From 1ab4d44603a91a84a34e34b5fc896fe8a227bca4 Mon Sep 17 00:00:00 2001 From: "arul.nambi" Date: Thu, 31 Aug 2017 15:15:00 -0400 Subject: [AAI-244] grep scan Issue-ID:AAI-244 Change-Id: Ibc51a8c72c411cff9ffc5b58bd40439ff3d703be Signed-off-by: arul.nambi --- .../org/openecomp/sparky/JaxrsUserService.java | 61 ----- .../sparky/dal/aai/ActiveInventoryAdapter.java | 1 - .../sparky/dal/cache/PersistentEntityCache.java | 55 ----- .../org/openecomp/sparky/security/EcompSso.java | 12 +- .../sparky/security/filter/CspCookieFilter.java | 268 --------------------- .../org/openecomp/sparky/util/KeystoreBuilder.java | 6 +- .../java/org/openecomp/sparky/util/NodeUtils.java | 4 +- .../viewandinspect/entity/ActiveInventoryNode.java | 4 +- 8 files changed, 12 insertions(+), 399 deletions(-) delete mode 100644 src/main/java/org/openecomp/sparky/JaxrsUserService.java delete mode 100644 src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java (limited to 'src/main/java') diff --git a/src/main/java/org/openecomp/sparky/JaxrsUserService.java b/src/main/java/org/openecomp/sparky/JaxrsUserService.java deleted file mode 100644 index 1353acd..0000000 --- a/src/main/java/org/openecomp/sparky/JaxrsUserService.java +++ /dev/null @@ -1,61 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * Copyright © 2017 Amdocs - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - */ -package org.openecomp.sparky; - -import java.util.HashMap; -import java.util.Map; - -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; - -/** - * The Class JaxrsUserService. - */ -@Path("/user") -public class JaxrsUserService { - - private static final Map userIdToNameMap; - - static { - userIdToNameMap = new HashMap(); - userIdToNameMap.put("dw113c", "Doug Wait"); - userIdToNameMap.put("so401q", "Stuart O'Day"); - } - - /** - * Lookup user. - * - * @param userId the user id - * @return the string - */ - @GET - @Path("/{userId}") - @Produces("text/plain") - public String lookupUser(@PathParam("userId") String userId) { - String name = userIdToNameMap.get(userId); - return name != null ? name : "unknown id"; - } - -} diff --git a/src/main/java/org/openecomp/sparky/dal/aai/ActiveInventoryAdapter.java b/src/main/java/org/openecomp/sparky/dal/aai/ActiveInventoryAdapter.java index eade96c..0f1ed36 100644 --- a/src/main/java/org/openecomp/sparky/dal/aai/ActiveInventoryAdapter.java +++ b/src/main/java/org/openecomp/sparky/dal/aai/ActiveInventoryAdapter.java @@ -251,7 +251,6 @@ public class ActiveInventoryAdapter extends RestfulDataAccessor "Failed to getSelfLinkForEntity() because primaryKeyValue is null"); } - // https://aai-int1.test.att.com:8443/aai/v8/search/generic-query?key=complex.physical-location-id:atlngade&start-node-type=complex /* * Try to protect ourselves from illegal URI formatting exceptions caused by characters that diff --git a/src/main/java/org/openecomp/sparky/dal/cache/PersistentEntityCache.java b/src/main/java/org/openecomp/sparky/dal/cache/PersistentEntityCache.java index 6749c1f..9ee7680 100644 --- a/src/main/java/org/openecomp/sparky/dal/cache/PersistentEntityCache.java +++ b/src/main/java/org/openecomp/sparky/dal/cache/PersistentEntityCache.java @@ -221,61 +221,6 @@ public class PersistentEntityCache implements EntityCache { } - /** - * The main method. - * - * @param args the arguments - * @throws URISyntaxException the URI syntax exception - */ - public static void main(String[] args) throws URISyntaxException { - - OperationResult or = new OperationResult(); - or.setResult("asdjashdkajsdhaksdj"); - or.setResultCode(200); - - String url1 = "https://aai-int1.dev.att.com:8443/aai/v8/search/nodes-query?" - + "search-node-type=tenant&filter=tenant-id:EXISTS"; - - or.setRequestLink(url1); - - PersistentEntityCache pec = new PersistentEntityCache("e:\\my_special_folder", 5); - String k1 = NodeUtils.generateUniqueShaDigest(url1); - pec.put(k1, or); - - String url2 = - "https://aai-int1.dev.att.com:8443/aai/v8/network/vnfcs/vnfc/trial-vnfc?nodes-only"; - or.setRequestLink(url2); - String k2 = NodeUtils.generateUniqueShaDigest(url2); - pec.put(k2, or); - - String url3 = "https://1.2.3.4:8443/aai/v8/network/vnfcs/vnfc/trial-vnfc?nodes-only"; - or.setRequestLink(url3); - String k3 = NodeUtils.generateUniqueShaDigest(url3); - pec.put(k3, or); - - pec.shutdown(); - - /* - * URI uri1 = new URI(url1); - * - * System.out.println("schemea = " + uri1.getScheme()); System.out.println("host = " + - * uri1.getHost()); - * - * String host = uri1.getHost(); String[] tokens = host.split("\\."); - * System.out.println(Arrays.asList(tokens)); ArrayList