From 4a51a8f96715ffb2a42189b93b9fa91b453b8530 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:39:12 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ia1dd196befd061f6ba0c2be6bf4456a30ea50f97 Signed-off-by: sg481n --- .../com/att/cadi/aaf/v2_0/AAFTrustChecker.java | 91 ++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java (limited to 'aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java') diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java new file mode 100644 index 0000000..cc1e16c --- /dev/null +++ b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java @@ -0,0 +1,91 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.aaf.v2_0; + +import javax.servlet.http.HttpServletRequest ; + +import com.att.cadi.Lur; +import com.att.cadi.TrustChecker; +import com.att.cadi.aaf.AAFPermission; +import com.att.cadi.principal.TrustPrincipal; +import com.att.cadi.taf.TafResp; +import com.att.cadi.taf.TrustNotTafResp; +import com.att.cadi.taf.TrustTafResp; +import com.att.inno.env.util.Split; + +public class AAFTrustChecker implements TrustChecker { + private final String tag,type,instance,action; + private Lur lur; + + /** + * + * Instance will be replaced by Identity + * @param lur + * + * @param tag + * @param perm + */ + public AAFTrustChecker(final String tag, final String perm) { + this.tag = tag; + String[] split = Split.split('|', perm); + this.type = split[0]; + this.instance = split[1]; + this.action = split[2]; + } + + /* (non-Javadoc) + * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur) + */ + @Override + public void setLur(Lur lur) { + this.lur = lur; + } + + @Override + public TafResp mayTrust(TafResp tresp, HttpServletRequest req) { + String user_info = req.getHeader(tag); + if(user_info !=null ) { + String[] info = Split.split(',', user_info); + if(info.length>0) { + String[] flds = Split.split(':',info[0]); + if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS" + if(!tresp.getPrincipal().getName().equals(flds[0])) { // We do trust ourselves, if a trust entry is made with self + if(lur.fish(tresp.getPrincipal(), new AAFPermission(type,instance,action))) { + return new TrustTafResp(tresp, + new TrustPrincipal(tresp.getPrincipal(), flds[0]), + " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',' + ); + } else { + return new TrustNotTafResp(tresp, " " + tresp.getPrincipal().getName() + + " requested identity change to " + flds[0] + ", but does not have Authorization"); + } + } + } + } + } + + return tresp; + } + +} -- cgit 1.2.3-korg