From b1b32354811fd9c856bf9ce611d36591d7a81404 Mon Sep 17 00:00:00 2001 From: Prudence Au Date: Sun, 19 Aug 2018 08:53:56 -0400 Subject: Implement basic auth - includes basic auth for AAI request - basic auth for AAI context builder Change-Id: I3b923792184d47667505ae1efc2ab704f52f5766 Issue-ID: LOG-521 Signed-off-by: Prudence Au --- .../pomba/contextbuilder/aai/AAIConfiguration.java | 60 ++++++++++++---------- .../contextbuilder/aai/common/LogMessages.java | 2 +- .../contextbuilder/aai/exception/AuditError.java | 3 ++ .../aai/exception/AuditException.java | 10 ++++ .../aai/service/SpringServiceImpl.java | 1 - .../aai/service/rs/RestServiceImpl.java | 5 +- .../pomba/contextbuilder/aai/util/RestUtil.java | 15 +++++- 7 files changed, 64 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java index 7836d6b..b5f9266 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java @@ -18,16 +18,19 @@ package org.onap.pomba.contextbuilder.aai; +import java.util.Base64; +import javax.ws.rs.ApplicationPath; +import org.eclipse.jetty.util.security.Password; import org.onap.aai.restclient.client.RestClient; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; +import org.springframework.stereotype.Component; -//@Component -@Configuration -//@ApplicationPath("/") +@Component +//@Configuration +@ApplicationPath("/") public class AAIConfiguration { @Autowired @Value("${aai.host}") @@ -36,28 +39,14 @@ public class AAIConfiguration { @Value("${aai.port}") private String port; @Autowired - @Value("${aai.httpProtocol}") - private String httpProtocol; - + @Value("${aai.username}") + private String username; @Autowired - @Value("${aai.trustStorePath}") - private String trustStorePath; + @Value("${aai.password}") + private String password; @Autowired - @Value("${aai.keyStorePath}") - private String keyStorePath; - @Autowired - @Value("${aai.keyStorePassword}") - private String keyStorePassword; - - @Autowired - @Value("${aai.keyManagerFactoryAlgorithm}") - private String keyManagerFactoryAlgorithm; - @Autowired - @Value("${aai.keyStoreType}") - private String keyStoreType; - @Autowired - @Value("${aai.securityProtocol}") - private String securityProtocol; + @Value("${aai.httpProtocol}") + private String httpProtocol; @Autowired @Value("${aai.connectionTimeout}") @@ -70,16 +59,31 @@ public class AAIConfiguration { @Value("${aai.serviceInstancePath}") private String serviceInstancePath; + @Autowired + @Value("${http.userId}") + private String httpUserId; + + @Autowired + @Value("${http.password}") + private String httpPassword; + + + @Bean(name="httpBasicAuthorization") + public String getHttpBasicAuth() { + String auth = new String(this.httpUserId + ":" + Password.deobfuscate(this.httpPassword)); + String encodedAuth = Base64.getEncoder().encodeToString(auth.getBytes()); + return ("Basic " + encodedAuth); + } @Bean(name="aaiClient") public RestClient restClient() { RestClient restClient = new RestClient(); - if (httpProtocol.equals("https")) - restClient.validateServerHostname(false).validateServerCertChain(false).trustStore(trustStorePath).clientCertFile(keyStorePath).clientCertPassword(keyStorePassword).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout); - else - restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout); + restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout); + restClient.basicAuthUsername(username); + restClient.basicAuthPassword(Password.deobfuscate(password)); return restClient; + } @Bean(name="aaiBaseUrl") diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/common/LogMessages.java b/src/main/java/org/onap/pomba/contextbuilder/aai/common/LogMessages.java index 2e44530..762543c 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/common/LogMessages.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/common/LogMessages.java @@ -21,7 +21,7 @@ public class LogMessages { private LogMessages() {} - public static final String AAI_CONTEXT_BUILDER_URL = "AAI Context Builder URL "; + public static final String AAI_CONTEXT_BUILDER_URL = "AAI Context Builder URL: "; public static final String HEADER_MESSAGE = "Header {} not present in request, generating new value: {}"; public static final String NOT_FOUND = "{} {} is not found from AAI"; public static final String NUMBER_OF_API_CALLS = "The number of API calls for {} is {}"; diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditError.java b/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditError.java index 40d8bcc..fdc7ff6 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditError.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditError.java @@ -29,4 +29,7 @@ public class AuditError { public static final String INVALID_REQUEST_URL_MISSING_PARAMETER = "Invalid request URL, missing parameter: "; public static final String MISSING_HEADER_PARAMETER = "Missing header parameter: "; + + public static final String MISMATCH = "Authorization Failed due to mismatch basic authorization username or password"; + public static final String MISSING_AUTHORIZATION_HEADER = "Missing Authorization header"; } diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditException.java b/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditException.java index d78ff84..042c651 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditException.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/exception/AuditException.java @@ -32,6 +32,16 @@ public class AuditException extends Exception { super(message); } + /** + * Constructor for an instance of this exception with a message and status. + * @param httpStatus + * @param message + */ + public AuditException(Status httpStatus, String message) { + super(message); + this.httpStatus = httpStatus; + } + public AuditException(String message, Status httpStatus) { super(message); this.setHttpStatus(httpStatus); diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/service/SpringServiceImpl.java b/src/main/java/org/onap/pomba/contextbuilder/aai/service/SpringServiceImpl.java index 60ad231..989dbc3 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/service/SpringServiceImpl.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/service/SpringServiceImpl.java @@ -38,7 +38,6 @@ public class SpringServiceImpl implements SpringService { @Autowired private String aaiServiceInstancePath; - public SpringServiceImpl() { // needed for instantiation } diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/service/rs/RestServiceImpl.java b/src/main/java/org/onap/pomba/contextbuilder/aai/service/rs/RestServiceImpl.java index 38f7510..6fc2c8a 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/service/rs/RestServiceImpl.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/service/rs/RestServiceImpl.java @@ -39,6 +39,8 @@ public class RestServiceImpl implements RestService { @Autowired private SpringService service; + @Autowired + private String httpBasicAuthorization; @Override public Response getContext(HttpHeaders headers, String serviceInstanceId, String modelVersionId, String modelInvariantId, String serviceType, String customerId) { @@ -46,7 +48,7 @@ public class RestServiceImpl implements RestService { String url = "serviceInstanceId=" + serviceInstanceId + " modelVersion="+modelVersionId + " modelInvariantId="+ modelInvariantId + " serviceType="+serviceType + " customerId="+ customerId; if(log.isDebugEnabled()) { - log.debug(LogMessages.AAI_CONTEXT_BUILDER_URL + url); + log.debug(LogMessages.AAI_CONTEXT_BUILDER_URL, url); } @@ -58,6 +60,7 @@ public class RestServiceImpl implements RestService { try { // Do some validation on Http headers and URL parameters + RestUtil.validateBasicAuthorization(headers, httpBasicAuthorization); RestUtil.validateHeader(headers); RestUtil.validateURL(serviceInstanceId, modelVersionId, modelInvariantId, serviceType, customerId); diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/util/RestUtil.java b/src/main/java/org/onap/pomba/contextbuilder/aai/util/RestUtil.java index 240a55b..8681d21 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/aai/util/RestUtil.java +++ b/src/main/java/org/onap/pomba/contextbuilder/aai/util/RestUtil.java @@ -16,7 +16,6 @@ package org.onap.pomba.contextbuilder.aai.util; import com.sun.jersey.core.util.MultivaluedMapImpl; -//import com.sun.jersey.core.util.MultivaluedMapImpl; import java.text.MessageFormat; import java.util.ArrayList; import java.util.Collections; @@ -66,6 +65,7 @@ public class RestUtil { // HTTP headers private static final String TRANSACTION_ID = "X-TransactionId"; private static final String FROM_APP_ID = "X-FromAppId"; + private static final String AUTHORIZATION = "Authorization"; private static final String APP_NAME = "aaiCtxBuilder"; @@ -114,6 +114,19 @@ public class RestUtil { } } + public static void validateBasicAuthorization(HttpHeaders headers, String basicAuthorization) throws AuditException { + String authorization = null; + + // validation on HTTP Authorization Header + authorization = headers.getRequestHeaders().getFirst(AUTHORIZATION); + if (authorization != null && !authorization.trim().isEmpty() && authorization.startsWith("Basic")) { + if (!authorization.equals(basicAuthorization)) { + throw new AuditException(Status.UNAUTHORIZED, AuditError.MISMATCH); + }; + } else { + throw new AuditException(Status.UNAUTHORIZED, AuditError.MISSING_AUTHORIZATION_HEADER); + } + } public static void validateHeader(HttpHeaders headers) throws AuditException { String fromAppId = null; -- cgit 1.2.3-korg