summaryrefslogtreecommitdiffstats
path: root/auth/auth-oauth
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-oauth')
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java12
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java40
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java8
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java4
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java4
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java32
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java32
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java12
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java16
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java60
10 files changed, 110 insertions, 110 deletions
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java
index 3ae80e3c..4104c34b 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java
@@ -89,7 +89,7 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> {
super(env.access(),env);
String aaf_env = env.getProperty(Config.AAF_ENV);
- if(aaf_env==null) {
+ if (aaf_env==null) {
throw new APIException("aaf_env needs to be set");
}
@@ -129,10 +129,10 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> {
String version = "1.0";
// Get Correct API Class from Mapper
Class<?> respCls = facade1_0.mapper().getClass(api);
- if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
+ if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
// setup Application API HTML ContentTypes for JSON and Route
String application = applicationJSON(respCls, version);
- if(meth.equals(HttpMethods.POST)) {
+ if (meth.equals(HttpMethods.POST)) {
route(env,meth,path,code,application,"application/json;version="+version,"application/x-www-form-urlencoded","*/*");
} else {
route(env,meth,path,code,application,"application/json;version="+version,"*/*");
@@ -147,7 +147,7 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> {
atl[0] = doat;
atl[1] = doat.directUserPass();
- if(additionalTafLurs.length>0) {
+ if (additionalTafLurs.length>0) {
System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length);
}
@@ -176,10 +176,10 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> {
@Override
public void destroy() {
Cache.stopTimer();
- if(service!=null) {
+ if (service!=null) {
service.close();
}
- if(cluster!=null) {
+ if (cluster!=null) {
cluster.close();
}
super.destroy();
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java
index bb882367..3d863824 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/DirectOAuthTAF.java
@@ -74,7 +74,7 @@ public class DirectOAuthTAF implements HttpTaf {
tkMgr = TokenMgr.getInstance(access,"dbToken","dbIntrospect");
String alt_url = access.getProperty(Config.AAF_ALT_OAUTH2_INTROSPECT_URL,null);
TokenClientFactory tcf;
- if(alt_url!=null) {
+ if (alt_url!=null) {
try {
tcf = TokenClientFactory.instance(access);
String[] split = Split.split(',', alt_url);
@@ -94,42 +94,42 @@ public class DirectOAuthTAF implements HttpTaf {
public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {
String value;
String token;
- if((value=req.getHeader("Authorization"))!=null && value.startsWith("Bearer ")) {
+ if ((value=req.getHeader("Authorization"))!=null && value.startsWith("Bearer ")) {
token = value.substring(7);
} else {
token = null;
}
- if("application/x-www-form-urlencoded".equals(req.getContentType())) {
+ if ("application/x-www-form-urlencoded".equals(req.getContentType())) {
Map<String, String[]> map = req.getParameterMap();
String client_id=null,client_secret=null,username=null,password=null;
- for(Map.Entry<String, String[]> es : map.entrySet()) {
+ for (Map.Entry<String, String[]> es : map.entrySet()) {
switch(es.getKey()) {
case "client_id":
- for(String s : es.getValue()) {
+ for (String s : es.getValue()) {
client_id=s;
}
break;
case "client_secret":
- for(String s : es.getValue()) {
+ for (String s : es.getValue()) {
client_secret=s;
}
break;
case "username":
- for(String s : es.getValue()) {
+ for (String s : es.getValue()) {
username=s;
}
break;
case "password":
- for(String s : es.getValue()) {
+ for (String s : es.getValue()) {
password=s;
}
break;
case "token":
- if(token!=null) { // Defined as both Bearer and Form Encoded - Error
+ if (token!=null) { // Defined as both Bearer and Form Encoded - Error
return new OAuth2HttpTafResp(access, null, "Token Info found as both Bearer Token and Form Info", RESP.FAIL, resp, true);
}
- for(String s : es.getValue()) {
+ for (String s : es.getValue()) {
token=s;
}
break;
@@ -137,22 +137,22 @@ public class DirectOAuthTAF implements HttpTaf {
}
}
- if(client_id==null || client_secret==null) {
+ if (client_id==null || client_secret==null) {
return new OAuth2HttpTafResp(access, null, "client_id and client_secret required", RESP.TRY_ANOTHER_TAF, resp, false);
}
- if(token==null) { // No Token to work with, use only Client_ID and Client_Secret
+ if (token==null) { // No Token to work with, use only Client_ID and Client_Secret
AuthzTrans trans = (AuthzTrans)req.getAttribute(TransFilter.TRANS_TAG);
- if(directUserPass.validate(client_id, Type.PASSWORD, client_secret.getBytes(), trans)) {
+ if (directUserPass.validate(client_id, Type.PASSWORD, client_secret.getBytes(), trans)) {
// Client_ID is valid
- if(username==null) { // Validating just the Client_ID
+ if (username==null) { // Validating just the Client_ID
return new OAuth2FormHttpTafResp(access,new OAuth2FormPrincipal(client_id,client_id),"OAuth client_id authenticated",RESP.IS_AUTHENTICATED,resp,false);
} else {
//TODO - Does a clientID need specific Authorization to pair authentication with user name? At the moment, no.
