diff options
Diffstat (limited to 'auth/auth-oauth')
10 files changed, 110 insertions, 110 deletions
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java index 3ae80e3c..4104c34b 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java @@ -89,7 +89,7 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> { super(env.access(),env); String aaf_env = env.getProperty(Config.AAF_ENV); - if(aaf_env==null) { + if (aaf_env==null) { throw new APIException("aaf_env needs to be set"); } @@ -129,10 +129,10 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> { String version = "1.0"; // Get Correct API Class from Mapper Class<?> respCls = facade1_0.mapper().getClass(api); - if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); + if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); // setup Application API HTML ContentTypes for JSON and Route String application = applicationJSON(respCls, version); - if(meth.equals(HttpMethods.POST)) { + if (meth.equals(HttpMethods.POST)) { route(env,meth,path,code,application,"application/json;version="+version,"application/x-www-form-urlencoded","*/*"); } else { route(env,meth,path,code,application,"application/json;version="+version,"*/*"); @@ -147,7 +147,7 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> { atl[0] = doat; atl[1] = doat.directUserPass(); - if(additionalTafLurs.length>0) { + if (additionalTafLurs.length>0) { System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length); } @@ -176,10 +176,10 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> { @Override public void destroy() { Cache.stopTimer(); - if(service!=null) { + if (service!=null) { service.close(); } - if(cluster!=null) { + if (cluster!=null) { cluster.close(); } super.destroy(); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java index bb882367..3d863824 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java @@ -74,7 +74,7 @@ public class DirectOAuthTAF implements HttpTaf { tkMgr = TokenMgr.getInstance(access,"dbToken","dbIntrospect"); String alt_url = access.getProperty(Config.AAF_ALT_OAUTH2_INTROSPECT_URL,null); TokenClientFactory tcf; - if(alt_url!=null) { + if (alt_url!=null) { try { tcf = TokenClientFactory.instance(access); String[] split = Split.split(',', alt_url); @@ -94,42 +94,42 @@ public class DirectOAuthTAF implements HttpTaf { public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { String value; String token; - if((value=req.getHeader("Authorization"))!=null && value.startsWith("Bearer ")) { + if ((value=req.getHeader("Authorization"))!=null && value.startsWith("Bearer ")) { token = value.substring(7); } else { token = null; } - if("application/x-www-form-urlencoded".equals(req.getContentType())) { + if ("application/x-www-form-urlencoded".equals(req.getContentType())) { Map<String, String[]> map = req.getParameterMap(); String client_id=null,client_secret=null,username=null,password=null; - for(Map.Entry<String, String[]> es : map.entrySet()) { + for (Map.Entry<String, String[]> es : map.entrySet()) { switch(es.getKey()) { case "client_id": - for(String s : es.getValue()) { + for (String s : es.getValue()) { client_id=s; } break; case "client_secret": - for(String s : es.getValue()) { + for (String s : es.getValue()) { client_secret=s; } break; case "username": - for(String s : es.getValue()) { + for (String s : es.getValue()) { username=s; } break; case "password": - for(String s : es.getValue()) { + for (String s : es.getValue()) { password=s; } break; case "token": - if(token!=null) { // Defined as both Bearer and Form Encoded - Error + if (token!