aboutsummaryrefslogtreecommitdiffstats
path: root/ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java
diff options
context:
space:
mode:
Diffstat (limited to 'ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java')
-rw-r--r--ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java94
1 files changed, 94 insertions, 0 deletions
diff --git a/ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java b/ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java
new file mode 100644
index 0000000..11de8ad
--- /dev/null
+++ b/ajsc-aai/src/main/java/org/openecomp/aai/util/CNName.java
@@ -0,0 +1,94 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.openecomp.aai
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.aai.util;
+
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.http.HttpServletRequest;
+
+import ch.qos.logback.access.pattern.AccessConverter;
+import ch.qos.logback.access.spi.IAccessEvent;
+
+import static java.util.Base64.getDecoder;
+
+public class CNName extends AccessConverter {
+
+ /**
+ * Converts access events to String response codes
+ *
+ * @param accessEvent the IAccessEvent
+ */
+ public String convert(IAccessEvent accessEvent) {
+ if (!isStarted()) {
+ return "INACTIVE_HEADER_CONV";
+ }
+
+ String cipherSuite = (String) accessEvent.getRequest().getAttribute("javax.servlet.request.cipher_suite");
+ String authUser = null;
+ if (cipherSuite != null) {
+ try {
+ X509Certificate certChain[] = (X509Certificate[]) accessEvent.getRequest()
+ .getAttribute("javax.servlet.request.X509Certificate");
+ if(certChain == null || certChain.length == 0){
+
+ HttpServletRequest request = accessEvent.getRequest();
+
+ String authorization = request.getHeader("Authorization");
+
+ // Set the auth user to "-" so if the authorization header is not found
+ // Or if the decoded basic auth credentials are not found in the format required
+ // it should return "-"
+ // If the decoded string is in the right format, find the index of ":"
+ // Then get the substring of the starting point to the colon not including the colon
+
+ authUser = "-";
+
+ if(authorization != null && authorization.startsWith("Basic ")){
+ String credentials = authorization.replace("Basic ", "");
+ byte[] userCredentials = getDecoder().decode(credentials.getBytes("utf-8"));
+ credentials = new String(userCredentials);
+
+ int codePoint = credentials.indexOf(':');
+
+ if(codePoint != -1){
+ authUser = credentials.substring(0, codePoint);
+ }
+
+ }
+
+ return authUser;
+
+ } else {
+ X509Certificate clientCert = certChain[0];
+ X500Principal subjectDN = clientCert.getSubjectX500Principal();
+ authUser = subjectDN.toString();
+ return authUser;
+ }
+ } catch(Exception ex){
+ return "-";
+ }
+ } else {
+ return "-";
+ }
+ }
+
+}