// username is ok.
- if(password!=null) {
- if(directUserPass.validate(username, Type.PASSWORD, password.getBytes(), trans)) {
+ if (password!=null) {
+ if (directUserPass.validate(username, Type.PASSWORD, password.getBytes(), trans)) {
return new OAuth2FormHttpTafResp(access,new OAuth2FormPrincipal(client_id, username),"OAuth username authenticated",RESP.IS_AUTHENTICATED,resp,false);
} else {
return new OAuth2HttpTafResp(access,null,"OAuth username " + username + " not authenticated ",RESP.FAIL,resp,true);
@@ -169,14 +169,14 @@ public class DirectOAuthTAF implements HttpTaf {
}
// OK, have only a Token to validate
- if(token!=null) {
+ if (token!=null) {
AuthzTrans trans = (AuthzTrans)req.getAttribute(TransFilter.TRANS_TAG);
try {
Result<Introspect> ri = oaFacade.mappedIntrospect(trans, token);
- if(ri.isOK()) {
+ if (ri.isOK()) {
TokenPerm tp = tkMgr.putIntrospect(ri.value, Hash.hashSHA256(token.getBytes()));
- if(tp==null) {
+ if (tp==null) {
return new OAuth2HttpTafResp(access, null, "TokenPerm persistence failure", RESP.FAIL, resp, false);
} else {
return new OAuth2HttpTafResp(access,new OAuth2Principal(tp,Hash.hashSHA256(token.getBytes())),"Token Authenticated",RESP.IS_AUTHENTICATED,resp,false);
@@ -209,7 +209,7 @@ public class DirectOAuthTAF implements HttpTaf {
@Override
public org.onap.aaf.cadi.client.Result<TokenPerm> load(String accessToken, byte[] cred) throws APIException, CadiException, LocatorException {
Result<Introspect> ri = oaFacade.mappedIntrospect(trans, accessToken);
- if(ri.notOK()) {
+ if (ri.notOK()) {
//TODO what should the status mapping be?
return org.onap.aaf.cadi.client.Result.err(ri.status,ri.errorString());
}
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java
index 161f6095..9777f564 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2Filter.java
@@ -45,11 +45,11 @@ public class OAuth2Filter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest)request;
Principal p = hreq.getUserPrincipal();
- if(request.getContentType().equals("application/x-www-form-urlencoded")) {
+ if (request.getContentType().equals("application/x-www-form-urlencoded")) {
- } else if(p instanceof BearerPrincipal) {
- for(String authz : Split.splitTrim(';', hreq.getHeader("Authorization"))) {
- if(authz.startsWith("Bearer ")) {
+ } else if (p instanceof BearerPrincipal) {
+ for (String authz : Split.splitTrim(';', hreq.getHeader("Authorization"))) {
+ if (authz.startsWith("Bearer ")) {
((BearerPrincipal)p).setBearer(authz.substring(7));
}
}
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java
index f795dfd3..0ed4fbed 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/api/API_Token.java
@@ -58,7 +58,7 @@ public class API_Token {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.createBearerToken(trans,req, resp);
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(201/*HttpStatus.CREATED_201*/);
} else {
context.error(trans,resp,r);
@@ -70,7 +70,7 @@ public class API_Token {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.introspect(trans,req, resp);
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(200 /*HttpStatus.OK_200*/);
} else {
context.error(trans,resp,r);
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java
index 2935ea3d..36f08b15 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/DirectIntrospectImpl.java
@@ -44,9 +44,9 @@ public class DirectIntrospectImpl<INTROSPECT> extends FacadeImpl implements Dire
public Result<INTROSPECT> mappedIntrospect(AuthzTrans trans, String token) {
Result<INTROSPECT> rti;
Result<OAuthTokenDAO.Data> rs = service.introspect(trans,token);
- if(rs.notOK()) {
+ if (rs.notOK()) {
rti = Result.err(rs);
- } else if(rs.isEmpty()) {
