diff options
Diffstat (limited to 'src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java')
-rw-r--r-- | src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java new file mode 100644 index 0000000..fc40e0b --- /dev/null +++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java @@ -0,0 +1,103 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ +package org.onap.aai.auth; + +import java.security.cert.X509Certificate; +import javax.inject.Inject; +import javax.security.auth.x500.X500Principal; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.Cookie; +import org.onap.aai.validation.config.ValidationServiceAuthConfig; +import org.onap.aai.validation.logging.LogHelper; + +public class AAIMicroServiceAuth { + + private static LogHelper applicationLogger = LogHelper.INSTANCE; + + private ValidationServiceAuthConfig validationServiceAuthConfig; + + @Inject + public AAIMicroServiceAuth(final ValidationServiceAuthConfig validationServiceAuthConfig) throws AAIAuthException { + this.validationServiceAuthConfig = validationServiceAuthConfig; + if (!validationServiceAuthConfig.isAuthenticationDisable()) { + AAIMicroServiceAuthCore.init(validationServiceAuthConfig.getAuthPolicyFile()); + } + } + + public boolean authBasic(String username, String authFunction) throws AAIAuthException { + return AAIMicroServiceAuthCore.authorize(username, authFunction); + } + + public String authUser(String authUser, String authFunction) throws AAIAuthException { + StringBuilder username = new StringBuilder(); + + username.append(authUser); + if (!authBasic(username.toString(), authFunction)) { + return "AAI_9101"; + + } + return "OK"; + } + + public boolean authCookie(Cookie cookie, String authFunction, StringBuilder username) throws AAIAuthException { + if (cookie == null) { + return false; + } + applicationLogger.debug("Got one:" + cookie); + + return AAIMicroServiceAuthCore.authorize(username.toString(), authFunction); + } + + public boolean validateRequest(HttpServletRequest req, String action, String apiPath) throws AAIAuthException { + + applicationLogger.debug("validateRequest: " + apiPath); + applicationLogger.debug("validationServiceConfig.isAuthenticationDisable(): " + + validationServiceAuthConfig.isAuthenticationDisable()); + + if (validationServiceAuthConfig.isAuthenticationDisable()) { + return true; + } + String[] ps = apiPath.split("/"); + String authPolicyFunctionName = ps[0]; + if (ps.length > 1) { + if (ps[0].matches("v\\d+")) { + authPolicyFunctionName = ps[1]; + } else { + authPolicyFunctionName = ps[0]; + } + } + + String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite"); + String authUser = null; + if (cipherSuite != null) { + X509Certificate[] certChain = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); + if (certChain != null) { + X509Certificate clientCert = certChain[0]; + X500Principal subjectDN = clientCert.getSubjectX500Principal(); + authUser = subjectDN.toString(); + } + } + + if (authUser == null) { + return false; + } + + String status = authUser(authUser.toLowerCase(), action + ":" + authPolicyFunctionName); + return "OK".equals(status); + } +} |