aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/music/authentication/CachingUtil.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/music/authentication/CachingUtil.java')
-rwxr-xr-xsrc/main/java/org/onap/music/authentication/CachingUtil.java445
1 files changed, 0 insertions, 445 deletions
diff --git a/src/main/java/org/onap/music/authentication/CachingUtil.java b/src/main/java/org/onap/music/authentication/CachingUtil.java
deleted file mode 100755
index 5c379c6e..00000000
--- a/src/main/java/org/onap/music/authentication/CachingUtil.java
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * ============LICENSE_START==========================================
- * org.onap.music
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property
- * ===================================================================
- * Modifications Copyright (c) 2018 IBM
- * Modifications Copyright (c) 2019 Samsung
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END=============================================
- * ====================================================================
- */
-
-package org.onap.music.authentication;
-
-import java.util.Calendar;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import javax.ws.rs.core.MediaType;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.jcs.JCS;
-import org.apache.commons.jcs.access.CacheAccess;
-import org.mindrot.jbcrypt.BCrypt;
-import org.onap.music.authentication.MusicAuthenticator.Operation;
-import org.onap.music.datastore.PreparedQueryObject;
-import org.onap.music.eelf.logging.EELFLoggerDelegate;
-import org.onap.music.eelf.logging.format.AppMessages;
-import org.onap.music.eelf.logging.format.ErrorSeverity;
-import org.onap.music.eelf.logging.format.ErrorTypes;
-import org.onap.music.exceptions.MusicServiceException;
-import org.onap.music.main.MusicCore;
-import org.onap.music.main.MusicUtil;
-import com.datastax.driver.core.DataType;
-import com.datastax.driver.core.PreparedStatement;
-import com.datastax.driver.core.ResultSet;
-import com.datastax.driver.core.Row;
-import com.datastax.driver.core.exceptions.InvalidQueryException;
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.WebResource;
-
-/**
- * All Caching related logic is handled by this class and a schedule cron runs to update cache.
- *
- * @author Vikram
- *
- */
-public class CachingUtil implements Runnable {
-
- private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(CachingUtil.class);
-
- /** keyspace & ns */
- private static CacheAccess<String, String> musicCache = JCS.getInstance("musicCache");
- /** cache to hold isaaf application */
- private static CacheAccess<String, String> appNameCache = JCS.getInstance("appNameCache");
- /** hold user creds for namespace */
- private static CacheAccess<String, Map<String, String>> musicValidateCache = JCS.getInstance("musicValidateCache");
- private static Map<String, Number> userAttempts = new HashMap<>();
- private static Map<String, Calendar> lastFailedTime = new HashMap<>();
- private static CacheAccess<String, String> adminUserCache = JCS.getInstance("adminUserCache");
-
- public static CacheAccess<String, String> getAdminUserCache() {
- return adminUserCache;
- }
-
- public static void updateAdminUserCache(String authorization,String userId) {
- adminUserCache.put(authorization,userId);
- }
-
- private static final String USERNAME="username";
- private static final String PASSWORD="password";
-
-
- public void initializeAafCache() throws MusicServiceException {
- logger.info(EELFLoggerDelegate.applicationLogger,"Resetting and initializing AAF Cache...");
-
- String query = "SELECT uuid, application_name, keyspace_name, username, password FROM admin.keyspace_master WHERE is_api = ? allow filtering";
- PreparedQueryObject pQuery = new PreparedQueryObject();
- pQuery.appendQueryString(query);
- try {
- pQuery.addValue(MusicUtil.convertToActualDataType(DataType.cboolean(), false));
- } catch (Exception e1) {
- logger.error(EELFLoggerDelegate.errorLogger, e1.getMessage(),AppMessages.CACHEERROR, ErrorSeverity.CRITICAL, ErrorTypes.GENERALSERVICEERROR);
- }
- ResultSet rs = MusicCore.get(pQuery);
- Iterator<Row> it = rs.iterator();
- Map<String, String> map = null;
- while (it.hasNext()) {
- Row row = it.next();
- String nameSpace = row.getString("keyspace_name");
- String userId = row.getString(USERNAME);
- String password = row.getString(PASSWORD);
- String keySpace = row.getString("application_name");
- try {
- userAttempts.put(nameSpace, 0);
- boolean responseObj = triggerAAF(nameSpace, userId, password);
- if (responseObj) {
- map = new HashMap<>();
- map.put(userId, password);
- musicValidateCache.put(nameSpace, map);
- musicCache.put(keySpace, nameSpace);
- logger.debug("Cronjob: Cache Updated with AAF response for namespace "
- + nameSpace);
- }
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, e.getMessage(),AppMessages.UNKNOWNERROR, ErrorSeverity.INFO, ErrorTypes.GENERALSERVICEERROR);
