diff options
author | Instrumental <jonathan.gathman@att.com> | 2019-10-15 08:19:50 -0500 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2019-10-15 08:35:35 -0500 |
commit | 1296352d8eafee57f982a4342ad79ada4aa56d28 (patch) | |
tree | 355cdb89d85530a861319f892b0f24236e6adc50 /cadi/core/src/main | |
parent | bdce7667a6e272e2fa32e298d957a0d9090c5bc9 (diff) |
Sonar Fixes, Formatting
Issue-ID: AAF-1019
Change-Id: Ica49d9e7323aad9622ff9d95cc21b87430c22c54
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'cadi/core/src/main')
105 files changed, 1119 insertions, 1119 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AES.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AES.java index 4ec51682..d32df881 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/AES.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AES.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,14 +47,14 @@ import org.onap.aaf.cadi.util.Chmod; * AES Class wraps Cipher AES, 128 * NOTE: While not explicitly stated in JavaDocs, Ciphers AND SecretKeySpecs are NOT ThreadSafe * Ciphers take time to create, therefore, we have pooled them. - * + * * @author Jonathan * */ public class AES implements Encryption { public static final String AES = AES.class.getSimpleName(); public static final int AES_KEY_SIZE = 128; // 256 isn't supported on all JDKs. - + private SecretKeySpec aeskeySpec; public static SecretKey newKey() throws NoSuchAlgorithmException { @@ -66,7 +66,7 @@ public class AES implements Encryption { public AES(byte[] aeskey, int offset, int len){ aeskeySpec = new SecretKeySpec(aeskey,offset,len,AES); } - + public byte[] encrypt(byte[] in) throws CadiException { try { Cipher c = Cipher.getInstance(AES); @@ -76,17 +76,17 @@ public class AES implements Encryption { throw new CadiException(e); } } - + public byte[] decrypt(byte[] in) throws CadiException { try { Cipher c = Cipher.getInstance(AES); - c.init(Cipher.DECRYPT_MODE,aeskeySpec); + c.init(Cipher.DECRYPT_MODE,aeskeySpec); return c.doFinal(in); } catch (InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { throw new CadiException(e); } } - + public void save(File keyfile) throws IOException { FileOutputStream fis = new FileOutputStream(keyfile); try { @@ -112,7 +112,7 @@ public class AES implements Encryption { return null; // should never get here. } } - + public CipherInputStream inputStream(InputStream is, boolean encrypt) { try { Cipher c = Cipher.getInstance(AES); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java index e6d24dab..561995de 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,11 +39,11 @@ import org.onap.aaf.cadi.principal.CachedBasicPrincipal; /** * Implement Fast lookup and Cache for Local User Info - * + * * Include ability to add and remove Users - * + * * Also includes a Timer Thread (when necessary) to invoke cleanup on expiring Credentials - * + * * @author Jonathan * */ @@ -57,10 +57,10 @@ public abstract class AbsUserCache<PERM extends Permission> { private final Map<String, User<PERM>> userMap; private static final Map<String, Miss> missMap = new TreeMap<>(); private final Symm missEncrypt; - + private Clean clean; protected Access access; - + protected AbsUserCache(Access access, long cleanInterval, int highCount, int usageCount) { this.access = access; Symm s; @@ -72,29 +72,29 @@ public abstract class AbsUserCache<PERM extends Permission> { s = Symm.base64noSplit; } missEncrypt = s; - + userMap = new ConcurrentHashMap<>(); - + if (cleanInterval>0) { cleanInterval = Math.max(MIN_INTERVAL, cleanInterval); synchronized(AbsUserCache.class) { // Lazy instantiate.. in case there is no cleanup needed if (timer==null) { timer = new Timer("CADI Cleanup Timer",true); } - + timer.schedule(clean = new Clean(access, cleanInterval, highCount, usageCount), cleanInterval, cleanInterval); access.log(Access.Level.INIT, "Cleaning Thread initialized with interval of",cleanInterval, "ms and max objects of", highCount); } } } - + @SuppressWarnings("unchecked") public AbsUserCache(AbsUserCache<PERM> cache) { this.access = cache.access; userMap = cache.userMap; missEncrypt = cache.missEncrypt; - + synchronized(AbsUserCache.class) { if (cache.clean!=null && cache.clean.lur==null && this instanceof CachingLur) { cache.clean.lur=(CachingLur<PERM>)this; @@ -104,9 +104,9 @@ public abstract class AbsUserCache<PERM extends Permission> { protected void setLur(CachingLur<PERM> lur) { if (clean!=null)clean.lur = lur; - + } - + protected void addUser(User<PERM> user) { Principal p = user.principal; String key; @@ -132,16 +132,16 @@ public abstract class AbsUserCache<PERM extends Permission> { protected void addUser(String key, User<PERM> user) { userMap.put(key, user); } - + /** * Add miss to missMap. If Miss exists, or too many tries, returns false. - * + * * otherwise, returns true to allow another attempt. - * + * * @param key * @param bs * @return - * @throws IOException + * @throws IOException */ protected synchronized boolean addMiss(String key, byte[] bs) { String mkey; @@ -156,7 +156,7 @@ public abstract class AbsUserCache<PERM extends Permission> { missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval,key)); return true; } - return miss.mayContinue(); + return miss.mayContinue(); } protected Miss missed(String key, byte[] bs) throws IOException { @@ -182,11 +182,11 @@ public abstract class AbsUserCache<PERM extends Permission> { } return u; } - + protected User<PERM> getUser(CachedBasicPrincipal cbp) { return getUser(cbp.getName(), cbp.getCred()); } - + protected User<PERM> getUser(String user, byte[] cred) { User<PERM> u; String key=null; @@ -207,7 +207,7 @@ public abstract class AbsUserCache<PERM extends Permission> { } return u; } - + /** * Removes User from the Cache * @param user @@ -215,10 +215,10 @@ public abstract class AbsUserCache<PERM extends Permission> { protected void remove(User<PERM> user) { userMap.remove(user.principal.getName()); } - + /** * Removes user from the Cache - * + * * @param user */ public void remove(String user) { @@ -227,14 +227,14 @@ public abstract class AbsUserCache<PERM extends Permission> { access.log(Level.INFO, user,"removed from Client Cache by Request"); } } - + /** * Clear all Users from the Client Cache */ public void clearAll() { userMap.clear(); } - + public final List<DumpInfo> dumpInfo() { List<DumpInfo> rv = new ArrayList<>(); for (User<PERM> user : userMap.values()) { @@ -249,10 +249,10 @@ public abstract class AbsUserCache<PERM extends Permission> { public boolean handlesExclusively(Permission ... pond) { return false; } - + /** - * Container calls when cleaning up... - * + * Container calls when cleaning up... + * * If overloading in Derived class, be sure to call "super.destroy()" */ public void destroy() { @@ -261,8 +261,8 @@ public abstract class AbsUserCache<PERM extends Permission> { timer.cancel(); } } - - + + // Simple map of Group name to a set of User Names // private Map<String, Set<String>> groupMap = new HashMap<>(); @@ -273,34 +273,34 @@ public abstract class AbsUserCache<PERM extends Permission> { public final class DumpInfo { public String user; public List<String> perms; - + public DumpInfo(User<PERM> user) { this.user = user.principal.getName(); perms = new ArrayList<>(user.perms.keySet()); } } - + /** * Clean will examine resources, and remove those that have expired. - * + * * If "highs" have been exceeded, then we'll expire 10% more the next time. This will adjust after each run * without checking contents more than once, making a good average "high" in the minimum speed. - * + * * @author Jonathan * */ private final class Clean extends TimerTask { private final Access access; private CachingLur<PERM> lur; - - // The idea here is to not be too restrictive on a high, but to Expire more items by + + // The idea here is to not be too restrictive on a high, but to Expire more items by // shortening the time to expire. This is done by judiciously incrementing "advance" // when the "highs" are exceeded. This effectively reduces numbers of cached items quickly. private final int high; private long advance; private final long timeInterval; private final int usageTriggerCount; - + public Clean(Access access, long cleanInterval, int highCount, int usageTriggerCount) { this.access = access; lur = null; @@ -342,7 +342,7 @@ public abstract class AbsUserCache<PERM extends Permission> { } } } - + if (!removed && lur!=null && user.permExpires<= now ) { if (lur.reload(user).equals(Resp.REVALIDATED)) { user.renewPerm(); @@ -354,7 +354,7 @@ public abstract class AbsUserCache<PERM extends Permission> { if (touched) { ++renewed; } - + } else { if (user.permExpired()) { remove(user); @@ -362,7 +362,7 @@ public abstract class AbsUserCache<PERM extends Permission> { } } } - + // Clean out Misses int missTotal = missMap.keySet().size(); int miss = 0; @@ -385,12 +385,12 @@ public abstract class AbsUserCache<PERM extends Permission> { } } } - + if (count+renewed+miss>0) { access.log(Level.INFO, (lur==null?"Cache":lur.getClass().getSimpleName()), "removed",count, "and renewed",renewed,"expired Permissions out of", total,"and removed", miss, "password misses out of",missTotal); } - + // If High (total) is reached during this period, increase the number of expired services removed for next time. // There's no point doing it again here, as there should have been cleaned items. if (total>high) { @@ -421,17 +421,17 @@ public abstract class AbsUserCache<PERM extends Permission> { private long tries; private final String name; - + public Miss(final byte[] first, final long timeInterval, final String name) { timestamp = System.currentTimeMillis() + timeInterval; this.timetolive = timeInterval; tries = 0L; this.name = name; } - - + + public synchronized boolean mayContinue() { - long ts = System.currentTimeMillis(); + long ts = System.currentTimeMillis(); if (ts>timestamp) { tries = 0; timestamp = ts + timetolive; @@ -440,20 +440,20 @@ public abstract class AbsUserCache<PERM extends Permission> { } return true; } - + } - + /** * Report on state */ public String toString() { - return getClass().getSimpleName() + + return getClass().getSimpleName() + " Cache:\n Users Cached: " + userMap.size() + "\n Misses Saved: " + missMap.size() + '\n'; - + } public void clear(Principal p, StringBuilder sb) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Access.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Access.java index a673ab4f..4009521c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Access.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Access.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,8 +29,8 @@ import java.util.Properties; * Various Environments require different logging mechanisms, or at least allow * for different ones. We need the Framework to be able to hook into any particular instance of logging * mechanism, whether it be a Logging Object within a Servlet Context, or a direct library like log4j. - * This interface, therefore, allows maximum pluggability in a variety of different app styles. - * + * This interface, therefore, allows maximum pluggability in a variety of different app styles. + * * @author Jonathan * */ @@ -39,15 +39,15 @@ public interface Access { public enum Level { DEBUG(0x1), INFO(0x10), AUDIT(0x100), WARN(0x2000), ERROR(0x4000), INIT(0x8000),TRACE(0x10000),NONE(0XFFFF); private final int bit; - + Level(int ord) { bit = ord; } - + public boolean inMask(int mask) { return (mask & bit) == bit; } - + public int addToMask(int mask) { return mask | bit; } @@ -89,8 +89,8 @@ public interface Access { * @param elements */ public void printf(Level level, String fmt, Object ... elements); - - /** + + /** * Check if message will log before constructing * @param level * @return @@ -98,24 +98,24 @@ public interface Access { public boolean willLog(Level level); /** - * Write the contents of an exception, followed by a variable list of Object's text via the + * Write the contents of an exception, followed by a variable list of Object's text via the * toString() method with appropriate space, etc. - * + * * The Loglevel is always "ERROR" - * + * * @param elements */ public void log(Exception e, Object ... elements); - + /** * Set the Level to compare logging too */ public void setLogLevel(Level level); - + /** * It is important in some cases to create a class from within the same Classloader that created * Security Objects. Specifically, it's pretty typical for Web Containers to separate classloaders - * so as to allow Apps with different dependencies. + * so as to allow Apps with different dependencies. * @return */ public ClassLoader classLoader(); @@ -127,7 +127,7 @@ public interface Access { public void load(InputStream is) throws IOException; /** - * if "anytext" is true, then decryption will always be attempted. Otherwise, only if starts with + * if "anytext" is true, then decryption will always be attempted. Otherwise, only if starts with * Symm.ENC * @param encrypted * @param anytext diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/BasicCred.java b/cadi/core/src/main/java/org/onap/aaf/cadi/BasicCred.java index ebb41aba..bdbef713 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/BasicCred.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/BasicCred.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,7 +25,7 @@ package org.onap.aaf.cadi; * An Interface for testing on Requests to see if we can get a User and Password * It works for CadiWrap, but also, Container Specific Wraps (aka Tomcat) should also * implement. - * + * * @author Jonathan * */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java index 8202183d..b6aabf32 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,21 +28,21 @@ import javax.servlet.ServletInputStream; /** * BufferedServletInputStream - * + * * There are cases in brain-dead middleware (SOAP) where they store routing information in the content. - * + * * In HTTP, this requires reading the content from the InputStream which, of course, cannot be re-read. - * - * BufferedInputStream exists to implement the "Mark" protocols for Streaming, which will enable being + * + * BufferedInputStream exists to implement the "Mark" protocols for Streaming, which will enable being * re-read. Unfortunately, J2EE chose to require a "ServletInputStream" as an abstract class, rather than - * an interface, which requires we create a delegating pattern, rather than the preferred inheriting pattern. - * + * an interface, which requires we create a delegating pattern, rather than the preferred inheriting pattern. + * * Unfortunately, the standard "BufferedInputStream" cannot be used, because it simply creates a byte array - * in the "mark(int)" method of that size. This is not appropriate for this application, because the Header - * can be potentially huge, and if a buffer was allocated to accommodate all possibilities, the cost of memory + * in the "mark(int)" method of that size. This is not appropriate for this application, because the Header + * can be potentially huge, and if a buffer was allocated to accommodate all possibilities, the cost of memory * allocation would be too large for high performance transactions. * - * + * * @author Jonathan * */ @@ -50,7 +50,7 @@ public class BufferedServletInputStream extends ServletInputStream { private static final int NONE = 0; private static final int STORE = 1; private static final int READ = 2; - + private InputStream is; private int state = NONE; private Capacitor capacitor; @@ -81,7 +81,7 @@ public class BufferedServletInputStream extends ServletInputStream { value = is.read(); } } - } + } return value; } @@ -113,7 +113,7 @@ public class BufferedServletInputStream extends ServletInputStream { if (temp>0) { // watch for -1 count+=temp; } else if (count<=0) { - count = temp; // must account for Stream coming back -1 + count = temp; // must account for Stream coming back -1 } } break; @@ -134,9 +134,9 @@ public class BufferedServletInputStream extends ServletInputStream { public int available() throws IOException { int count = is.available(); if (capacitor!=null)count+=capacitor.available(); - return count; + return count; } - + /** * Return just amount buffered (for debugging purposes, mostly) * @return @@ -156,7 +156,7 @@ public class BufferedServletInputStream extends ServletInputStream { /** - * Note: Readlimit is ignored in this implementation, because the need was for unknown buffer size which wouldn't + * Note: Readlimit is ignored in this implementation, because the need was for unknown buffer size which wouldn't * require allocating and dumping huge chunks of memory every use, or risk overflow. */ public synchronized void mark(int readlimit) { @@ -174,10 +174,10 @@ public class BufferedServletInputStream extends ServletInputStream { /** * Reset Stream - * + * * Calling this twice is not supported in typical Stream situations, but it is allowed in this service. The caveat is that it can only reset * the data read in since Mark has been called. The data integrity is only valid if you have not continued to read past what is stored. - * + * */ public synchronized void reset() throws IOException { switch(state) { @@ -188,7 +188,7 @@ public class BufferedServletInputStream extends ServletInputStream { case READ: capacitor.reset(); break; - case NONE: + case NONE: throw new IOException("InputStream has not been marked"); } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CachedPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CachedPrincipal.java index 6f3fe126..68fa1f63 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CachedPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CachedPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,20 +25,20 @@ import java.security.Principal; /** * Cached Principals need to be able to revalidate in the background. - * + * * @author Jonathan * */ public interface CachedPrincipal extends Principal { public enum Resp {NOT_MINE,UNVALIDATED,REVALIDATED,INACCESSIBLE,DENIED}; - + /** * Re-validate with Creator - * + * * @return */ public abstract Resp revalidate(Object state); - + /** * Store when last updated. * @return diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CachingLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CachingLur.java index c790f39e..6f4d8d8a 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CachingLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CachingLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiException.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiException.java index 96a55f93..89d42b25 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiException.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiException.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,7 +27,7 @@ package org.onap.aaf.cadi; */ public class CadiException extends Exception { /** - * Generated ID + * Generated ID */ private static final long serialVersionUID = -4180145363107742619L; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java index 34d11623..102782a4 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,23 +41,23 @@ import org.onap.aaf.cadi.util.Timing; /** * Inherit the HttpServletRequestWrapper, which calls methods of delegate it's created with, but * overload the key security mechanisms with CADI mechanisms - * + * * This works with mechanisms working strictly with HttpServletRequest (i.e. Servlet Filters) - * + * * Specialty cases, i.e. Tomcat, which for their containers utilize their own mechanisms and Wrappers, you may * need something similar. See AppServer specific code (i.e. tomcat) for these. - * + * * @author Jonathan * */ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRequest, BasicCred { private TaggedPrincipal principal; private Lur lur; - private String user; // used to set user/pass from brain-dead protocols like WSSE + private String user; // used to set user/pass from brain-dead protocols like WSSE private byte[] password; private PermConverter pconv; - private Access access; - + private Access access; + /** * Standard Wrapper constructor for Delegate pattern * @param request @@ -93,35 +93,35 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe } /** - * Part of the HTTP Security API. Return the User Principal associated with this HTTP + * Part of the HTTP Security API. Return the User Principal associated with this HTTP * Transaction. */ @Override public Principal getUserPrincipal() { return principal; } - + /** * This is the key API call for AUTHZ in J2EE. Given a Role (String passed in), is the user * associated with this HTTP Transaction allowed to function in this Role? - * + * * For CADI, we pass the responsibility for determining this to the "LUR", which may be * determined by the Enterprise. - * + * * Note: Role check is also done in "CadiRealm" in certain cases... - * + * * */ @Override public boolean isUserInRole(String perm) { return perm==null?false:checkPerm(access,"isUserInRole",principal,pconv,lur,perm); } - + public static boolean checkPerm(Access access, String caller, Principal principal, PermConverter pconv, Lur lur, String perm) { if (principal== null) { access.log(Level.AUDIT,caller, "No Principal in Transaction"); return false; - } else { + } else { final long start = System.nanoTime(); perm = pconv.convert(perm); if (lur.fish(principal,lur.createPerm(perm))) { @@ -135,10 +135,10 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe } - /** + /** * CADI Function (Non J2EE standard). GetPermissions will read the Permissions from AAF (if configured) and Roles from Local Lur, etc * as implemented with lur.fishAll - * + * * To utilize, the Request must be a "CadiWrap" object, then call. */ public List<Permission> getPermissions(Principal p) { @@ -148,7 +148,7 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe } /** * Allow setting of tafResp and lur after construction - * + * * This can happen if the CadiWrap is constructed in a Valve other than CadiValve */ public void set(TafResp tafResp, Lur lur) { @@ -175,12 +175,12 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe public void setCred(byte[] passwd) { password = passwd; } - + public CadiWrap setPermConverter(PermConverter pc) { pconv = pc; return this; } - + // Add a feature public void invalidate(String id) { if (lur instanceof EpiLur) { @@ -189,11 +189,11 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe ((CachingLur<?