tokenList = new - * ArrayList(Arrays.asList(tokens)); //tokenList.remove(tokens.length-1); String - * hostAsPathElement = NodeUtils.concatArray(tokenList, "_"); - * - * System.out.println("hostAsPathElement = " + hostAsPathElement); - * - * - * System.out.println("port = " + uri1.getPort()); System.out.println("path = " + - * uri1.getPath()); System.out.println("query = " + uri1.getQuery()); System.out.println( - * "fragment = " + uri1.getFragment()); - */ - - - } /* (non-Javadoc) * @see org.openecomp.sparky.dal.cache.EntityCache#shutdown() diff --git a/src/main/java/org/openecomp/sparky/security/EcompSso.java b/src/main/java/org/openecomp/sparky/security/EcompSso.java index 654af96..c771e6c 100644 --- a/src/main/java/org/openecomp/sparky/security/EcompSso.java +++ b/src/main/java/org/openecomp/sparky/security/EcompSso.java @@ -80,7 +80,7 @@ public class EcompSso { * then searches for a CSP cookie; if not found, for a WebJunction header. * * @param request - * @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID; + * @return User ID if the ECOMP cookie is present and the sign-on process established an User ID; * else null. */ public static String validateEcompSso(HttpServletRequest request) { @@ -98,23 +98,23 @@ public class EcompSso { } /** - * Searches the specified request for the CSP cookie, decodes it and gets the ATT UID. + * Searches the specified request for the CSP cookie, decodes it and gets the User ID. * * @param request - * @return ATTUID if the cookie is present in the request and can be decoded successfully (expired + * @return User ID if the cookie is present in the request and can be decoded successfully (expired * cookies do not decode); else null. */ private static String getLoginIdFromCookie(HttpServletRequest request) { - String attuid = null; + String userid = null; try { String[] cspFields = getCspData(request); if (cspFields != null && cspFields.length > 5) - attuid = cspFields[5]; + userid = cspFields[5]; } catch (Throwable t) { LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO, "getLoginIdFromCookie failed " + t.getLocalizedMessage()); } - return attuid; + return userid; } /** diff --git a/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java b/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java deleted file mode 100644 index 1f06f9d..0000000 --- a/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java +++ /dev/null @@ -1,268 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * Copyright © 2017 Amdocs - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - */ -package org.openecomp.sparky.security.filter; - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.net.InetAddress; -import java.net.URLDecoder; -import java.net.URLEncoder; -import java.net.UnknownHostException; -import java.nio.charset.StandardCharsets; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Properties; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.openecomp.cl.api.Logger; -import org.openecomp.cl.eelf.LoggerFactory; -import org.openecomp.sparky.logging.AaiUiMsgs; -import org.openecomp.sparky.util.NodeUtils; -import org.openecomp.sparky.viewandinspect.config.TierSupportUiConstants; - -import org.openecomp.cl.mdc.MdcContext; - -// import esGateKeeper.esGateKeeper; - -/** - * Redirects to the AT&T global login page if the user is not authenticated.
- * Filter properties need to be configured in: csp-cookie-filter.properties - */ -public class CspCookieFilter implements Filter { - - /** Redirect URL for the login page. */ - private String globalLoginUrl; - - /** Application identifier. */ - private String applicationId; - - /** Gatekeeper environment setting (development or production). */ - private String gateKeeperEnvironment; - - private static final String FILTER_PARAMETER_CONFIG = "config"; - private static final String PROPERTY_GLOBAL_LOGIN_URL = "global.login.url"; - private static final String PROPERTY_APPLICATION_ID = "application.id"; - private static final String PROPERTY_GATEKEEPER_ENVIRONMENT = "gatekeeper.environment"; - // valid open redirect domains - private List redirectDomains = new ArrayList<>(); - private static final String PROPERTY_REDIRECT_DOMAINS = "redirect-domain"; - - /** Needed by esGateKeeper, does not accept any other value. */ - private static final String GATEKEEPER_ACCOUNT_NAME = "CSP"; - - private static final Logger LOG = LoggerFactory.getInstance().getLogger(CspCookieFilter.class); - - - /* (non-Javadoc) - * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) - */ - @Override - public void init(FilterConfig filterConfig) throws ServletException { - String txnID = NodeUtils.getRandomTxnId(); - MdcContext.initialize(txnID, "CspCookieFilter", "", "Init", ""); - - try { - setConfigurationProperties(filterConfig); - } catch (IOException exc) { - LOG.error(AaiUiMsgs.ERROR_CSP_CONFIG_FILE); - throw new ServletException(exc); - } - } - - - /* (non-Javadoc) - * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) - */ - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - HttpServletRequest request = (HttpServletRequest) req; - HttpServletResponse response = (HttpServletResponse) res; - - Cookie[] cookies = request.getCookies(); - if ((cookies == null) || (cookies.length == 0)) { - doLogin(request, response); - return; - } - - /* - * String attEsSec = getSecurityCookie(cookies); - * - * if (attESSec == null || attESSec.length() == 0) { doLogin(request, response); return; } - * - * String attESSecUnEncrypted = esGateKeeper.esGateKeeper(attESSec, GATEKEEPER_ACCOUNT_NAME, - * gateKeeperEnvironment); if (attESSecUnEncrypted == null) { doLogin(request, response); } else - * { - */ - // LOG.info("User has valid cookie"); - chain.doFilter(request, response); - // } - } - - - /* (non-Javadoc) - * @see javax.servlet.Filter#destroy() - */ - @Override - public void destroy() {} - - /** - * Sets all required properties needed by this filter. - * - * @param filterConfig the filter configuration defined in the application web.xml - * @throws IOException if the properties failed to load. - */ - private void setConfigurationProperties(FilterConfig filterConfig) throws IOException { - InputStream inputStream = new FileInputStream(TierSupportUiConstants.STATIC_CONFIG_APP_LOCATION - + filterConfig.getInitParameter(FILTER_PARAMETER_CONFIG)); - Properties cspProperties = new Properties(); - cspProperties.load(inputStream); - globalLoginUrl = cspProperties.getProperty(PROPERTY_GLOBAL_LOGIN_URL); - applicationId = cspProperties.getProperty(PROPERTY_APPLICATION_ID); - gateKeeperEnvironment = cspProperties.getProperty(PROPERTY_GATEKEEPER_ENVIRONMENT); - redirectDomains = Arrays.asList(cspProperties.getProperty(PROPERTY_REDIRECT_DOMAINS).split(",")); - } - - /** - * Returns the attESSec cookie if found in the client. - * - * @param cookies the cookies available in the client - * @return the attESSec authentication cookie generated by the login page. - */ - private String getSecurityCookie(Cookie[] cookies) { - String attEsSec = null; - for (int i = 0; i < cookies.length; i++) { - Cookie thisCookie = cookies[i]; - String cookieName = thisCookie.getName(); - - if ("attESSec".equals(cookieName)) { - attEsSec = thisCookie.getValue(); - break; - } - } - return attEsSec; - } - - /** - * Redirects to the AT&T global login page. If this is an AJAX request it returns an unauthorized - * HTTP error in the response. - * - * @param request the filter request object - * @param response the filter response object - * @throws IOException if there is an error setting the error response - */ - private void doLogin(HttpServletRequest request, HttpServletResponse response) - throws IOException { - if (isAjaxRequest(request)) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, - "User is not authorized. Please login to application"); - } else { - // Fix for Safari 7.0.2 onwards to avoid login page cache - response.addHeader("Cache-Control", "no-cache, no-store"); - String redirectURL = createRedirectUrl(request); - if (this.isValidRedirectURL(redirectURL)){ - response.sendRedirect(redirectURL); - LOG.debug(AaiUiMsgs.VALID_REDIRECT_URL, redirectURL); - } else{ - response.sendError(400, "Bad redirect URL: " + redirectURL); - LOG.error(AaiUiMsgs.INVALID_REDIRECT_URL, redirectURL); - } - } - } - - /** - * Checks if a redirect url is valid - * @param url URL to validate - * @return true if URL is a valid redirect URL, false otherwise - */ - private boolean isValidRedirectURL (String url){ - String redirectTo = url.substring(url.indexOf("?retURL=")+ "?retURL=".length()); - try { - redirectTo = URLDecoder.decode(redirectTo, StandardCharsets.UTF_8.toString()); - } catch (UnsupportedEncodingException e) { - LOG.error(AaiUiMsgs.UNSUPPORTED_URL_ENCODING, e.getLocalizedMessage()); - return false; - } - for (String domain: this.redirectDomains){ - if (redirectTo.endsWith(domain)) - return true; - } - return false; - } - - - /** - * Returns true if the request is an AJAX request. - * - * @param request the filter request object - * @return true if the request is an AJAX request. - */ - private boolean