [{"id": "ob6712-6e46nk-5lhh","value": "/cloud-infrastructure/cloud-regions/cloud-region/cloud-owner-987654321-9922-as988q/cloud-region-id-987654321-9922-as988q/tenants/tenant/tenant-987654321-9999-as988q/vservers/vserver/vserver-987654321-9999-as988q"}],"prov-status": [{"id": "ob651y-6e46nk-1kw5","value": "example-prov-status-val-7367"}],"aai-created-ts": [{"id": "ob62ae-6e46nk-5gqt","value": 1488308500413}],"source-of-truth": [{"id": "ob61w6-6e46nk-5jwl","value": "FitNesse-Test-as988q"}],"vserver-selflink": [{"id": "ob65g6-6e46nk-3xfp","value": "example-vserver-selflink-val-7367"}],"aai-node-type": [{"id": "ob61hy-6e46nk-5f5x","value": "vserver"}],"in-maint": [{"id": "ob65ue-6e46nk-20p1","value": false}],"resource-version": [{"id": "ob62om-6e46nk-23ut","value": "1488308500413"}],"vserver-name": [{"id": "ob649i-6e46nk-3u9x","value": "example-vserver-name-val-7367vserver-987654321-9999-as988q"}],"vserver-id": [{"id": "ob63va-6e46nk-3sp1","value": "vserver-987654321-9999-as988q"}],"last-mod-source-of-truth": [{"id": "ob63h2-6e46nk-5edh","value": "FitNesse-Test-as988q"}],"vserver-name2": [{"id": "ob64nq-6e46nk-3vut","value": "example-vserver-name2-val-7367"}],"is-closed-loop-disabled": [{"id": "ob668m-6e46nk-229x","value": false}]}} -{"id": 2461872,"label": "vertex","properties": {"aai-last-mod-ts": [{"id": "21hqu-1grlc-5j45","value": 1467901600}],"in-maint": [{"id": "21i52-1grlc-20p1","value": false}],"resource-version": [{"id": "21ija-1grlc-23ut","value": "1467901600"}],"vserver-name": [{"id": "21ixi-1grlc-3u9x","value": "PerfTest_VServerFix0027TenantPez002701611467901587187Name"}],"aai-created-ts": [{"id": "21jbq-1grlc-5gqt","value": 1467901600}],"vserver-id": [{"id": "21jpy-1grlc-3sp1","value": "PerfTest_VServerFix0027TenantPez002701611467901587187"}],"last-mod-source-of-truth": [{"id": "21k46-1grlc-5edh","value": "MSO"}],"vserver-name2": [{"id": "21kie-1grlc-3vut","value": "PerfTest_VServerFix0027TenantPez002701611467901587187-VM Name2 optional"}],"source-of-truth": [{"id": "21kwm-1grlc-5jwl","value": "MSO"}],"vserver-selflink": [{"id": "21lau-1grlc-3xfp","value": "http://testvserverLink.com/.html?vserv=VserverLink"}],"is-closed-loop-disabled": [{"id": "21lp2-1grlc-229x","value": false}],"aai-node-type": [{"id": "21m3a-1grlc-5f5x","value": "vserver"}],"aai-uri": [{"id": "21m3a-1grlc-5a5x","value": "/vservers/vserver/test1"}]}}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource-format.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource-format.json deleted file mode 100644 index c7e42556..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource-format.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "results": [ - { - "vserver": { - - } - }, - { - "vserver": { - } - } - ] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource_and_url-format.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource_and_url-format.json deleted file mode 100644 index d90a71bc..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/resource_and_url-format.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "results": [ - { - "url" : "/cloud-infrastructure/cloud-regions/cloud-region/cloud-owner-987654321-9922-as988q/cloud-region-id-987654321-9922-as988q/tenants/tenant/tenant-987654321-9999-as988q/vservers/vserver/vserver-987654321-9999-as988q", - "vserver": { - - } - }, - { - "url" : "/vservers/vserver/test1", - "vserver": { - - } - } - ] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/simple-format.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/simple-format.json deleted file mode 100644 index dd342615..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/queryformarts/simple-format.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "results" : [{ - "id" : "0", - "node-type" : "generic-vnf", - "url" : "urimissing", - "properties" : { - "vnf-name" : "myVnf" - }, - "related-to" : [{ - "node-type" : "vserver", - "id" : "1", - "url" : "urimissing" - }] - } , { - "id" : "1", - "node-type" : "vserver", - "url" : "urimissing", - "properties" : { - "vserver-name" : "myVserver" - }, - "related-to" : [{ - "node-type" : "generic-vnf", - "id" : "0", - "url" : "urimissing" - },{ - "node-type" : "pserver", - "id" : "2", - "url" : "/pservers/pserver/key1" - }] - },{ - "id" : "2", - "node-type" : "pserver", - "url" : "/pservers/pserver/key1", - "properties" : { - "hostname" : "myPserver" - }, - "related-to" : [{ - "node-type" : "vserver", - "id" : "1", - "url" : "urimissing" - }] - }] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/ambiguous-relationship.