+ } else if (rs.isEmpty()) {
rti = Result.err(Result.ERR_NotFound,"No Token %s found",token);
} else {
rti = mapper.introspect(rs);
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java
index cd1d7df1..e5e12bd6 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/facade/OAFacadeImpl.java
@@ -119,27 +119,27 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
TOKEN_REQ request;
try {
request = mapper.tokenReqFromParams(req);
- if(request==null) {
+ if (request==null) {
Data<TOKEN_REQ> rd = tokenReqDF.newData().load(req.getInputStream());
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,rd.asString());
}
request = rd.asObject();
}
- } catch(APIException e) {
+ } catch (APIException e) {
trans.error().log(INVALID_INPUT,IN,CREATE_TOKEN);
return Result.err(Status.ERR_BadData,INVALID_INPUT);
}
// Already validated for Oauth2FormPrincipal
// Result<Void> rv = service.validate(trans,mapper.credsFromReq(request));
-// if(rv.notOK()) {
+// if (rv.notOK()) {
// return rv;
// }
Holder<GRANT_TYPE> hgt = new Holder<GRANT_TYPE>(GRANT_TYPE.unknown);
Result<OAuthTokenDAO.Data> rs = service.createToken(trans,req,mapper.clientTokenReq(request,hgt),hgt);
Result<TOKEN> rp;
- if(rs.isOKhasData()) {
+ if (rs.isOKhasData()) {
rp = mapper.tokenFromData(rs);
} else {
rp = Result.err(rs);
@@ -147,7 +147,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
switch(rp.status) {
case OK:
RosettaData<TOKEN> data = tokenDF.newData(trans).load(rp.value);
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
@@ -175,30 +175,30 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
try {
Principal p = req.getUserPrincipal();
String token=null;
- if(p != null) {
- if(p instanceof OAuth2Principal) {
+ if (p != null) {
+ if (p instanceof OAuth2Principal) {
RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(mapper.fromPrincipal((OAuth2Principal)p));
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
resp.getOutputStream().print('\n');
setContentType(resp,tokenDF.getOutType());
return Result.ok();
- } else if(p instanceof OAuth2FormPrincipal) {
+ } else if (p instanceof OAuth2FormPrincipal) {
token = req.getParameter("token");
}
}
- if(token==null) {
+ if (token==null) {
token = req.getParameter("access_token");
- if(token==null || token.isEmpty()) {
+ if (token==null || token.isEmpty()) {
token = req.getHeader("Authorization");
- if(token != null && token.startsWith("Bearer ")) {
+ if (token != null && token.startsWith("Bearer ")) {
token = token.substring(7);
} else {
token = req.getParameter("token");
- if(token==null) {
+ if (token==null) {
return Result.err(Result.ERR_Security,"token is required");
}
}
@@ -209,7 +209,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
switch(rti.status) {
case OK:
RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(rti.value);
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
@@ -308,7 +308,7 @@ public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
"] " +
holder.toString(),
Env.ALWAYS);
- if(hidemsg) {
+ if (hidemsg) {
holder.setLength(0);
em = mapper.errorFromMessage(holder, msgId, "Server had an issue processing this request");
}
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java
index 4be079e4..027a51a7 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/Mapper1_0.java
@@ -78,7 +78,7 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques
err.setMessageId(msgID);
// AT&T Restful Error Format requires numbers "%" placements
err.setText(Vars.convert(holder, text, var));
- for(String s : var) {
+ for (String s : var) {
err.getVariables().add(s);
}
return err;
@@ -89,46 +89,46 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques
TokenRequest tr = new TokenRequest();