>)lur).remove(id); } } - + public Lur getLur() { return lur; } - + public Access access() { return access; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Capacitor.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Capacitor.java index f3a2a7fa..57ee115d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Capacitor.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Capacitor.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,10 +26,10 @@ import java.util.ArrayList; /** * Capacitor - * + * * Storage mechanism for read data, specifically designed for InputStreams. - * - * The Standard BufferedInputStream requires a limit to be set for buffered reading, which is + * + * The Standard BufferedInputStream requires a limit to be set for buffered reading, which is * impractical for reading SOAP headers, which can be quite large. * @author Jonathan * @@ -39,22 +39,22 @@ public class Capacitor { private ArrayList<ByteBuffer> bbs = new ArrayList<>(); private ByteBuffer curr = null; private int idx; - + // Maintain a private RingBuffer for Memory, for efficiency private static ByteBuffer[] ring = new ByteBuffer[16]; private static int start, end; - - + + public void put(byte b) { if (curr == null || curr.remaining()==0) { // ensure we have a "curr" buffer ready for data curr = ringGet(); bbs.add(curr); } - curr.put(b); + curr.put(b); } public int read() { - if (curr!=null) { + if (curr!=null) { if (curr.remaining()>0) { // have a buffer, use it! return curr.get(); } else if (idx<bbs.size()){ // Buffer not enough, get next one from array @@ -64,10 +64,10 @@ public class Capacitor { } // if no curr buffer, treat as end of stream return -1; } - + /** * read into an array like Streams - * + * * @param array * @param offset * @param length @@ -99,7 +99,7 @@ public class Capacitor { /** * Put an array of data into Capacitor - * + * * @param array * @param offset * @param length @@ -109,7 +109,7 @@ public class Capacitor { curr = ringGet(); bbs.add(curr); } - + int len; while (length>0) { if ((len=curr.remaining())>length) { @@ -125,7 +125,7 @@ public class Capacitor { } } } - + /** * Move state from Storage mode into Read mode, changing all internal buffers to read mode, etc */ @@ -141,7 +141,7 @@ public class Capacitor { idx=1; } } - + /** * reuse all the buffers */ @@ -152,10 +152,10 @@ public class Capacitor { bbs.clear(); curr = null; } - + /** * Declare amount of data available to be read at once. - * + * * @return */ public int available() { @@ -165,7 +165,7 @@ public class Capacitor { } return count; } - + /** * Returns how many are left that were not skipped * @param n @@ -184,7 +184,7 @@ public class Capacitor { n=0; } else { curr.position(curr.limit()); - + skipped-=skip; if (idx<bbs.size()) { curr=bbs.get(idx++); @@ -214,7 +214,7 @@ public class Capacitor { } /* - * Ring Functions. Reuse allocated memory + * Ring Functions. Reuse allocated memory */ private ByteBuffer ringGet() { ByteBuffer bb = null; @@ -230,7 +230,7 @@ public class Capacitor { } return bb; } - + private void ringPut(ByteBuffer bb) { synchronized(ring) { ring[end]=bb; // if null or not, BB will just be Garbage collected diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java index b697f373..53c35fc5 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -37,7 +37,7 @@ import org.onap.aaf.cadi.util.JsonOutputStream; /** * A Class to run on command line to determine suitability of environment for certain TAFs. - * * + * * * @author Jonathan * */ @@ -90,7 +90,7 @@ public class CmdLine { System.out.println(args[1]); ByteArrayOutputStream baos = new ByteArrayOutputStream(); b64.enpass(args[1], baos); - String pass; + String pass; System.out.println(pass=new String(baos.toByteArray())); ByteArrayOutputStream reconstituted = new ByteArrayOutputStream(); b64.depass(pass, reconstituted); @@ -104,13 +104,13 @@ public class CmdLine { } System.out.flush(); */ - + } catch (IOException e) { System.err.println("Cannot digest password"); System.err.println(" \""+ e.getMessage() + '"'); } // DO NOT LEAVE THIS METHOD Compiled IN CODE... Do not want looking at passwords on disk too easy -// Jonathan. Oh, well, Deployment services need this behavior. I will put this code in, but leave it undocumented. +// Jonathan. Oh, well, Deployment services need this behavior. I will put this code in, but leave it undocumented. // One still needs access to the keyfile to read. // July 2016 - thought of a tool "CMPass" to regurgitate from properties, but only if allowed. } else if (("regurgitate".equalsIgnoreCase(args[0]) || "undigest".equalsIgnoreCase(args[0])) @@ -151,7 +151,7 @@ public class CmdLine { } } else { int idx; - if ((idx = line.indexOf(' '))>=0 + if ((idx = line.indexOf(' '))>=0 && (idx = line.indexOf(' ',++idx))>0 && (idx = line.indexOf('=',++idx))>0 ) { @@ -249,7 +249,7 @@ public class CmdLine { int salt = Integer.parseInt(args[i]); System.out.println(Hash.hashSHA256asStringHex(args[1],salt)); } - } else { + } else { System.out.println(Hash.hashSHA256asStringHex(args[1])); } } catch (NoSuchAlgorithmException e) { @@ -280,13 +280,13 @@ public class CmdLine { System.err.println("Cannot create a key " + args[0]); System.err.println(" \""+ e.getMessage() + '"'); } - + } else if ("passgen".equalsIgnoreCase(args[0])) { int numDigits; if (args.length <= 1) { numDigits = 24; } else { - numDigits = Integer.parseInt(args[1]); + numDigits = Integer.parseInt(args[1]); if (numDigits<8)numDigits = 8; } String pass; @@ -305,17 +305,17 @@ public class CmdLine { } if (noLower) { noLower=!(c>=0x61 && c<=0x7A); - } + } if (noUpper) { noUpper=!(c>=0x41 && c<=0x5A); - } + } if (noDigits) { noDigits=!(c>=0x30 && c<=0x39); - } + } if (noSpecial) { noSpecial = "+!@#$%^&*(){}[]?:;,.".indexOf(c)<0; - } - + } + missingChars = (noLower || noUpper || noDigits || noSpecial); } } while (missingChars || repeatingChars); @@ -325,7 +325,7 @@ public class CmdLine { if (args.length <= 1) { numDigits = 24; } else { - numDigits = Integer.parseInt(args[1]); + numDigits = Integer.parseInt(args[1]); } System.out.println(Symm.randomGen(Symm.base64url.codeset, numDigits).substring(0,numDigits)); } @@ -349,9 +349,9 @@ public class CmdLine { System.exit(1); } } - + public static void setSystemExit(boolean shouldExit) { systemExit = shouldExit; } - + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java index f88c3fbe..88ac57e6 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CredVal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CredVal.java index 6019f551..dcb30088 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CredVal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CredVal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,16 +24,16 @@ package org.onap.aaf.cadi; /** * UserPass - * - * The essential interface required by BasicAuth to determine if a given User/Password combination is + * + * The essential interface required by BasicAuth to determine if a given User/Password combination is * valid. This is done as an interface. - * + * * @author Jonathan */ public interface CredVal { public enum Type{PASSWORD}; /** - * Validate if the User/Password combination matches records + * Validate if the User/Password combination matches records * @param user * @param pass * @return diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CredValDomain.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CredValDomain.java index db5ab0f2..4a8015a3 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CredValDomain.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CredValDomain.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java index 039ba8f7..4c5ca543 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Hash.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Hash.java index 3027fd74..26c33c84 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Hash.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Hash.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,7 +27,7 @@ import java.security.NoSuchAlgorithmException; public class Hash { private static char hexDigit[] = "0123456789abcdef".toCharArray(); - + ///////////////////////////////// // MD5 ///////////////////////////////// @@ -38,9 +38,9 @@ public class Hash { * @throws NoSuchAlgorithmException */ public static byte[] hashMD5 (byte[] input) throws NoSuchAlgorithmException { - // Note: Protect against Multi-thread issues with new MessageDigest + // Note: Protect against Multi-thread issues with new MessageDigest MessageDigest md = MessageDigest.getInstance("MD5"); - md.update(input); + md.update(input); return md.digest(); } @@ -51,17 +51,17 @@ public class Hash { * @throws NoSuchAlgorithmException */ public static byte[] hashMD5 (byte[] input, int offset, int length) throws NoSuchAlgorithmException { - // Note: Protect against Multi-thread issues with new MessageDigest + // Note: Protect against Multi-thread issues with new MessageDigest MessageDigest md = MessageDigest.getInstance("MD5"); - md.update(input,offset,length); + md.update(input,offset,length); return md.digest(); } /** - * Convenience Function: Encrypt MD5 from String to String Hex representation - * + * Convenience Function: Encrypt MD5 from String to String Hex representation + * * @param input * @return * @throws NoSuchAlgorithmException @@ -83,9 +83,9 @@ public class Hash { * SHA256 Hashing */ public static byte[] hashSHA256(byte[] input) throws NoSuchAlgorithmException { - // Note: Protect against Multi-thread issues with new MessageDigest + // Note: Protect against Multi-thread issues with new MessageDigest MessageDigest md = MessageDigest.getInstance("SHA-256"); - md.update(input); + md.update(input); return md.digest(); } @@ -93,15 +93,15 @@ public class Hash { * SHA256 Hashing */ public static byte[] hashSHA256(byte[] input, int offset, int length) throws NoSuchAlgorithmException { - // Note: Protect against Multi-thread issues with new MessageDigest + // Note: Protect against Multi-thread issues with new MessageDigest MessageDigest md = MessageDigest.getInstance("SHA-256"); - md.update(input,offset,length); + md.update(input,offset,length); return md.digest(); } - + /** * Convenience Function: Hash from String to String Hex representation - * + * * @param input * @return * @throws NoSuchAlgorithmException @@ -112,7 +112,7 @@ public class Hash { /** * Convenience Function: Hash from String to String Hex representation - * + * * @param input * @return * @throws NoSuchAlgorithmException @@ -124,7 +124,7 @@ public class Hash { bb.put(input.getBytes()); return toHex(Hash.hashSHA256(bb.array())); } - + /** * Compare two byte arrays for equivalency * @param ba1 @@ -166,7 +166,7 @@ public class Hash { } return sb.toString(); } - + public static String toHex(byte[] ba, int start, int length) { StringBuilder sb = new StringBuilder("0x"); for (int i=start;i<length;++i) { @@ -176,7 +176,7 @@ public class Hash { return sb.toString(); } - + public static byte[] fromHex(String s) throws CadiException{ if (!s.startsWith("0x")) { throw new CadiException("HexString must start with \"0x\""); @@ -212,7 +212,7 @@ public class Hash { /** * Does not expect to start with "0x" * if Any Character doesn't match, it returns null; - * + * * @param s * @return */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Locator.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Locator.java index c40cb998..46e6f7e5 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Locator.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Locator.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,7 +30,7 @@ public interface Locator<T> { public Item next(Item item) throws LocatorException; public boolean refresh(); public void destroy(); - + public interface Item {} } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/LocatorException.java b/cadi/core/src/main/java/org/onap/aaf/cadi/LocatorException.java index da56d4b2..8eb0e27a 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/LocatorException.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/LocatorException.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,7 +23,7 @@ package org.onap.aaf.cadi; public class LocatorException extends Exception { /** - * + * */ private static final long serialVersionUID = -4267929804321134469L; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java index bdc9f643..cce91e06 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,37 +30,37 @@ import java.util.List; * LUR: Local User Registry * * Concept by Robert Garskof, Implementation by Jonathan Gathman - * + * * Where we can keep local copies of users and roles for faster Authorization when asked. - * - * Note: Author cannot resist the mental image of using a Fishing Lure to this LUR pattern - * + * + * Note: Author cannot resist the mental image of using a Fishing Lure to this LUR pattern + * * @author Jonathan * */ public interface Lur { /** - * Allow the Lur, which has correct Permission access, to create and hand back. + * Allow the Lur, which has correct Permission access, to create and hand back. */ public Permission createPerm(String p); - - /** + + /** * Fish for Principals in a Pond - * + * * or more boringly, is the User identified within a named collection representing permission. - * + * * @param principalName * @return */ public boolean fish(Principal bait, Permission ... pond); - /** + /** * Fish all the Principals out a Pond - * + * * For additional humor, pronounce the following with a Southern Drawl, "FishOil" - * + * * or more boringly, load the List with Permissions found for Principal - * + * * @param principalName * @return */ @@ -72,19 +72,19 @@ public interface Lur { public void destroy(); /** - * Does this LUR handle this pond exclusively? Important for EpiLUR to determine whether - * to try another (more expensive) LUR + * Does this LUR handle this pond exclusively? Important for EpiLUR to determine whether + * to try another (more expensive) LUR * @param pond * @return */ - public boolean handlesExclusively(Permission ... pond); - + public boolean handlesExclusively(Permission ... pond); + /** * Does the LUR support a particular kind of Principal * This can be used to check name's domain, like above, or Principal type */ public boolean handles(Principal principal); - + /** * Clear: Clear any Caching, if exists */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Permission.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Permission.java index 2537c386..f45e5e07 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Permission.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Permission.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index 92756d8c..c4719f86 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -3,15 +3,15 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * + * * Modifications Copyright (C) 2018 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -59,7 +59,7 @@ public class PropAccess implements Access { logIt = new StreamLogIt(System.out); init(null); } - + /** * This Constructor soly exists to instantiate Servlet Context Based Logging that will call "init" later. * @param sc @@ -68,29 +68,29 @@ public class PropAccess implements Access { logIt = new StreamLogIt(System.out); props = new Properties(); } - + public PropAccess(String ... args) { this(System.out,args); } - + public PropAccess(PrintStream ps, String[] args) { logIt = new StreamLogIt(ps==null?System.out:ps); init(logIt,args); } - + public PropAccess(LogIt logit, String[] args) { init(logit, args); } - + public PropAccess(Properties p) { this(System.out,p); } - + public PropAccess(PrintStream ps, Properties p) { logIt = new StreamLogIt(ps==null?System.out:ps); init(p); } - + protected void init(final LogIt logIt, final String[] args) { this.logIt = logIt; Properties nprops=new Properties(); @@ -102,7 +102,7 @@ public class PropAccess implements Access { } init(nprops); } - + public static SimpleDateFormat newISO8601() { return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); } @@ -110,7 +110,7 @@ public class PropAccess implements Access { protected synchronized void init(Properties p) { // Make sure these two are set before any changes in Logging name = "cadi"; - + props = new Properties(); // First, load related System Properties for (Entry<Object,Object> es : System.getProperties().entrySet()) { @@ -119,24 +119,24 @@ public class PropAccess implements Access { if (key.startsWith(start)) { props.put(key, es.getValue()); } - } + } } // Second, overlay or fill in with Passed in Props if (p!=null) { props.putAll(p); } - + // Preset LogLevel - String sLevel = props.getProperty(Config.CADI_LOGLEVEL); + String sLevel = props.getProperty(Config.CADI_LOGLEVEL); // Third, load any Chained Property Files load(props.getProperty(Config.CADI_PROP_FILES)); - + if(sLevel==null) { // if LogLev wasn't set before, check again after Chained Load - sLevel = props.getProperty(Config.CADI_LOGLEVEL); + sLevel = props.getProperty(Config.CADI_LOGLEVEL); if (sLevel==null) { level=DEFAULT.maskOf(); } else { - level=Level.valueOf(sLevel).maskOf(); + level=Level.valueOf(sLevel).maskOf(); } } // Setup local Symmetrical key encryption @@ -149,21 +149,21 @@ public class PropAccess implements Access { System.exit(1); } } - + name = props.getProperty(Config.CADI_LOGNAME, name); - + SecurityInfo.setHTTPProtocols(this); - + } - - + + private void load(String cadi_prop_files) { if (cadi_prop_files==null) { return; } String prevKeyFile = props.getProperty(Config.CADI_KEYFILE); - + for(String filename : Split.splitTrim(File.pathSeparatorChar, cadi_prop_files)) { Properties fileProps = new Properties(); File file = new File(filename); @@ -208,8 +208,8 @@ public class PropAccess implements Access { printf(Level.WARN,"Warning: recursive CADI Property %s does not exist",file.getAbsolutePath()); } } - - // Trim + + // Trim for (Entry<Object, Object> es : props.entrySet()) { Object value = es.getValue(); if (value instanceof String) { @@ -237,7 +237,7 @@ public class PropAccess implements Access { prevKeyFile=newKeyFile; } - + String loglevel = props.getProperty(Config.CADI_LOGLEVEL); if (loglevel!=null) { try { @@ -247,7 +247,7 @@ public class PropAccess implements Access { } } } - + @Override public void load(InputStream is) throws IOException { props.load(is); @@ -264,7 +264,7 @@ public class PropAccess implements Access { public StringBuilder buildMsg(Level level, Object[] elements) { return buildMsg(name,iso8601,level,elements); } - + /* * Need to pass in DateFormat per thread, because not marked as thread safe */ @@ -286,7 +286,7 @@ public class PropAccess implements Access { sb.append("] "); } else { int idx = 0; - if(elements[idx]!=null && + if(elements[idx]!=null && elements[idx] instanceof Integer) { sb.append('-'); sb.append(elements[idx]); @@ -298,7 +298,7 @@ public class PropAccess implements Access { } return sb; } - + private static boolean write(boolean first, StringBuilder sb, Object[] elements) { String s; for (Object o : elements) { @@ -374,7 +374,7 @@ public class PropAccess implements Access { ? symm.depass(encrypted) : encrypted; } - + public String encrypt(String unencrypted) throws IOException { return Symm.ENC+symm.enpass(unencrypted); } @@ -385,7 +385,7 @@ public class PropAccess implements Access { public String getProperty(String tag) { return props.getProperty(tag); } - + public Properties getProperties() { return props; @@ -410,10 +410,10 @@ public class PropAccess implements Access { public interface LogIt { public void push(Level level, Object ... elements) ; } - + private class StreamLogIt implements LogIt { private PrintStream ps; - + public StreamLogIt(PrintStream ps) { this.ps = ps; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java index 66ba86ae..33a5bc91 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,7 +25,7 @@ package org.onap.aaf.cadi; public interface Revalidator<TRANS> { /** * Re-Validate Credential - * + * * @param prin * @return */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/SecuritySetter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/SecuritySetter.java index 194712e0..7e263831 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/SecuritySetter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/SecuritySetter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,17 +24,17 @@ package org.onap.aaf.cadi; /** * Apply any particular security mechanism - * - * This allows the definition of various mechanisms involved outside of DRcli jars - * + * + * This allows the definition of various mechanisms involved outside of DRcli jars + * * @author Jonathan * */ public interface SecuritySetter<CT> { public String getID(); - + public void setSecurity(CT client) throws CadiException; - + /** * Returns number of bad logins registered * @param respCode diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/ServletContextAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/ServletContextAccess.java index 998b87c9..be6e5329 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/ServletContextAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/ServletContextAccess.