From ca76fbda94492f1b0c895ff0f4070381f17472f0 Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Mon, 2 Jul 2018 21:41:55 -0500
Subject: Add ability for BAuth by domain

Issue-ID: AAF-361
Change-Id: I6f437ffcfef5555f44acfb32fd6020f86f8cf403
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../org/onap/aaf/auth/service/AAF_Service.java     |  6 +--
 .../aaf/auth/service/AuthzCassServiceImpl.java     |  1 -
 .../org/onap/aaf/auth/service/api/API_Creds.java   | 47 ++++++++++++++--------
 3 files changed, 34 insertions(+), 20 deletions(-)

(limited to 'auth/auth-service/src/main/java/org')

diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
index 3ae2fbfb..40640007 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
@@ -163,9 +163,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
 		try {
         	Object[] atl=new Object[additionalTafLurs.length+2];
         	atl[0]=new DirectAAFLur(env,question); // Note, this will be assigned by AuthzTransFilter to TrustChecker
-			atl[1]=new BasicHttpTaf(env, directAAFUserPass,
-				domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)),
-				false);
+			atl[1]= new BasicHttpTaf(env, directAAFUserPass,
+					domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)),
+					false);
 
 	        if(additionalTafLurs.length>0) {
 	        	System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 519721ce..f3207798 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -532,7 +532,6 @@ public class AuthzCassServiceImpl	<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS
 		NSS nss = mapper.newInstance(API.NSS);
 		// Note: "loadNamespace" already validates view of Namespace
 		return mapper.nss(trans, rn.value, nss);
-
 	}
 
 	@ApiDoc(
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index d31c9d01..390c3089 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -42,9 +42,11 @@ import org.onap.aaf.auth.service.Code;
 import org.onap.aaf.auth.service.facade.AuthzFacade;
 import org.onap.aaf.auth.service.mapper.Mapper.API;
 import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.CredVal.Type;
 import org.onap.aaf.cadi.Symm;
 import org.onap.aaf.cadi.principal.BasicPrincipal;
 import org.onap.aaf.cadi.principal.X509Principal;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
 import org.onap.aaf.misc.env.Env;
 import org.onap.aaf.misc.env.TimeTaken;
 
@@ -90,23 +92,36 @@ public class API_Creds {
 					// have to check Basic Auth here, because it might be CSP.
 					String authz = req.getHeader("Authorization");
 					if(authz.startsWith("Basic ")) {
-						String decoded = Symm.base64noSplit.decode(authz.substring(6));
-						int colon = decoded.indexOf(':');
-						TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
-						try {
-							if(directAAFUserPass.validate(
-									decoded.substring(0,colon), 
-									CredVal.Type.PASSWORD , 
-									decoded.substring(colon+1).getBytes(),trans)) {
-								
-								resp.setStatus(HttpStatus.OK_200);
-							} else {
-								// DME2 at this version crashes without some sort of response
-								resp.getOutputStream().print("");
-								resp.setStatus(HttpStatus.FORBIDDEN_403);
+						BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); 
+						if(bht!=null) {
+							BasicPrincipal bp = new BasicPrincipal(authz,"");
+							CredVal cv = bht.getCredVal(bp.getDomain());
+							if(cv!=null) {
+								if(cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) {
+									resp.setStatus(HttpStatus.OK_200);
+								} else {
+									resp.setStatus(HttpStatus.FORBIDDEN_403);
+								}
+							}
+						} else {
+							String decoded = Symm.base64noSplit.decode(authz.substring(6));
+							int colon = decoded.indexOf(':');
+							TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
+							try {
+								if(directAAFUserPass.validate(
+										decoded.substring(0,colon), 
+										CredVal.Type.PASSWORD , 
+										decoded.substring(colon+1).getBytes(),trans)) {
+									
+									resp.setStatus(HttpStatus.OK_200);
+								} else {
+									// DME2 at this version crashes without some sort of response
+									resp.getOutputStream().print("");
+									resp.setStatus(HttpStatus.FORBIDDEN_403);
+								}
+							} finally {
+								tt.done();
 							}
-						} finally {
-							tt.done();
 						}
 					}
 				} else if(p == null) {
-- 
cgit 1.2.3-korg