summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2019-09-16 09:22:24 -0500
committerInstrumental <jonathan.gathman@att.com>2019-09-16 16:16:51 -0500
commit07fb3ece74a9aa1fad8e2a9fab73b4de3e36853b (patch)
tree058001a686d135d76713b22db74e817f2084622a /auth
parent7afca63faf20cf6ee680f80e08d4cfebecbab9c8 (diff)
Improved multi Proxy DNSLocator based
Issue-ID: AAF-961 Change-Id: I21d4a8013ca6f65306e32c5a2e2fa4ba230df2b7 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java31
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java32
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java6
10 files changed, 62 insertions, 21 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
index d3209a02..b5d25a43 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
@@ -20,7 +20,6 @@
*/
package org.onap.aaf.auth.batch.helpers;
-import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@@ -34,7 +33,6 @@ import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.Hash;
-import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.env.util.Chrono;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
index 3e7b30b2..38a76477 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
@@ -3,7 +3,6 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,7 +20,6 @@
package org.onap.aaf.auth.batch.helpers;
-@FunctionalInterface
public interface Visitor<T> {
void visit(T t);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
index ea196b1f..b2fd8a9a 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -3,7 +3,6 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -64,6 +63,13 @@ public class ApprovedRpt extends Batch {
TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
try {
+// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+// try {
+// session = cluster.connect();
+// } finally {
+// tt.done();
+// }
+
now = new Date();
String sdate = Chrono.dateOnlyStamp(now);
File file = new File(logDir(),APPR_RPT + sdate +CSV);
@@ -84,6 +90,29 @@ public class ApprovedRpt extends Batch {
Map<String,Boolean> checked = new TreeMap<String, Boolean>();
final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
+// ResultSet results;
+// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
+// results = session.execute(stmt);
+// Iterator<Row> iter = results.iterator();
+// Row row;
+ /*
+ * while (iter.hasNext()) {
+ ++totalLoaded;
+ row = iter.next();
+ d = row.getTimestamp(0);
+ if(d.after(begin)) {
+ approvedW.row("aprvd",
+ Chrono.dateOnlyStamp(d),
+ row.getString(1),
+ row.getString(2),
+ row.getString(3),
+ row.getString(4),
+ row.getString(5)
+ );
+ }
+ }
+
+ */
int totalLoaded = 0;
Date d;
GregorianCalendar gc = new GregorianCalendar();
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
index 8eaf6a86..7001c024 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
@@ -22,7 +22,7 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-
+import java.io.IOException;
import java.util.GregorianCalendar;
import java.util.List;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
index 417d4be4..8747ebf8 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
@@ -26,7 +26,7 @@ import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class OneMonthNotifyCredBody extends NotifyCredBody {
- public OneMonthNotifyCredBody(Access access){
+ public OneMonthNotifyCredBody(Access access) throws IOException {
super(access, ExpireRange.ONE_MONTH);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
index dae48d85..a1277d55 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
@@ -26,7 +26,7 @@ import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class OneWeekNotifyCredBody extends NotifyCredBody {
- public OneWeekNotifyCredBody(Access access){
+ public OneWeekNotifyCredBody(Access access) throws IOException {
super(access, ExpireRange.ONE_WEEK);
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1b20b900..c7ee5938 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -26,12 +26,13 @@ import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
-import java.util.Collections;
+import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.TreeMap;
import java.util.TreeSet;
import org.onap.aaf.auth.common.Define;
@@ -496,6 +497,7 @@ public class Question {
Result<List<NsDAO.Data>> rld = nsDAO.read(trans, lookup);
if (rld.isOKhasData()) {
nsd=rld.value.get(0);
+ lookup = nsd.parent;
if (type.type == nsd.type) {
return Result.ok(nsd);
} else {
@@ -898,18 +900,28 @@ public class Question {
}
} else {
Date now = new Date();
- // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
- List<CredDAO.Data> cddl;
+ // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
+ // 9/14/2019. Use TreeSet for sorting, and using only the LAST of a Tagged entry
+ Collection<CredDAO.Data> cddl;
if (result.value.size() > 1) {
- cddl = new ArrayList<>(result.value.size());
- for (CredDAO.Data old : result.value) {
- if (old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) {
- cddl.add(old);
+ Map<String,CredDAO.Data> mcdd = new TreeMap<>();
+ CredDAO.Data cdd;
+ String tag;
+ int pseudoTag = 0;
+ for (CredDAO.Data rcdd : result.value) {
+ if (rcdd.type==CredDAO.BASIC_AUTH || rcdd.type==CredDAO.BASIC_AUTH_SHA256) {
+ if(rcdd.tag==null) {
+ mcdd.put(Integer.toString(++pseudoTag),rcdd);
+ } else {
+ tag = rcdd.tag;
+ cdd = mcdd.get(tag);
+ if(cdd==null || cdd.expires.before(rcdd.expires)) {
+ mcdd.put(tag,rcdd);
+ }
+ }
}
}
- if (cddl.size()>1) {
- Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires));
- }
+ cddl = mcdd.values();
} else {
cddl = result.value;
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 4788ee45..aa145f1c 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -367,7 +367,7 @@ public class CMService {
for(Iterator<? extends Certificate> iter = certs.iterator(); iter.hasNext();) {
X509Certificate x509 = (X509Certificate)iter.next();
if(x509.getNotAfter().after(now) && x509.getSubjectDN().getName().contains(cn)) {
- if(++count>MAX_X509s) {
+ if(++count>max_509s) {
break;
}
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
index e4420ab1..bd9f8875 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
@@ -167,6 +167,8 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> {
// }
sb.append(",ms=");
sb.append(m.total);
+ sb.append(",status=");
+ sb.append(trans.hresp().getStatus());
sb.append(",meth=");
sb.append(trans.meth());
sb.append(",path=");
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index f7c38681..fbc1baa2 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -143,14 +143,16 @@ public class API_Creds {
AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+ // will be a valid Entity. Do we need to add permission
+ //if(trans.fish("ns","password","request")) or the like
Result<Date> r = context.doesCredentialMatch(trans, req, resp);
if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
// Can't do "401", because that is on the call itself
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ // 403 Implies you MAY NOT Ask.
+ resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
}
}
});