From e6f45969b521b66e1d72822157f0d8252e751bde Mon Sep 17 00:00:00 2001
From: renealr <reneal.rogers@amdocs.com>
Date: Tue, 20 Feb 2018 16:37:04 -0500
Subject: fix the cookie decryption logic

Issue-ID: AAI-788

Change-Id: Ife47fe5e6f75ee1187c5385bca0ce53db4eff37f
Signed-off-by: renealr <reneal.rogers@amdocs.com>
---
 .../aai/sparky/security/BaseCookieDecryptor.java   | 49 ++++++++++++++++++++++
 .../onap/aai/sparky/security/CookieDecryptor.java  | 29 +++++++++++++
 .../org/onap/aai/sparky/security/EcompSso.java     | 24 ++++-------
 .../portal/config/PortalAuthenticationConfig.java  | 21 ++++++++++
 4 files changed, 108 insertions(+), 15 deletions(-)
 create mode 100644 src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java
 create mode 100644 src/main/java/org/onap/aai/sparky/security/CookieDecryptor.java

(limited to 'src')

diff --git a/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java b/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java
new file mode 100644
index 0000000..bf915d7
--- /dev/null
+++ b/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java
@@ -0,0 +1,49 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright © 2017 Amdocs
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.aai.sparky.security;
+
+import org.onap.aai.cl.api.Logger;
+import org.onap.aai.cl.eelf.LoggerFactory;
+import org.onap.aai.sparky.logging.AaiUiMsgs;
+import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
+
+public class BaseCookieDecryptor implements CookieDecryptor {
+	
+	private static final Logger LOG = LoggerFactory.getInstance().getLogger(BaseCookieDecryptor.class);
+
+	
+	public BaseCookieDecryptor(){}
+	
+	public String decryptCookie(String encryptedCookie){
+		
+		 String decryptedCookie = "";
+		    try {
+		    	decryptedCookie = CipherUtil.decrypt(encryptedCookie, "");
+		    } catch (Exception e) {
+		      LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO, "decrypting base cookie failed " + e.getLocalizedMessage());
+		    }
+		    return decryptedCookie; 
+
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/onap/aai/sparky/security/CookieDecryptor.java b/src/main/java/org/onap/aai/sparky/security/CookieDecryptor.java
new file mode 100644
index 0000000..36e4d12
--- /dev/null
+++ b/src/main/java/org/onap/aai/sparky/security/CookieDecryptor.java
@@ -0,0 +1,29 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright © 2017 Amdocs
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.aai.sparky.security;
+
+public interface CookieDecryptor {
+	
+	String decryptCookie(String encryptedCookie);
+
+}
diff --git a/src/main/java/org/onap/aai/sparky/security/EcompSso.java b/src/main/java/org/onap/aai/sparky/security/EcompSso.java
index a5dd26b..8051d1d 100644
--- a/src/main/java/org/onap/aai/sparky/security/EcompSso.java
+++ b/src/main/java/org/onap/aai/sparky/security/EcompSso.java
@@ -106,16 +106,16 @@ public class EcompSso {
    *         cookies do not decode); else null.
    */
   private static String getLoginIdFromCookie(HttpServletRequest request) {
-    String attuid = null;
+    String uid = null;
     try {
       String[] cspFields = getCspData(request);
       if (cspFields != null && cspFields.length > 5)
-        attuid = cspFields[5];
+        uid = cspFields[5];
     } catch (Throwable t) {
       LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
           "getLoginIdFromCookie failed " + t.getLocalizedMessage());
     }
-    return attuid;
+    return uid;
   }
 
   /**
@@ -139,18 +139,12 @@ public class EcompSso {
     }
     final String cspCookieEncrypted = csp.getValue();
 
-    String gateKeeperProdKey = PortalApiProperties.getProperty(CSP_GATE_KEEPER_PROD_KEY);
-    if (gateKeeperProdKey == null) {
-      LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
-          "getCspData: failed to get property " + CSP_GATE_KEEPER_PROD_KEY);
-    }
-
-    String cspCookieDecrypted = "";
-    try {
-      cspCookieDecrypted = CipherUtil.decrypt(cspCookieEncrypted, "");
-    } catch (Exception e) {
-      LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO, "decrypting cookie failed " + e.getLocalizedMessage());
-    }
+     String cspCookieDecrypted = null;
+	try {
+		cspCookieDecrypted = PortalAuthenticationConfig.getInstance().getCookieDecryptor().decryptCookie(cspCookieEncrypted);
+	} catch (ClassNotFoundException e) {
+		e.printStackTrace();
+	}
 
     String[] cspData = cspCookieDecrypted.split("\\|");
     return cspData;
diff --git a/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java b/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java
index e707f93..f34b419 100644
--- a/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java
+++ b/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java
@@ -22,8 +22,10 @@
  */
 package org.onap.aai.sparky.security.portal.config;
 
+
 import java.util.Properties;
 
+import org.onap.aai.sparky.security.CookieDecryptor;
 import org.onap.aai.sparky.util.ConfigHelper;
 import org.onap.aai.sparky.util.Encryptor;
 import org.onap.aai.sparky.viewandinspect.config.SparkyConstants;
@@ -37,11 +39,14 @@ public class PortalAuthenticationConfig {
   private String username;
   private String password;
   private boolean isOnapEnabled;
+  private CookieDecryptor cookieDecryptor;
+  private String cookieDecryptorClassName;
 
   public static final String PROP_USERNAME = "username";
   public static final String PROP_PASSWORD = "password"; // NOSONAR
   public static final String PROP_IS_ONAP_ENABLED = "onap_enabled"; // NOSONAR
   private static final String AUTHENTICATION_CONFIG_FILE = SparkyConstants.PORTAL_AUTHENTICATION_FILE_LOCATION;
+  public static final String PROP_COOKIEDECRYPTORCLASSNAME = "cookie_decryptor_classname";
 
   private PortalAuthenticationConfig() {
     // Prevent instantiation
@@ -77,6 +82,9 @@ public class PortalAuthenticationConfig {
   public boolean getIsOnapEnabled() {
     return isOnapEnabled;
   }
+  public String getcookieDecryptorClassName() {
+	    return cookieDecryptorClassName;
+	  }
 
   /**
    * Reload the Portal authentication properties from the classpath.
@@ -93,5 +101,18 @@ public class PortalAuthenticationConfig {
     username = props.getProperty(PROP_USERNAME);
     password = props.getProperty(PROP_PASSWORD);
     isOnapEnabled = Boolean.parseBoolean(props.getProperty(PROP_IS_ONAP_ENABLED, "true"));
+    cookieDecryptorClassName= props.getProperty(PROP_COOKIEDECRYPTORCLASSNAME);
+  }
+  
+  public CookieDecryptor getCookieDecryptor() throws ClassNotFoundException{
+	  
+	  Class cookieDecrypterClass = Class.forName(cookieDecryptorClassName);
+	  try {
+		cookieDecryptor = (CookieDecryptor) cookieDecrypterClass.newInstance();
+	} catch (InstantiationException | IllegalAccessException e) {
+		e.printStackTrace();
+	}
+	  return cookieDecryptor;
   }
+  
 }
\ No newline at end of file
-- 
cgit 1.2.3-korg