=null) { // Defined as both Bearer and Form Encoded - Error return new OAuth2HttpTafResp(access, null, "Token Info found as both Bearer Token and Form Info", RESP.FAIL, resp, true); } - for(String s : es.getValue()) { + for (String s : es.getValue()) { token=s; } break; @@ -137,22 +137,22 @@ public class DirectOAuthTAF implements HttpTaf { } } - if(client_id==null || client_secret==null) { + if (client_id==null || client_secret==null) { return new OAuth2HttpTafResp(access, null, "client_id and client_secret required", RESP.TRY_ANOTHER_TAF, resp, false); } - if(token==null) { // No Token to work with, use only Client_ID and Client_Secret + if (token==null) { // No Token to work with, use only Client_ID and Client_Secret AuthzTrans trans = (AuthzTrans)req.getAttribute(TransFilter.TRANS_TAG); - if(directUserPass.validate(client_id, Type.PASSWORD, client_secret.getBytes(), trans)) { + if (directUserPass.validate(client_id, Type.PASSWORD, client_secret.getBytes(), trans)) { // Client_ID is valid - if(username==null) { // Validating just the Client_ID + if (username==null) { // Validating just the Client_ID return new OAuth2FormHttpTafResp(access,new OAuth2FormPrincipal(client_id,client_id),"OAuth client_id authenticated",RESP.IS_AUTHENTICATED,resp,false); } else { //TODO - Does a clientID need specific Authorization to pair authentication with user name? At the moment, no. // username is ok. - if(password!=null) { - if(directUserPass.validate(username, Type.PASSWORD, password.getBytes(), trans)) { + if (password!=null) { + if (directUserPass.validate(username, Type.PASSWORD, password.getBytes(), trans)) { return new OAuth2FormHttpTafResp(access,new OAuth2FormPrincipal(client_id, username),"OAuth username authenticated",RESP.IS_AUTHENTICATED,resp,false); } else { return new OAuth2HttpTafResp(access,null,"OAuth username " + username + " not authenticated ",RESP.FAIL,resp,true); @@ -169,14 +169,14 @@ public class DirectOAuthTAF implements HttpTaf { } // OK, have only a Token to validate - if(token!=null) { + if (token!=null) { AuthzTrans trans = (AuthzTrans)req.getAttribute(TransFilter.TRANS_TAG); try { Result<Introspect> ri = oaFacade.mappedIntrospect(trans, token); - if(ri.isOK()) { + if (ri.isOK()) { TokenPerm tp = tkMgr.putIntrospect(ri.value, Hash.hashSHA256(token.getBytes())); - if(tp==null) { + if (tp==null) { return new OAuth2HttpTafResp(access, null, "TokenPerm persistence failure", RESP.FAIL, resp, false); } else { return new OAuth2HttpTafResp(access,new OAuth2Principal(tp,Hash.hashSHA256(token.getBytes())),"Token Authenticated",RESP.IS_AUTHENTICATED,resp,false); @@ -209,7 +209,7 @@ public class DirectOAuthTAF implements HttpTaf { @Override public org.onap.aaf.cadi.client.Result<TokenPerm> load(String accessToken, byte[] cred) throws APIException, CadiException, LocatorException { Result<Introspect> ri = oaFacade.mappedIntrospect(trans, accessToken); - if(ri.notOK()) { + if (ri.notOK()) { //TODO what should the status mapping be? return org.onap.aaf.cadi.client.Result.err(ri.status,ri.errorString()); } diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java index 161f6095..9777f564 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java @@ -45,11 +45,11 @@ public class OAuth2Filter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = (HttpServletRequest)request; Principal p = hreq.getUserPrincipal(); - if(request.getContentType().equals("application/x-www-form-urlencoded")) { + if (request.getContentType().equals("application/x-www-form-urlencoded")) { - } else if(p instanceof BearerPrincipal) { - for(String authz : Split.splitTrim(';', hreq.getHeader("Authorization"))) { - if(authz.startsWith("Bearer ")) { + } else if (p instanceof BearerPrincipal) { + for (String authz : Split.splitTrim(';', hreq.getHeader("Authorization"))) { + if (authz.startsWith("Bearer ")) { ((BearerPrincipal)p).setBearer(authz.substring(7)); } } diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java index f795dfd3..0ed4fbed 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java @@ -58,7 +58,7 @@ public class API_Token { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.createBearerToken(trans,req, resp); - if(r.isOK()) { + if (r.isOK()) { resp.setStatus(201/*HttpStatus.CREATED_201*/); } else { context.error(trans,resp,r); @@ -70,7 +70,7 @@ public class API_Token { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.introspect(trans,req, resp); - if(r.isOK()) { + if (r.isOK()) { resp.setStatus(200 /*HttpStatus.OK_200*/); } else { context.error(trans,resp,r); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java index 2935ea3d..36f08b15 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java @@ -44,9 +44,9 @@ public class DirectIntrospectImpl<INTROSPECT> extends FacadeImpl implements Dire public Result<INTROSPECT> mappedIntrospect(AuthzTrans trans, String token) { Result<INTROSPECT> rti; Result<OAuthTokenDAO.Data> rs = service.introspect(trans,token); - if(rs.notOK()) { + if (rs.notOK()) { rti = Result.err(rs); - } else if(rs.isEmpty()) { + } else if (rs.isEmpty()) { rti = Result.err(Result.ERR_NotFound,"No Token %s found",token); } else { rti = mapper.introspect(rs); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java index cd1d7df1..e5e12bd6 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java @@ -119,27 +119,27 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> TOKEN_REQ request; try { request = mapper.tokenReqFromParams(req); - if(request==null) { + if (request==null) { Data<TOKEN_REQ> rd = tokenReqDF.newData().load(req.getInputStream()); - if(Question.willSpecialLog(trans, trans.user())) { + if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,rd.asString()); } request = rd.asObject(); } - } catch(APIException e) { + } catch (APIException e) { trans.error().log(INVALID_INPUT,IN,CREATE_TOKEN); return Result.err(Status.ERR_BadData,INVALID_INPUT); } // Already validated for Oauth2FormPrincipal // Result<Void> rv = service.validate(trans,mapper.credsFromReq(request)); -// if(rv.notOK()) { +// if (rv.notOK()) { // return rv; // } Holder<GRANT_TYPE> hgt = new Holder<GRANT_TYPE>(GRANT_TYPE.unknown); Result<OAuthTokenDAO.Data> rs = service.createToken(trans,req,mapper.clientTokenReq(request,hgt),hgt); Result<TOKEN> rp; - if(rs.isOKhasData()) { + if (rs.isOKhasData()) { rp = mapper.tokenFromData(rs); } else { rp = Result.err(rs); @@ -147,7 +147,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> switch(rp.status) { case OK: RosettaData<TOKEN> data = tokenDF.newData(trans).load(rp.value); - if(Question.willSpecialLog(trans, trans.user())) { + if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } data.to(resp.getOutputStream()); @@ -175,30 +175,30 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> try { Principal p = req.getUserPrincipal(); String token=null; - if(p != null) { - if(p instanceof OAuth2Principal) { + if (p != null) { + if (p instanceof OAuth2Principal) { RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(mapper.fromPrincipal((OAuth2Principal)p)); - if(Question.willSpecialLog(trans, trans.user())) { + if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } data.to(resp.getOutputStream()); resp.getOutputStream().print('\n'); setContentType(resp,tokenDF.getOutType()); return Result.ok(); - } else if(p instanceof OAuth2FormPrincipal) { + } else if (p instanceof OAuth2FormPrincipal) { token = req.getParameter("token"); } } - if(token==null) { + if (token==null) { token = req.getParameter("access_token"); - if(token==null || token.isEmpty()) { + if (token==null || token.isEmpty()) { token = req.getHeader("Authorization"); - if(token != null && token.startsWith("Bearer ")) { + if (token != null && token.startsWith("Bearer ")) { token = token.substring(7); } else { token = req.getParameter("token"); - if(token==null) { + if (token==null) { return Result.err(Result.ERR_Security,"token is required"); } } @@ -209,7 +209,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> switch(rti.status) { case OK: RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(rti.value); - if(Question.willSpecialLog(trans, trans.user())) { + if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } data.to(resp.getOutputStream()); @@ -308,7 +308,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> "] " + holder.toString(), Env.ALWAYS); - if(hidemsg) { + if (hidemsg) { holder.setLength(0); em = mapper.errorFromMessage(holder, msgId, "Server had an issue processing this request"); } diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java index 4be079e4..027a51a7 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java @@ -78,7 +78,7 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques err.setMessageId(msgID); // AT&T Restful Error Format requires numbers "%" placements err.setText(Vars.convert(holder, text, var)); - for(String s : var) { + for (String s : var) { err.getVariables().add(s); } return err; @@ -89,46 +89,46 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques TokenRequest tr = new TokenRequest(); boolean data = false; Map<String, String[]> map = req.getParameterMap(); - for(Entry<String, String[]> es : map.entrySet()) { + for (Entry<String, String[]> es : map.entrySet()) { switch(es.getKey()) { case "client_id": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setClientId(es.getValue()[0]); data = true; } break; case "client_secret": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setClientSecret(es.getValue()[0]); data = true; } break; case "username": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setUsername(es.getValue()[0]); data = true; } break; case "password": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setPassword(es.getValue()[0]); data = true; } break; case "scope": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setScope(es.getValue()[0]); data = true; } break; case "grant_type": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setGrantType(es.getValue()[0]); data = true; } break; case "refresh_token": - if(es.getValue().length==1) { + if (es.getValue().length==1) { tr.setRefreshToken(es.getValue()[0]); data = true; } @@ -158,12 +158,12 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques OAuthTokenDAO.Data tdd = new OAuthTokenDAO.Data(); tdd.client_id = tokReq.getClientId(); tdd.user = tokReq.getUsername(); - if(tokReq.getRefreshToken()!=null) { + if (tokReq.getRefreshToken()!=null) { tdd.refresh=tokReq.getRefreshToken(); } - for(GRANT_TYPE ttt : GRANT_TYPE.values()) { - if(ttt.name().equals(tokReq.getGrantType())) { + for (GRANT_TYPE ttt : GRANT_TYPE.values()) { + if (ttt.name().equals(tokReq.getGrantType())) { hgt.set(ttt); break; } @@ -180,9 +180,9 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques break; } String scopes=tokReq.getScope(); - if(scopes!=null) { + if (scopes!=null) { Set<String> ss = tdd.scopes(true); - for(String s: Split.split(' ', tokReq.getScope())) { + for (String s: Split.split(' ', tokReq.getScope())) { ss.add(s); } } @@ -193,12 +193,12 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques @Override public Result<Token> tokenFromData(Result<Data> rd) { - if(rd.notOK()) { + if (rd.notOK()) { return Result.err(rd); } Data d = rd.value; Token token = new Token(); - if(OAuthService.TOKEN_TYPE.values().length>d.type) { + if (OAuthService.TOKEN_TYPE.values().length>d.type) { token.setTokenType(OAuthService.TOKEN_TYPE.values()[d.type].name()); } else { token.setTokenType("Invalid"); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java index ac015c81..33df05fa 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java @@ -32,19 +32,19 @@ import aafoauth.v2_0.Introspect; public class MapperIntrospect1_0 implements MapperIntrospect<Introspect> { public Result<Introspect> introspect(Result<Data> rs) { - if(rs.isOKhasData()) { + if (rs.isOKhasData()) { Data data = rs.value; Introspect ti = new Introspect(); ti.setAccessToken(data.id); ti.setActive(data.active); ti.setClientId(data.client_id); - for(CLIENT_TYPE ct : CLIENT_TYPE.values()) { - if(data.type==ct.ordinal()) { + for (CLIENT_TYPE ct : CLIENT_TYPE.values()) { + if (data.type==ct.ordinal()) { ti.setClientType(ct.name()); break; } } - if(ti.getClientType()==null) { + if (ti.getClientType()==null) { ti.setClientType(CLIENT_TYPE.unknown.name()); } ti.setActive(data.active); @@ -60,8 +60,8 @@ public class MapperIntrospect1_0 implements MapperIntrospect<Introspect> { protected static String getScopes(Set<String> scopes) { StringBuilder sb = new StringBuilder(); boolean start = true; - for(String s : scopes) { - if(start) { + for (String s : scopes) { + if (start) { start = false; } else { sb.append(' '); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java index 886b06c5..8bceb2ab 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java @@ -52,8 +52,8 @@ public class JSONPermLoaderFactory { pathinfo.append(user); pathinfo.append("?scopes="); boolean first = true; - for(String s : scopes) { - if(first) { + for (String s : scopes) { + if (first) { first = false; } else { pathinfo.append(':'); @@ -63,9 +63,9 @@ public class JSONPermLoaderFactory { TimeTaken tt = trans.start("Call AAF Service", Env.REMOTE); try { Future<String> fs = c.read(pathinfo.toString(), "application/Perms+json;charset=utf-8;version=2.0"); - if(fs.get(timeout)) { + if (fs.get(timeout)) { return Result.ok(fs.body()); - } else if(fs.code()==404) { + } else if (fs.code()==404) { return Result.err(Result.ERR_NotFound,fs.body()); } else { return Result.err(Result.ERR_Backend,"Error accessing AAF %s: %s",Integer.toString(fs.code()),fs.body()); @@ -86,15 +86,15 @@ public class JSONPermLoaderFactory { } finally { tt.done(); } - if(pd.notOK()) { + if (pd.notOK()) { return Result.err(pd); } // Since we know it is StringBuilder sb = new StringBuilder("{\"perm\":["); boolean first = true; - for(PermDAO.Data d : pd.value) { - if(scopes.contains(d.ns)) { - if(first) { + for (PermDAO.Data d : pd.value) { + if (scopes.contains(d.ns)) { + if (first) { first = false; } else { sb.append(','); diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java index 1d926a74..e3aed80c 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java @@ -82,7 +82,7 @@ public class OAuthService { }; try { String alt_url = access.getProperty(Config.AAF_ALT_OAUTH2_INTROSPECT_URL,null); - if(alt_url!=null) { + if (alt_url!=null) { tcf = TokenClientFactory.instance(access); String[] split = Split.split(',', alt_url); int timeout = split.length>1?Integer.parseInt(split[1]):3000; @@ -101,7 +101,7 @@ public class OAuthService { } public Result<Void> validate(AuthzTrans trans, OCreds creds) { - if(directUserPass.validate(creds.username, Type.PASSWORD, creds.password, trans)) { + if (directUserPass.validate(creds.username, Type.PASSWORD, creds.password, trans)) { return Result.ok(); } else { return Result.err(Result.ERR_Security, "Invalid Credential for ",creds.username); @@ -121,7 +121,7 @@ public class OAuthService { } private Result<Data> createBearerToken(AuthzTrans trans, OAuthTokenDAO.Data odd) { - if(odd.user==null) { + if (odd.user==null) { odd.user = trans.user(); } odd.id = AAFToken.toToken(UUID.randomUUID()); @@ -134,7 +134,7 @@ public class OAuthService { try { Result<Data> rd = loadToken(trans, odd); - if(rd.notOK()) { + if (rd.notOK()) { return rd; } } catch (APIException | CadiException e) { @@ -145,11 +145,11 @@ public class OAuthService { private Result<Data> loadToken(AuthzTrans trans, Data odd) throws APIException, CadiException { Result<String> rs = permLoader.loadJSONPerms(trans,odd.user,odd.scopes(false)); - if(rs.isOK()) { + if (rs.isOK()) { odd.content = rs.value; odd.type = TOKEN_TYPE.bearer.ordinal(); return Result.ok(odd); - } else if(rs.status == Result.ERR_NotFound || rs.status==Status.ERR_UserRoleNotFound) { + } else if (rs.status == Result.ERR_NotFound || rs.status==Status.ERR_UserRoleNotFound) { odd.type = TOKEN_TYPE.bearer.ordinal(); return Result.ok(odd); } else { @@ -161,28 +161,28 @@ public class OAuthService { private Result<Data> refreshBearerToken(AuthzTrans trans, Data odd) { Result<List<Data>> rld = tokenDAO.readByUser(trans, trans.user()); - if(rld.notOK()) { + if (rld.notOK()) { return Result.err(rld); } - if(rld.isEmpty()) { + if (rld.isEmpty()) { return Result.err(Result.ERR_NotFound,"Data not Found for %1 %2",trans.user(),odd.refresh==null?"":odd.refresh.toString()); } Data token = null; - for(Data d : rld.value) { - if(d.refresh.equals(odd.refresh)) { + for (Data d : rld.value) { + if (d.refresh.equals(odd.refresh)) { token = d; boolean scopesNE = false; Set<String> scopes = odd.scopes(false); - if(scopes.size()>0) { // only check if Scopes listed, RFC 6749, Section 6 - if(scopesNE=!