aboutsummaryrefslogtreecommitdiffstats
path: root/PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java
diff options
context:
space:
mode:
Diffstat (limited to 'PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java')
-rw-r--r--PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java232
1 files changed, 232 insertions, 0 deletions
diff --git a/PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java b/PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java
new file mode 100644
index 000000000..c7deac910
--- /dev/null
+++ b/PyPDPServer/src/main/java/org/openecomp/policy/pypdp/authorization/AuthenticationService.java
@@ -0,0 +1,232 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ECOMP Policy Engine
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.policy.pypdp.authorization;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Properties;
+import java.util.StringTokenizer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.openecomp.policy.common.logging.eelf.MessageCodes;
+import org.openecomp.policy.common.logging.eelf.PolicyLogger;
+
+import org.openecomp.policy.xacml.api.XACMLErrorConstants;
+
+public class AuthenticationService {
+ private String pyPDPID = Config.getPYPDPID();
+ private String pyPDPPass = Config.getPYPDPPass();
+ private static Path clientPath = null;
+ private static HashMap<String, ArrayList<String>> clientMap = null;
+ private static Long oldModified = null;
+ private static Long newModified = null;
+ private static final Log logger = LogFactory.getLog(AuthenticationService.class);
+
+ public boolean authenticate(String authCredentials) {
+
+ if (null == authCredentials)
+ return false;
+ // header value format will be "Basic encodedstring" for Basic authentication.
+ final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
+ String usernameAndPassword = null;
+ try {
+ byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ } catch (Exception e) {
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "");
+ return false;
+ }
+ try {
+ final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ final String username = tokenizer.nextToken();
+ final String password = tokenizer.nextToken();
+
+ boolean authenticationStatus = pyPDPID.equals(username) && pyPDPPass.equals(password);
+ return authenticationStatus;
+ } catch (Exception e){
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "");
+ return false;
+ }
+ }
+
+ public static boolean clientAuth(String clientCredentials) {
+ if(clientCredentials == null){
+ return false;
+ }
+ // Decode the encoded Client Credentials.
+ String usernameAndPassword = null;
+ try {
+ byte[] decodedBytes = Base64.getDecoder().decode(clientCredentials);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ } catch (Exception e) {
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "");
+ return false;
+ }
+ try {
+ final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ final String username = tokenizer.nextToken();
+ final String password = tokenizer.nextToken();
+ return checkClient(username,password);
+ } catch(Exception e){
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "");
+ return false;
+ }
+ }
+
+ public static boolean checkClientScope(String clientCredentials, String scope) {
+ if(clientCredentials == null){
+ return false;
+ }
+ // Decode the encoded Client Credentials.
+ String usernameAndPassword = null;
+ try {
+ byte[] decodedBytes = Base64.getDecoder().decode(clientCredentials);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ } catch (Exception e) {
+ logger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "");
+ return false;
+ }
+ final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ final String username = tokenizer.nextToken();
+ // Read the properties and compare.
+ try{
+ readFile();
+ }catch(Exception e){
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "");
+ return false;
+ }
+ // Check ID, Scope
+ if (clientMap.containsKey(username) && (clientMap.get(username).get(1).equals(scope) || clientMap.get(username).get(1).equals("MASTER"))) {
+ return true;
+ }
+ return false;
+ }
+
+ private static boolean checkClient(String username, String password) {
+ // Read the properties and compare.
+ try{
+ readFile();
+ }catch(Exception e){
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "");
+ return false;
+ }
+ // Check ID, Key
+ if (clientMap.containsKey(username) && clientMap.get(username).get(0).equals(password)) {
+ return true;
+ }
+ return false;
+ }
+
+ private static void readFile() throws Exception {
+ String clientFile = Config.getClientFile();
+ if (clientFile == null) {
+ Config.setProperty();
+ if(clientFile == null){
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Missing CLIENT_FILE property value: " + clientFile);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "Missing CLIENT_FILE property value: " + clientFile);
+ throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Missing CLIENT_FILE property value: " + clientFile);
+ }
+ }
+ if (clientPath == null) {
+ clientPath = Paths.get(clientFile);
+ if (Files.notExists(clientPath)) {
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "File doesn't exist in the specified Path : " + clientPath.toString());
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "File doesn't exist in the specified Path : " + clientPath.toString());
+ throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"File doesn't exist in the specified Path : "+ clientPath.toString());
+ }
+ if (clientPath.toString().endsWith(".properties")) {
+ readProps();
+ } else {
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Not a .properties file " + clientFile);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, "Not a .properties file " + clientFile);
+ throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Not a .properties file " + clientFile);
+ }
+ }
+ // Check if File is updated recently
+ else {
+ newModified = clientPath.toFile().lastModified();
+ if (newModified != oldModified) {
+ // File has been updated.
+ readProps();
+ }
+ }
+ }
+
+ private static void readProps() throws Exception{
+ InputStream in;
+ Properties clientProp = new Properties();
+ try {
+ in = new FileInputStream(clientPath.toFile());
+ oldModified = clientPath.toFile().lastModified();
+ clientProp.load(in);
+ } catch (IOException e) {
+ logger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
+ // TODO:EELF Cleanup - Remove logger
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "");
+ throw new Exception(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
+
+ }
+ // Read the Properties and Load the PDPs and encoding.
+ clientMap = new HashMap<String, ArrayList<String>>();
+ //
+ for (Object propKey : clientProp.keySet()) {
+ String clientID = (String)propKey;
+ String clientValue = clientProp.getProperty(clientID);
+ if (clientValue != null) {
+ if (clientValue.contains(",")) {
+ ArrayList<String> clientValues = new ArrayList<String>(Arrays.asList(clientValue.split("\\s*,\\s*")));
+ if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
+ clientMap.put(clientID, clientValues);
+ }
+ }
+ }
+ }
+ if (clientMap == null || clientMap.isEmpty()) {
+ logger.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
+ }
+ }
+}