boolean data = false;
Map<String, String[]> map = req.getParameterMap();
- for(Entry<String, String[]> es : map.entrySet()) {
+ for (Entry<String, String[]> es : map.entrySet()) {
switch(es.getKey()) {
case "client_id":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setClientId(es.getValue()[0]);
data = true;
}
break;
case "client_secret":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setClientSecret(es.getValue()[0]);
data = true;
}
break;
case "username":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setUsername(es.getValue()[0]);
data = true;
}
break;
case "password":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setPassword(es.getValue()[0]);
data = true;
}
break;
case "scope":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setScope(es.getValue()[0]);
data = true;
}
break;
case "grant_type":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setGrantType(es.getValue()[0]);
data = true;
}
break;
case "refresh_token":
- if(es.getValue().length==1) {
+ if (es.getValue().length==1) {
tr.setRefreshToken(es.getValue()[0]);
data = true;
}
@@ -158,12 +158,12 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques
OAuthTokenDAO.Data tdd = new OAuthTokenDAO.Data();
tdd.client_id = tokReq.getClientId();
tdd.user = tokReq.getUsername();
- if(tokReq.getRefreshToken()!=null) {
+ if (tokReq.getRefreshToken()!=null) {
tdd.refresh=tokReq.getRefreshToken();
}
- for(GRANT_TYPE ttt : GRANT_TYPE.values()) {
- if(ttt.name().equals(tokReq.getGrantType())) {
+ for (GRANT_TYPE ttt : GRANT_TYPE.values()) {
+ if (ttt.name().equals(tokReq.getGrantType())) {
hgt.set(ttt);
break;
}
@@ -180,9 +180,9 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques
break;
}
String scopes=tokReq.getScope();
- if(scopes!=null) {
+ if (scopes!=null) {
Set<String> ss = tdd.scopes(true);
- for(String s: Split.split(' ', tokReq.getScope())) {
+ for (String s: Split.split(' ', tokReq.getScope())) {
ss.add(s);
}
}
@@ -193,12 +193,12 @@ public class Mapper1_0 extends MapperIntrospect1_0 implements Mapper<TokenReques
@Override
public Result<Token> tokenFromData(Result<Data> rd) {
- if(rd.notOK()) {
+ if (rd.notOK()) {
return Result.err(rd);
}
Data d = rd.value;
Token token = new Token();
- if(OAuthService.TOKEN_TYPE.values().length>d.type) {
+ if (OAuthService.TOKEN_TYPE.values().length>d.type) {
token.setTokenType(OAuthService.TOKEN_TYPE.values()[d.type].name());
} else {
token.setTokenType("Invalid");
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java
index ac015c81..33df05fa 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/mapper/MapperIntrospect1_0.java
@@ -32,19 +32,19 @@ import aafoauth.v2_0.Introspect;
public class MapperIntrospect1_0 implements MapperIntrospect<Introspect> {
public Result<Introspect> introspect(Result<Data> rs) {
- if(rs.isOKhasData()) {
+ if (rs.isOKhasData()) {
Data data = rs.value;
Introspect ti = new Introspect();
ti.setAccessToken(data.id);
ti.setActive(data.active);
ti.setClientId(data.client_id);
- for(CLIENT_TYPE ct : CLIENT_TYPE.values()) {
- if(data.type==ct.ordinal()) {
+ for (CLIENT_TYPE ct : CLIENT_TYPE.values()) {
+ if (data.type==ct.ordinal()) {
ti.setClientType(ct.name());
break;
}
}
- if(ti.getClientType()==null) {
+ if (ti.getClientType()==null) {
ti.setClientType(CLIENT_TYPE.unknown.name());
}
ti.setActive(data.active);
@@ -60,8 +60,8 @@ public class MapperIntrospect1_0 implements MapperIntrospect<Introspect> {
protected static String getScopes(Set<String> scopes) {
StringBuilder sb = new StringBuilder();
boolean start = true;
- for(String s : scopes) {
- if(start) {
+ for (String s : scopes) {
+ if (start) {
start = false;
} else {
sb.append(' ');
