summaryrefslogtreecommitdiffstats
path: root/cadi/core
diff options
context:
space:
mode:
Diffstat (limited to 'cadi/core')
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java74
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java17
-rw-r--r--cadi/core/src/test/resources/output_key1
-rw-r--r--cadi/core/test/output_key27
5 files changed, 72 insertions, 48 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 8525ac59..d7c7526f 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -65,7 +65,14 @@ import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
*/
public class Config {
-
+ private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0";
+ private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon";
+ private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm";
+ private static final String OAUTH = "org.onap.auth.oauth";
+ private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
+ private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
+ private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
+
public static final String UTF_8 = "UTF-8";
// Property Names associated with configurations.
@@ -191,7 +198,7 @@ public class Config {
private static String defaultRealm="none";
public static final String AAF_DOMAIN_SUPPORT = "aaf_domain_support";
- public static final String AAF_DOMAIN_SUPPORT_DEF = ".com";
+ public static final String AAF_DOMAIN_SUPPORT_DEF = ".com:.org";
// OAUTH2
public static final String AAF_OAUTH2_TOKEN_URL = "aaf_oauth2_token_url";
@@ -207,19 +214,11 @@ public class Config {
public static void setDefaultRealm(Access access) throws CadiException {
try {
- boolean hasCSP;
- try {
- Class.forName("org.osaaf.cadi.taf.csp.CSPTaf");
- hasCSP=true;
- } catch(ClassNotFoundException e) {
- hasCSP = logProp(access,Config.CSP_DOMAIN, null)!=null;
- }
defaultRealm = logProp(access,Config.AAF_DEFAULT_REALM,
- hasCSP?"csp.att.com":
- logProp(access,Config.BASIC_REALM,
- logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())
- )
- );
+ logProp(access,Config.BASIC_REALM,
+ logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())
+ )
+ );
} catch (UnknownHostException e) {
//defaultRealm="none";
}
@@ -393,7 +392,7 @@ public class Config {
String oauth_token_url = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null);
Class<?> oadtClss;
try {
- oadtClss = Class.forName("org.osaaf.authz.oauth.OAuthDirectTAF");
+ oadtClss = Class.forName(OAUTH_DIRECT_TAF);
} catch (ClassNotFoundException e1) {
oadtClss = null;
}
@@ -408,9 +407,9 @@ public class Config {
} else if(oauth_token_url!=null) {
String oauth_introspect_url = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null);
@SuppressWarnings("unchecked")
- Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,"org.osaaf.cadi.oauth.OAuth2HttpTaf");
+ Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF);
if(oaTCls!=null) {
- Class<?> oaTTmgrCls = loadClass(access, "org.osaaf.cadi.oauth.TokenMgr");
+ Class<?> oaTTmgrCls = loadClass(access, OAUTH_TOKEN_MGR);
if(oaTTmgrCls!=null) {
try {
Method oaTTmgrGI = oaTTmgrCls.getMethod("getInstance",PropAccess.class,String.class,String.class);
@@ -565,15 +564,15 @@ public class Config {
if(aafURL==null) {
access.log(Level.INIT,"No AAF LUR properties, AAF will not be loaded");
} else {// There's an AAF_URL... try to configure an AAF
- String aafLurClassStr = logProp(access,AAF_LUR_CLASS,"org.osaaf.cadi.aaf.v2_0.AAFLurPerm");
+ String aafLurClassStr = logProp(access,AAF_LUR_CLASS,AAF_V2_0_AAF_LUR_PERM);
////////////AAF Lur 2.0 /////////////
- if(aafLurClassStr!=null && aafLurClassStr.startsWith("org.osaaf.cadi.aaf.v2_0")) {
+ if(aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) {