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java index e7533610..b1ec4caf 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -43,37 +43,37 @@ import org.onap.aaf.cadi.config.Config; /** * Key Conversion, primarily "Base64" - * + * * Base64 is required for "Basic Authorization", which is an important part of the overall CADI Package. - * - * Note: This author found that there is not a "standard" library for Base64 conversion within Java. - * The source code implementations available elsewhere were surprisingly inefficient, requiring, for + * + * Note: This author found that there is not a "standard" library for Base64 conversion within Java. + * The source code implementations available elsewhere were surprisingly inefficient, requiring, for * instance, multiple string creation, on a transaction pass. Integrating other packages that might be - * efficient enough would put undue Jar File Dependencies given this Framework should have none-but-Java + * efficient enough would put undue Jar File Dependencies given this Framework should have none-but-Java * dependencies. - * + * * The essential algorithm is good for a symmetrical key system, as Base64 is really just - * a symmetrical key that everyone knows the values. - * - * This code is quite fast, taking about .016 ms for encrypting, decrypting and even .08 for key - * generation. The speed quality, especially of key generation makes this a candidate for a short term token + * a symmetrical key that everyone knows the values. + * + * This code is quite fast, taking about .016 ms for encrypting, decrypting and even .08 for key + * generation. The speed quality, especially of key generation makes this a candidate for a short term token * used for identity. - * - * It may be used to easily avoid placing Clear-Text passwords in configurations, etc. and contains - * supporting functions such as 2048 keyfile generation (see keygen). This keyfile should, of course, - * be set to "400" (Unix) and protected as any other mechanism requires. - * + * + * It may be used to easily avoid placing Clear-Text passwords in configurations, etc. and contains + * supporting functions such as 2048 keyfile generation (see keygen). This keyfile should, of course, + * be set to "400" (Unix) and protected as any other mechanism requires. + * * AES Encryption is also employed to include standards. - * + * * @author Jonathan * */ public class Symm { - private static final byte[] DOUBLE_EQ = new byte[] {'=','='}; + private static final byte[] DOUBLE_EQ = new byte[] {'=','='}; public static final String ENC = "enc:"; private static final Object LOCK = new Object(); private static final SecureRandom random = new SecureRandom(); - + public final char[] codeset; private final int splitLinesAt; private final String encoding; @@ -83,7 +83,7 @@ public class Symm { //Note: AES Encryption is not Thread Safe. It is Synchronized //private AES aes = null; // only initialized from File, and only if needed for Passwords private String name; - + /** * This is the standard base64 Key Set. * RFC 2045 @@ -116,15 +116,15 @@ public class Symm { * Note, this is too large to fit into the algorithm. Only use with PassGen */ private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray(); - + private static Symm internalOnly = null; - + /** * Use this to create special case Case Sets and/or Line breaks - * + * * If you don't know why you need this, use the Singleton Method - * + * * @param codeset * @param split */ @@ -136,8 +136,8 @@ public class Symm { this.name = name; char prev = 0, curr=0, first = 0; int offset=Integer.SIZE; // something that's out of range for integer array - - // There can be time efficiencies gained when the underlying keyset consists mainly of ordered + + // There can be time efficiencies gained when the underlying keyset consists mainly of ordered // data (i.e. abcde...). Therefore, we'll quickly analyze the keyset. If it proves to have // too much entropy, the "Unordered" algorithm, which is faster in such cases is used. ArrayList<int[]> la = new ArrayList<>(); @@ -146,7 +146,7 @@ public class Symm { if (prev+1==curr) { // is next character in set prev = curr; } else { - if (offset!=Integer.SIZE) { // add previous range + if (offset!=Integer.SIZE) { // add previous range la.add(new int[]{first,prev,offset}); } first = prev = curr; @@ -162,11 +162,11 @@ public class Symm { convert = new Ordered(range); } } - + public Symm copy(int lines) { return new Symm(codeset,lines,encoding,endEquals, "Copied " + lines); } - + // Only used by keygen, which is intentionally randomized. Therefore, always use unordered private Symm(char[] codeset, Symm parent) { this.codeset = codeset; @@ -186,7 +186,7 @@ public class Symm { } /** - * Obtain the base64() behavior of this class, for use in standard BASIC AUTH mechanism, etc. + * Obtain the base64() behavior of this class, for use in standard BASIC AUTH mechanism, etc. * No Line Splitting * @return */ @@ -222,7 +222,7 @@ public class Symm { } return exec.exec(new AES(keyBytes,0,keyBytes.length)); } - + public interface Encryption { public CipherOutputStream outputStream(OutputStream os, boolean encrypt); public CipherInputStream inputStream(InputStream is, boolean encrypt); @@ -231,7 +231,7 @@ public class Symm { public static interface SyncExec<T> { public T exec(Encryption enc) throws IOException, Exception; } - + public byte[] encode(byte[] toEncrypt) throws IOException { if (toEncrypt==null) { return EMPTY; @@ -251,7 +251,7 @@ public class Symm { /** * Helper function for String API of "Encode" * use "getBytes" with appropriate char encoding, etc. - * + * * @param str * @return * @throws IOException @@ -259,7 +259,7 @@ public class Symm { public String encode(String str) throws IOException { byte[] array; boolean useDefaultEncoding = false; - try { + try { array = str.getBytes(encoding); } catch (IOException e) { array = str.getBytes(); // take default @@ -267,14 +267,14 @@ public class Symm { } // Calculate expected size to avoid any buffer expansion copies within the ByteArrayOutput code ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(array.length*1.363)); // account for 4 bytes for 3 and a byte or two more - + encode(new ByteArrayInputStream(array),baos); if (useDefaultEncoding) { return baos.toString(); } return baos.toString(encoding); } - + /** * Helper function for the String API of "Decode" * use "getBytes" with appropriate char encoding, etc. @@ -285,7 +285,7 @@ public class Symm { public String decode(String str) throws IOException { byte[] array; boolean useDefaultEncoding = false; - try { + try { array = str.getBytes(encoding); } catch (IOException e) { array = str.getBytes(); // take default @@ -302,9 +302,9 @@ public class Symm { /** * Convenience Function - * + * * encode String into InputStream and call encode(InputStream, OutputStream) - * + * * @param string * @param out * @throws IOException @@ -315,9 +315,9 @@ public class Symm { /** * Convenience Function - * + * * encode String into InputStream and call decode(InputStream, OutputStream) - * + * * @param string * @param out * @throws IOException @@ -331,16 +331,16 @@ public class Symm { encode(is,os); } - /** + /** * encode InputStream onto Output Stream - * + * * @param is * @param estimate * @return * @throws IOException */ public void encode(InputStream is, OutputStream os) throws IOException { - // StringBuilder sb = new StringBuilder((int)(estimate*1.255)); // try to get the right size of StringBuilder from start.. slightly more than 1.25 times + // StringBuilder sb = new StringBuilder((int)(estimate*1.255)); // try to get the right size of StringBuilder from start.. slightly more than 1.25 times int prev=0; int read, idx=0, line=0; boolean go; @@ -360,7 +360,7 @@ public class Symm { os.write(codeset[((prev & 0x03)<<4) | (read>>4)]); prev = read; break; - default: //(3+) + default: //(3+) // Char 1 is last 4 bits of prev plus the first 2 bits of read // Char 2 is the last 6 bits of read os.write(codeset[(((prev & 0xF)<<2) | (read>>6))]); @@ -387,7 +387,7 @@ public class Symm { } idx = 0; } - + } while (go); } @@ -412,7 +412,7 @@ public class Symm { if (index>=0) { switch(++idx) { // 1 based cases, slightly faster ++ case 1: // index goes into first 6 bits of prev - prev = index<<2; + prev = index<<2; break; case 2: // write second 2 bits of into prev, write byte, last 4 bits go into prev os.write((byte)(prev|(index>>4))); @@ -430,7 +430,7 @@ public class Symm { }; os.flush(); } - + /** * Interface to allow this class to choose which algorithm to find index of character in Key * @author Jonathan @@ -454,7 +454,7 @@ public class Symm { public int convert(int read) throws IOException { // System.out.print((char)read); switch(read) { - case -1: + case -1: case '=': case ' ': case '\n': @@ -469,7 +469,7 @@ public class Symm { throw new IOException("Unacceptable Character in Stream"); } } - + /** * Unordered, i.e. the key is purposely randomized, simply has to investigate each character * until we find a match. @@ -483,7 +483,7 @@ public class Symm { } public int convert(int read) throws IOException { switch(read) { - case -1: + case -1: case '=': case '\n': case '\r': @@ -499,7 +499,7 @@ public class Symm { /** * Generate a 2048 based Key from which we extract our code base - * + * * @return * @throws IOException */ @@ -510,7 +510,7 @@ public class Symm { base64url.encode(new ByteArrayInputStream(inkey), baos); return baos.toByteArray(); } - + // A class allowing us to be less predictable about significant digits (i.e. not picking them up from the // beginning, and not picking them up in an ordered row. Gives a nice 2048 with no visible patterns. private class Obtain { @@ -518,7 +518,7 @@ public class Symm { private int skip; private int length; private byte[] key; - + private Obtain(Symm b64, byte[] key) { skip = Math.abs(key[key.length-13]%key.length); if ((key.length&0x1) == (skip&0x1)) { // if both are odd or both are even @@ -528,19 +528,19 @@ public class Symm { last = 17+length%59; // never start at beginning this.key = key; } - + private int next() { return Math.abs(key[(++last*skip)%key.length])%length; } }; - + /** * Obtain a Symm from "keyfile" (Config.KEYFILE) property - * + * * @param acesss * @return - * @throws IOException - * @throws CadiException + * @throws IOException + * @throws CadiException */ public static Symm obtain(Access access) throws CadiException { String keyfile = access.getProperty(Config.CADI_KEYFILE,null); @@ -586,7 +586,7 @@ public class Symm { } } /** - * Create a new random key + * Create a new random key */ public Symm obtain() throws IOException { byte inkey[] = new byte[0x800]; @@ -595,10 +595,10 @@ public class Symm { s.name = "from Random"; return s; } - + /** * Obtain a Symm from 2048 key from a String - * + * * @param key * @return * @throws IOException @@ -608,10 +608,10 @@ public class Symm { s.name = "from String"; return s; } - + /** * Obtain a Symm from 2048 key from a Stream - * + * * @param is * @return * @throws IOException @@ -635,7 +635,7 @@ public class Symm { /** * Convenience for picking up Keyfile - * + * * @param f * @return * @throws IOException @@ -654,7 +654,7 @@ public class Symm { * Decrypt into a String * * Convenience method - * + * * @param password * @return * @throws IOException @@ -667,7 +667,7 @@ public class Symm { /** * Create an encrypted password, making sure that even short passwords have a minimum length. - * + * * @param password * @param os * @throws IOException @@ -682,7 +682,7 @@ public class Symm { if (this.getClass().getSimpleName().startsWith("base64")) { // don't expose randomization dos.write(bytes); } else { - + Random r = new SecureRandom(); int start = 0; byte b; @@ -710,7 +710,7 @@ public class Symm { dos.write(bytes); } } - + // 7/21/2016 Jonathan add AES Encryption to the mix try { exec(new SyncExec<Void>() { @@ -735,9 +735,9 @@ public class Symm { /** * Decrypt a password into a String - * + * * Convenience method - * + * * @param password * @return * @throws IOException @@ -748,12 +748,12 @@ public class Symm { depass(password,baos); return new String(baos.toByteArray()); } - + /** * Decrypt a password - * + * * Skip Symm.ENC - * + * * @param password * @param os * @return @@ -803,7 +803,7 @@ public class Symm { dos.writeByte(dis.readByte()); } } else { - int pre =((Byte.SIZE*3+Integer.SIZE+Byte.SIZE)/Byte.SIZE)+start; + int pre =((Byte.SIZE*3+Integer.SIZE+Byte.SIZE)/Byte.SIZE)+start; os.write(bytes, pre, bytes.length-pre); } } @@ -811,9 +811,9 @@ public class Symm { } public static String randomGen(int numBytes) { - return randomGen(passChars,numBytes); + return randomGen(passChars,numBytes); } - + public static String randomGen(char[] chars ,int numBytes) { int rint; StringBuilder sb = new StringBuilder(numBytes); @@ -824,11 +824,11 @@ public class Symm { return sb.toString(); } // Internal mechanism for helping to randomize placement of characters within a Symm codeset - // Based on an incoming data stream (originally created randomly, but can be recreated within + // Based on an incoming data stream (originally created randomly, but can be recreated within // 2048 key), go after a particular place in the new codeset. If that codeset spot is used, then move - // right or left (depending on iteration) to find the next available slot. In this way, key generation + // right or left (depending on iteration) to find the next available slot. In this way, key generation // is speeded up by only enacting N iterations, but adds a spreading effect of the random number stream, so that keyset is also - // shuffled for a good spread. It is, however, repeatable, given the same number set, allowing for + // shuffled for a good spread. It is, however, repeatable, given the same number set, allowing for // quick recreation when the official stream is actually obtained. public Symm obtain(byte[] key) throws IOException { int filled = codeset.length; @@ -844,7 +844,7 @@ public class Symm { if (index<0 || index>=codeset.length) { System.out.println("uh, oh"); } - if (right) { // alternate going left or right to find the next open slot (keeps it from taking too long to hit something) + if (right) { // alternate going left or right to find the next open slot (keeps it from taking too long to hit something) for (int j=index;j<end;++j) { if (seq[j]==0) { seq[j]=codeset[filled]; @@ -879,12 +879,12 @@ public class Symm { return newSymm; } - - /** + + /** * This Symm is generated for internal JVM use. It has no external keyfile, but can be used * for securing Memory, as it remains the same ONLY of the current JVM * @return - * @throws IOException + * @throws IOException */ public static synchronized Symm internalOnly() throws IOException { if (internalOnly==null) { @@ -897,7 +897,7 @@ public class Symm { } return internalOnly; } - + @Override public String toString() { return name; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Taf.java index 771ebcf4..ee9b343a 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Taf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Taf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,33 +25,33 @@ import org.onap.aaf.cadi.taf.TafResp; /** - * TAF - Transmutative Assertion Framework. - * + * TAF - Transmutative Assertion Framework. + * * This main Interface embodies the essential of the assertion, where a number of different TAFs might be used to authenticate * and that authentication to be recognized through other elements. - * + * * Concept by Robert Garskof. Implemented by Jonathan Gathman - * + * * @author Jonathan * */ public interface Taf { enum LifeForm {CBLF, SBLF, LFN}; /** - * The lifeForm param is a humorous way of describing whether the interaction is proceeding from direct Human Interaction via a browser + * The lifeForm param is a humorous way of describing whether the interaction is proceeding from direct Human Interaction via a browser * or App which can directly query a memorized password, key sequence, bio-feedback, from that user, or a machine mechanism for which identity - * can more easily be determined by Certificate, Mechanical ID/Password etc. Popularized in modern culture and Science Fiction (especially - * Star Trek), we (starting with Robert Garskof) use the terms "Carbon Based Life Form" (CBLF) for mechanisms with people at the end of them, or + * can more easily be determined by Certificate, Mechanical ID/Password etc. Popularized in modern culture and Science Fiction (especially + * Star Trek), we (starting with Robert Garskof) use the terms "Carbon Based Life Form" (CBLF) for mechanisms with people at the end of them, or * "Silicon Based Life Forms" (SBLF) to indicate machine only interactions. I have added "LFN" for (Life-Form Neutral) to aid identifying - * processes for which it doesn't matter whether there is a human at the immediate end of the chain, or cannot be determined mechanically. - * + * processes for which it doesn't matter whether there is a human at the immediate end of the chain, or cannot be determined mechanically. + * * The variable parameter is not necessarily ideal, but with too many unknown Tafs to be created, flexibility, * is unfortunately required at this point. Future versions could lock this down more. Jonathan 10/18/2012 - * + * * @param lifeForm * @param info * @return */ public TafResp validate(LifeForm reading, String ... info); - + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Transmutate.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Transmutate.java index 1203b8d2..b88591fa 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Transmutate.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Transmutate.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,18 +26,18 @@ import java.security.Principal; /** * The unique element of TAF is that we establish the relationship/mechanism to mutate the Principal derived from * one Authentication mechanism into a trustable Principal of another. The mechanism needs to be decided by system - * trusting. - * + * trusting. + * * The Generic "T" is used so that the code used will be very specific for the implementation, enforced by Compiler - * - * This interface will allow differences of trusting Transmutation of Authentication + * + * This interface will allow differences of trusting Transmutation of Authentication * @author Jonathan * */ public interface Transmutate<T> { /** * Mutate the (assumed validated) Principal into the expected Principal name to be used to construct - * + * * @param p * @return */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/TrustChecker.java b/cadi/core/src/main/java/org/onap/aaf/cadi/TrustChecker.java index 6b1433f4..3ab9c290 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/TrustChecker.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/TrustChecker.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,13 +27,13 @@ import org.onap.aaf.cadi.taf.TafResp; /** * Change to another Principal based on Trust of caller and User Chain (if desired) - * + * * @author Jonathan * */ public interface TrustChecker { public TafResp mayTrust(TafResp tresp, HttpServletRequest req); - + /** * A class that trusts no-one else, so just return same TResp */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java index cb3b4e8f..97837555 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -31,7 +31,7 @@ import org.onap.aaf.cadi.lur.LocalPermission; /** * Class to hold info from the User Perspective. - * + * * @author Jonathan * */ @@ -44,7 +44,7 @@ public final class User<PERM extends Permission> { long permExpires; private final long interval; int count; - + // Note: This should only be used for Local RBAC (in memory) public User(Principal principal) { this.principal = principal; @@ -86,23 +86,23 @@ public final class User<PERM extends Permission> { count = 0; renewPerm(); } - + public void renewPerm() { permExpires = System.currentTimeMillis()+interval; } - + public long permExpires() { return permExpires; } - + public boolean permExpired() { return System.currentTimeMillis() > permExpires; } public boolean noPerms() { - return perms==null || perms==NULL_MAP || perms.values().size()==0; + return perms==null || perms==NULL_MAP || perms.values().size()==0; } - + public synchronized void setNoPerms() { perms=NULL_MAP; renewPerm(); @@ -115,11 +115,11 @@ public final class User<PERM extends Permission> { public synchronized void incCount() { ++count; } - + public synchronized void resetCount() { count=0; } - + public Map<String,Permission> newMap() { return new ConcurrentHashMap<>(); } @@ -146,11 +146,11 @@ public final class User<PERM extends Permission> { } return false; } - + public void copyPermsTo(List<Permission> sink) { sink.addAll(perms.values()); } - + public String toString() { StringBuilder sb = new StringBuilder(); sb.append(principal.getName()); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/UserChain.java b/cadi/core/src/main/java/org/onap/aaf/cadi/UserChain.java index f6a98085..f299f931 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/UserChain.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/UserChain.