- logger.error(EELFLoggerDelegate.errorLogger, e.getMessage(),"Something at AAF was changed for ns: " + nameSpace+" So not updating Cache for the namespace. ");
- }
- }
-
- }
-
- @Override
- public void run() {
- logger.info(EELFLoggerDelegate.applicationLogger,"Scheduled task invoked. Refreshing Cache...");
- try {
- initializeAafCache();
- } catch (MusicServiceException e) {
- logger.error(EELFLoggerDelegate.errorLogger, e.getMessage(),AppMessages.UNKNOWNERROR, ErrorSeverity.INFO, ErrorTypes.GENERALSERVICEERROR);
- }
- }
-
- public static boolean authenticateAAFUser(String nameSpace, String userId, String password,
- String keySpace) throws Exception {
-
- if (musicValidateCache.get(nameSpace) != null && musicCache.get(keySpace)!=null) {
- if (keySpace != null && !musicCache.get(keySpace).equals(nameSpace)) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Create new application for the same namespace.");
- } else if (musicValidateCache.get(nameSpace).get(userId).equals(password)) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Authenticated with cache value..");
- // reset invalid attempts to 0
- userAttempts.put(nameSpace, 0);
- return true;
- } else {
- // call AAF update cache with new password
- if (userAttempts.get(nameSpace) == null)
- userAttempts.put(nameSpace, 0);
- if ((Integer) userAttempts.get(nameSpace) >= 3) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Reached max attempts. Checking if time out..");
- logger.info(EELFLoggerDelegate.applicationLogger,"Failed time: "+lastFailedTime.get(nameSpace).getTime());
- Calendar calendar = Calendar.getInstance();
- long delayTime = (calendar.getTimeInMillis()-lastFailedTime.get(nameSpace).getTimeInMillis());
- logger.info(EELFLoggerDelegate.applicationLogger,"Delayed time: "+delayTime);
- if( delayTime > 120000) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Resetting failed attempt.");
- userAttempts.put(nameSpace, 0);
- } else {
- logger.info(EELFLoggerDelegate.applicationLogger,"No more attempts allowed. Please wait for atleast 2 min.");
- throw new Exception("No more attempts allowed. Please wait for atleast 2 min.");
- }
- }
- logger.error(EELFLoggerDelegate.errorLogger,"",AppMessages.CACHEAUTHENTICATION,ErrorSeverity.WARN, ErrorTypes.GENERALSERVICEERROR);
- logger.info(EELFLoggerDelegate.applicationLogger,"Check AAF again...");
- }
- }
-
- boolean responseObj = false;
- try {
- responseObj = triggerAAF(nameSpace, userId, password);
- }catch (Exception ex) {
- logger.info("Exception while trigger aaf");
- logger.info("Exception: " + ex.getMessage());
- throw new Exception("Exception raised while triggering AAF authentication" +ex.getMessage());
- }
- if (responseObj) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Valid user. Cache is updated for "+nameSpace);
- Map<String, String> map = new HashMap<>();
- map.put(userId, password);
- musicValidateCache.put(nameSpace, map);
- musicCache.put(keySpace, nameSpace);
- return true;
- }
- logger.info(EELFLoggerDelegate.applicationLogger,"Invalid user. Cache not updated");
- return false;
- }
-
- private static boolean triggerAAF(String nameSpace, String userId, String password)
- throws Exception {
- logger.info(EELFLoggerDelegate.applicationLogger,"Inside AAF authorization");
- if (MusicUtil.getAafEndpointUrl() == null) {
- logger.error(EELFLoggerDelegate.errorLogger,"AAF endpoint is not set. Please specify in the properties file.",AppMessages.UNKNOWNERROR,ErrorSeverity.WARN, ErrorTypes.GENERALSERVICEERROR);
- throw new Exception("AAF endpoint is not set. Please specify in the properties file.");
- }
- Client client = Client.create();
- // WebResource webResource =
- // client.resource("https://aaftest.test.att.com:8095/proxy/authz/nss/"+nameSpace);
- WebResource webResource = client.resource(MusicUtil.getAafEndpointUrl().concat(nameSpace));
- String plainCreds = userId + ":" + password;
- byte[] plainCredsBytes = plainCreds.getBytes();
- byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
- String base64Creds = new String(base64CredsBytes);
-
- ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON)
- .header("Authorization", "Basic " + base64Creds)
- .header("content-type", "application/json").get(ClientResponse.class);
- logger.info(EELFLoggerDelegate.applicationLogger, "aaf response: "+response.toString());
- if (response.getStatus() != 200) {
- if (userAttempts.get(nameSpace) == null)
- userAttempts.put(nameSpace, 0);
- if ((Integer) userAttempts.get(nameSpace) >= 2) {
- lastFailedTime.put(nameSpace, Calendar.getInstance());
- userAttempts.put(nameSpace, ((Integer) userAttempts.get(nameSpace) + 1));
- throw new Exception(
- "Reached max invalid attempts. Please contact admin and retry with valid credentials.");
- }
- userAttempts.put(nameSpace, ((Integer) userAttempts.get(nameSpace) + 1));
- throw new Exception(
- "Unable to authenticate. Please check the AAF credentials against namespace.");
- // TODO Allow for 2-3 times and forbid any attempt to trigger AAF with invalid values
- // for specific time.