try {
Object aafcon = loadAAFConnector(si, aafURL);
if(aafcon==null) {
access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object.");
} else {
- Class<?> aafAbsAAFCon = loadClass(access, "org.osaaf.cadi.aaf.v2_0.AAFCon");
+ Class<?> aafAbsAAFCon = loadClass(access, AAF_V2_0_AAFCON);
if(aafAbsAAFCon!=null) {
Method mNewLur = aafAbsAAFCon.getMethod("newLur");
Object aaflur = mNewLur.invoke(aafcon);
@@ -639,30 +638,31 @@ public class Config {
return false;
}
- private static final String COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP = "org.osaaf.cadi.aaf.v2_0.AAFConHttp";
+ private static final String AAF_V2_0_AAF_CON_HTTP = "org.onap.aaf.cadi.aaf.v2_0.AAFConHttp";
+
public static Object loadAAFConnector(SecurityInfoC<HttpURLConnection> si, String aafURL) {
Access access = si.access;
Object aafcon = null;
Class<?> aafConClass = null;
try {
- if(aafURL!=null) {
- String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
- if(COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
- aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
- if(aafConClass!=null) {
- for(Constructor<?> c : aafConClass.getConstructors()) {
+ if (aafURL!=null) {
+ String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, AAF_V2_0_AAF_CON_HTTP);
+ if (AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
+ aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP);
+ if (aafConClass != null) {
+ for (Constructor<?> c : aafConClass.getConstructors()) {
List<Object> lo = new ArrayList<Object>();
- for(Class<?> pc : c.getParameterTypes()) {
- if(pc.equals(PropAccess.class)) {
+ for (Class<?> pc : c.getParameterTypes()) {
+ if (pc.equals(Access.class)) {
lo.add(access);
- } else if(pc.equals(Locator.class)) {
+ } else if (pc.equals(Locator.class)) {
lo.add(loadLocator(si, aafURL));
} else {
continue;
}
}
- if(c.getParameterTypes().length!=lo.size()) {
+ if (c.getParameterTypes().length != lo.size()) {
continue; // back to another Constructor
} else {
aafcon = c.newInstance(lo.toArray());
@@ -671,13 +671,13 @@ public class Config {
}
}
}
- if(aafcon!=null) {
- String mechid = logProp(access,Config.AAF_APPID, null);
+ if (aafcon != null) {
+ String mechid = logProp(access, Config.AAF_APPID, null);
String pass = access.getProperty(Config.AAF_APPPASS, null);
- if(mechid!=null && pass!=null) {
+ if (mechid != null && pass != null) {
try {
Method basicAuth = aafConClass.getMethod("basicAuth", String.class, String.class);
- basicAuth.invoke(aafcon, mechid,pass);
+ basicAuth.invoke(aafcon, mechid, pass);
} catch (NoSuchMethodException nsme) {
// it's ok, don't use
}
@@ -685,9 +685,9 @@ public class Config {
}
}
} catch (Exception e) {
- access.log(e,"AAF Connector could not be constructed with given Constructors.");
+ access.log(e, "AAF Connector could not be constructed with given Constructors.");
}
-
+
return aafcon;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
index d1c40b23..006d6b4e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
@@ -100,6 +100,7 @@ public class CadiHTTPManip {
}
SecurityInfoC<HttpURLConnection> si;
si = SecurityInfoC.instance(access, HttpURLConnection.class);
+
lur = Config.configLur(si, con, additionalTafLurs);
tc.setLur(lur);
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
index e575be14..cc283973 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
@@ -30,13 +30,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CachedPrincipal;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
-import org.onap.aaf.cadi.TrustChecker;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.Taf.LifeForm;
+import org.onap.aaf.cadi.TrustChecker;
/**
* HttpEpiTaf