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,17 +23,17 @@ package org.onap.aaf.cadi; /** * Interface to add a User Chain String to Principal - * - * - * + * + * + * * Where - * APP is name suitable for Logging (i.e. official App Acronym) + * APP is name suitable for Logging (i.e. official App Acronym) * ID is official User or MechID, best if includes Identity Source (i.e. ab1234@people.osaaf.org) * Protocol is the Security protocol, - * + * * Format:<ID>:<APP>:<protocol>[:AS][,<ID>:<APP>:<protocol>]* - * - * + * + * * @author Jonathan * */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 7bd578a5..a231b393 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -64,7 +64,7 @@ import org.onap.aaf.cadi.util.Split; /** * Create a Consistent Configuration mechanism, even when configuration styles are as vastly different as * Properties vs JavaBeans vs FilterConfigs... - * + * * @author Jonathan * */ @@ -110,16 +110,16 @@ public class Config { public static final String CADI_PROTOCOLS = "cadi_protocols"; public static final String CADI_NOAUTHN = "cadi_noauthn"; public static final String CADI_LOC_LIST = "cadi_loc_list"; - + // Special Behaviors public static final String CADI_BATH_CONVERT = "cadi_bath_convert"; public static final String CADI_API_ENFORCEMENT = "cadi_api_enforcement"; public static final String CADI_ADD_TAFS = "cadi_add_tafs"; public static final String CADI_ADD_LURS = "cadi_add_lurs"; - + public static final String CADI_USER_CHAIN_TAG = "cadi_user_chain"; public static final String CADI_USER_CHAIN = "USER_CHAIN"; - + public static final String CADI_OAUTH2_URL="cadi_oauth2_url"; public static final String CADI_TOKEN_DIR = "cadi_token_dir"; @@ -133,20 +133,20 @@ public class Config { + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA," + "TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; - + public static final String LOCALHOST_ALLOW = "localhost_allow"; public static final String LOCALHOST_DENY = "localhost_deny"; - - public static final String BASIC_REALM = "basic_realm"; // what is sent to the client - public static final String BASIC_WARN = "basic_warn"; // Warning of insecure channel + + public static final String BASIC_REALM = "basic_realm"; // what is sent to the client + public static final String BASIC_WARN = "basic_warn"; // Warning of insecure channel public static final String USERS = "local_users"; public static final String GROUPS = "local_groups"; public static final String WRITE_TO = "local_writeto"; // dump RBAC to local file in Tomcat Style (some apps use) - + public static final String OAUTH_CLIENT_ID="client_id"; public static final String OAUTH_CLIENT_SECRET="client_secret"; - + public static final String AAF_ENV = "aaf_env"; public static final String AAF_ROOT_NS = "aaf_root_ns"; public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf"; @@ -159,15 +159,15 @@ public class Config { public static final String AAF_DEFAULT_API_VERSION = "2.1"; public static final String AAF_DEPLOYED_VERSION="aaf_deployed_version"; public static final String AAF_API_VERSION = "aaf_api_version"; - public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration + public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability // to set these entries manually // example: adding a K8S name like "oom" - // this will allow Registrations to pick up + // this will allow Registrations to pick up // locator_ns.oom for onap's "OOM" based k8s entries, etc. public static final String AAF_LOCATOR_CONTAINER="aaf_locator_container"; - // An ID for another Container, to be used to avoid picking up the wrong internal info + // An ID for another Container, to be used to avoid picking up the wrong internal info // for another container. public static final String AAF_LOCATOR_CONTAINER_ID = "aaf_locator_container_id"; public static final String AAF_LOCATOR_CONTAINER_NS = "aaf_locator_container_ns"; @@ -181,7 +181,7 @@ public class Config { public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port"; public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn"; public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name"; - + // AAF Service will write to the Audit Log if a past due AAF stored Password // is being used within # of days specified. public static final String AAF_CRED_WARN_DAYS="aaf_cred_warn_days"; @@ -196,7 +196,7 @@ public class Config { public static final String AAF_CONN_TIMEOUT_DEF = "3000"; public static final String AAF_CONN_IDLE_TIMEOUT = "aaf_conn_idle_timeout"; // only for Direct Jetty Access. public static final String AAF_CONN_IDLE_TIMEOUT_DEF = "10000"; // only for Direct Jetty Access. - + // Default Classes: These are for Class loading to avoid direct compile links public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf"; public static final String AAF_LOCATOR_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFLocator"; @@ -212,7 +212,7 @@ public class Config { public static final String AAF_CLEAN_INTERVAL_DEF = "30000"; // Default is 30 seconds public static final String AAF_REFRESH_TRIGGER_COUNT = "aaf_refresh_trigger_count"; public static final String AAF_REFRESH_TRIGGER_COUNT_DEF = "3"; // Default is 10 mins - + public static final String AAF_HIGH_COUNT = "aaf_high_count"; public static final String AAF_HIGH_COUNT_DEF = "1000"; // Default is 1000 entries public static final String AAF_PERM_MAP = "aaf_perm_map"; @@ -251,7 +251,7 @@ public class Config { public static final String AAF_OAUTH2_INTROSPECT_URL = "aaf_oauth2_introspect_url"; public static final String AAF_ALT_OAUTH2_TOKEN_URL = "aaf_alt_oauth2_token_url"; public static final String AAF_ALT_OAUTH2_INTROSPECT_URL = "aaf_alt_oauth2_introspect_url"; - public static final String AAF_ALT_OAUTH2_DOMAIN = "aaf_alt_oauth2_domain"; + public static final String AAF_ALT_OAUTH2_DOMAIN = "aaf_alt_oauth2_domain"; public static final String AAF_ALT_CLIENT_ID = "aaf_alt_oauth2_client_id"; public static final String AAF_ALT_CLIENT_SECRET = "aaf_alt_oauth2_client_secret"; public static final String AAF_OAUTH2_HELLO_URL = "aaf_oauth2_hello_url"; @@ -300,9 +300,9 @@ public class Config { // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL String aafURL = logProp(rph, AAF_URL,null); if (!hasDirectAAF && aafcon==null && aafURL!=null) { - aafcon = loadAAFConnector(si, aafURL); + aafcon = loadAAFConnector(si, aafURL); } - + HttpTaf taf; // Setup Host, in case Network reports an unusable Hostname (i.e. VTiers, VPNs, etc) String hostname = logProp(access, HOSTNAME,null); @@ -313,7 +313,7 @@ public class Config { throw new CadiException("Unable to determine Hostname",e1); } } - + access.log(Level.INIT, "Hostname set to",hostname); // Get appropriate TAFs ArrayList<Priori<HttpTaf>> htlist = new ArrayList<>(); @@ -355,7 +355,7 @@ public class Config { } else { access.log(Level.INIT,"Certificate Authorization not enabled"); } - + ///////////////////////////////////////////////////// // Configure Basic Auth (local content) ///////////////////////////////////////////////////// @@ -406,7 +406,7 @@ public class Config { } else { access.log(Level.INIT,"Local Basic Authorization is disabled. Enable by setting basicRealm=<appropriate realm, i.e. my.att.com>"); } - + ///////////////////////////////////////////////////// // Configure AAF Driven Basic Auth ///////////////////////////////////////////////////// @@ -414,10 +414,10 @@ public class Config { access.log(Level.INIT,"AAF Connection (AAFcon) is null. Cannot create an AAF TAF"); } else if (aafURL==null) { access.log(Level.INIT,"No AAF URL in properties, Cannot create an AAF TAF"); - } else {// There's an AAF_URL... try to configure an AAF + } else {// There's an AAF_URL... try to configure an AAF String aafTafClassName = logProp(access, AAF_TAF_CLASS,AAF_TAF_CLASS_DEF); // Only 2.0 available at this time - if (AAF_TAF_CLASS_DEF.equals(aafTafClassName)) { + if (AAF_TAF_CLASS_DEF.equals(aafTafClassName)) { try { Class<?> aafTafClass = loadClass(access,aafTafClassName); if (aafTafClass!=null) { @@ -447,7 +447,7 @@ public class Config { } } } - + ///////////////////////////////////////////////////// // Configure OAuth TAF ///////////////////////////////////////////////////// @@ -490,7 +490,7 @@ public class Config { access.log(Level.INIT,"OAuth TAF is not configured"); } } - + ///////////////////////////////////////////////////// // Adding BasicAuth (AAF) last, after other primary Cookie Based // Needs to be before Cert... see below @@ -498,7 +498,7 @@ public class Config { if (aaftaf!=null) { htlist.add(new Priori<HttpTaf>(aaftaf,40)); } - } + } ///////////////////////////////////////////////////// // Any Additional Tafs passed in Constructor @@ -534,7 +534,7 @@ public class Config { } } } - + // Add BasicAuth, if any, to x509Taf if (x509TAF!=null) { for ( Priori<HttpTaf> ht : htlist) { @@ -543,12 +543,12 @@ public class Config { } } } - + ///////////////////////////////////////////////////// // Additional TAFs by Plugin ///////////////////////////////////////////////////// Priori.add(access, CADI_ADD_TAFS, htlist); - + ///////////////////////////////////////////////////// // Create EpiTaf from configured TAFs ///////////////////////////////////////////////////// @@ -571,17 +571,17 @@ public class Config { access.log(Level.INIT, sb); Locator<URI> locator = loadLocator(si, aafURL); - + taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null String level = logProp(access, CADI_LOGLEVEL, null); if (level!=null) { access.setLogLevel(Level.valueOf(level)); } } - + return taf; } - + public static String logProp(RegistrationPropHolder rph, String tag, String def) { String rv = rph.access().getProperty(tag, def); if (rv == null) { @@ -591,9 +591,9 @@ public class Config { rph.access().log(Level.INIT,tag,"is set to",rv); } return rv; - + } - + public static String logProp(Access access,String tag, String def) { String rv = access.getProperty(tag, def); if (rv == null) { @@ -603,7 +603,7 @@ public class Config { } return rv; } - + public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException { Access access = si.access; RegistrationPropHolder rph; @@ -614,7 +614,7 @@ public class Config { } List<Priori<Lur>> lurs = new ArrayList<>(); - + ///////////////////////////////////////////////////// // Configure a Local Property Based RBAC/LUR ///////////////////////////////////////////////////// @@ -625,7 +625,7 @@ public class Config { if (groups!=null || users!=null) { LocalLur ll = new LocalLur(access, users, groups); // note b64==null is ok.. just means no encryption. lurs.add(new Priori<Lur>(ll,10)); - + String writeto = access.getProperty(WRITE_TO,null); if (writeto!=null) { String msg = UsersDump.updateUsers(writeto, ll); @@ -660,14 +660,14 @@ public class Config { msg = e.getCause().getMessage(); } access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg,e); - } + } } else { access.log(Level.INIT, "OAuth2 Lur disabled"); } if (con!=null) { // try to reutilize connector lurs.add(new Priori<Lur>(con.newLur(),30)); - } else { + } else { ///////////////////////////////////////////////////// // Configure the AAF Lur (if any) ///////////////////////////////////////////////////// @@ -693,7 +693,7 @@ public class Config { } else {// There's an AAF_URL... try to configure an AAF String aafLurClassStr = logProp(access,AAF_LUR_CLASS,AAF_V2_0_AAF_LUR_PERM); ////////////AAF Lur 2.0 ///////////// - if (aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) { + if (aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) { try { Object aafcon = loadAAFConnector(si, aafURL); if (aafcon==null) { @@ -703,7 +703,7 @@ public class Config { if (aafAbsAAFCon!=null) { Method mNewLur = aafAbsAAFCon.getMethod("newLur"); Object aaflur = mNewLur.invoke(aafcon); - + if (aaflur==null) { access.log(Level.INIT,"ERROR! AAF LUR Failed construction. NOT Configured"); } else { @@ -719,7 +719,7 @@ public class Config { } catch (Exception e) { access.log(e,"AAF LUR class,",aafLurClassStr,"could not be constructed with given Constructors."); } - } + } } } } @@ -740,13 +740,13 @@ public class Config { ///////////////////////////////////////////////////// // Additional LURs by Plugin ///////////////////////////////////////////////////// - Priori.add(access, CADI_ADD_LURS, lurs); + Priori.add(access, CADI_ADD_LURS, lurs); ///////////////////////////////////////////////////// - // Return a Lur based on how many there are... + // Return a Lur based on how many there are... ///////////////////////////////////////////////////// switch(lurs.size()) { - case 0: + case 0: access.log(Level.INIT,"WARNING! No CADI LURs configured"); // Return a NULL Lur that does nothing. return new NullLur(); @@ -770,7 +770,7 @@ public class Config { return new EpiLur(la); } } - + private static boolean hasDirect(String simpleClassName, Object[] additionalTafLurs) { if (additionalTafLurs!=null) { for (Object tf : additionalTafLurs) { @@ -922,7 +922,7 @@ public class Config { locator = (Locator<URI>)cnst.newInstance(new Object[] {si,locatorURI}); int port = fui.getPort(); String portS = port<0?"":(":"+port); - + access.log(Level.INFO, "AAFLocator enabled using " + locatorURI.getScheme() +"://"+fui.getHost() + portS); } else { access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName()); @@ -943,7 +943,7 @@ public class Config { public static String getDefaultRealm() { return defaultRealm; } - + public static String getAAFLocateUrl(Access access) { String rv = null; String cont = access.getProperty(AAF_LOCATOR_CONTAINER,null); @@ -959,7 +959,7 @@ public class Config { private static class Priori<T> implements Comparable<Priori<T>> { public final T t; public final int priority; - + public Priori(final T t, final int priority) { this.t = t; this.priority = priority; @@ -997,7 +997,7 @@ public class Config { access.printf(Level.ERROR, "%s format is <classname>,priority[;...]\n",CADI_ADD_TAFS); } } - + if(clssn!=null) { Class<?> cls = loadClass(access, clssn); if(cls!=null) { @@ -1009,7 +1009,7 @@ public class Config { } catch (InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { String hostname = access.getProperty(Config.HOSTNAME,null); if(hostname==null) { - access.printf(Level.ERROR, "%s cannot be constructed on this machine. Set valid 'hostname' in your properties\n",clssn); + access.printf(Level.ERROR, "%s cannot be constructed on this machine. Set valid 'hostname' in your properties\n",clssn); } else { access.printf(Level.ERROR, "%s cannot be constructed on %s with Access.\n",clssn, hostname); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Get.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Get.java index b48dd74d..0f65b374 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Get.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Get.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,8 +28,8 @@ import org.onap.aaf.cadi.Access.Level; public interface Get { public String get(String name, String def, boolean print); - - + + /** * A class for Getting info out of "JavaBean" format * @author Jonathan @@ -40,24 +40,24 @@ public interface Get { private Class<?> bc; private Class<?>[] params; private Object[] args; - + public Bean(Object bean) { this.bean = bean; bc = bean.getClass(); params = new Class<?>[0]; // note, this will allow to go out of scope after config args = new Object[0]; } - + public String get(String name, String def, boolean print) { String str = null; String gname = "get"+Character.toUpperCase(name.charAt(0))+name.substring(1); try { Method meth = bc.getMethod(gname, params); Object obj = meth.invoke(bean, args); - str = obj==null?null:obj.toString(); // easy string convert... + str = obj==null?null:obj.toString(); // easy string convert... } catch (Exception e) { } - + // Take def if nothing else if (str==null) { str = def; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/GetAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/GetAccess.java index 30adcc97..65501a67 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/GetAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/GetAccess.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,12 +25,12 @@ import org.onap.aaf.cadi.PropAccess; public class GetAccess extends PropAccess { private final Get getter; - + public GetAccess(Get getter) { super(new String[]{"cadi_prop_files="+getter.get("cadi_prop_files", null, true)}); this.getter = getter; } - + /* (non-Javadoc) * @see org.onap.aaf.cadi.PropAccess#getProperty(java.lang.String, java.lang.String) */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/MultiGet.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/MultiGet.java index c5e5a50e..d73e1b71 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/MultiGet.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/MultiGet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,7 +33,7 @@ public class MultiGet implements Get { String str; for (Get getter : getters) { str = getter.get(name, null, print); - if (str!=null) + if (str!=null) return str; } return def; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java index f73179a9..2825e9a5 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -99,11 +99,11 @@ public class RegistrationPropHolder { } } default_name = container_public_name; - + if(firstlog) { access.printf(Level.INIT, REGI,"default_name",default_name); } - + latitude=null; String slatitude = access.getProperty(Config.CADI_LATITUDE, null); if(slatitude == null) { @@ -138,7 +138,7 @@ public class RegistrationPropHolder { } } } - + default_fqdn = access.getProperty(Config.AAF_LOCATOR_FQDN, hostname); if(firstlog) { access.printf(Level.INIT, REGI,"default_fqdn",default_fqdn); @@ -157,7 +157,7 @@ public class RegistrationPropHolder { errs.append('\n'); errs.append(propname); errs.append(" must be defined."); - + } public String getEntryFQDN(final String entry, final String dot_le) { @@ -169,7 +169,7 @@ public class RegistrationPropHolder { } return replacements("RegistrationPropHolder.getEntryFQDN",str,entry,dot_le); } - + public String getEntryName(final String entry, final String dot_le) { String str; if(dot_le.isEmpty()) { @@ -179,7 +179,7 @@ public class RegistrationPropHolder { } return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le); } - + public String getPublicEntryName(final String entry, final String dot_le) { String str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+dot_le, null); if(str==null) { @@ -190,8 +190,8 @@ public class RegistrationPropHolder { } return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le); } - - + + private String getNS(String dot_le) { String ns; ns = access.getProperty(Config.AAF_LOCATOR_APP_NS+dot_le,null); @@ -201,7 +201,7 @@ public class RegistrationPropHolder { return ns; } - + public String replacements(final String fromCode, final String source, final String name, final String _dot_le) { if(source == null) { return ""; @@ -238,13 +238,13 @@ public class RegistrationPropHolder { value = value.replace("http://AAF_LOCATE_URL/", str); } else { value = value.replace("https://AAF_LOCATE_URL/", str); - + } } } } - int atC = value.indexOf("%C"); + int atC = value.indexOf("%C"); if(atC>=0) { // aaf_locator_container_ns str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS+dot_le, default_container_ns); @@ -252,14 +252,14 @@ public class RegistrationPropHolder { value = value.replace("%CNS"+'.', str); } value = value.replace("%CNS", str); - + str = access.getProperty(Config.AAF_LOCATOR_CONTAINER+dot_le,default_container); if(str.isEmpty()) { value = value.replace("%C"+'.', str); } value = value.replace("%C", str); } - + if(value.indexOf("%NS")>=0) { str = getNS(dot_le); if(str==null || str.isEmpty()) { @@ -280,7 +280,7 @@ public class RegistrationPropHolder { } } - + if(value.indexOf('%')>=0) { // These shouldn't be expected to have dot elements if(name!=null) { @@ -293,13 +293,13 @@ public class RegistrationPropHolder { value = value.replace("%PH", public_fqdn); } } - access.printf(Level.DEBUG, + access.printf(Level.DEBUG, "RegistrationReplacement from %s, source: %s, dot_le: %s, value: %s", fromCode,source,dot_le,value); return value; } - + public int getEntryPort(final String dot_le) { return public_port!=null && dot_le.isEmpty()? public_port: diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java index 8dbc38e1..60c75719 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -64,7 +64,7 @@ public class SecurityInfo { private static final String LOADED_FROM_SYSTEM_PROPERTIES = "%s loaded from System Properties"; public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM; - + private SSLSocketFactory socketFactory; private X509KeyManager[] x509KeyManager; private X509TrustManager[] x509TrustManager; @@ -83,21 +83,21 @@ public class SecurityInfo { SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; } } - + public SecurityInfo(final Access access) throws CadiException { String msgHelp = ""; try { this.access = access; // reuse DME2 Properties for convenience if specific Properties don't exist - + String str = access.getProperty(Config.CADI_ALIAS, null); if(str==null || str.isEmpty()) { defaultAlias = null; } else { defaultAlias = str; } - + str = access.getProperty(Config.CADI_CLIENT_ALIAS, null); if(str==null) { defaultClientAlias = defaultAlias; @@ -110,17 +110,17 @@ public class SecurityInfo { msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, "")); initializeKeyManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, "")); initializeTrustManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Trustmasks", access.getProperty(Config.CADI_TRUST_MASKS, "")); initializeTrustMasks(); msgHelp = String.format(INITIALIZING_ERR_FMT,"HTTP Protocols", "access properties"); setHTTPProtocols(access); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Context", "TLS"); context = SSLContext.getInstance("TLS"); context.init(x509KeyManager, x509TrustManager, null); @@ -146,7 +146,7 @@ public class SecurityInfo { // This needs to be set when people do not. System.setProperty(HTTPS_PROTOCOLS, httpsProtocols); } - String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); + String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); if(httpsClientProtocols!=null) { access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, JDK_TLS_CLIENT_PROTOCOLS); } else { @@ -197,7 +197,7 @@ public class SecurityInfo { hsuc.setHostnameVerifier(maskHV); } } - + protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException { String keyStore = access.getProperty(Config.CADI_KEYSTORE, null); if(keyStore==null) { @@ -208,7 +208,7 @@ public class SecurityInfo { String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null); keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false); - if (keyStore == null || keyStorePasswd == null) { + if (keyStore == null || keyStorePasswd == null) { x509KeyManager = new X509KeyManager[0]; return; } @@ -240,7 +240,7 @@ public class SecurityInfo { } } } - + StringBuilder sb = null; for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { @@ -263,12 +263,12 @@ public class SecurityInfo { } x509KeyManager = new X509KeyManager[keyManagers.size()]; keyManagers.toArray(x509KeyManager); - + if(sb!