From b4922d319d293894fddd512d29b5f0d1411915d9 Mon Sep 17 00:00:00 2001
From: ARULNA <arul.nambi@amdocs.com>
Date: Mon, 12 Jun 2017 16:41:12 -0400
Subject: Initial commit for AAI-UI(sparky-backend)

Change-Id: I785397ed4197663cdf0c1351041d2f708ed08763
Signed-off-by: ARULNA <arul.nambi@amdocs.com>
---
 .../org/openecomp/sparky/security/EcompSso.java    | 160 +++++++++++++++++++++
 1 file changed, 160 insertions(+)
 create mode 100644 src/main/java/org/openecomp/sparky/security/EcompSso.java

(limited to 'src/main/java/org/openecomp/sparky/security/EcompSso.java')

diff --git a/src/main/java/org/openecomp/sparky/security/EcompSso.java b/src/main/java/org/openecomp/sparky/security/EcompSso.java
new file mode 100644
index 0000000..a008066
--- /dev/null
+++ b/src/main/java/org/openecomp/sparky/security/EcompSso.java
@@ -0,0 +1,160 @@
+/**
+ * ============LICENSE_START===================================================
+ * SPARKY (AAI UI service)
+ * ============================================================================
+ * Copyright © 2017 AT&T Intellectual Property.
+ * Copyright © 2017 Amdocs
+ * All rights reserved.
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ *
+ * ECOMP and OpenECOMP are trademarks
+ * and service marks of AT&T Intellectual Property.
+ */
+package org.openecomp.sparky.security;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+import org.openecomp.cl.api.Logger;
+import org.openecomp.cl.eelf.LoggerFactory;
+import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.openecomp.sparky.logging.AaiUiMsgs;
+import org.openecomp.sparky.security.portal.config.PortalAuthenticationConfig;
+import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
+
+
+/**
+ * Provides authentication services for onboarded ECOMP applications.
+ */
+public class EcompSso {
+
+  public static final String EP_SERVICE = "EPService";
+  public static final String CSP_COOKIE_NAME = "csp_cookie_name";
+  public static final String CSP_GATE_KEEPER_PROD_KEY = "csp_gate_keeper_prod_key";
+  public static final String ONAP_ENABLED = "ONAP_ENABLED"; 
+  private static final Logger LOG = LoggerFactory.getInstance().getLogger(EcompSso.class);
+
+  /**
+   * Searches the request for a cookie with the specified name.
+   *
+   * @param request
+   * @param cookieName
+   * @return Cookie, or null if not found.
+   */
+  public static Cookie getCookie(HttpServletRequest request, String cookieName) {
+    Cookie[] cookies = request.getCookies();
+    if (cookies != null)
+      for (Cookie cookie : cookies) {
+        if (cookie.getName().equals(cookieName)) {
+          return cookie;
+        }
+      }
+
+    return null;
+  }
+
+  /**
+   * Answers whether the ECOMP Portal service cookie is present in the specified request.
+   *
+   * @param request
+   * @return true if the cookie is found, else false.
+   */
+  private static boolean isEPServiceCookiePresent(HttpServletRequest request) {
+    Cookie ep = getCookie(request, EP_SERVICE);
+    return (ep != null);
+  }
+
+  /**
+   * Validates whether the ECOMP Portal sign-on process has completed, which relies the AT&T Global
+   * Log On single-sign on process. Checks for the ECOMP cookie (see {@link #EP_SERVICE}). If found,
+   * then searches for a CSP cookie; if not found, for a WebJunction header.
+   *
+   * @param request
+   * @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID;
+   *         else null.
+   */
+  public static String validateEcompSso(HttpServletRequest request) {
+    boolean isOnapEnabled = PortalAuthenticationConfig.getInstance().getIsOnapEnabled();
+    if (isOnapEnabled) {
+      if (isEPServiceCookiePresent(request)) {
+        /* This is a "temporary" fix until proper separation
+         * between closed source and open source code is reached */
+        return ONAP_ENABLED;
+      } 
+      return null;
+    } else {
+      return getLoginIdFromCookie(request);
+    }
+  }
+
+  /**
+   * Searches the specified request for the CSP cookie, decodes it and gets the ATT UID.
+   *
+   * @param request
+   * @return ATTUID if the cookie is present in the request and can be decoded successfully (expired
+   *         cookies do not decode); else null.
+   */
+  private static String getLoginIdFromCookie(HttpServletRequest request) {
+    String attuid = null;
+    try {
+      String[] cspFields = getCspData(request);
+      if (cspFields != null && cspFields.length > 5)
+        attuid = cspFields[5];
+    } catch (Throwable t) {
+      LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
+          "getLoginIdFromCookie failed " + t.getLocalizedMessage());
+    }
+    return attuid;
+  }
+
+  /**
+   * Searches the specified request for the CSP cookie, decodes it and parses it to a String array.
+   *
+   * @param request
+   * @return Array of String as parsed from the cookie; null if the cookie is not present; empty
+   *         array if the cookie could not be decoded.
+   */
+  private static String[] getCspData(HttpServletRequest request) {
+    final String cookieName = PortalApiProperties.getProperty(CSP_COOKIE_NAME);
+    if (cookieName == null) {
+      LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
+          "getCspData: Failed to get property " + CSP_COOKIE_NAME);
+      return null;
+    }
+    Cookie csp = getCookie(request, cookieName);
+    if (csp == null) {
+      LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName);
+      return null;
+    }
+    final String cspCookieEncrypted = csp.getValue();
+
+    String gateKeeperProdKey = PortalApiProperties.getProperty(CSP_GATE_KEEPER_PROD_KEY);
+    if (gateKeeperProdKey == null) {
+      LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
+          "getCspData: failed to get property " + CSP_GATE_KEEPER_PROD_KEY);
+    }
+
+    String cspCookieDecrypted = "";
+    try {
+      cspCookieDecrypted = CipherUtil.decrypt(cspCookieEncrypted,"");
+    } catch (Exception e) {
+      LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
+          "decrypting cookie failed " + e.getLocalizedMessage());
+    }
+
+    String[] cspData = cspCookieDecrypted.split("\\|");
+    return cspData;
+  }
+}
-- 
cgit 1.2.3-korg