1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
/**
* ============LICENSE_START=======================================================
* org.onap.aai
* ================================================================================
* Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
* Copyright © 2017-2018 Amdocs
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.aai.sparky.security;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.onap.aai.cl.api.Logger;
import org.onap.aai.cl.eelf.LoggerFactory;
import org.onap.aai.sparky.logging.AaiUiMsgs;
import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig;
import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
/**
* Provides authentication services for onboarded ECOMP applications.
*/
public class EcompSso {
public static final String EP_SERVICE = "EPService";
public static final String CSP_COOKIE_NAME = "csp_cookie_name";
public static final String CSP_GATE_KEEPER_PROD_KEY = "csp_gate_keeper_prod_key";
public static final String ONAP_ENABLED = "ONAP_ENABLED";
private static final Logger LOG = LoggerFactory.getInstance().getLogger(EcompSso.class);
/**
* Searches the request for a cookie with the specified name.
*
* @param request
* @param cookieName
* @return Cookie, or null if not found.
*/
public static Cookie getCookie(HttpServletRequest request, String cookieName) {
Cookie[] cookies = request.getCookies();
if (cookies != null)
for (Cookie cookie : cookies) {
if (cookie.getName().equals(cookieName)) {
return cookie;
}
}
return null;
}
/**
* Answers whether the ECOMP Portal service cookie is present in the specified request.
*
* @param request
* @return true if the cookie is found, else false.
*/
private static boolean isEPServiceCookiePresent(HttpServletRequest request) {
Cookie ep = getCookie(request, EP_SERVICE);
return (ep != null);
}
/**
* Validates whether the ECOMP Portal sign-on process has completed, which relies the AT&T Global
* Log On single-sign on process. Checks for the ECOMP cookie (see {@link #EP_SERVICE}). If found,
* then searches for a CSP cookie; if not found, for a WebJunction header.
*
* @param request
* @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID;
* else null.
*/
public static String validateEcompSso(HttpServletRequest request) {
boolean isOnapEnabled = PortalAuthenticationConfig.getInstance().getIsOnapEnabled();
if (isOnapEnabled) {
if (isEPServiceCookiePresent(request)) {
/*
* This is a "temporary" fix until proper separation between closed source and open source
* code is reached
*/
return ONAP_ENABLED;
}
return null;
} else {
return getLoginIdFromCookie(request);
}
}
/**
* Searches the specified request for the CSP cookie, decodes it and gets the ATT UID.
*
* @param request
* @return ATTUID if the cookie is present in the request and can be decoded successfully (expired
* cookies do not decode); else null.
*/
private static String getLoginIdFromCookie(HttpServletRequest request) {
String uid = null;
try {
String[] cspFields = getCspData(request);
if (cspFields != null && cspFields.length > 5)
uid = cspFields[5];
} catch (Exception t) {
LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
"getLoginIdFromCookie failed " + t.getLocalizedMessage());
}
return uid;
}
/**
* Searches the specified request for the CSP cookie, decodes it and parses it to a String array.
*
* @param request
* @return Array of String as parsed from the cookie; null if the cookie is not present; empty
* array if the cookie could not be decoded.
*/
private static String[] getCspData(HttpServletRequest request) {
final String cookieName = PortalApiProperties.getProperty(CSP_COOKIE_NAME);
if (cookieName == null) {
LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
"getCspData: Failed to get property " + CSP_COOKIE_NAME);
return null;
}
Cookie csp = getCookie(request, cookieName);
if (csp == null) {
LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName);
return null;
}
final String cspCookieEncrypted = csp.getValue();
String cspCookieDecrypted = null;
try {
cspCookieDecrypted = PortalAuthenticationConfig.getInstance().getCookieDecryptor().decryptCookie(cspCookieEncrypted);
return cspCookieDecrypted.split("\\|");
} catch (ClassNotFoundException e) {
LOG.error(AaiUiMsgs.DECRYPTION_ERROR,"Unable to find the Cookie Decryptor Class");
}
return null;
}
}
|