=null) { access.log(Level.INIT, sb); } } - + private void x509Info(StringBuilder sb, X509Certificate[] chain) { if(chain!=null) { int i=0; @@ -290,7 +290,7 @@ public class SecurityInfo { protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException { String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null); if(trustStore==null) { - return; + return; } else if(!new File(trustStore).exists()) { throw new CadiException(trustStore + " does not exist"); } @@ -307,7 +307,7 @@ public class SecurityInfo { try { KeyStore ts = KeyStore.getInstance("JKS"); ts.load(fis, trustStorePasswd.toCharArray()); - trustManagerFactory.init(ts); + trustManagerFactory.init(ts); } finally { fis.close(); } @@ -328,7 +328,7 @@ public class SecurityInfo { } } } - + protected void initializeTrustMasks() throws AccessException { String tips = access.getProperty(Config.CADI_TRUST_MASKS, null); if (tips == null) { @@ -345,7 +345,7 @@ public class SecurityInfo { throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e); } } - + final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier(); maskHV = new HostnameVerifier() { @Override @@ -366,5 +366,5 @@ public class SecurityInfo { }; HttpsURLConnection.setDefaultHostnameVerifier(maskHV); } - + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java index 4e365fba..7c5f50ed 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,13 +34,13 @@ public class SecurityInfoC<CLIENT> extends SecurityInfo { public static final String DEF_ID = "ID not Set"; private static Map<Class<?>,SecurityInfoC<?>> sicMap = new HashMap<>(); public SecuritySetter<CLIENT> defSS; - + public SecurityInfoC(Access access) throws CadiException { super(access); defSS = new DEFSS<CLIENT>(); } - + @SuppressWarnings("unchecked") public static synchronized <CLIENT> SecurityInfoC<CLIENT> instance(Access access, Class<CLIENT> cls) throws CadiException { SecurityInfoInit<CLIENT> sii; @@ -58,9 +58,9 @@ public class SecurityInfoC<CLIENT> extends SecurityInfo { public SecuritySetter<CLIENT> bestDefault(SecurityInfoC<CLIENT> si) throws CadiException { return new DEFSS<CLIENT>(); } - }; + }; } - + SecurityInfoC<CLIENT> sic = (SecurityInfoC<CLIENT>) sicMap.get(cls); if (sic==null) { sic = new SecurityInfoC<CLIENT>(access); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoInit.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoInit.java index 614f363b..e5b7a0ea 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoInit.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoInit.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java index 98ab4706..4f7db1ab 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -56,7 +56,7 @@ public class UsersDump { // We loop through Users, but want to write Groups first... therefore, save off print StringBuilder sb = new StringBuilder(); - + // Obtain all unique role names HashSet<String> groups = new HashSet<>(); for (AbsUserCache<?>.DumpInfo di : lur.dumpInfo()) { @@ -80,7 +80,7 @@ public class UsersDump { ps.print(group); ps.println("\"/>"); } - + ps.println(sb); ps.println("</tomcat-users>"); @@ -91,13 +91,13 @@ public class UsersDump { } return true; } - + /** - * + * * Note: This method returns a String if there's an error, or null if ok. - * This unusual style is necessitated by the fact that any Exceptions thrown are likely to + * This unusual style is necessitated by the fact that any Exceptions thrown are likely to * be unlogged and hidden from view, making debugging almost impossible. - * + * * @param writeto * @param up * @return @@ -129,7 +129,7 @@ public class UsersDump { int startA=0, startB=0; for (int i=0;startA<orig.length && i<3;++startA) if (orig[startA]=='<')++i; for (int i=0;startB<orig.length && i<3;++startB) if (postulate[startB]=='<')++i; - + writeIt=orig.length-startA!=postulate.length-startB; // first, check if remaining length is the same while (!writeIt && startA<orig.length && startB<postulate.length) { if (orig[startA++]!=postulate[startB++])writeIt = true; @@ -141,7 +141,7 @@ public class UsersDump { } else { writeIt = true; } - + if (writeIt) { try { FileOutputStream fos = new FileOutputStream(file); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZ.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZ.java index 5aa502d4..fefb0970 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZ.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZ.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java index 0bd87d98..8073249c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,7 +32,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** - * + * * @author Jonathan * */ @@ -53,14 +53,14 @@ public class AUTHZServlet<S extends Servlet> implements Servlet { roles = rolesAllowed.value(); } } - + public void init(ServletConfig sc) throws ServletException { if (delegate == null) { throw new ServletException("Invalid Servlet Delegate"); } delegate.init(sc); } - + public ServletConfig getServletConfig() { return delegate.getServletConfig(); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AccessGetter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AccessGetter.java index ae4347d3..96eebf5e 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AccessGetter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AccessGetter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiApiEnforcementFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiApiEnforcementFilter.java index 292f8e1c..d97fe28b 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiApiEnforcementFilter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiApiEnforcementFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,15 +41,15 @@ import org.onap.aaf.cadi.util.Split; /** * This filter allows one to protect the APIs from data stored in AAF - * + * * @author Instrumental(Jonathan) */ public class CadiApiEnforcementFilter implements Filter { private String type; private Map<String,List<String>> publicPaths; private Access access; - - + + public CadiApiEnforcementFilter(Access access, String enforce) throws ServletException { this.access = access; init(enforce); @@ -60,12 +60,12 @@ public class CadiApiEnforcementFilter implements Filter { public void init(FilterConfig fc) throws ServletException { init(fc.getInitParameter(Config.CADI_API_ENFORCEMENT)); // need the Context for Logging, instantiating ClassLoader, etc - ServletContextAccess sca=new ServletContextAccess(fc); + ServletContextAccess sca=new ServletContextAccess(fc); if (access==null) { access = sca; } } - + private void init(final String ptypes) throws ServletException { if(ptypes==null) { throw new ServletException("CadiApiEnforcement requires " + Config.CADI_API_ENFORCEMENT + " property"); @@ -99,10 +99,10 @@ public class CadiApiEnforcementFilter implements Filter { HttpServletRequest hreq = (HttpServletRequest)req; final String meth = hreq.getMethod(); String path = hreq.getContextPath()+hreq.getPathInfo(); - + if(path == null || path.isEmpty() || "null".equals(path)) path = hreq.getRequestURI().substring(hreq.getContextPath().length()); - + List<String> list = publicPaths.get(meth); if(list!=null) { for( String p : publicPaths.get(meth)) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java index 50efe8b4..a2f168a1 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -52,16 +52,16 @@ import org.onap.aaf.cadi.util.Timing; /** * CadiFilter - * + * * This class implements Servlet Filter, and ties together CADI implementations - * + * * This class can be used in a standard J2EE Servlet manner. Optimal usage is for POJO operations, where - * one can enforce this Filter being first and primary. Depending on the Container, it - * may be more effective, in some cases, to utilize features that allow earlier determination of + * one can enforce this Filter being first and primary. Depending on the Container, it + * may be more effective, in some cases, to utilize features that allow earlier determination of * AUTHN (Authorization). An example would be "Tomcat Valve". These implementations, however, should * be modeled after the "init" and "doFilter" functions, and be kept up to date as this class changes. - * - * + * + * * @author Jonathan * */ @@ -73,18 +73,18 @@ public class CadiFilter implements Filter { private Object[] additionalTafLurs; private SideChain sideChain; private static int count=0; - + public Lur getLur() { return httpChecker.getLur(); } - + /** * Construct a viable Filter - * - * Due to the vagaries of many containers, there is a tendency to create Objects and call "Init" on + * + * Due to the vagaries of many containers, there is a tendency to create Objects and call "Init" on * them at a later time. Therefore, this object creates with an object that denies all access * until appropriate Init happens, just in case the container lets something slip by in the meantime. - * + * */ public CadiFilter() { additionalTafLurs = CadiHTTPManip.noAdditional; @@ -92,10 +92,10 @@ public class CadiFilter implements Filter { /** * This constructor to be used when directly constructing and placing in HTTP Engine - * + * * @param access * @param moreTafLurs - * @throws ServletException + * @throws ServletException */ public CadiFilter(Access access, Object ... moreTafLurs) throws ServletException { additionalTafLurs = moreTafLurs; @@ -120,7 +120,7 @@ public class CadiFilter implements Filter { /** * Init - * + * * Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a * FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this * mechanism already. @@ -128,15 +128,15 @@ public class CadiFilter implements Filter { //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM Init functions public void init(FilterConfig filterConfig) throws ServletException { // need the Context for Logging, instantiating ClassLoader, etc - ServletContextAccess sca=new ServletContextAccess(filterConfig); + ServletContextAccess sca=new ServletContextAccess(filterConfig); if (access==null) { access = sca; } - + // Set Protected getter with base Access, for internal class instantiations init(new FCGet(access, sca.context(), filterConfig)); } - + @SuppressWarnings("unchecked") protected void init(Get getter) throws ServletException { @@ -154,7 +154,7 @@ public class CadiFilter implements Filter { } catch (Exception e) { access.log(Level.INIT, "AAFTrustChecker cannot be loaded",e.getMessage()); } - + try { Class<Filter> cf=null; try { @@ -167,7 +167,7 @@ public class CadiFilter implements Filter { access.log(Level.INIT, "AAFTrustChecker cannot be loaded",e.getMessage()); } - + // Synchronize, because some instantiations call init several times on the same object // In this case, the epiTaf will be changed to a non-NullTaf, and thus not instantiate twice. synchronized(CadiHTTPManip.noAdditional /*will always remain same Object*/) { @@ -194,8 +194,8 @@ public class CadiFilter implements Filter { pathExceptions = str.split("\\s*:\\s*"); } } - - /* + + /* * SETUP Permission Converters... those that can take Strings from a Vendor Product, and convert to appropriate AAF Permissions */ if (mapPairs==null) { @@ -227,7 +227,7 @@ public class CadiFilter implements Filter { } // Add API Enforcement Point - String enforce = getter.get(Config.CADI_API_ENFORCEMENT, null, true); + String enforce = getter.get(Config.CADI_API_ENFORCEMENT, null, true); if(enforce!=null && enforce.length()>0) { sideChain.add(new CadiApiEnforcementFilter(access,enforce)); } @@ -236,7 +236,7 @@ public class CadiFilter implements Filter { } /** - * Containers call "destroy" when time to cleanup + * Containers call "destroy" when time to cleanup */ public void destroy() { // Synchronize, in case multiCadiFilters are used. @@ -252,7 +252,7 @@ public class CadiFilter implements Filter { /** * doFilter - * + * * This is the standard J2EE invocation. Analyze the request, modify response as necessary, and * only call the next item in the filterChain if request is suitably Authenticated. */ @@ -295,7 +295,7 @@ public class CadiFilter implements Filter { } - /** + /** * If PathExceptions exist, report if these should not have Authn applied. * @param hreq * @return @@ -317,7 +317,7 @@ public class CadiFilter implements Filter { } return false; } - + /** * Get Converter by Path */ @@ -332,7 +332,7 @@ public class CadiFilter implements Filter { } return NullPermConverter.singleton(); } - + /** * store PermConverters by Path prefix * @author Jonathan diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java index 0a89af0c..7c63a822 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,10 +47,10 @@ import org.onap.aaf.cadi.util.UserChainManip; /** * Encapsulate common HTTP Manipulation Behavior. It will appropriately set * HTTPServletResponse for Redirect or Forbidden, as needed. - * + * * Further, this is useful, because it avoids multiple creates of Connections, where some Filters * are created and destroyed regularly. - * + * * @author Jonathan * */ @@ -73,7 +73,7 @@ public class CadiHTTPManip { private CredVal up; private Lur lur; private String thisPerm,companyPerm,aaf_id; - + public static final Object[] noAdditional = new Object[0]; // CadiFilter can be created each call in some systems @@ -82,7 +82,7 @@ public class CadiHTTPManip { this.access = access; // Get getter = new AccessGetter(access); Config.setDefaultRealm(access); - + aaf_id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_APPID, null)); if (aaf_id==null) { access.printf(Level.INIT, "%s is not set. %s can be used instead",Config.AAF_APPID,Config.CADI_ALIAS); @@ -107,9 +107,9 @@ public class CadiHTTPManip { } SecurityInfoC<HttpURLConnection> si; si = SecurityInfoC.instance(access, HttpURLConnection.class); - + lur = Config.configLur(si, con, additionalTafLurs); - + tc.setLur(lur); if (lur instanceof EpiLur) { up = ((EpiLur)lur).getUserPassImpl(); @@ -126,33 +126,33 @@ public class CadiHTTPManip { TafResp tresp = taf.validate(Taf.LifeForm.LFN, hreq, hresp); switch(tresp.isAuthenticated()) { case IS_AUTHENTICATED: - access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),AUTHENTICATED,tresp.desc()); break; case TRY_AUTHENTICATING: switch (tresp.authenticate()) { case IS_AUTHENTICATED: - access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),AUTHENTICATED,tresp.desc()); break; case HTTP_REDIRECT_INVOKED: - access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.DEBUG,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),AUTHENTICATING_VIA_REDIRECTION,tresp.desc()); break; case NO_FURTHER_PROCESSING: - access.printf(Level.AUDIT,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.AUDIT,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),AUTHENTICATION_FAILURE,tresp.desc()); hresp.sendError(403, tresp.desc()); // Forbidden break; default: - access.printf(Level.AUDIT,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.AUDIT,MSG_FMT,tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),NO_TAF_WILL_AUTHORIZE,tresp.desc()); hresp.sendError(403, tresp.desc()); // Forbidden } break; case NO_FURTHER_PROCESSING: - access.printf(Level.AUDIT,MSG_FMT, tresp.getTarget(),hreq.getRemoteAddr(), + access.printf(Level.AUDIT,MSG_FMT, tresp.getTarget(),hreq.getRemoteAddr(), hreq.getRemotePort(),NO_TAF_WILL_AUTHORIZE,tresp.desc()); hresp.sendError(403, ACCESS_DENIED); // FORBIDDEN break; @@ -161,12 +161,12 @@ public class CadiHTTPManip { hreq.getRemotePort(),NO_TAF_WILL_AUTHORIZE,tresp.desc()); hresp.sendError(403, ACCESS_DENIED); // FORBIDDEN } - + return tresp; } - + public boolean notCadi(CadiWrap req, HttpServletResponse resp) { - + String pathInfo = req.getPathInfo(); if (METH.equalsIgnoreCase(req.getMethod()) && pathInfo!=null && pathInfo.contains(CADI)) { if (req.getUser().equals(aaf_id) || req.isUserInRole(thisPerm) || req.isUserInRole(companyPerm)) { @@ -201,11 +201,11 @@ public class CadiHTTPManip { } return true; } - + public Lur getLur() { return lur; } - + public void destroy() { access.log(Level.INFO,"CadiHttpChecker destroyed."); if (lur!=null) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/FCGet.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/FCGet.java index 1805c782..e9cb59ce 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/FCGet.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/FCGet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,7 +34,7 @@ import org.onap.aaf.cadi.config.Get; */ public class FCGet implements Get { /** - * + * */ private final Access access; private FilterConfig filterConfig; @@ -52,12 +52,12 @@ public class FCGet implements Get { if (context!=null) { str = context.getInitParameter(name); } - + // Try Filter Context next if (str==null && filterConfig != null) { str = filterConfig.getInitParameter(name); } - + if (str==null) { str = access.getProperty(name, def); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java index 8c616f4a..7ad1921c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,21 +39,21 @@ import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.cadi.util.CSV.Visitor; /** - * This Filter is designed to help MIGRATE users from systems that don't match the FQI style. - * + * This Filter is designed to help MIGRATE users from systems that don't match the FQI style. + * * Style 1, where just the ID is translated, i.e. OLD => new@something.onap.org, that is acceptable * longer term, because it does not store Creds locally. The passwords are in appropriate systems, but * it's still painful operationally, though it does ease migration. * * Style 3, however, which is Direct match of Authorization Header to replacement, is only there * because some passwords are simply not acceptable for AAF, (too easy, for instance), and it is - * not feasible to break Organization Password rules for a Migration. Therefore, this method + * not feasible to break Organization Password rules for a Migration. Therefore, this method * should not considered something that is in any way a permanent - * + * - * + * * It goes without saying that any file with the password conversion should be protected by "400", etc. - * + * * @author Instrumental (Jonathan) * */ @@ -63,15 +63,15 @@ public class MapBathConverter { /** * Create with colon separated name value pairs - * Enter the entire "Basic dXNlcjpwYXNz" "Authorization" header, where "dXNlcjpwYXNz" is + * Enter the entire "Basic dXNlcjpwYXNz" "Authorization" header, where "dXNlcjpwYXNz" is * base64 encoded, which can be created with "cadi" tool (in jar) - * - * The replacement should also be an exact replacement of what you want. Recognize that - * this should be TEMPORARY as you are storing credentials outside the users control. - * + * + * The replacement should also be an exact replacement of what you want. Recognize that + * this should be TEMPORARY as you are storing credentials outside the users control. + * * @param value - * @throws IOException - * @throws CadiException + * @throws IOException + * @throws CadiException */ public MapBathConverter(final Access access, final CSV csv) throws IOException, CadiException { map = new TreeMap<>(); @@ -110,7 +110,7 @@ public class MapBathConverter { } }); } - + private static String idFromBasic(String bath, Holder<String> hpass) throws IOException, CadiException { if(bath.startsWith(BASIC)) { String cred = Symm.base64noSplit.decode(bath.substring(6)); @@ -128,8 +128,8 @@ public class MapBathConverter { } /** - * use to instantiate entries - * + * use to instantiate entries + * * @return */ public Map<String,String> map() { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java index 7953e076..24c7d290 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,7 +30,7 @@ public class MapPermConverter implements PermConverter { /** * Create with colon separated name value pairs * i.e. teAdmin=com.att.myNS.myPerm|*|*:teUser=... - * + * * @param value */ public MapPermConverter() { @@ -38,8 +38,8 @@ public class MapPermConverter implements PermConverter { } /** - * use to instantiate entries - * + * use to instantiate entries + * * @return */ public Map<String,String> map() { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PermConverter.java index dfd0f64b..e074a7fe 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PermConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PermConverter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,7 +23,7 @@ package org.onap.aaf.cadi.filter; /** * Convert a simplistic, single string Permission into an Enterprise Scoped Perm - * + * * @author Jonathan * */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/RolesAllowed.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/RolesAllowed.java index ac61a5c6..c27519fb 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/RolesAllowed.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/RolesAllowed.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,16 +20,16 @@ */ /** - * RolesAllowed - * + * RolesAllowed + * * @author Jonathan - * + * * Similar to Java EE's Spec from Annotations 1.1, 2.8 - * + * * That Spec, however, was geared towards being able to route calls to Methods on Objects, and thus needed a more refined * sense of permissions hierarchy. The same mechanism, however, can easily be achieved on single Servlet/Handlers in * POJOs like Jetty by simply adding the Roles Allowed in a similar Annotation - * + * */ package org.onap.aaf.cadi.filter; import static java.lang.annotation.ElementType.TYPE; @@ -39,9 +39,9 @@ import java.lang.annotation.Retention; import java.lang.annotation.Target; /** - * JASPI Style Annotation of RolesAllowed when the coding style is desired but actually including all + * JASPI Style Annotation of RolesAllowed when the coding style is desired but actually including all * JEE jars is not. If using actual JASPI, use official @interface classes, not this one... - * + * * @author Jonathan */ @Target({TYPE}) diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/ServletImpl.