From 4d6e2a982cc0ee48aca9d8531424d795e44842c9 Mon Sep 17 00:00:00 2001
From: "Tschaen, Brendan" <ctschaen@att.com>
Date: Thu, 28 Feb 2019 13:57:51 -0500
Subject: Complete new authentication across REST APIs

Change-Id: I0d8ae84bdebbad986d557f722047318d5b72b591
Issue-ID: MUSIC-345
Signed-off-by: Tschaen, Brendan <ctschaen@att.com>
---
 .../authentication/MusicAAFAuthentication.java     | 183 +++++++++++++++++++++
 1 file changed, 183 insertions(+)
 create mode 100644 src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java

(limited to 'src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java')

diff --git a/src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java b/src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java
new file mode 100644
index 00000000..2d0d4e59
--- /dev/null
+++ b/src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java
@@ -0,0 +1,183 @@
+/*
+ * ============LICENSE_START==========================================
+ * org.onap.music
+ * ===================================================================
+ *  Copyright (c) 2017 AT&T Intellectual Property
+ * ===================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ * ============LICENSE_END=============================================
+ * ====================================================================
+ */
+
+package org.onap.music.authentication;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.ws.rs.core.MediaType;
+
+import org.apache.commons.jcs.access.CacheAccess;
+import org.onap.music.datastore.PreparedQueryObject;
+import org.onap.music.eelf.logging.EELFLoggerDelegate;
+import org.onap.music.eelf.logging.format.AppMessages;
+import org.onap.music.eelf.logging.format.ErrorSeverity;
+import org.onap.music.eelf.logging.format.ErrorTypes;
+import org.onap.music.exceptions.MusicServiceException;
+import org.onap.music.authentication.MusicAuthenticator.Operation;
+import org.onap.music.main.MusicCore;
+import org.onap.music.main.MusicUtil;
+
+import com.datastax.driver.core.DataType;
+import com.datastax.driver.core.Row;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+
+public class MusicAAFAuthentication implements MusicAuthenticator {
+    
+     private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicAAFAuthentication.class);
+    
+    @Override
+    public boolean authenticateAdmin(String authorization) {
+        logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: ");
+        String userId = MusicUtil.extractBasicAuthentication(authorization).get(MusicUtil.USERID);
+        if(MusicUtil.getIsCadi()) {
+            CachingUtil.updateAdminUserCache(authorization, userId);
+            return true;
+        }
+        CacheAccess<String, String> adminCache = CachingUtil.getAdminUserCache();
+        if (authorization == null) {
+            logger.error(EELFLoggerDelegate.errorLogger, "Authorization cannot be empty...");
+            return false;
+        }
+        if (adminCache.get(authorization) != null && adminCache.get(authorization).equals(userId)) {
+            logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: Validated against admincache.. ");
+            return true;
+        }
+        else {
+            Client client = Client.create();
+            String aafUrl = MusicUtil.getAafAdminUrl();
+            if (aafUrl==null) {
+                logger.error(EELFLoggerDelegate.errorLogger, "Admin url is not set, please set in properties");
+                return false;
+            }
+            
+            WebResource webResource = client.resource(
+                    MusicUtil.getAafAdminUrl().concat(userId).concat("/").concat(MusicUtil.getAdminAafRole()));
+
+            ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON)
+                    .header("Authorization", authorization).get(ClientResponse.class);
+            if (response.getStatus() == 200) {
+                CachingUtil.updateAdminUserCache(authorization, userId);
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public boolean authenticateUser(String namespace, String authorization, String keyspace,
+            String aid, Operation operation) {
+        logger.info(EELFLoggerDelegate.applicationLogger,"Inside User Authentication.......");
+        Map<String,String> userCredentials = MusicUtil.extractBasicAuthentication(authorization);
+        String userId = userCredentials.get(MusicUtil.USERID);
+        String password = userCredentials.get(MusicUtil.PASSWORD);
+
+        Map<String, Object> resultMap = new HashMap<>();
+        String uuid = null;
+        if(! MusicUtil.getIsCadi()) {