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/ambiguous-relationship.json deleted file mode 100644 index c6407e2c..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/ambiguous-relationship.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "related-to": "generic-vnf", - "relationship-data" : [{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key1" - },{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key2" - }] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-failv10-successv9.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-failv10-successv9.json deleted file mode 100644 index 5bafc9ff..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-failv10-successv9.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "related-to": "generic-vnf", - "related-link": "/aai/v10/network/generic-vnfs/test-objet/key1", - "relationship-data" : [{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key2" - }] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-successv10-failv9.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-successv10-failv9.json deleted file mode 100644 index 3afe6bb7..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/both-successv10-failv9.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "related-to": "generic-vnf", - "related-link": "http://localhost/aai/v10/network/generic-vnfs/generic-vnf/key1", - "relationship-data" : [{ - "relationship-key" : "test-obect.vnf-id", - "relationship-value":"key2" - }] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/nothing-to-parse.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/nothing-to-parse.json deleted file mode 100644 index b24834af..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/nothing-to-parse.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "related-to": "generic-vnf", - "relationship-data" : [] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-related-link.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-related-link.json deleted file mode 100644 index 4cc103e8..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-related-link.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "related-to": "generic-vnf", - "related-link": "http://localhost/aai/v10/network/generic-vnfs/generic-vnf/key1" -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-relationship-data.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-relationship-data.json deleted file mode 100644 index b9fccc9c..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/only-relationship-data.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "related-to": "generic-vnf", - "relationship-data" : [{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key1" - }] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/too-many-items-relationship.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/too-many-items-relationship.json deleted file mode 100644 index 97765cfb..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/too-many-items-relationship.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "related-to": "l-interface", - "relationship-data" : [{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key1" - },{ - "relationship-key" : "subnet.subnet-id", - "relationship-value":"key5" - },{ - "relationship-key" : "vlan.vlan-interface", - "relationship-value":"key3" - },{ - "relationship-key" : "l-interface.interface-name", - "relationship-value":"key2" - },{ - "relationship-key" : "l3-interface-ipv4-address-list.l3-interface-ipv4-address", - "relationship-value":"key4" - }] -} diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/top-level-two-keys-relationship.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/top-level-two-keys-relationship.json deleted file mode 100644 index c6dbf557..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/top-level-two-keys-relationship.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "related-to" : "availability-zone", - "relationship-data" : [ { - "relationship-key" : "cloud-region.cloud-owner", - "relationship-value" : "key1" - }, { - "relationship-key" : "cloud-region.cloud-region-id", - "relationship-value" : "key2" - }, { - "relationship-key" : "availability-zone.availability-zone-name", - "relationship-value" : "key3" - } ] -}
