summaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java')
-rw-r--r--src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java103
1 files changed, 103 insertions, 0 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
new file mode 100644
index 0000000..fc40e0b
--- /dev/null
+++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
@@ -0,0 +1,103 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.aai.auth;
+
+import java.security.cert.X509Certificate;
+import javax.inject.Inject;
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.Cookie;
+import org.onap.aai.validation.config.ValidationServiceAuthConfig;
+import org.onap.aai.validation.logging.LogHelper;
+
+public class AAIMicroServiceAuth {
+
+ private static LogHelper applicationLogger = LogHelper.INSTANCE;
+
+ private ValidationServiceAuthConfig validationServiceAuthConfig;
+
+ @Inject
+ public AAIMicroServiceAuth(final ValidationServiceAuthConfig validationServiceAuthConfig) throws AAIAuthException {
+ this.validationServiceAuthConfig = validationServiceAuthConfig;
+ if (!validationServiceAuthConfig.isAuthenticationDisable()) {
+ AAIMicroServiceAuthCore.init(validationServiceAuthConfig.getAuthPolicyFile());
+ }
+ }
+
+ public boolean authBasic(String username, String authFunction) throws AAIAuthException {
+ return AAIMicroServiceAuthCore.authorize(username, authFunction);
+ }
+
+ public String authUser(String authUser, String authFunction) throws AAIAuthException {
+ StringBuilder username = new StringBuilder();
+
+ username.append(authUser);
+ if (!authBasic(username.toString(), authFunction)) {
+ return "AAI_9101";
+
+ }
+ return "OK";
+ }
+
+ public boolean authCookie(Cookie cookie, String authFunction, StringBuilder username) throws AAIAuthException {
+ if (cookie == null) {
+ return false;
+ }
+ applicationLogger.debug("Got one:" + cookie);
+
+ return AAIMicroServiceAuthCore.authorize(username.toString(), authFunction);
+ }
+
+ public boolean validateRequest(HttpServletRequest req, String action, String apiPath) throws AAIAuthException {
+
+ applicationLogger.debug("validateRequest: " + apiPath);
+ applicationLogger.debug("validationServiceConfig.isAuthenticationDisable(): "
+ + validationServiceAuthConfig.isAuthenticationDisable());
+
+ if (validationServiceAuthConfig.isAuthenticationDisable()) {
+ return true;
+ }
+ String[] ps = apiPath.split("/");
+ String authPolicyFunctionName = ps[0];
+ if (ps.length > 1) {
+ if (ps[0].matches("v\\d+")) {
+ authPolicyFunctionName = ps[1];
+ } else {
+ authPolicyFunctionName = ps[0];
+ }
+ }
+
+ String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
+ String authUser = null;
+ if (cipherSuite != null) {
+ X509Certificate[] certChain = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
+ if (certChain != null) {
+ X509Certificate clientCert = certChain[0];
+ X500Principal subjectDN = clientCert.getSubjectX500Principal();
+ authUser = subjectDN.toString();
+ }
+ }
+
+ if (authUser == null) {
+ return false;
+ }
+
+ String status = authUser(authUser.toLowerCase(), action + ":" + authPolicyFunctionName);
+ return "OK".equals(status);
+ }
+}