+            resultMap = CachingUtil.validateRequest(namespace, userId, password, keyspace, aid,
+                            operation);
+            if (!resultMap.isEmpty())
+                return false;
+            String isAAFApp = null;
+            try {
+                isAAFApp= CachingUtil.isAAFApplication(namespace);
+            } catch(MusicServiceException e) {
+                logger.error(e.getErrorMessage(), e);
+               resultMap.put("Exception", e.getMessage());
+               return false;
+            }
+            if(isAAFApp == null) {
+                resultMap.put("Exception", "Namespace: "+namespace+" doesn't exist. Please make sure ns(appName)"
+                        + " is correct and Application is onboarded.");
+                return false;
+            }
+            boolean isAAF = Boolean.parseBoolean(isAAFApp);
+            if (userId == null || password == null) {
+                logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO  ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
+                logger.error(EELFLoggerDelegate.errorLogger,"UserId/Password or more required headers is missing.");
+                resultMap.put("Exception",
+                                "UserId and Password are mandatory for the operation " + operation);
+                return false;
+            }
+            if(!isAAF && !(operation==Operation.CREATE_KEYSPACE)) {
+                resultMap = CachingUtil.authenticateAIDUser(namespace, userId, password, keyspace);
+                if (!resultMap.isEmpty())
+                    return false;
+    
+            }
+            if (isAAF && namespace != null && userId != null && password != null) {
+                boolean isValid = true;
+                try {
+                     isValid = CachingUtil.authenticateAAFUser(namespace, userId, password, keyspace);
+                } catch (Exception e) {
+                    logger.error(EELFLoggerDelegate.errorLogger,"Error while aaf authentication for user:" + userId);
+                    logger.error(EELFLoggerDelegate.errorLogger,"Error: "+ e.getMessage());
+                    logger.error(EELFLoggerDelegate.errorLogger,e.getMessage(), AppMessages.AUTHENTICATIONERROR  ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
+                    logger.error(EELFLoggerDelegate.errorLogger,"Got exception while AAF authentication for namespace " + namespace);
+                    resultMap.put("Exception", e.getMessage());
+                }
+                if (!isValid) {
+                    logger.error(EELFLoggerDelegate.errorLogger,"User not authenticated...", AppMessages.MISSINGINFO  ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
+                    resultMap.put("Exception", "User not authenticated...");
+                }
+                if (!resultMap.isEmpty())
+                    return false;
+    
+            }
+        } else {
+            
+            String cachedKS = CachingUtil.getKSFromCadiCache(userId);
+            if(cachedKS != null && !cachedKS.equals(keyspace)) {
+                resultMap.put("Exception", "User not authenticated to access this keyspace...");
+                return false;
+            }
+        }
+        
+        if (operation==Operation.CREATE_KEYSPACE) {
+            try {
+                logger.info(EELFLoggerDelegate.applicationLogger,"AID is not provided. Creating new UUID for keyspace.");
+                PreparedQueryObject pQuery = new PreparedQueryObject();
+                pQuery.appendQueryString(
+                                "select uuid from admin.keyspace_master where application_name=? and username=? and keyspace_name=? allow filtering");
+                pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), namespace));
+                pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), userId));
+                pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(),
+                                MusicUtil.DEFAULTKEYSPACENAME));
+                Row rs = MusicCore.get(pQuery).one();
+                uuid = rs.getUUID("uuid").toString();
+                resultMap.put("uuid", "existing");
+            } catch (Exception e) {
+                logger.error(EELFLoggerDelegate.applicationLogger,"No UUID found in DB. So creating new UUID.");
+                uuid = MusicUtil.generateUUID();
+                resultMap.put("uuid", "new");
+            }
+            resultMap.put("aid", uuid);
+            CachingUtil.updateCadiCache(userId, keyspace);
+        }
+        return true;
+    }
+    
+}
-- 
cgit 1.2.3-korg