- }
- /*response.getHeaders().put(HttpHeaders.CONTENT_TYPE,
- Arrays.asList(MediaType.APPLICATION_JSON));
- // AAFResponse output = response.getEntity(AAFResponse.class);
- response.bufferEntity();
- String x = response.getEntity(String.class);
- AAFResponse responseObj = new ObjectMapper().readValue(x, AAFResponse.class);*/
-
- return true;
- }
-
- public static void updateMusicCache(String keyspace, String nameSpace) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Updating musicCache for keyspace " + keyspace + " with nameSpace " + nameSpace);
- musicCache.put(keyspace, nameSpace);
- }
-
- public static void updateCadiCache(String user, String keyspace) {
- musicCache.put(user, keyspace);
- }
-
- public static String getKSFromCadiCache(String user) {
- return musicCache.get(user);
- }
-
- public static void updateMusicValidateCache(String nameSpace, String userId, String password) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Updating musicCache for nameSpacce " + nameSpace + " with userId " + userId);
- Map<String, String> map = new HashMap<>();
- map.put(userId, password);
- musicValidateCache.put(nameSpace, map);
- }
-
- public static void updateisAAFCache(String namespace, String isAAF) {
- appNameCache.put(namespace, isAAF);
- }
-
- public static String isAAFApplication(String namespace) throws MusicServiceException {
- String isAAF = appNameCache.get(namespace);
- if (isAAF == null) {
- PreparedQueryObject pQuery = new PreparedQueryObject();
- pQuery.appendQueryString(
- "SELECT is_aaf from admin.keyspace_master where application_name = '"
- + namespace + "' allow filtering");
- Row rs = null;
- try {
- rs = MusicCore.get(pQuery).one();
- } catch(InvalidQueryException e) {
- logger.error(EELFLoggerDelegate.errorLogger,"Exception admin keyspace not configured."+e.getMessage());
- throw new MusicServiceException("Please make sure admin.keyspace_master table is configured.");
- }
- try {
- isAAF = String.valueOf(rs.getBool("is_aaf"));
- if(isAAF != null)
- appNameCache.put(namespace, isAAF);
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, e.getMessage(), AppMessages.QUERYERROR,ErrorSeverity.ERROR, ErrorTypes.QUERYERROR);
- }
- }
- return isAAF;
- }
-
- public static String getUuidFromMusicCache(String keyspace) throws MusicServiceException {
- String uuid = null;
- if (uuid == null) {
- PreparedQueryObject pQuery = new PreparedQueryObject();
- pQuery.appendQueryString(
- "SELECT uuid from admin.keyspace_master where keyspace_name = '"
- + keyspace + "' allow filtering");
- Row rs = MusicCore.get(pQuery).one();
- try {
- uuid = rs.getUUID("uuid").toString();
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger,"Exception occurred during uuid retrieval from DB."+e.getMessage());
- }
- }
- return uuid;
- }
-
- public static String getAppName(String keyspace) throws MusicServiceException {
- String appName = null;
- PreparedQueryObject pQuery = new PreparedQueryObject();
- pQuery.appendQueryString(
- "SELECT application_name from admin.keyspace_master where keyspace_name = '"
- + keyspace + "' allow filtering");
- Row rs = MusicCore.get(pQuery).one();
- try {
- appName = rs.getString("application_name");
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, e.getMessage(), AppMessages.QUERYERROR, ErrorSeverity.ERROR, ErrorTypes.QUERYERROR);
- }
- return appName;
- }
-
- @Deprecated
- public static Map<String, Object> validateRequest(String nameSpace, String userId,
- String password, String keyspace, String aid, String operation) {
- Map<String, Object> resultMap = new HashMap<>();
- if (!"createKeySpace".equals(operation)) {
- if (nameSpace == null) {
- resultMap.put("Exception", "Application namespace is mandatory.");
- }
- }
- return resultMap;
- }
-
- public static Map<String, Object> validateRequest(String nameSpace, String userId,
- String password, String keyspace, String aid, Operation operation) {
- Map<String, Object> resultMap = new HashMap<>();
- if (Operation.CREATE_KEYSPACE!=operation) {
- if (nameSpace == null) {
- resultMap.put("Exception", "Application namespace is mandatory.");
- }
- }
- return resultMap;
- }
-
- public static Map<String, Object> verifyOnboarding(String ns, String userId, String password) {
- Map<String, Object> resultMap = new HashMap<>();