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
index 886b06c5..8bceb2ab 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
@@ -52,8 +52,8 @@ public class JSONPermLoaderFactory {
pathinfo.append(user);
pathinfo.append("?scopes=");
boolean first = true;
- for(String s : scopes) {
- if(first) {
+ for (String s : scopes) {
+ if (first) {
first = false;
} else {
pathinfo.append(':');
@@ -63,9 +63,9 @@ public class JSONPermLoaderFactory {
TimeTaken tt = trans.start("Call AAF Service", Env.REMOTE);
try {
Future<String> fs = c.read(pathinfo.toString(), "application/Perms+json;charset=utf-8;version=2.0");
- if(fs.get(timeout)) {
+ if (fs.get(timeout)) {
return Result.ok(fs.body());
- } else if(fs.code()==404) {
+ } else if (fs.code()==404) {
return Result.err(Result.ERR_NotFound,fs.body());
} else {
return Result.err(Result.ERR_Backend,"Error accessing AAF %s: %s",Integer.toString(fs.code()),fs.body());
@@ -86,15 +86,15 @@ public class JSONPermLoaderFactory {
} finally {
tt.done();
}
- if(pd.notOK()) {
+ if (pd.notOK()) {
return Result.err(pd);
}
// Since we know it is
StringBuilder sb = new StringBuilder("{\"perm\":[");
boolean first = true;
- for(PermDAO.Data d : pd.value) {
- if(scopes.contains(d.ns)) {
- if(first) {
+ for (PermDAO.Data d : pd.value) {
+ if (scopes.contains(d.ns)) {
+ if (first) {
first = false;
} else {
sb.append(',');
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
index 1d926a74..e3aed80c 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
@@ -82,7 +82,7 @@ public class OAuthService {
};
try {
String alt_url = access.getProperty(Config.AAF_ALT_OAUTH2_INTROSPECT_URL,null);
- if(alt_url!=null) {
+ if (alt_url!=null) {
tcf = TokenClientFactory.instance(access);
String[] split = Split.split(',', alt_url);
int timeout = split.length>1?Integer.parseInt(split[1]):3000;
@@ -101,7 +101,7 @@ public class OAuthService {
}
public Result<Void> validate(AuthzTrans trans, OCreds creds) {
- if(directUserPass.validate(creds.username, Type.PASSWORD, creds.password, trans)) {
+ if (directUserPass.validate(creds.username, Type.PASSWORD, creds.password, trans)) {
return Result.ok();
} else {
return Result.err(Result.ERR_Security, "Invalid Credential for ",creds.username);
@@ -121,7 +121,7 @@ public class OAuthService {
}
private Result<Data> createBearerToken(AuthzTrans trans, OAuthTokenDAO.Data odd) {
- if(odd.user==null) {
+ if (odd.user==null) {
odd.user = trans.user();
}
odd.id = AAFToken.toToken(UUID.randomUUID());
@@ -134,7 +134,7 @@ public class OAuthService {
try {
Result<Data> rd = loadToken(trans, odd);
- if(rd.notOK()) {
+ if (rd.notOK()) {
return rd;
}
} catch (APIException | CadiException e) {
@@ -145,11 +145,11 @@ public class OAuthService {
private Result<Data> loadToken(AuthzTrans trans, Data odd) throws APIException, CadiException {
Result<String> rs = permLoader.loadJSONPerms(trans,odd.user,odd.scopes(false));
- if(rs.isOK()) {
+ if (rs.isOK()) {
odd.content = rs.value;
odd.type = TOKEN_TYPE.bearer.ordinal();
return Result.ok(odd);
- } else if(rs.status == Result.ERR_NotFound || rs.status==Status.ERR_UserRoleNotFound) {
+ } else if (rs.status == Result.ERR_NotFound || rs.status==Status.ERR_UserRoleNotFound) {
odd.type = TOKEN_TYPE.bearer.ordinal();
return Result.ok(odd);
} else {
@@ -161,28 +161,28 @@ public class OAuthService {
private Result<Data> refreshBearerToken(AuthzTrans trans, Data odd) {
Result<List<Data>> rld = tokenDAO.readByUser(trans, trans.user());
- if(rld.notOK()) {
+ if (rld.notOK()) {
return Result.err(rld);
}
- if(rld.isEmpty()) {
+ if (rld.isEmpty()) {
return Result.err(Result.ERR_NotFound,"Data not Found for %1 %2",trans.user(),odd.refresh==null?"":odd.refresh.toString());
}