isAjaxRequest(HttpServletRequest request) { - String headerValue = request.getHeader("X-Requested-With"); - if ("XMLHttpRequest".equals(headerValue)) { - return true; - } - return false; - } - - /** - * Returns the redirection URL to the AT&T Global login page. - * - * @param request the request - * @return the string - * @throws UnsupportedEncodingException the unsupported encoding exception - */ - private String createRedirectUrl(HttpServletRequest request) throws UnsupportedEncodingException { - String returnUrl = getReturnUrl(request); - - return globalLoginUrl + "?retURL=" + returnUrl + "&sysName=" + applicationId; - } - - /** - * Gets the URL encoded return URL. - * - * @param request the HTTP request - * @return an encoded URL to return to following login - * @throws UnsupportedEncodingException the unsupported encoding exception - */ - private String getReturnUrl(HttpServletRequest request) throws UnsupportedEncodingException { - StringBuffer retUrl = request.getRequestURL(); - String urlParams = request.getQueryString(); - if (urlParams != null) { - retUrl.append("?" + urlParams); - } - return URLEncoder.encode(retUrl.toString(), StandardCharsets.UTF_8.toString()); - } -} diff --git a/src/main/java/org/openecomp/sparky/util/KeystoreBuilder.java b/src/main/java/org/openecomp/sparky/util/KeystoreBuilder.java index 6b6a937..916b1e9 100644 --- a/src/main/java/org/openecomp/sparky/util/KeystoreBuilder.java +++ b/src/main/java/org/openecomp/sparky/util/KeystoreBuilder.java @@ -244,8 +244,8 @@ public class KeystoreBuilder { private X509Certificate[] getCertificateChainForRemoteEndpoint(String hostname, int port) throws UnknownHostException, IOException { - System.out.println("Opening connection to localhost:8442.."); - SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket("aai-int1.dev.att.com", 8440); + System.out.println("Opening connection to "+hostname+":"+port+".."); + SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(hostname, port); socket.setSoTimeout(10000); try { @@ -499,8 +499,6 @@ public class KeystoreBuilder { */ public static void main(String[] args) throws Exception { - // String endpointList = "aai-int1.test.att.com:8440;aai-int1.dev.att.com:8442"; - /* * Examples: localhost:8440;localhost:8442 d:\1\adhoc_keystore.jks aaiDomain2 false * localhost:8440;localhost:8442 d:\1\adhoc_keystore.jks aaiDomain2 true diff --git a/src/main/java/org/openecomp/sparky/util/NodeUtils.java b/src/main/java/org/openecomp/sparky/util/NodeUtils.java index d28c5e2..10fb90a 100644 --- a/src/main/java/org/openecomp/sparky/util/NodeUtils.java +++ b/src/main/java/org/openecomp/sparky/util/NodeUtils.java @@ -366,12 +366,12 @@ public class NodeUtils { String resourceId = null; if ("/".equals(link.substring(linkLength - 1))) { // Use-case: - // https://aai-ext1.test.att.com:9292/aai/v7/business/customers/customer/1607_20160524Func_Ak1_01/service-subscriptions/service-subscription/uCPE-VMS/ + // https://:9292/aai/v7/business/customers/customer/1607_20160524Func_Ak1_01/service-subscriptions/service-subscription/uCPE-VMS/ startIndex = link.lastIndexOf("/", linkLength - 2); resourceId = link.substring(startIndex + 1, linkLength - 1); } else { // Use-case: - // https://aai-ext1.test.att.com:9292/aai/v7/business/customers/customer/1607_20160524Func_Ak1_01/service-subscriptions/service-subscription/uCPE-VMS + // https://:9292/aai/v7/business/customers/customer/1607_20160524Func_Ak1_01/service-subscriptions/service-subscription/uCPE-VMS startIndex = link.lastIndexOf("/"); resourceId = link.substring(startIndex + 1, linkLength); } diff --git a/src/main/java/org/openecomp/sparky/viewandinspect/entity/ActiveInventoryNode.java b/src/main/java/org/openecomp/sparky/viewandinspect/entity/ActiveInventoryNode.java index 81ee178..aef710d 100644 --- a/src/main/java/org/openecomp/sparky/viewandinspect/entity/ActiveInventoryNode.java +++ b/src/main/java/org/openecomp/sparky/viewandinspect/entity/ActiveInventoryNode.java @@ -443,7 +443,7 @@ public class ActiveInventoryNode { } public boolean isDirectSelfLink() { - // https://aai-int1.test.att.com:8443/aai/v8/resources/id/2458124400 + // https://:8443/aai/v8/resources/id/2458124400 return isDirectSelfLink(this.selfLink); } @@ -454,7 +454,7 @@ public class ActiveInventoryNode { * @return true, if is direct self link */ public static boolean isDirectSelfLink(String link) { - // https://aai-int1.test.att.com:8443/aai/v8/resources/id/2458124400 + // https://:8443/aai/v8/resources/id/2458124400 if (link == null) { return false; -- cgit 1.2.3-korg