diff options
3 files changed, 47 insertions, 7 deletions
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 4f2d9676..e038d930 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -117,7 +117,7 @@ public class DefaultOrg implements Organization { identities = new Identities(fIdentities); } else { if (fIdentities==null) { - throw new OrganizationException("No Identities"); + throw new OrganizationException("No Identities: set \"" + AAF_DATA_DIR + '"'); } else { throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist."); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java index d4d11bbb..83b66a08 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java @@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0; import java.io.IOException; import java.security.Principal; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.onap.aaf.cadi.AbsUserCache; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CachedPrincipal; @@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.principal.BasicPrincipal; import org.onap.aaf.cadi.principal.CachedBasicPrincipal; import org.onap.aaf.cadi.taf.HttpTaf; import org.onap.aaf.cadi.taf.TafResp; import org.onap.aaf.cadi.taf.TafResp.RESP; import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf { private AAFCon<CLIENT> aaf; private boolean warn; - + private MapBathConverter mapIds; + public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) { super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount); aaf = con; warn = turnOnWarning; + initMapBathConverter(); } public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) { super(other); aaf = con; warn = turnOnWarning; + initMapBathConverter(); + } // Note: Needed for Creation of this Object with Generics @@ -78,6 +86,19 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning); } + private void initMapBathConverter() { + String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null); + if(csvFile==null) { + mapIds=null; + } else { + try { + mapIds = new MapBathConverter(access, new CSV(csvFile)); + } catch (IOException | CadiException e) { + access.log(e,"Bath Map Conversion is not initialzed (non fatal)"); + } + } + + } public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) { //TODO Do we allow just anybody to validate? @@ -88,6 +109,10 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT if (warn&&!req.isSecure()) { aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel"); } + if(mapIds != null) { + authz = mapIds.convert(access, authz); + } + try { final CachedBasicPrincipal bp; if (req.getUserPrincipal() instanceof CachedBasicPrincipal) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java index 7a138e97..93074932 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java @@ -139,6 +139,7 @@ public class MapBathConverter { public String convert(Access access, final String bath) { String rv = map.get(bath); String cred=null; + String tcred=null; Holder<String> hpass=null; try { if(rv==null || !rv.startsWith(BASIC)) { @@ -154,9 +155,8 @@ public class MapBathConverter { // for SAFETY REASONS, we WILL NOT allow a non validated cred to // pass a password from file. Should be caught from Instation, but... if(rv!=null) { - if(rv.startsWith(BASIC)) { - return bath; - } else { + if(!rv.startsWith(BASIC)) { + tcred = rv; rv = BASIC + Symm.base64noSplit.encode(rv+':'+hpass.value); } } @@ -164,7 +164,22 @@ public class MapBathConverter { } catch (IOException | CadiException e) { access.log(e,"Invalid Authorization"); } - - return rv; + + if(rv==null) { + rv=bath; + } else { + try { + if(cred==null) { + cred = idFromBasic(bath,null); + } + if(tcred==null) { + tcred = idFromBasic(rv,null); + } + } catch (IOException | CadiException e) { + access.log(Level.ERROR,"Invalid Basic Authentication for conversion"); + } + access.printf(Level.AUDIT, "ID %s converted to %s",cred,tcred); + } + return rv==null?bath:rv; } } |