Data token = null;
- for(Data d : rld.value) {
- if(d.refresh.equals(odd.refresh)) {
+ for (Data d : rld.value) {
+ if (d.refresh.equals(odd.refresh)) {
token = d;
boolean scopesNE = false;
Set<String> scopes = odd.scopes(false);
- if(scopes.size()>0) { // only check if Scopes listed, RFC 6749, Section 6
- if(scopesNE=!(scopes.size() == d.scopes(false).size())) {
- for(String s : odd.scopes(false)) {
- if(!d.scopes(false).contains(s)) {
+ if (scopes.size()>0) { // only check if Scopes listed, RFC 6749, Section 6
+ if (scopesNE=!(scopes.size() == d.scopes(false).size())) {
+ for (String s : odd.scopes(false)) {
+ if (!d.scopes(false).contains(s)) {
scopesNE=true;
break;
}
}
}
- if(scopesNE) {
+ if (scopesNE) {
return Result.err(Result.ERR_BadData,"Requested Scopes do not match existing Token");
}
}
@@ -190,7 +190,7 @@ public class OAuthService {
}
}
- if(token==null) {
+ if (token==null) {
trans.audit().printf("Duplicate Refresh Token (%s) attempted for %s. Possible Replay Attack",odd.refresh.toString(),trans.user());
return Result.err(Result.ERR_Security,"Invalid Refresh Token");
} else {
@@ -205,11 +205,11 @@ public class OAuthService {
token.exp_sec = exp/1000;
token.req_ip = trans.ip();
Result<Data> rd = tokenDAO.create(trans, token);
- if(rd.notOK()) {
+ if (rd.notOK()) {
return Result.err(rd);
}
Result<Void> rv = tokenDAO.delete(trans, deleteMe,false);
- if(rv.notOK()) {
+ if (rv.notOK()) {
trans.error().log("Unable to delete token", token);
}
}
@@ -220,22 +220,22 @@ public class OAuthService {
Result<List<Data>> rld;
try {
UUID uuid = AAFToken.fromToken(token);
- if(uuid==null) { // not an AAF Token
+ if (uuid==null) { // not an AAF Token
// Attempt to get Alternative Token
- if(altIntrospectClient!=null) {
+ if (altIntrospectClient!=null) {
org.onap.aaf.cadi.client.Result<Introspect> rai = altIntrospectClient.introspect(token);
- if(rai.isOK()) {
+ if (rai.isOK()) {
Introspect in = rai.value;
- if(in.getExp()==null) {
+ if (in.getExp()==null) {
trans.audit().printf("Alt OAuth sent back inactive, empty token: requesting_id,%s,access_token=%s,ip=%s\n",trans.user(),token,trans.ip());
}
long expires = in.getExp()*1000;
- if(in.isActive() && expires>System.currentTimeMillis()) {
+ if (in.isActive() && expires>System.currentTimeMillis()) {
// We have a good Token, modify to be Fully Qualified
String fqid = in.getUsername()+altDomain;
// read contents
rld = tokenDAO.read(trans, token);
- if(rld.isOKhasData()) {
+ if (rld.isOKhasData()) {
Data td = rld.value.get(0);
in.setContent(td.content);
} else {
@@ -248,8 +248,8 @@ public class OAuthService {
td.expires = new Date(expires);
td.exp_sec = in.getExp();
Set<String> scopes = td.scopes(true);
- if(in.getScope()!=null) {
- for(String s : Split.split(' ', in.getScope())) {
+ if (in.getScope()!=null) {
+ for (String s : Split.split(' ', in.getScope())) {
scopes.add(s);
}
}
@@ -277,13 +277,13 @@ public class OAuthService {
public Result<Data> dbIntrospect(final AuthzTrans trans, final String token) {
Result<List<Data>> rld = tokenDAO.read(trans, token);
- if(rld.notOKorIsEmpty()) {
+ if (rld.notOKorIsEmpty()) {
return Result.err(rld);
}
OAuthTokenDAO.Data odd = rld.value.get(0);
trans.checkpoint(odd.user + ':' + odd.client_id + ", " + odd.id);
- if(odd.active) {
- if(odd.expires.before(trans.now())) {
+ if (odd.active) {
+ if (odd.expires.before(trans.now())) {
return Result.err(Result.ERR_Policy,"Token %1 has expired",token);
}
return Result.ok(rld.value.get(0)); // ok keyed on id/token.
@@ -293,7 +293,7 @@ public class OAuthService {
}
public void close() {
- for(DAO<AuthzTrans,?> dao : daos) {
+ for (DAO<AuthzTrans,?> dao : daos) {
dao.close(NullTrans.singleton());
}
}