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/ServletImpl.java index 5386eb2d..33bc29de 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/ServletImpl.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/ServletImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,16 +20,16 @@ */ /** - * RolesAllowed - * + * RolesAllowed + * * @author Jonathan - * + * * Similar to Java EE's Spec from Annotations 1.1, 2.8 - * + * * That Spec, however, was geared towards being able to route calls to Methods on Objects, and thus needed a more refined * sense of permissions hierarchy. The same mechanism, however, can easily be achieved on single Servlet/Handlers in * POJOs like Jetty by simply adding the Roles Allowed in a similar Annotation - * + * */ package org.onap.aaf.cadi.filter; import static java.lang.annotation.ElementType.TYPE; @@ -41,7 +41,7 @@ import java.lang.annotation.Target; import javax.servlet.Servlet; /** - * + * * @author Jonathan */ @Target({TYPE}) diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/SideChain.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/SideChain.java index 18e76b96..0f69b5b0 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/SideChain.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/SideChain.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,21 +33,21 @@ import javax.xml.ws.Holder; /** * Add various Filters by CADI Property not in the official Chain - * + * * @author Instrumental(Jonathan) * */ public class SideChain { private List<Filter> sideChain; - + public SideChain() { sideChain = new ArrayList<Filter>(); } - + public void add(Filter f) { sideChain.add(f); } - + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException { final Holder<Boolean> hbool = new Holder<Boolean>(Boolean.TRUE); FilterChain truth = new FilterChain() { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java index a41c5eb7..56ba80a7 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/ConfigPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,7 +47,7 @@ public class ConfigPrincipal implements Principal, GetCred { public String getName() { return name; } - + public byte[] getCred() { return cred; } @@ -55,14 +55,14 @@ public class ConfigPrincipal implements Principal, GetCred { public String toString() { return name; } - + public String getAsBasicAuthHeader() throws IOException { if (content ==null) { String s = name + ':' + new String(cred); - content = "Basic " + Symm.base64.encode(s); + content = "Basic " + Symm.base64.encode(s); } else if (!content.startsWith("Basic ")) { // content is the saved password from construction String s = name + ':' + content; - content = "Basic " + Symm.base64.encode(s); + content = "Basic " + Symm.base64.encode(s); } return content; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java index 5443dec2..3504290b 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,25 +32,25 @@ import org.onap.aaf.cadi.Permission; /** * EpiLUR - * + * * Short for "Epic LUR". Be able to run through a series of LURs to obtain the validation needed. - * - * The pun is better for the other pattern... "TAF" (aka EpiTaf), but it's still the larger picture of + * + * The pun is better for the other pattern... "TAF" (aka EpiTaf), but it's still the larger picture of * LURs that will be accomplished. - * + * * FYI, the reason we separate LURs, rather than combine, is that Various User Repository Resources have * different Caching requirements. For instance, the Local User Repo (with stand alone names), never expire, but might be - * refreshed with a change in Configuration File, while the Remote Service based LURs will need to expire at prescribed intervals - * + * refreshed with a change in Configuration File, while the Remote Service based LURs will need to expire at prescribed intervals + * * @author Jonathan * */ public final class EpiLur implements Lur { private final Lur[] lurs; - + /** * EpiLur constructor - * + * * Construct the EpiLur from variable TAF parameters * @param lurs * @throws CadiException @@ -86,7 +86,7 @@ public final class EpiLur implements Lur { } /** - * Return the first Lur (if any) which also implements UserPass + * Return the first Lur (if any) which also implements UserPass * @return */ public CredVal getUserPassImpl() { @@ -102,7 +102,7 @@ public final class EpiLur implements Lur { public boolean handlesExclusively(Permission ... pond) { return false; } - + /** * Get Lur for index. Returns null if out of range * @param idx @@ -131,7 +131,7 @@ public final class EpiLur implements Lur { } } } - + public Lur subLur(Class<? extends Lur> cls ) { for (Lur l : lurs) { if (l.getClass().isAssignableFrom(cls)) { @@ -155,7 +155,7 @@ public final class EpiLur implements Lur { lur.clear(p, report); } } - + public String toString() { StringBuilder sb = new StringBuilder(); for (Lur lur : lurs) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java index f8fa02e5..d6db6f4d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java @@ -148,7 +148,7 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur public Permission createPerm(String p) { return new LocalPermission(p); } - + private void parseUserProperties(String userProperties) throws IOException { // For each User name... for (String userProperty : userProperties.trim().split(SEMI)) { @@ -179,7 +179,7 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur } } - + private void parseGroupProperties(String groupProperties) throws IOException { // For each Group name... for (String group : groupProperties.trim().split(SEMI)) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java index ee7bab9c..64cb7550 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalPermission.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,11 +25,11 @@ import org.onap.aaf.cadi.Permission; public class LocalPermission implements Permission { private String key; - + public LocalPermission(String role) { this.key = role; } - + public String getKey() { return key; } @@ -45,6 +45,6 @@ public class LocalPermission implements Permission { public String permType() { return "LOCAL"; } - - + + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java index fe9bbd30..c8ff2747 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -80,7 +80,7 @@ public class NullLur implements Lur { report.append(NullLur.class.getSimpleName()); report.append('\n'); } - + public String toString() { return NullLur.class.getSimpleName() + '\n'; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java index 746e67d8..8846f5f6 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -66,7 +66,7 @@ public class BasicPrincipal extends BearerPrincipal implements GetCred { name = name + '@' + defaultDomain; } } - + public BasicPrincipal(BasicCred bc, String domain) { name = bc.getUser(); cred = bc.getCred(); @@ -76,7 +76,7 @@ public class BasicPrincipal extends BearerPrincipal implements GetCred { private class BasicOS extends OutputStream { private boolean first = true; private ByteArrayOutputStream baos; - + public BasicOS(int size) { baos = new ByteArrayOutputStream(size); } @@ -86,33 +86,33 @@ public class BasicPrincipal extends BearerPrincipal implements GetCred { if (b==':' && first) { first = false; name = new String(baos.toByteArray()); - baos.reset(); // + baos.reset(); // } else { baos.write(b); } } - + private byte[] toCred() { return baos.toByteArray(); } } - + public String getName() { return name; } - + public String getShortName() { return shortName; } - + public String getDomain() { return domain; } - + public byte[] getCred() { return cred; } - + public long created() { return created; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BearerPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BearerPrincipal.java index 6fdcdc0d..4930796c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BearerPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BearerPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/CachedBasicPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/CachedBasicPrincipal.java index 4a6e4cda..1a733e04 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/CachedBasicPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/CachedBasicPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,7 +29,7 @@ import org.onap.aaf.cadi.taf.HttpTaf; /** * Cached Principals need to be able to revalidate in the Background - * + * * @author Jonathan * */ @@ -44,7 +44,7 @@ public class CachedBasicPrincipal extends BasicPrincipal implements CachedPrinci this.timeToLive = timeToLive; expires = System.currentTimeMillis()+timeToLive; } - + public CachedBasicPrincipal(HttpTaf creator, String content, String domain, long timeToLive) throws IOException { super(content, domain); this.creator = creator; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/Kind.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/Kind.java index 20f22846..368908a8 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/Kind.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/Kind.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,8 +29,8 @@ public class Kind { public static final char AAF_OAUTH='A'; public static final char BASIC_AUTH = 'B'; public static final char UNKNOWN = 'U'; - - + + public static char getKind(final Principal principal) { Principal check; if (principal instanceof TrustPrincipal) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/OAuth2FormPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/OAuth2FormPrincipal.java index 01326054..5a7a7761 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/OAuth2FormPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/OAuth2FormPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,20 +24,20 @@ package org.onap.aaf.cadi.principal; public class OAuth2FormPrincipal extends TaggedPrincipal { private final String username; private final String client_id; - + /* * Note: client_id and username might be the same, if only authenticating the Client_ID */ public OAuth2FormPrincipal(final String client_id, final String username) { this.username = username; - this.client_id = client_id; + this.client_id = client_id; } - + @Override public String getName() { return username; } - + public String client_id() { return client_id; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TaggedPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TaggedPrincipal.java index 7bb4ff52..8aaad117 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TaggedPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TaggedPrincipal.java @@ -39,9 +39,9 @@ public abstract class TaggedPrincipal implements Principal { public interface TagLookup { public String lookup() throws CadiException; } - + private TagLookup tagLookup; - + public void setTagLookup(TagLookup tl) { tagLookup = tl; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TrustPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TrustPrincipal.java index 7e92aaca..352b4e1d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TrustPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/TrustPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,7 +29,7 @@ public class TrustPrincipal extends BearerPrincipal implements UserChain { private final String name; private final Principal original; private String userChain; - + public TrustPrincipal(final Principal actual, final String asName) { this.original = actual; name = asName.trim(); @@ -42,17 +42,17 @@ public class TrustPrincipal extends BearerPrincipal implements UserChain { userChain = actual.getClass().getSimpleName(); } } - + @Override public String getName() { return name; } - + @Override public String userChain() { return userChain; } - + public Principal original() { return original; } @@ -66,5 +66,5 @@ public class TrustPrincipal extends BearerPrincipal implements UserChain { public String personalName() { return original.getName() + '[' + userChain + ']'; } - + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/UnAuthPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/UnAuthPrincipal.java index f0cacd8d..872f4aa4 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/UnAuthPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/UnAuthPrincipal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,7 +25,7 @@ import java.security.Principal; public class UnAuthPrincipal implements Principal { private String name; - + public UnAuthPrincipal(final String name) { this.name = name; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/X509Principal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/X509Principal.java index 0348cd1f..f5303584 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/X509Principal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/X509Principal.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,7 +34,7 @@ public class X509Principal extends BearerPrincipal implements GetCred { private final X509Certificate cert; private final String name; private byte[] content; - private BasicHttpTaf bht; + private BasicHttpTaf bht; public X509Principal(String identity, X509Certificate cert) { name = identity; @@ -71,7 +71,7 @@ public class X509Principal extends BearerPrincipal implements GetCred { name = _name; this.bht = bht; } - + public String getAsHeader() throws IOException { try { if (content==null) { @@ -82,7 +82,7 @@ public class X509Principal extends BearerPrincipal implements GetCred { } return "X509 " + content; } - + public String toString() { return "X509 Authentication for " + name; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java index f420f41f..c8f2a629 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,9 +27,9 @@ import org.onap.aaf.cadi.util.Timing; /** * AbsTafResp - * + * * Base class for TafResp (TAF Response Objects) - * + * * @author Jonathan * */ @@ -45,14 +45,14 @@ public abstract class AbsTafResp implements TafResp { /** * AbsTafResp - * + * * Set and hold * Description (for logging) * Principal (as created by derived class) * Access (for access to underlying container, i.e. for Logging, auditing, ClassLoaders, etc) - * + * * @param access - * @param tafname + * @param tafname * @param principal * @param description */ @@ -63,17 +63,17 @@ public abstract class AbsTafResp implements TafResp { this.target = principal==null?"unknown":principal.getName(); this.desc = description; } - + /** * AbsTafResp - * + * * Set and hold * Description (for logging) * Principal (as created by derived class) * Access (for access to underlying container, i.e. for Logging, auditing, ClassLoaders, etc) - * + * * @param access - * @param tafname + * @param tafname * @param principal * @param description */ @@ -87,7 +87,7 @@ public abstract class AbsTafResp implements TafResp { /** * isValid() - * + * * Respond in the affirmative if the TAF was able to Authenticate */ public boolean isValid() { @@ -96,8 +96,8 @@ public abstract class AbsTafResp implements TafResp { /** * desc() - * - * Respond with description of response as given by the TAF + * + * Respond with description of response as given by the TAF */ public String desc() { return desc; @@ -105,11 +105,11 @@ public abstract class AbsTafResp implements TafResp { /** * isAuthenticated() - * + * * Respond with the TAF's code of whether Authenticated, or suggested next steps * default is either IS_AUTHENTICATED, or TRY_ANOTHER_TAF. The TAF can overload * and suggest others, such as "NO_FURTHER_PROCESSING", if it can detect that this - * is some sort of security breach (i.e. Denial of Service) + * is some sort of security breach (i.e. Denial of Service) */ public RESP isAuthenticated() { return principal==null?RESP.TRY_ANOTHER_TAF:RESP.IS_AUTHENTICATED; @@ -117,9 +117,9 @@ public abstract class AbsTafResp implements TafResp { /** * getPrincipal() - * - * Return the principal created by the TAF based on Authentication. - * + * + * Return the principal created by the TAF based on Authentication. + * * Returns "null" if Authentication failed (no principal) */ public TaggedPrincipal getPrincipal() { @@ -133,10 +133,10 @@ public abstract class AbsTafResp implements TafResp { public String getTarget() { return target; } - + /** * getAccess() - * + * * Get the Access object from the TAF, so that appropriate Logging, etc can be coordinated. */ public Access getAccess() { @@ -154,7 +154,7 @@ public abstract class AbsTafResp implements TafResp { public float timing() { return timing; } - + @Override public void timing(final long start) { timing = Timing.millis(start); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/EpiTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/EpiTaf.java index d2cbf3fa..683b10ba 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/EpiTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/EpiTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,21 +26,21 @@ import org.onap.aaf.cadi.Taf; /** * EpiTAF - * + * * Short for "Epic TAF". Be able to run through a series of TAFs to obtain the validation needed. - * + * * OK, the name could probably be better as "Tafs", like it was originally, but the pun was too * irresistible for this author to pass up. - * + * * @author Jonathan * */ public class EpiTaf implements Taf { private Taf[] tafs; - + /** * EpiTaf constructor - * + * * Construct the EpiTaf from variable TAF parameters * @param tafs * @throws CadiException @@ -52,13 +52,13 @@ public class EpiTaf implements Taf { /** * validate - * - * Respond with the first TAF to authenticate user based on variable info and "LifeForm" (is it + * + * Respond with the first TAF to authenticate user based on variable info and "LifeForm" (is it * a human behind an interface, or a server behind a protocol). - * + * * If there is no TAF that can authenticate, respond with the first TAF that suggests it can * establish an Authentication conversation (TRY_AUTHENTICATING). - * + * * If no TAF declares either, respond with NullTafResp (which denies all questions) */ public TafResp validate(LifeForm reading, String... info) { @@ -76,7 +76,7 @@ public class EpiTaf implements Taf { } } - // No TAFs configured, at this point. It is safer at this point to be "not validated", + // No TAFs configured, at this point. It is safer at this point to be "not validated", // rather than "let it go" return firstTryAuth == null?NullTafResp.singleton():firstTryAuth; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java index 6334164e..f8eb089e 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java @@ -181,7 +181,7 @@ public class HttpEpiTaf implements HttpTaf { } return Resp.NOT_MINE; } - + private void addToLog(List<TafResp> log, final TafResp tresp, final long start) { if (log == null) { return; @@ -189,7 +189,7 @@ public class HttpEpiTaf implements HttpTaf { tresp.timing(start); log.add(tresp); } - + private void printLog(List<TafResp> log) { if (log == null) { return; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpTaf.java index 77976ce2..76938036 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,31 +28,31 @@ import org.onap.aaf.cadi.CachedPrincipal; import org.onap.aaf.cadi.Taf.LifeForm; /** - * A TAF which is in a specific HTTP environment in which the engine implements + * A TAF which is in a specific HTTP environment in which the engine implements * javax Servlet. - * + * * Using the Http Request and Response interfaces takes the effort out of implementing in almost any kind of * HTTP Container or Engine. - * + * * @author Jonathan * */ public interface HttpTaf { /** * validate - * + * * Validate the Request, and respond with created TafResp object. - * + * * @param reading * @param req * @param resp * @return */ public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp); - + /** * Re-Validate Credential - * + * * @param prin * @return */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java index d64fbe0d..541fa395 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,15 +47,15 @@ public class LoginPageTafResp extends AbsTafResp { httpResp.sendRedirect(loginPageURL); return RESP.HTTP_REDIRECT_INVOKED; } - + @Override public RESP isAuthenticated() { return RESP.TRY_AUTHENTICATING; } - + public static TafResp create(Access access, Locator<URI> locator, final HttpServletResponse resp, List<Redirectable> redirectables) { if (locator == null) { - if (!redirectables.isEmpty()) { + if (!redirectables.isEmpty()) { access.log(Level.DEBUG,"LoginPage Locator is not configured. Taking first Redirectable Taf"); return redirectables.get(0); } @@ -91,7 +91,7 @@ public class LoginPageTafResp extends AbsTafResp { return NullTafResp.singleton(); } - + @Override public String taf() { return "LoginPage"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTaf.java index 7e834794..5b31e103 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,7 +32,7 @@ import org.onap.aaf.cadi.CachedPrincipal.Resp; /** * This TAF is set at the very beginning of Filters and Valves so that if any configuration issues hit while * starting, the default behavior is to shut down traffic rather than leaving an open hole - * + * * @author Jonathan * */ @@ -41,8 +41,8 @@ public class NullTaf implements Taf, HttpTaf { public NullTaf() {} /** - * validate - * + * validate + * * Always Respond with a NullTafResp, which declares it is unauthenticated, and unauthorized */ public TafResp validate(LifeForm reading, String... info) { @@ -50,8 +50,8 @@ public class NullTaf implements Taf, HttpTaf { } /** - * validate - * + * validate + * * Always Respond with a NullTafResp, which declares it is unauthenticated, and unauthorized */ public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java index b3b7fb59..3e77cfac 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,25 +33,25 @@ import org.onap.aaf.cadi.principal.TaggedPrincipal; */ class NullTafResp implements TafResp { private NullTafResp(){} - + private static TafResp singleton = new NullTafResp(); - + public static TafResp singleton() { return singleton; } - + public boolean isValid() { return false; } - + public RESP isAuthenticated() { return RESP.NO_FURTHER_PROCESSING; } - + public String desc() { return "All Authentication denied"; } - + public RESP authenticate() throws IOException { return RESP.NO_FURTHER_PROCESSING; } @@ -87,7 +87,7 @@ class NullTafResp implements TafResp { @Override public void timing(long start) { } - + @Override public String taf() { return "NULL"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java index 6bb57d36..aa5f34ca 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -42,19 +42,19 @@ public class PuntTafResp implements TafResp { this.name = name; desc = "Not processing this transaction: " + explanation; } - + public boolean isValid() { return false; } - + public RESP isAuthenticated() { return RESP.TRY_ANOTHER_TAF; } - + public String desc() { return desc; } - + public RESP authenticate() throws IOException { return RESP.TRY_ANOTHER_TAF; } @@ -88,7 +88,7 @@ public class PuntTafResp implements TafResp { public void timing(long start) { timing = Timing.millis(start); } - + @Override public String taf() { return name; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/Redirectable.