From fa7573e7121cc92257bc02b438185668a07399a5 Mon Sep 17 00:00:00 2001 From: Pavel Paroulek Date: Thu, 23 Aug 2018 14:15:37 +0200 Subject: Adding AAF basic auth filter Adding a AAF Cadi filter. AAF is configured to communicate with Beijing AAF instance in the Windriver lab. To activate AAF filter set the profile aaf-auth Change-Id: I4f226f56eeb4686abd7b2d17a9db8be6a5e169c5 Issue-ID: AAI-32 Signed-off-by: Pavel Paroulek --- aai-traversal/pom.xml | 6 ++ .../src/main/java/org/onap/aai/Profiles.java | 1 + .../main/java/org/onap/aai/config/AafFilter.java | 77 +++++++++++++++++++++ aai-traversal/src/main/resources/aaf/aai | Bin 0 -> 860160 bytes .../src/main/resources/aaf/org.onap.aai.keyfile | 27 ++++++++ .../src/main/resources/aaf/org.onap.aai.p12 | Bin 0 -> 4158 bytes .../src/main/resources/aaf/org.onap.aai.props | 13 ++++ .../main/resources/aaf/org.osaaf.location.props | 26 +++++++ .../src/main/resources/aaf/truststoreONAPall.jks | Bin 0 -> 114865 bytes aai-traversal/src/main/resources/cadi.properties | 8 +++ 10 files changed, 158 insertions(+) create mode 100644 aai-traversal/src/main/java/org/onap/aai/config/AafFilter.java create mode 100644 aai-traversal/src/main/resources/aaf/aai create mode 100644 aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile create mode 100644 aai-traversal/src/main/resources/aaf/org.onap.aai.p12 create mode 100644 aai-traversal/src/main/resources/aaf/org.onap.aai.props create mode 100644 aai-traversal/src/main/resources/aaf/org.osaaf.location.props create mode 100644 aai-traversal/src/main/resources/aaf/truststoreONAPall.jks create mode 100644 aai-traversal/src/main/resources/cadi.properties diff --git a/aai-traversal/pom.xml b/aai-traversal/pom.xml index b173348..7c4d174 100644 --- a/aai-traversal/pom.xml +++ b/aai-traversal/pom.xml @@ -70,6 +70,7 @@ 4.5.2 1.8.36 1.6.1 + 2.1.2-SNAPSHOT 2.6 1.0.0 1.2.3 @@ -687,6 +688,11 @@ spring-web ${spring.web.version} + + org.onap.aaf.authz + aaf-cadi-aaf + ${aaf.version} + io.netty netty-all diff --git a/aai-traversal/src/main/java/org/onap/aai/Profiles.java b/aai-traversal/src/main/java/org/onap/aai/Profiles.java index f0419d8..ea65b9a 100644 --- a/aai-traversal/src/main/java/org/onap/aai/Profiles.java +++ b/aai-traversal/src/main/java/org/onap/aai/Profiles.java @@ -25,6 +25,7 @@ public final class Profiles { public static final String DME2 = "dme2"; public static final String ONE_WAY_SSL = "one-way-ssl"; + public static final String AAF_AUTHENTICATION = "aaf-auth"; public static final String TWO_WAY_SSL = "two-way-ssl"; private Profiles(){} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/AafFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/AafFilter.java new file mode 100644 index 0000000..d0c070f --- /dev/null +++ b/aai-traversal/src/main/java/org/onap/aai/config/AafFilter.java @@ -0,0 +1,77 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.config; + +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.aai.Profiles; +import org.onap.aai.TraversalApp; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.springframework.context.annotation.Profile; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Properties; + +/** + * AAF authentication filter + */ + +@Order(1) +@Component +@Profile(Profiles.AAF_AUTHENTICATION) +public class AafFilter extends OncePerRequestFilter { + + private static final String ACCEPT_HEADER = "accept"; + private final CadiFilter cadiFilter; + + public AafFilter() throws IOException, ServletException { + Properties cadiProperties = new Properties(); + cadiProperties.load(TraversalApp.class.getClassLoader().getResourceAsStream("cadi.properties")); + cadiFilter = new CadiFilter(new PropAccess(cadiProperties)); + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + cadiFilter.doFilter(request, response, filterChain); + if(response.getStatus() >=400 && response.getStatus() < 500){ + errorResponse(request, response); + } + } + + private void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException { + String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_XML : request.getHeader(ACCEPT_HEADER); + AAIException aaie = new AAIException("AAI_3300"); + response.setStatus(aaie.getErrorObject().getHTTPResponseCode().getStatusCode()); + response.getWriter().write(ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), aaie, new ArrayList<>())); + response.getWriter().flush(); + response.getWriter().close(); + } +} diff --git a/aai-traversal/src/main/resources/aaf/aai b/aai-traversal/src/main/resources/aaf/aai new file mode 100644 index 0000000..093c773 Binary files /dev/null and b/aai-traversal/src/main/resources/aaf/aai differ diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile b/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000..3416d4a --- /dev/null +++ b/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 b/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 new file mode 100644 index 0000000..023e2ea Binary files /dev/null and b/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 differ diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.props b/aai-traversal/src/main/resources/aaf/org.onap.aai.props new file mode 100644 index 0000000..279c776 --- /dev/null +++ b/aai-traversal/src/main/resources/aaf/org.onap.aai.props @@ -0,0 +1,13 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile +cadi_keystore=aai-traversal/src/main/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +#cadi_key_password=enc: +cadi_alias=aai@aai.onap.org +cadi_truststore=aai-traversal/src/main/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 +cadi_loglevel=INFO \ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/org.osaaf.location.props b/aai-traversal/src/main/resources/aaf/org.osaaf.location.props new file mode 100644 index 0000000..73a3a1e --- /dev/null +++ b/aai-traversal/src/main/resources/aaf/org.osaaf.location.props @@ -0,0 +1,26 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +#aaf_locate_url=https://aaf-onap-beijing-test.osaaf.org +#aaf_locate_url=https://aaf-onap-test.osaaf.org + +aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + + diff --git a/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks b/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks new file mode 100644 index 0000000..2da1dcc Binary files /dev/null and b/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks differ diff --git a/aai-traversal/src/main/resources/cadi.properties b/aai-traversal/src/main/resources/cadi.properties new file mode 100644 index 0000000..b4eba5a --- /dev/null +++ b/aai-traversal/src/main/resources/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=DEBUG +cadi_prop_files=aai-traversal/src/main/resources/aaf/org.osaaf.location.props:aai-traversal/src/main/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + -- cgit 1.2.3-korg