\ No newline at end of file diff --git a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/two-top-level-relationship.json b/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/two-top-level-relationship.json deleted file mode 100644 index 54cac2c8..00000000 --- a/aai-aaf-auth/src/test/resources/bundleconfig-local/etc/relationship/two-top-level-relationship.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "related-to": "l-interface", - "relationship-data" : [{ - "relationship-key" : "generic-vnf.vnf-id", - "relationship-value":"key1" - },{ - "relationship-key" : "vlan.vlan-interface", - "relationship-value":"key3" - },{ - "relationship-key" : "l-interface.interface-name", - "relationship-value":"key2" - },{ - "relationship-key" : "zone.zone-id", - "relationship-value":"key5" - },{ - "relationship-key" : "l3-interface-ipv4-address-list.l3-interface-ipv4-address", - "relationship-value":"key4" - }] -} diff --git a/aai-core/pom.xml b/aai-core/pom.xml index b66e1374..a7225531 100644 --- a/aai-core/pom.xml +++ b/aai-core/pom.xml @@ -115,10 +115,6 @@ limitations under the License. </dependency> <dependency> <groupId>org.onap.aai.aai-common</groupId> - <artifactId>aai-aaf-auth</artifactId> - </dependency> - <dependency> - <groupId>org.onap.aai.aai-common</groupId> <artifactId>aai-annotations</artifactId> </dependency> <dependency> diff --git a/aai-core/src/main/java/org/onap/aai/config/AuthorizationConfiguration.java b/aai-core/src/main/java/org/onap/aai/config/AuthorizationConfiguration.java deleted file mode 100644 index 24e7ec5a..00000000 --- a/aai-core/src/main/java/org/onap/aai/config/AuthorizationConfiguration.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.config; - -import org.onap.aai.aaf.auth.AAIAuthCore; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; - -@Profile("two-way-ssl") -@Configuration -public class AuthorizationConfiguration { - - @Value("${schema.uri.base.path}") - private String basePath; - - @Bean - public AAIAuthCore aaiAuthCore() { - return new AAIAuthCore(basePath); - } -} diff --git a/aai-els-onap-logging/src/test/resources/logback.xml b/aai-els-onap-logging/src/test/resources/logback.xml index 7bf5d98f..2925be00 100644 --- a/aai-els-onap-logging/src/test/resources/logback.xml +++ b/aai-els-onap-logging/src/test/resources/logback.xml @@ -27,7 +27,7 @@ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/logs" /> - + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> <property name="p_lvl" value="%level"/> <property name="p_log" value="%logger"/> @@ -53,7 +53,7 @@ </pattern> </encoder> </appender> - + <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> <queueSize>1000</queueSize> @@ -123,7 +123,7 @@ <includeCallerData>true</includeCallerData> <appender-ref ref="AUDIT" /> </appender> - + <appender name="auth" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> @@ -147,17 +147,14 @@ <logger name="ch.qos.logback.classic" level="WARN" /> <logger name="ch.qos.logback.core" level="WARN" /> - + <logger name="com.jayway.jsonpath" level="WARN" /> <logger name="org.apache" level="OFF" /> - + <logger name="org.onap.aai" level="DEBUG" additivity="false"> <appender-ref ref="STDOUT" /> </logger> - <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false"> - <appender-ref ref="asyncAUTH" /> - </logger> <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN"> <appender-ref ref="asyncERROR"/> </logger> diff --git a/aai-parent/pom.xml b/aai-parent/pom.xml index 45033490..c4b96c2d 100644 --- a/aai-parent/pom.xml +++ b/aai-parent/pom.xml @@ -45,7 +45,6 @@ limitations under the License. <aai.rest.client.version>1.6.4</aai.rest.client.version> <aai.schema.service.version>1.9.6</aai.schema.service.version> - <aaf.version>2.1.15</aaf.version> <antlr.version>4.11.1</antlr.version> <activemq.version>5.16.1</activemq.version> <commons.beanutils.version>1.9.4</commons.beanutils.version> @@ -191,12 +190,6 @@ limitations under the License. <dependency> <groupId>org.onap.aai.aai-common</groupId> - <artifactId>aai-aaf-auth</artifactId> - <version>${aai.release.version}</version> - </dependency> - - <dependency> - <groupId>org.onap.aai.aai-common</groupId> <artifactId>aai-els-onap-logging</artifactId> <version>${aai.release.version}</version> </dependency> @@ -411,19 +404,6 @@ limitations under the License. </dependency> <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-core</artifactId> - <version>${aaf.version}</version> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-aaf</artifactId> - <version>${aaf.version}</version> - <scope>compile</scope> - </dependency> - - <dependency> <groupId>org.easymock</groupId> <artifactId>easymock</artifactId> <version>${easy.mock.version}</version> @@ -40,7 +40,6 @@ <module>aai-rest</module> <module>aai-schema-ingest</module> <module>aai-annotations</module> - <module>aai-aaf-auth</module> <module>aai-core</module> <module>aai-auth</module> <module>aai-els-onap-logging</module> |