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/Redirectable.java index 47c262b0..37b531c9 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/Redirectable.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/Redirectable.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java index 6850a372..c1563f59 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,38 +29,38 @@ import org.onap.aaf.cadi.principal.TaggedPrincipal; /** * Response from Taf objects, which inform users what has happened and/or what should be done - * + * * @author Jonathan * */ public interface TafResp { public static enum RESP { - IS_AUTHENTICATED, - NO_FURTHER_PROCESSING, - TRY_AUTHENTICATING, + IS_AUTHENTICATED, + NO_FURTHER_PROCESSING, + TRY_AUTHENTICATING, TRY_ANOTHER_TAF, - FAIL, - // A note was made to avoid the response REDIRECT. However, I have deemed that it is + FAIL, + // A note was made to avoid the response REDIRECT. However, I have deemed that it is // unavoidable when the underlying TAF did do a REDIRECT, because it requires a HTTP // Service code to exit without modifying the Response any further. - // Therefore, I have changed this to indicate what HAS happened, with should accommodate + // Therefore, I have changed this to indicate what HAS happened, with should accommodate // both positions. Jonathan 10/18/2012 // public static final int HTTP_REDIRECT_INVOKED = 11; HTTP_REDIRECT_INVOKED, HAS_PROCESSED}; - + /** * Basic success check * @return */ public boolean isValid(); - + /** * String description of what has occurred (for logging/exceptions) * @return */ public String desc(); - + /** * Check Response * @return @@ -69,10 +69,10 @@ public interface TafResp { /** * Authenticate, returning FAIL or Other Valid indication - * + * * HTTP implementations should watch for "HTTP_REDIRECT_INVOKED", and end the HTTP call appropriately. * @return - * @throws CadiException + * @throws CadiException */ public RESP authenticate() throws IOException; @@ -81,7 +81,7 @@ public interface TafResp { * @return */ public TaggedPrincipal getPrincipal(); - + /** Target - when Authentication Fails, need to know what ID was being attempted * @return */ @@ -91,12 +91,12 @@ public interface TafResp { * get the Access object which created this object, allowing the responder to appropriate Log, etc */ public Access getAccess(); - + /** * Be able to check if part of a Failed attempt */ public boolean isFailedAttempt(); - + /** * report how long this took * @return @@ -108,7 +108,7 @@ public interface TafResp { * @param start */ void timing(long start); - + /** * Support Taf Name */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java index dee0ba07..290d5f03 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -31,12 +31,12 @@ public class TrustNotTafResp implements TafResp { private final TafResp delegate; private final String desc; private float timing; - + public TrustNotTafResp(final TafResp delegate, final String desc) { this.delegate = delegate; this.desc = desc; } - + @Override public boolean isValid() { return false; @@ -88,12 +88,12 @@ public class TrustNotTafResp implements TafResp { public void timing(long start) { timing = Timing.millis(start); } - + @Override public String toString() { return desc(); } - + @Override public String taf() { return "TrustNot"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java index 2701c27a..5a85ebfd 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,13 +32,13 @@ public class TrustTafResp implements TafResp { private final TaggedPrincipal principal; private final String desc; private float timing; - + public TrustTafResp(final TafResp delegate, final TaggedPrincipal principal, final String desc) { this.delegate = delegate; this.principal = principal; this.desc = desc + ' ' + delegate.desc(); } - + @Override public boolean isValid() { return delegate.isValid(); @@ -90,11 +90,11 @@ public class TrustTafResp implements TafResp { public void timing(long start) { timing = Timing.millis(start); } - + public String toString() { return principal.getName() + " by trust of " + desc(); } - + @Override public String taf() { return "Trust"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java index 93360761..b3cf4a7d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -51,15 +51,15 @@ import org.onap.aaf.cadi.util.CSV; /** * BasicHttpTaf - * - * This TAF implements the "Basic Auth" protocol. - * - * WARNING! It is true for any implementation of "Basic Auth" that the password is passed unencrypted. - * This is because the expectation, when designed years ago, was that it would only be used in + * + * This TAF implements the "Basic Auth" protocol. + * + * WARNING! It is true for any implementation of "Basic Auth" that the password is passed unencrypted. + * This is because the expectation, when designed years ago, was that it would only be used in * conjunction with SSL (https). It is common, however, for users to ignore this on the assumption that * their internal network is secure, or just ignorance. Therefore, a WARNING will be printed * when the HTTP Channel is not encrypted (unless explicitly turned off). - * + * * @author Jonathan * */ @@ -71,7 +71,7 @@ public class BasicHttpTaf implements HttpTaf { private boolean warn; private long timeToLive; private MapBathConverter mapIds; - + public BasicHttpTaf(Access access, CredVal rbac, String realm, long timeToLive, boolean turnOnWarning) { this.access = access; this.realm = realm; @@ -93,9 +93,9 @@ public class BasicHttpTaf implements HttpTaf { public void add(final CredValDomain cvd) { rbacs.put(cvd.domain(), cvd); } - + /** - * Note: BasicHttp works for either Carbon Based (Humans) or Silicon Based (machine) Lifeforms. + * Note: BasicHttp works for either Carbon Based (Humans) or Silicon Based (machine) Lifeforms. * @see Taf */ public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { @@ -107,20 +107,20 @@ public class BasicHttpTaf implements HttpTaf { return DenialOfServiceTaf.respDenyID(access,bc.getUser()); } CachedBasicPrincipal bp = new CachedBasicPrincipal(this,bc,realm,timeToLive); - + // Be able to do Organizational specific lookups by Domain CredVal cv = rbacs.get(bp.getDomain()); if (cv==null) { cv = rbac; } - - // ONLY FOR Last Ditch DEBUGGING... + + // ONLY FOR Last Ditch DEBUGGING... // access.log(Level.WARN,bp.getName() + ":" + new String(bp.getCred())); if (cv.validate(bp.getName(),Type.PASSWORD,bp.getCred(),req)) { return new BasicHttpTafResp(access,bp,bp.getName()+" authenticated by password",RESP.IS_AUTHENTICATED,resp,realm,false); } else { //TODO may need timed retries in a given time period - return new BasicHttpTafResp(access,bc.getUser(),buildMsg(bp,req,"user/pass combo invalid for ",bc.getUser(),"from",req.getRemoteAddr()), + return new BasicHttpTafResp(access,bc.getUser(),buildMsg(bp,req,"user/pass combo invalid for ",bc.getUser(),"from",req.getRemoteAddr()), RESP.TRY_AUTHENTICATING,resp,realm,true); } } @@ -142,20 +142,20 @@ public class BasicHttpTaf implements HttpTaf { if (DenialOfServiceTaf.isDeniedID(ba.getName())!=null) { return DenialOfServiceTaf.respDenyID(access,ba.getName()); } - + final int at = ba.getName().indexOf('@'); CredVal cv = rbacs.get(ba.getName().substring(at+1)); - if (cv==null) { + if (cv==null) { cv = rbac; // default } - // ONLY FOR Last Ditch DEBUGGING... + // ONLY FOR Last Ditch DEBUGGING... // access.log(Level.WARN,ba.getName() + ":" + new String(ba.getCred())); if (cv.validate(ba.getName(), Type.PASSWORD, ba.getCred(), req)) { return new BasicHttpTafResp(access,ba, ba.getName()+" authenticated by BasicAuth password",RESP.IS_AUTHENTICATED,resp,realm,false); } else { //TODO may need timed retries in a given time period - return new BasicHttpTafResp(access,target,buildMsg(ba,req,"user/pass combo invalid"), + return new BasicHttpTafResp(access,target,buildMsg(ba,req,"user/pass combo invalid"), RESP.TRY_AUTHENTICATING,resp,realm,true); } } catch (IOException e) { @@ -166,7 +166,7 @@ public class BasicHttpTaf implements HttpTaf { } return new BasicHttpTafResp(access,target,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,realm,false); } - + protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) { StringBuilder sb = new StringBuilder(); if (pr!=null) { @@ -187,7 +187,7 @@ public class BasicHttpTaf implements HttpTaf { } return sb.toString(); } - + public void addCredVal(final String realm, final CredVal cv) { rbacs.put(realm, cv); } @@ -199,7 +199,7 @@ public class BasicHttpTaf implements HttpTaf { } return cv; } - + @Override public Resp revalidate(CachedPrincipal prin, Object state) { if (prin instanceof BasicPrincipal) { @@ -211,7 +211,7 @@ public class BasicHttpTaf implements HttpTaf { } return Resp.NOT_MINE; } - + public String toString() { return "Basic Auth enabled on realm: " + realm; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java index e2174493..36da354b 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,7 +36,7 @@ public class BasicHttpTafResp extends AbsTafResp implements TafResp { private String realm; private RESP status; private final boolean wasFailed; - + public BasicHttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status, HttpServletResponse resp, String realm, boolean wasFailed) { super(access, tafName, principal, description); httpResp = resp; @@ -54,7 +54,7 @@ public class BasicHttpTafResp extends AbsTafResp implements TafResp { } public RESP authenticate() throws IOException { - httpResp.setStatus(401); // Unauthorized + httpResp.setStatus(401); // Unauthorized httpResp.setHeader("WWW-Authenticate", "Basic realm=\""+realm+'"'); return RESP.HTTP_REDIRECT_INVOKED; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/CertIdentity.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/CertIdentity.java index f597159e..18c0049f 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/CertIdentity.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/CertIdentity.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -31,16 +31,16 @@ import org.onap.aaf.cadi.principal.TaggedPrincipal; public interface CertIdentity { /** * identity from X509Certificate Object and/or certBytes - * + * * If you have both, include them. If you only have one, leave the other null, and it will be generated if needed - * + * * The Request is there to obtain Header or Attribute info of ultimate user - * + * * @param req * @param cert * @param certBytes * @return - * @throws CertificateException + * @throws CertificateException */ public TaggedPrincipal identity(HttpServletRequest req, X509Certificate cert, byte[] certBytes) throws CertificateException; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java index d51cc86a..46a01d3e 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,7 +32,7 @@ public class X509HttpTafResp extends AbsTafResp implements TafResp { private static final String tafName = X509Taf.class.getSimpleName(); private RESP status; - + public X509HttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status) { super(access, tafName, principal, description); this.status = status; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java index 914c57b5..a06fb8e1 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -77,7 +77,7 @@ public class X509Taf implements HttpTaf { throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e); } } - + public X509Taf(Access access, Lur lur, CertIdentity ... cis) throws CertificateException, NoSuchAlgorithmException, CadiException { this.access = access; env = access.getProperty(Config.AAF_ENV,null); @@ -103,7 +103,7 @@ public class X509Taf implements HttpTaf { } catch (Exception e) { certIdents = cis; } - + si = new SecurityInfo(access); } @@ -141,7 +141,7 @@ public class X509Taf implements HttpTaf { int end = 1; int comma; int length = subject.length(); - + compare: while(start<length) { while(Character.isWhitespace(subject.charAt(start))) { @@ -165,9 +165,9 @@ public class X509Taf implements HttpTaf { int at = subject.indexOf('@', start); if(at<end && at>=0) { String[] sa = Split.splitTrim(':', subject, start+3,end+1); - if (sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment - return new X509HttpTafResp(access, - new X509Principal(sa[0], certarr[0],(byte[])null,bht), + if (sa.length==1 || (sa.length>1 && env!=null && env.equals(sa[1]))) { // Check Environment + return new X509HttpTafResp(access, + new X509Principal(sa[0], certarr[0],(byte[])null,bht), "X509Taf validated " + sa[0] + (sa.length<2?"":" for aaf_env " + env ), RESP.IS_AUTHENTICATED); } else { access.printf(Level.DEBUG,"Certificate is not for environment '%s'",env); @@ -184,7 +184,7 @@ public class X509Taf implements HttpTaf { } else { access.log(Level.DEBUG,"There is no client certificate on the transaction"); } - + byte[] array = null; byte[] certBytes = null; @@ -213,30 +213,30 @@ public class X509Taf implements HttpTaf { Symm.base64noSplit.decode(bais, baos, 5); certBytes = baos.toByteArray(); cert = getCert(certBytes); - - /** + + /** * Identity from CERT if well know CA and specific encoded information */ // If found Identity doesn't work, try SignedStuff Protocol // cert.checkValidity(); // cert.--- GET FINGERPRINT? String stuff = req.getHeader("Signature"); - if (stuff==null) + if (stuff==null) return new X509HttpTafResp(access, null, "Header entry 'Signature' required to validate One way X509 Certificate", RESP.TRY_ANOTHER_TAF); - String data = req.getHeader("Data"); - // if (data==null) + String data = req.getHeader("Data"); + // if (data==null) // return new X509HttpTafResp(access, null, "No signed Data to validate with X509 Certificate", RESP.TRY_ANOTHER_TAF); - + // Note: Data Pos shows is "<signatureType> <data>" // int dataPos = (stuff.indexOf(' ')); // determine what is Algorithm - // Get Signature + // Get Signature bais = new ByteArrayInputStream(stuff.getBytes()); baos = new ByteArrayOutputStream(stuff.length()); Symm.base64noSplit.decode(bais, baos); array = baos.toByteArray(); // Signature sig = Signature.getInstance(stuff.substring(0, dataPos)); // get Algorithm from first part of Signature - - Signature sig = Signature.getInstance(cert.getSigAlgName()); + + Signature sig = Signature.getInstance(cert.getSigAlgName()); sig.initVerify(cert.getPublicKey()); sig.update(data.getBytes()); if (!sig.verify(array)) { @@ -254,16 +254,16 @@ public class X509Taf implements HttpTaf { if (cert==null) { return new X509HttpTafResp(access, null, "No Certificate Info on Transaction", RESP.TRY_ANOTHER_TAF); } - + // A cert has been found, match Identify TaggedPrincipal prin=null; - + for (int i=0;prin==null && i<certIdents.length;++i) { if ((prin=certIdents[i].identity(req, cert, certBytes))!=null) { responseText = prin.getName() + " matches Certificate " + cert.getSubjectX500Principal().getName() + responseText; } } - + // if Principal is found, check for "AS_USER" and whether this entity is trusted to declare if (prin!=null) { // Note: Tag for Certs is Fingerprint, but that takes computation... leaving off @@ -275,9 +275,9 @@ public class X509Taf implements HttpTaf { } } } catch (Exception e) { - return new X509HttpTafResp(access, null, e.getMessage(), RESP.TRY_ANOTHER_TAF); + return new X509HttpTafResp(access, null, e.getMessage(), RESP.TRY_ANOTHER_TAF); } - + return new X509HttpTafResp(access, null, "Certificate cannot be used for authentication", RESP.TRY_ANOTHER_TAF); } @@ -289,7 +289,7 @@ public class X509Taf implements HttpTaf { public void add(BasicHttpTaf bht) { this.bht = bht; } - + public CredVal getCredVal(final String key) { if (bht==null) { return null; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java index f083e5aa..1eadc1ae 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -52,9 +52,9 @@ public class DenialOfServiceTaf implements HttpTaf { private Access access; private final TafResp puntNotDenied; private static File dosIP, dosID; - + /** - * + * * @param hostname * @param prod * @throws CadiException @@ -84,7 +84,7 @@ public class DenialOfServiceTaf implements HttpTaf { return respDenyIP(access,ip); } } - + // Note: Can't process Principal, because this is the first TAF, and no Principal is created. // Other TAFs use "isDenied()" on this Object to validate. return puntNotDenied; @@ -97,7 +97,7 @@ public class DenialOfServiceTaf implements HttpTaf { } /* - * for use in Other TAFs, before they attempt backend validation of + * for use in Other TAFs, before they attempt backend validation of */ public static Counter isDeniedID(String identity) { if (deniedID!=null) { @@ -105,9 +105,9 @@ public class DenialOfServiceTaf implements HttpTaf { } return null; } - + /** - * + * */ public static Counter isDeniedIP(String ipvX) { if (deniedIP!=null) { @@ -119,7 +119,7 @@ public class DenialOfServiceTaf implements HttpTaf { /** * Return of "True" means IP has been added. * Return of "False" means IP already added. - * + * * @param ip * @return */ @@ -138,7 +138,7 @@ public class DenialOfServiceTaf implements HttpTaf { } return rv; } - + private static void writeIP() { if (dosIP!=null && deniedIP!=null) { if (deniedIP.isEmpty()) { @@ -162,7 +162,7 @@ public class DenialOfServiceTaf implements HttpTaf { } } } - + private static void readIP() { if (dosIP!=null && dosIP.exists()) { BufferedReader br; @@ -190,7 +190,7 @@ public class DenialOfServiceTaf implements HttpTaf { /** * Return of "True" means IP has was removed. * Return of "False" means IP wasn't being denied. - * + * * @param ip * @return */ @@ -208,7 +208,7 @@ public class DenialOfServiceTaf implements HttpTaf { /** * Return of "True" means ID has been added. * Return of "False" means ID already added. - * + * * @param ip * @return */ @@ -262,7 +262,7 @@ public class DenialOfServiceTaf implements HttpTaf { if (deniedID==null) { deniedID=new HashMap<>(); } - + String line; while ((line=br.readLine())!=null) { deniedID.put(line, new Counter(line)); @@ -279,12 +279,12 @@ public class DenialOfServiceTaf implements HttpTaf { /** * Return of "True" means ID has was removed. * Return of "False" means ID wasn't being denied. - * + * * @param ip * @return */ public static synchronized boolean removeDenyID(String id) { - if (deniedID!=null && deniedID.remove(id)!=null) { + if (deniedID!=null && deniedID.remove(id)!=null) { writeID(); if (deniedID.isEmpty()) { deniedID=null; @@ -294,7 +294,7 @@ public class DenialOfServiceTaf implements HttpTaf { } return false; } - + public List<String> report() { int initSize = 0; if (deniedIP!