- if (ns == null || userId == null || password == null) {
- logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
- logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: "+userId+" :: password: "+password);
- resultMap.put("Exception",
- "One or more required headers appName(ns), userId, password is missing. Please check.");
- return resultMap;
- }
- PreparedQueryObject queryObject = new PreparedQueryObject();
- queryObject.appendQueryString(
- "select * from admin.keyspace_master where application_name = ? allow filtering");
- try {
- queryObject.addValue(MusicUtil.convertToActualDataType(DataType.text(), ns));
- } catch(Exception e) {
- resultMap.put("Exception",
- "Unable to process input data. Invalid input data type. Please check ns, userId and password values. "+e.getMessage());
- return resultMap;
- }
- Row rs = null;
- try {
- rs = MusicCore.get(queryObject).one();
- } catch (MusicServiceException e) {
- String errorMsg = "Unable to process operation. Error is "+e.getMessage();
- logger.error(EELFLoggerDelegate.errorLogger, errorMsg);
- resultMap.put("Exception", errorMsg);
- return resultMap;
- } catch (InvalidQueryException e) {
- logger.error(EELFLoggerDelegate.errorLogger,"Exception admin keyspace not configured."+e.getMessage());
- resultMap.put("Exception", "Please make sure admin.keyspace_master table is configured.");
- return resultMap;
- }
- if (rs == null) {
- logger.error(EELFLoggerDelegate.errorLogger,"Application is not onboarded. Please contact admin.");
- resultMap.put("Exception", "Application is not onboarded. Please contact admin.");
- } else {
- if(!(rs.getString(USERNAME).equals(userId)) || !(BCrypt.checkpw(password, rs.getString(PASSWORD)))) {
- logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.AUTHENTICATIONERROR, ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
- logger.error(EELFLoggerDelegate.errorLogger,"Namespace, UserId and password doesn't match. namespace: "+ns+" and userId: "+userId);
- resultMap.put("Exception", "Namespace, UserId and password doesn't match. namespace: "+ns+" and userId: "+userId);
- return resultMap;
- }
- }
- return resultMap;
- }
-
- public static Map<String, Object> authenticateAIDUser(String nameSpace, String userId, String password,
- String keyspace) {
- Map<String, Object> resultMap = new HashMap<>();
- String pwd = null;
- if((musicCache.get(keyspace) != null) && (musicValidateCache.get(nameSpace) != null)
- && (musicValidateCache.get(nameSpace).containsKey(userId))) {
- if(!musicCache.get(keyspace).equals(nameSpace)) {
- resultMap.put("Exception", "Namespace and keyspace doesn't match");
- return resultMap;
- }
- if(!BCrypt.checkpw(password,musicValidateCache.get(nameSpace).get(userId))) {
- resultMap.put("Exception", "Namespace, userId and password doesn't match");
- return resultMap;
- }
- return resultMap;
- }
- PreparedQueryObject queryObject = new PreparedQueryObject();
- queryObject.appendQueryString(
- "select * from admin.keyspace_master where keyspace_name = ? allow filtering");
- try {
- queryObject.addValue(MusicUtil.convertToActualDataType(DataType.text(), keyspace));
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger,"Adding value to query object failed: " + e.getMessage());
- }
- Row rs = null;
- try {
- rs = MusicCore.get(queryObject).one();
- } catch (MusicServiceException e) {
- String errMsg = "Unable to process operation. Error is "+e.getMessage();
- logger.error(EELFLoggerDelegate.errorLogger, errMsg);
- resultMap.put("Exception", errMsg);
- return resultMap;
- }
- if(rs == null) {
- resultMap.put("Exception", "Please make sure keyspace:"+keyspace+" exists.");
- return resultMap;
- }
- else {
- String user = rs.getString(USERNAME);
- pwd = rs.getString(PASSWORD);
- String ns = rs.getString("application_name");
- if(!ns.equals(nameSpace)) {
- resultMap.put("Exception", "Namespace and keyspace doesn't match");
- return resultMap;
- }
- if(!user.equals(userId)) {
- resultMap.put("Exception", "Invalid userId :"+userId);
- return resultMap;
- }
- if(!BCrypt.checkpw(password, pwd)) {
- resultMap.put("Exception", "Invalid password");
- return resultMap;
- }
- }
- CachingUtil.updateMusicCache(keyspace, nameSpace);
- CachingUtil.updateMusicValidateCache(nameSpace, userId, pwd);
- return resultMap;
- }
-}