Fix aaf startup issue for spring boot update

Issue-ID: AAI-2886
Change-Id: Ic9b43ebe3ca58eac65cd169f124b74d0032710ea
Signed-off-by: Maharajh, Robby (rx2202) <rx2202@us.att.com>

6 files changed, 35 insertions, 190 deletions

diff --git a/aai-traversal/pom.xml b/aai-traversal/pom.xml
index 3a74bca..ae9a333 100644
--- a/aai-traversal/pom.xml
+++ b/aai-traversal/pom.xml
@@ -28,7 +28,7 @@
 	<parent>
 		<groupId>org.onap.aai.traversal</groupId>
 		<artifactId>traversal</artifactId>
-		<version>1.7.0-SNAPSHOT</version>
+		<version>1.7.1-SNAPSHOT</version>
 	</parent>
 	<groupId>org.onap.aai.traversal</groupId>
 	<artifactId>aai-traversal</artifactId>
@@ -535,6 +535,10 @@
 			<artifactId>aai-core</artifactId>
 			<exclusions>
 				<exclusion>
+					<groupId>org.onap.aai.aai-common</groupId>
+					<artifactId>aai-aaf-auth</artifactId>
+				</exclusion>
+				<exclusion>
 					<groupId>com.sun.jersey</groupId>
 					<artifactId>jersey-core</artifactId>
 				</exclusion>
@@ -580,6 +584,12 @@
 		<dependency>
 			<groupId>org.onap.aai.aai-common</groupId>
 			<artifactId>aai-rest</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.onap.aai.aai-common</groupId>
+					<artifactId>aai-aaf-auth</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.skyscreamer</groupId>
diff --git a/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/TwoWaySslAuthorization.java b/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/TwoWaySslAuthorization.java
deleted file mode 100644
index 58c7be6..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/TwoWaySslAuthorization.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.interceptors.pre;
-
-import org.onap.aai.aaf.auth.AAIAuthCore;
-import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.interceptors.AAIContainerFilter;
-import org.onap.aai.interceptors.AAIHeaderProperties;
-import org.onap.aai.logging.ErrorLogHelper;
-import org.onap.aai.restcore.HttpMethod;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Profile;
-
-import javax.annotation.Priority;
-import javax.security.auth.x500.X500Principal;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.security.cert.X509Certificate;
-import java.util.*;
-import java.util.stream.Collectors;
-
-@PreMatching
-@Priority(AAIRequestFilterPriority.AUTHORIZATION)
-@Profile("two-way-ssl")
-public class TwoWaySslAuthorization extends AAIContainerFilter implements ContainerRequestFilter {
-
-	@Autowired
-	private HttpServletRequest httpServletRequest;
-
-	@Autowired
-	private AAIAuthCore aaiAuthCore;
-
-	@Override
-	public void filter(ContainerRequestContext requestContext) {
-
-		Optional<Response> oResp;
-
-		String uri = requestContext.getUriInfo().getAbsolutePath().getPath();
-		String httpMethod = getHttpMethod(requestContext);
-
-		List<MediaType> acceptHeaderValues = requestContext.getAcceptableMediaTypes();
-
-		Optional<String> authUser = getUser(this.httpServletRequest);
-
-		if (authUser.isPresent()) {
-			oResp = this.authorize(uri, httpMethod, acceptHeaderValues, authUser.get(),
-					this.getHaProxyUser(this.httpServletRequest), getCertIssuer(this.httpServletRequest));
-			if (oResp.isPresent()) {
-				requestContext.abortWith(oResp.get());
-				return;
-			}
-		} else {
-			AAIException aaie = new AAIException("AAI_9107");
-			requestContext
-					.abortWith(Response
-							.status(aaie.getErrorObject().getHTTPResponseCode()).entity(ErrorLogHelper
-									.getRESTAPIErrorResponseWithLogging(acceptHeaderValues, aaie, new ArrayList<>()))
-							.build());
-		}
-
-	}
-
-	private String getCertIssuer(HttpServletRequest hsr) {
-		String issuer =  hsr.getHeader("X-AAI-SSL-Issuer");
-		if (issuer != null && !issuer.isEmpty()) {
-			// the haproxy header replaces the ', ' with '/' and reverses on the '/' need to undo that.
-			List<String> broken = Arrays.asList(issuer.split("/"));
-			broken = broken.stream().filter(s -> !s.isEmpty()).collect(Collectors.toList());
-			Collections.reverse(broken);
-			issuer = String.join(", ", broken);
-		} else {
-			if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) {
-				X509Certificate[] certChain = (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate");
-				if (certChain != null && certChain.length > 0) {
-					X509Certificate clientCert = certChain[0];
-					issuer = clientCert.getIssuerX500Principal().getName();
-				}
-			}
-		}
-		return issuer;
-	}
-
-	private String getHttpMethod(ContainerRequestContext requestContext) {
-		String httpMethod = requestContext.getMethod();
-		if ("POST".equalsIgnoreCase(httpMethod)
-				&& "PATCH".equals(requestContext.getHeaderString(AAIHeaderProperties.HTTP_METHOD_OVERRIDE))) {
-			httpMethod = HttpMethod.MERGE_PATCH.toString();
-		}
-		if (httpMethod.equalsIgnoreCase(HttpMethod.MERGE_PATCH.toString()) || "patch".equalsIgnoreCase(httpMethod)) {
-			httpMethod = HttpMethod.PUT.toString();
-		}
-		return httpMethod;
-	}
-
-	private Optional<String> getUser(HttpServletRequest hsr) {
-		String authUser = null;
-		if (hsr.getAttribute("javax.servlet.request.cipher_suite") != null) {
-			X509Certificate[] certChain = (X509Certificate[]) hsr.getAttribute("javax.servlet.request.X509Certificate");
-
-			/*
-			 * If the certificate is null or the certificate chain length is zero Then
-			 * retrieve the authorization in the request header Authorization Check that it
-			 * is not null and that it starts with Basic and then strip the basic portion to
-			 * get the base64 credentials Check if this is contained in the AAIBasicAuth
-			 * Singleton class If it is, retrieve the username associated with that
-			 * credentials and set to authUser Otherwise, get the principal from certificate
-			 * and use that authUser
-			 */
-
-			if (certChain == null || certChain.length == 0) {
-
-				String authorization = hsr.getHeader("Authorization");
-
-				if (authorization != null && authorization.startsWith("Basic ")) {
-					authUser = authorization.replace("Basic ", "");
-				}
-
-			} else {
-				X509Certificate clientCert = certChain[0];
-				X500Principal subjectDN = clientCert.getSubjectX500Principal();
-				authUser = subjectDN.toString().toLowerCase();
-			}
-		}
-
-		return Optional.ofNullable(authUser);
-	}
-
-	private String getHaProxyUser(HttpServletRequest hsr) {
-		String haProxyUser;
-		if (Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-CN")) 
-				|| Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-OU"))
-				|| Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-O"))
-				|| Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-L"))
-				|| Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-ST"))
-				|| Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-C"))) {
-			haProxyUser = "";
-		} else {
-			haProxyUser = String.format("CN=%s, OU=%s, O=\"%s\", L=%s, ST=%s, C=%s",
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-CN"), ""),
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-OU"), ""),
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-O"), ""),
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-L"), ""),
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-ST"), ""),
-					Objects.toString(hsr.getHeader("X-AAI-SSL-Client-C"), "")).toLowerCase();
-		}
-		return haProxyUser;
-	}
-
-	private Optional<Response> authorize(String uri, String httpMethod, List<MediaType> acceptHeaderValues,
-			String authUser, String haProxyUser, String issuer) {
-		Response response = null;
-		try {
-			if (!aaiAuthCore.authorize(authUser, uri, httpMethod, haProxyUser, issuer)) {
-				throw new AAIException("AAI_9101", "Request on " + httpMethod + " " + uri + " status is not OK");
-			}
-		} catch (AAIException e) {
-			response = Response.status(e.getErrorObject().getHTTPResponseCode())
-					.entity(ErrorLogHelper.getRESTAPIErrorResponseWithLogging(acceptHeaderValues, e, new ArrayList<>()))
-					.build();
-		}
-		return Optional.ofNullable(response);
-	}
-
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/search/LocalCQConfig.java b/aai-traversal/src/main/java/org/onap/aai/rest/search/LocalCQConfig.java
index 52957d4..42d88af 100644
--- a/aai-traversal/src/main/java/org/onap/aai/rest/search/LocalCQConfig.java
+++ b/aai-traversal/src/main/java/org/onap/aai/rest/search/LocalCQConfig.java
@@ -24,7 +24,6 @@ import org.onap.aai.logging.ErrorLogHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import com.att.eelf.configuration.EELFManager;
-import org.onap.aai.aaf.auth.FileWatcher;
 import org.onap.aai.logging.LogFormatTools;
 import org.onap.aai.util.AAIConstants;
 import org.springframework.beans.factory.annotation.Value;
@@ -89,4 +88,25 @@ public class LocalCQConfig extends CQConfig {
 