(scopes.size() == d.scopes(false).size())) { - for(String s : odd.scopes(false)) { - if(!d.scopes(false).contains(s)) { + if (scopes.size()>0) { // only check if Scopes listed, RFC 6749, Section 6 + if (scopesNE=!(scopes.size() == d.scopes(false).size())) { + for (String s : odd.scopes(false)) { + if (!d.scopes(false).contains(s)) { scopesNE=true; break; } } } - if(scopesNE) { + if (scopesNE) { return Result.err(Result.ERR_BadData,"Requested Scopes do not match existing Token"); } } @@ -190,7 +190,7 @@ public class OAuthService { } } - if(token==null) { + if (token==null) { trans.audit().printf("Duplicate Refresh Token (%s) attempted for %s. Possible Replay Attack",odd.refresh.toString(),trans.user()); return Result.err(Result.ERR_Security,"Invalid Refresh Token"); } else { @@ -205,11 +205,11 @@ public class OAuthService { token.exp_sec = exp/1000; token.req_ip = trans.ip(); Result<Data> rd = tokenDAO.create(trans, token); - if(rd.notOK()) { + if (rd.notOK()) { return Result.err(rd); } Result<Void> rv = tokenDAO.delete(trans, deleteMe,false); - if(rv.notOK()) { + if (rv.notOK()) { trans.error().log("Unable to delete token", token); } } @@ -220,22 +220,22 @@ public class OAuthService { Result<List<Data>> rld; try { UUID uuid = AAFToken.fromToken(token); - if(uuid==null) { // not an AAF Token + if (uuid==null) { // not an AAF Token // Attempt to get Alternative Token - if(altIntrospectClient!=null) { + if (altIntrospectClient!=null) { org.onap.aaf.cadi.client.Result<Introspect> rai = altIntrospectClient.introspect(token); - if(rai.isOK()) { + if (rai.isOK()) { Introspect in = rai.value; - if(in.getExp()==null) { + if (in.getExp()==null) { trans.audit().printf("Alt OAuth sent back inactive, empty token: requesting_id,%s,access_token=%s,ip=%s\n",trans.user(),token,trans.ip()); } long expires = in.getExp()*1000; - if(in.isActive() && expires>System.currentTimeMillis()) { + if (in.isActive() && expires>System.currentTimeMillis()) { // We have a good Token, modify to be Fully Qualified String fqid = in.getUsername()+altDomain; // read contents rld = tokenDAO.read(trans, token); - if(rld.isOKhasData()) { + if (rld.isOKhasData()) { Data td = rld.value.get(0); in.setContent(td.content); } else { @@ -248,8 +248,8 @@ public class OAuthService { td.expires = new Date(expires); td.exp_sec = in.getExp(); Set<String> scopes = td.scopes(true); - if(in.getScope()!=null) { - for(String s : Split.split(' ', in.getScope())) { + if (in.getScope()!=null) { + for (String s : Split.split(' ', in.getScope())) { scopes.add(s); } } @@ -277,13 +277,13 @@ public class OAuthService { public Result<Data> dbIntrospect(final AuthzTrans trans, final String token) { Result<List<Data>> rld = tokenDAO.read(trans, token); - if(rld.notOKorIsEmpty()) { + if (rld.notOKorIsEmpty()) { return Result.err(rld); } OAuthTokenDAO.Data odd = rld.value.get(0); trans.checkpoint(odd.user + ':' + odd.client_id + ", " + odd.id); - if(odd.active) { - if(odd.expires.before(trans.now())) { + if (odd.active) { + if (odd.expires.before(trans.now())) { return Result.err(Result.ERR_Policy,"Token %1 has expired",token); } return Result.ok(rld.value.get(0)); // ok keyed on id/token. @@ -293,7 +293,7 @@ public class OAuthService { } public void close() { - for(DAO<AuthzTrans,?> dao : daos) { + for (DAO<AuthzTrans,?> dao : daos) { dao.close(NullTrans.singleton()); } } |