@@ -153,18 +153,13 @@ public class HttpEpiTaf implements HttpTaf {
private LifeForm tricorderScan(HttpServletRequest req) {
// For simplicity's sake, we'll say Humans use FQDNs, not IPs.
- String auth = req.getParameter("Authentication");
- if(auth!=null) {
- if("BasicAuth".equals(auth)) {
- return LifeForm.SBLF;
- }
- }
// Current guess that only Browsers bother to set "Agent" codes that identify the kind of browser they are.
// If mechanical frameworks are found that populate this, then more advanced analysis may be required
// Jonathan 1/22/2013
String agent = req.getHeader("User-Agent");
- if(agent!=null && agent.startsWith("Mozilla")) // covers I.E./Firefox/Safari/probably any other "advanced" Browser see http://en.wikipedia.org/wiki/User_agent
- return LifeForm.CBLF;
+ if(agent!=null && agent.startsWith("Mozilla")) { // covers I.E./Firefox/Safari/probably any other "advanced" Browser see http://en.wikipedia.org/wiki/User_agent
+ return LifeForm.CBLF;
+ }
return LifeForm.SBLF; // notably skips "curl","wget", (which is desired behavior. We don't want to try CSP, etc on these)
}
diff --git a/cadi/core/src/test/resources/output_key b/cadi/core/src/test/resources/output_key
new file mode 100644
index 00000000..9d94dcbd
--- /dev/null
+++ b/cadi/core/src/test/resources/output_key
@@ -0,0 +1 @@
+QRSTUVWXYZabcdef \ No newline at end of file
diff --git a/cadi/core/test/output_key b/cadi/core/test/output_key
new file mode 100644
index 00000000..353fabd2
--- /dev/null
+++ b/cadi/core/test/output_key
@@ -0,0 +1,27 @@
+g6wDq10CsnMUE0HB18N2UsrFri27TBG05Z1JzrvNSPUhIphFcv7gst-eHKvfbgffKF-rs9Zkjd5F
+3FZDci9MlG4vhwrXHXLgo6DXEVH4FsfT5MP__E3yrnuGOcDI4kWUFdni3xG48PXNcT_xQoPb6JRO
+dI3PiRRhgpvxuIL8O6iptFRoEilywvb8ySRFJA1XkRxCq-btzSpAHdMkBF-YnwMQYASveKXUddgo
+Ab6Rvn6u8cDVWTIvmlEQe2el6dcKOOeMc5Ipc0AXsTLpGmhMVySEeyzKysHk0c1BiGxTulqZQcHP
+L9uDFMxqL_GBwQOM4Xfu5wD_Dh1zNoKIpPta1AORjqlaUFOEsVWIn5oOKnimz4aNOjUku7tj3OKi
+c-AsphXLIpmodQD4uZBynwhIjuNcJ3-SRZ3_SHnXqvf8gE-4jab2baMEX_QJ2GXumcOdZujDp8yz
+3hCBlsToWXD-IatJ9dv_1gSn2_VOcXIhaNwe4YomaBVsQ4QqOkFWP9ZH3IfHrcCWZGt_HKg87NrJ
+PASZ9yzlBLBTI7XFOg4rqU7l-b6-LpTLm36c0f5ImPzr-kHpE--y0cuTfdI4CEv3dJMGysKOfXax
+N4tgR5t7ArQdFhLyo5mH-L5l973yuqJGVeRlTsYBYsHEb5vtIZxrYlebU9SSMmL9J-xI-hQV5tV7
+VR2C_zIKGL2nAq-tfVaiD1-M-SZW0S5VNmM-zXVxPT7jalCdHl6Dca47MhwQBVv_fxB5Nsahf10X
+MT58fLLi7C2aCIAPqFyu0e3B_yuAnhDzdkS_TmtX9ke25BSZe8Ql0lni9USKxwykfoRpt7UtdAId
+l8XxAgksLoDwxpL_EGz4I0jQN-4ziCVHpZNQmX08XUQ7Gx_xMtrIi21QRUhF04ZxLxlwTXjsr_Tj
+jO2Y6xs-S0wShAXGA8qZWdUXqO-zg6pGQ51RWf1HZYvgCDy1E0LiBEdlGye0dFzy1jS2DRg-3ByC
+oYtQmOmuyvOoCAH4B7C2fWSW8Kn2ps2VvHTmk7b7ZcWlteNWfjezaU4W2JQclBP8UzcfuuMohZgP
+eYRTQ_vTxvwbVBESBNpcfW3Og5sru0FhHbKyL6UE5iOxAnnf06bMOCesDRDm4yTcCbCCya-norY9
+aWiFbXKyFUqZVbmCSRd1hv-FJazsfXgJneeTvzyRg1vPQhnmyngwm0H1S7YPAGPL2B6Ir-nMCzLR
+oscgShrIPR7YnemaZxqwMES6iWqnnPNOJO3NRAs7iVw71sIh1BNoDdHYqETsGcmiFiZsNc-LEIFe
+c3nmCZ9VufLaYPpYDyTqHjijc0p2gtZtxCyrtSKJO-7Y4rtv9vCOfub7Vn8na_-DtIKUL2Lzspne
+dmS5_yetSJ-mNtzB__1jJk-Ke65mZ1BNJ4zMv839rC1rrb63kPZsdQp0w2hnNm-ttWXDN0nnyLOY
+Vz6p9BLrVAg9kA4Y0DFsI3qqEA1Xhuc9LuKLIGiCuGfa6ydoIzDRvlDTJR-Kju1A8npgzQTxGFSo
+P2A4f8E8doF9Lbt46yQQx0S14kS-1sPHUAc-Lqx5lnLcDxU1e4kgDrgbQ2Tly60tIhU_es9m1RZP
+5c4-VyjgDXmKxCIaq53VihbPmGi626xfX0Ez5sosEDQSvEGsxRwEBsO1Mif2b2a1IERpUqCafAjo
+rfN6DbKhWUINOGsDcRvZFWcR1dGuboopxpTxwXNhZxKb_0WPraLBkdzWC2rF7_JQc0o6LetalSUZ
+HjbMIsyvME5sA0JF5dLXEdPmHKs4XQOQPYi6yMz78wz7qNwvGI_qAQEK3cAriBJx7mxZry7DRa7Z
+UvmaESHb3j80InnqiEcC_gF-smViBsyxIZzGPdXD7mwa91829obATzs08769bXh_MlCYkVqrXM-A
+Il2NI0ocRziAkRnyFk1NzL9sghQ_9EIarjTGJv8xQCHfUibksmk0pQJFt8Z8_gXPOprLZB3DZytT
+6mNiawvv0H5phK9Fdm2seytkouSfmgDcY5wSeytgmtZSwGe12BoQUrtTJoOGV6BmYxOCMTC1 \ No newline at end of file