     }
 
+    abstract class FileWatcher extends TimerTask {
+        private long timeStamp;
+        private File file;
+
+        public FileWatcher(File file) {
+            this.file = file;
+            this.timeStamp = file.lastModified();
+        }
+
+        public final void run() {
+            long timeStamp = this.file.lastModified();
+            if (timeStamp - this.timeStamp > 500L) {
+                this.timeStamp = timeStamp;
+                this.onChange(this.file);
+            }
+
+        }
+
+        protected abstract void onChange(File var1);
+    }
+
 }
diff --git a/aai-traversal/src/main/resources/application.properties b/aai-traversal/src/main/resources/application.properties
index a538a58..49c0489 100644
--- a/aai-traversal/src/main/resources/application.properties
+++ b/aai-traversal/src/main/resources/application.properties
@@ -35,7 +35,7 @@ server.ssl.client-auth=want
 server.ssl.key-store-type=JKS
 
 # Start of Internal Specific Properties
-spring.profiles.active=production,one-way-ssl
+spring.profiles.active=production,aaf-auth
 ###
 server.certs.location=${server.local.startpath}etc/auth/
 server.keystore.name.pkcs12=aai_keystore
diff --git a/pom.xml b/pom.xml
index 6f0ad1d..f361ba6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
     </parent>
     <groupId>org.onap.aai.traversal</groupId>
     <artifactId>traversal</artifactId>
-    <version>1.7.0-SNAPSHOT</version>
+    <version>1.7.1-SNAPSHOT</version>
     <name>aai-traversal</name>
     <packaging>pom</packaging>
     <modules>
diff --git a/version.properties b/version.properties
index 85a0227..6434a15 100644
--- a/version.properties
+++ b/version.properties
@@ -5,7 +5,7 @@
 
 major_version=1
 minor_version=7
-patch_version=0
+patch_version=1
 
 base_version=${major_version}.${minor_version}.${patch_version}