=null)initSize+=deniedIP.size(); @@ -312,24 +312,24 @@ public class DenialOfServiceTaf implements HttpTaf { } return al; } - + public static class Counter { - private final String name; + private final String name; private int count = 0; private Date first; private long last; // note, we use "last" as long, to avoid popping useless dates on Heap. - + public Counter(String name) { this.name = name; first = null; last = 0L; count = 0; } - + public String getName() { return name; } - + public int getCount() { return count; } @@ -337,7 +337,7 @@ public class DenialOfServiceTaf implements HttpTaf { public long getLast() { return last; } - + /* * Only allow Denial of ServiceTaf to increment */ @@ -348,12 +348,12 @@ public class DenialOfServiceTaf implements HttpTaf { first = new Date(last); } } - + public String toString() { - if (count==0) - return name + " is on the denied list, but has not attempted Access"; - else - return + if (count==0) + return name + " is on the denied list, but has not attempted Access"; + else + return name + " has been denied " + count + @@ -367,7 +367,7 @@ public class DenialOfServiceTaf implements HttpTaf { public static TafResp respDenyID(Access access, String identity) { return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, identity + " is on the Identity Denial list"); } - + public static TafResp respDenyIP(Access access, String ip) { return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, ip + " is on the IP Denial list"); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java index 2215a6f9..eea0d928 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,12 +41,12 @@ public class DenialOfServiceTafResp extends AbsTafResp { public RESP isAuthenticated() { return ect; } - + public RESP authenticate() throws IOException { return ect; } - + @Override public String taf() { return "DOS"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java index 2c9bb8c4..476b2df1 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,7 +36,7 @@ import org.onap.aaf.cadi.CadiException; /** * Read CSV file for various purposes - * + * * @author Instrumental(Jonathan) * */ @@ -46,26 +46,26 @@ public class CSV { private boolean processAll; private char delimiter = ','; private boolean go; - + public CSV(Access access, File file) { this.access = access; csv = file; processAll = false; go = true; } - + public CSV(Access access, String csvFilename) { this.access = access; csv = new File(csvFilename); processAll = false; go = true; } - + public CSV setDelimiter(char delimiter) { this.delimiter = delimiter; return this; } - + public String name() { return csv.getName(); } @@ -76,16 +76,16 @@ public class CSV { } /* * Create your code to accept the List<String> row. - * + * * Your code may keep the List... CSV does not hold onto it. - * + * * @author Instrumental(Jonathan) * */ public interface Visitor { void visit(List<String> row) throws IOException, CadiException; } - + public void visit(Visitor visitor) throws IOException, CadiException { BufferedReader br = new BufferedReader(new FileReader(csv)); try { @@ -165,7 +165,7 @@ public class CSV { br.close(); } } - + public Writer writer() throws FileNotFoundException { return new Writer(false); } @@ -177,10 +177,10 @@ public class CSV { public interface RowSetter { public void row(Object ... objs); } - + public static class Saver implements RowSetter { List<String> ls= new ArrayList<>(); - + @Override public void row(Object ... objs) { if(objs.length>0) { @@ -197,7 +197,7 @@ public class CSV { } } } - + public List<String> asList() { List<String> rv = ls; ls = new ArrayList<>(); @@ -210,7 +210,7 @@ public class CSV { private Writer(final boolean append) throws FileNotFoundException { ps = new PrintStream(new FileOutputStream(csv,append)); } - + @Override public void row(Object ... objs) { if(objs.length>0) { @@ -233,7 +233,7 @@ public class CSV { ps.println(); } } - + private void print(String s) { boolean quote = s.matches(".*[,|\"].*"); if(quote) { @@ -246,7 +246,7 @@ public class CSV { ps.append(s); } - + } /** * Note: CSV files do not actually support Comments as a standard, but it is useful @@ -257,32 +257,32 @@ public class CSV { ps.printf(comment,objs); ps.println(); } - + public void flush() { ps.flush(); } - + public void close() { flush(); ps.close(); } - + public String toString() { return csv.getAbsolutePath(); } } - + /** * Provides a way to stop processing records from inside a Visit */ public void stop() { - go = false; + go = false; } public void delete() { csv.delete(); } - + public String toString() { return csv.getAbsolutePath(); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Chmod.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Chmod.java index 70fabd82..037bd4a0 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Chmod.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Chmod.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,7 +26,7 @@ import java.io.IOException; public interface Chmod { public void chmod(File f) throws IOException; - + public static final Chmod to755 = new Chmod() { public void chmod(File f) throws IOException { f.setExecutable(true, false); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java index 07389aad..69d429c9 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -44,7 +44,7 @@ public class FQI { sb.append(split[i]); } } - + return sb==null?"":sb.toString(); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FixURIinfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FixURIinfo.java index f2c6be6f..3943cdcd 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FixURIinfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FixURIinfo.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,7 +24,7 @@ import java.net.URI; /** * URI and URL, if the host does not have "dots", will interpret Host:port as Authority - * + * * This is very problematic for Containers, which like single name entries. * @author Instrumental(Jonathan) * @@ -33,7 +33,7 @@ public class FixURIinfo { private String auth; private String host; private int port; - + public FixURIinfo(URI uri) { auth = uri.getAuthority(); host = uri.getHost(); @@ -51,11 +51,11 @@ public class FixURIinfo { } } } - + public String getHost() { return host; } - + public int getPort() { return port; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/JsonOutputStream.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/JsonOutputStream.java index e790766b..c4079d1a 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/JsonOutputStream.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/JsonOutputStream.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -50,12 +50,12 @@ public class JsonOutputStream extends OutputStream { } switch(b) { case '{': - case '[': + case '[': ret = '\n'; ++indent; break; case '}': - case ']': + case ']': --indent; os.write('\n'); for (int i=0;i<indent;++i) { @@ -65,7 +65,7 @@ public class JsonOutputStream extends OutputStream { case ',': ret = '\n'; break; - + } os.write(b); prev = b; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/MaskFormatException.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/MaskFormatException.java index 15390285..58bf5a6d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/MaskFormatException.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/MaskFormatException.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/MyConsole.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/MyConsole.java index b930bc28..78e8b719 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/MyConsole.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/MyConsole.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/NetMask.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/NetMask.java index 19fd1e2d..99105989 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/NetMask.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/NetMask.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,10 +21,10 @@ package org.onap.aaf.cadi.util; -/* +/* * NetMask - a class to quickly validate whether a given IP is part of a mask, as defined by bytes or standard String format. - * - * Needs the IPV6 Mask Builder. + * + * Needs the IPV6 Mask Builder. */ public class NetMask { private long mask; @@ -32,16 +32,16 @@ public class NetMask { public NetMask(byte[] inBytes) { mask = derive(inBytes); } - + public NetMask(String string) throws MaskFormatException { mask = derive(string,true); } - + public boolean isInNet(byte[] inBytes) { long addr = derive(inBytes); return (mask & addr) == addr; } - + public boolean isInNet(String str) { long addr; try { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Pool.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Pool.java index 156397b6..72d09bfe 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Pool.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Pool.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,7 +21,7 @@ /* * Pool - * + * * Author: Jonathan * 5/27/2011 */ @@ -35,29 +35,29 @@ import org.onap.aaf.cadi.CadiException; /** * This Class pools on an As-Needed-Basis any particular kind of class, which is * quite suitable for expensive operations. - * + * * The user calls "get" on a Pool, and if a waiting resource (T) is available, * it will be returned. Otherwise, one will be created with the "Creator" class * (must be defined for (T)). - * + * * You can Prime the instances to avoid huge startup costs - * + * * The returned "Pooled" object simply has to call "done()" and the object is * returned to the pool. If the developer does not return the object, a memory * leak does not occur. There are no references to the object once "get" is * called. However, the developer who does not return the object when done * obviates the point of the pool, as new Objects are created in place of the * Object not returned when another call to "get" is made. - * + * * There is a cushion of extra objects, currently defaulted to MAX_RANGE. If the * items returned become higher than the MAX_RANGE, the object is allowed to go * out of scope, and be cleaned up. the default can be changed on a per-pool * basis. - * + * * Class revamped for CadiExceptions and Access logging 10/4/2017 - * + * * @author Jonathan - * + * * @param <T> */ public class Pool<T> { @@ -69,7 +69,7 @@ public class Pool<T> { /** * only Simple List needed. - * + * * NOTE TO MAINTAINERS: THIS OBJECT DOES IT'S OWN SYNCHRONIZATION. All * changes that touch list must account for correctly synchronizing list. */ @@ -101,7 +101,7 @@ public class Pool<T> { /** * Create a new Pool, given the implementation of Creator<T>, which must be * able to create/destroy T objects at will. - * + * * @param creator */ public Pool(Creator<T> creator) { @@ -110,7 +110,7 @@ public class Pool<T> { list = new LinkedList<>(); logger = Log.NULL; } - + /** * Attach Pool Logging activities to any other Logging Mechanism. * @param logger @@ -118,7 +118,7 @@ public class Pool<T> { public void setLogger(Log logger) { this.logger = logger; } - + public void log(Object ...objects) { logger.log(objects); } @@ -126,10 +126,10 @@ public class Pool<T> { /** * Preallocate a certain number of T Objects. Useful for services so that * the first transactions don't get hit with all the Object creation costs - * + * * @param lt * @param prime - * @throws CadiException + * @throws CadiException */ public void prime(int prime) throws CadiException { for (int i = 0; i < prime; ++i) { @@ -164,16 +164,16 @@ public class Pool<T> { * This is the essential function for Pool. Get an Object "T" inside a * "Pooled<T>" object. If there is a spare Object, then use it. If not, then * create and pass back. - * + * * This one uses a Null LogTarget - * + * * IMPORTANT: When the use of this object is done (and the object is still * in a valid state), then "done()" should be called immediately to allow * the object to be reused. That is the point of the Pool... - * + * * If the Object is in an invalid state, then "toss()" should be used so the * Pool doesn't pass on invalid objects to others. - * + * * @param lt * @return * @throws CadiException @@ -205,7 +205,7 @@ public class Pool<T> { * state. If not, they are tossed from the Pool. This is valuable to have * when Remote Connections go down, and there is a question on whether the * Pooled Objects are still functional. - * + * * @return */ public boolean validate() { @@ -225,11 +225,11 @@ public class Pool<T> { /** * This is an internal method, used only by the Internal Pooled<T> class. - * + * * The Pooled<T> class "offers" it's Object back after use. It is an * "offer", because Pool will simply destroy and remove the object if it has * more than enough spares. - * + * * @param lt * @param used * @return @@ -253,9 +253,9 @@ public class Pool<T> { * The Creator Interface give the Pool the ability to Create, Destroy and * Validate the Objects it is maintaining. Thus, it is a specially written * Implementation for each type. - * + * * @author Jonathan - * + * * @param <T> */ public interface Creator<T> { @@ -270,7 +270,7 @@ public class Pool<T> { public interface Log { public void log(Object ... o); - + public final static Log NULL = new Log() { @Override public void log(Object ... o) { @@ -281,7 +281,7 @@ public class Pool<T> { * The "Pooled<T>" class is the transient class that wraps the actual Object * T for API use/ It gives the ability to return ("done()", or "toss()") the * Object to the Pool when processing is finished. - * + * * For Safety, i.e. to avoid memory leaks and invalid Object States, there * is a "finalize" method. It is strictly for when coder forgets to return * the object, or perhaps hasn't covered the case during Exceptions or @@ -291,9 +291,9 @@ public class Pool<T> { * However, we don't want Coding Mistakes to put the whole program in an * invalid state, so if something happened such that "done()" or "toss()" * were not called, the resource is still cleaned up as well as possible. - * + * * @author Jonathan - * + * * @param <T> */ public static class Pooled<T> { @@ -302,7 +302,7 @@ public class Pool<T> { /** * Create the Wrapping Object Pooled<T>. - * + * * @param t * @param pool * @param logTarget @@ -316,7 +316,7 @@ public class Pool<T> { /** * This is the key API for the Pool, as calling "done()" offers this * object back to the Pool for reuse. - * + * * Do not use the Pooled<T> object again after calling "done()". */ public void done() { @@ -329,12 +329,12 @@ public class Pool<T> { * The user of the Object may discover that the Object t is no longer in * a valid state. Don't put Garbage back in the Refrigerator... Toss it, * if it's no longer valid. - * + * * toss() is also used for draining the Pool, etc. - * + * * toss() will attempt to destroy the Object by using the Creator * Interface. - * + * */ public void toss() { if (pool != null) { @@ -360,7 +360,7 @@ public class Pool<T> { /** * Get the maximum number of spare objects allowed at any moment - * + * * @return */ public int getMaxRange() { @@ -369,9 +369,9 @@ public class Pool<T> { /** * Set a Max Range for numbers of spare objects waiting to be used. - * + * * No negative numbers are allowed - * + * * @return */ public void setMaxRange(int max_range) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Split.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Split.java index 4f41629d..a6e52a44 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Split.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Split.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,7 +26,7 @@ package org.onap.aaf.cadi.util; * * Note: Copied from Inno to avoid linking issues. * Note: I read the String split and Pattern split code, and we can do this more efficiently for a single Character - * + * * 8/20/2015 */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java index a85020ff..6fe56725 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,12 +28,12 @@ import java.io.InputStreamReader; // Substandard, because System.in doesn't do Passwords.. public class SubStandardConsole implements MyConsole { private final static char[] BLANK = new char[0]; - private final BufferedReader br; + private final BufferedReader br; public SubStandardConsole() { br = new BufferedReader(new InputStreamReader(System.in)); } - + @Override public String readLine(String fmt, Object... args) { String rv; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/TheConsole.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/TheConsole.java index da99d06d..0ea1b0a3 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/TheConsole.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/TheConsole.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,7 +35,7 @@ public class TheConsole implements MyConsole { public char[] readPassword(String fmt, Object... args) { return System.console().readPassword(fmt, args); } - + public static boolean implemented() { return System.console()!=null; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java index 529849de..3f9b9b4d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/UserChainManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/UserChainManip.java index d42aaf55..b9cee7fb 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/UserChainManip.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/UserChainManip.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,11 +24,11 @@ package org.onap.aaf.cadi.util; import org.onap.aaf.cadi.UserChain; public class UserChainManip { - /** + /** Build an element in the correct format for UserChain. Format:<APP>:<ID>:<protocol>[:AS][,<APP>:<ID>:<protocol>]* @see UserChain - */ + */ public static StringBuilder build(StringBuilder sb, String app, String id, UserChain.Protocol proto, boolean as) { boolean mayAs; if (!(mayAs=sb.length()==0)) { @@ -44,7 +44,7 @@ public class UserChainManip { } return sb; } - + public static String idToNS(String id) { if (id==null) { return ""; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Vars.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Vars.java index 417351f5..bf9ebc24 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Vars.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Vars.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,11 +47,11 @@ public class Vars { public static String convert(final StringBuilder holder, final String text, final Object ... vars) { StringBuilder sb = null; int idx,index=0,prev = 0; - + if (text.contains("%s")) { sb = new StringBuilder(); } - + StringBuilder[] sbs = new StringBuilder[] {sb,holder}; boolean replace, clearIndex = false; int c; @@ -66,12 +66,12 @@ public class Vars { if (holder!=null) { holder.append(text,prev,idx); } - + boolean go = true; while (go) { if (text.length()>++idx) { switch(c=text.charAt(idx)) { - case '0': case '1': case '2': case '3': case '4': + case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': index *=10; index +=(c-'0'); @@ -106,7 +106,7 @@ public class Vars { } } } - + if (sb!=null) { sb.append(text,prev,text.length()); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Action.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Action.java index ebcfa9f7..5574eef5 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Action.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Action.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,11 +23,11 @@ package org.onap.aaf.cadi.wsse; /** * Interface to specify an action deep within a parsing tree on a local object - * + * * We use a Generic so as to be flexible on create what that object actually is. This is passed in at the * root "parse" call of Match. Similar to a "Visitor" Pattern, this object is passed upon reaching the right * point in a parse tree. - * + * * @author Jonathan * * @param <OUTPUT> diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Match.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Match.java index d0a7da47..e46d5a02 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Match.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/Match.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,18 +26,18 @@ import javax.xml.stream.XMLStreamException; import javax.xml.stream.events.XMLEvent; /** - * Match Class allows you to build an automatic Tree of StAX (or StAX like) + * Match Class allows you to build an automatic Tree of StAX (or StAX like) * Objects for frequent use. - * + * * OBJECT is a type which you which to do some end Actions on, similar to a Visitor pattern, see Action - * + * * Note: We have implemented with XReader and XEvent, rather than StAX for performance reasons. - * + * * @see Action * @see Match * @see XEvent * @see XReader - * + * * @author Jonathan * * @param <OUTPUT> @@ -50,7 +50,7 @@ public class Match<OUTPUT> { private Action<OUTPUT> action = null; private boolean stopAfter; private boolean exclusive; - + @SafeVarargs public Match(String ns, String name, Match<OUTPUT> ... next) { @@ -61,7 +61,7 @@ public class Match<OUTPUT> { if (!m.stopAfter)m.prev = this; } } - + public Match<OUTPUT> onMatch(OUTPUT output, XReader reader) throws XMLStreamException { while (reader.hasNext()) { XEvent event = reader.nextEvent(); @@ -111,10 +111,10 @@ public class Match<OUTPUT> { stopAfter = true; return this; } - + /** * Mark that this Object MUST be matched at this level or stop parsing and end - * + * * @param action * @return */ diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java index 787f1b4b..0c3cca40 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,15 +30,15 @@ import org.onap.aaf.cadi.BasicCred; /** * WSSE Parser - * - * Read the User and Password from WSSE Formatted SOAP Messages - * + * + * Read the User and Password from WSSE Formatted SOAP Messages + * * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends - * + * * This class is intended to be created once (or very few times) and reused as much as possible. - * + * * It is as thread safe as StAX parsing is. - * + * * @author Jonathan */ public class WSSEParser { @@ -71,7 +71,7 @@ public class WSSEParser { ).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok ).exclusive(); // root must be Envelope } - + public XMLStreamException parse(BasicCred bc, InputStream is) { try { parseTree.onMatch(bc, new XReader(is)); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XEvent.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XEvent.java index 187d5b1e..d6918292 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XEvent.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XEvent.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,12 +26,12 @@ import javax.xml.stream.events.XMLEvent; /** * XEvent - * + * * This mechanism mimics a minimal portion of StAX "XMLEvent", enough to work with minimal XReader. - * + * * We implement the same interface, as much as minimally necessary, as XMLEvent for these small usages so as to * be interchangeable in the future, if so desired - * + * * @author Jonathan * */ @@ -58,7 +58,7 @@ public abstract class XEvent { public NamedXEvent(QName qname) { this.qname = qname; } - + public QName getName() { return qname; } @@ -79,7 +79,7 @@ public abstract class XEvent { public EndElement(String ns, String tag) { super(new QName(ns,tag)); } - + @Override public int getEventType() { return XMLEvent.END_ELEMENT; @@ -101,14 +101,14 @@ public abstract class XEvent { return data; } } - + public static class StartDocument extends XEvent { @Override public int getEventType() { return XMLEvent.START_DOCUMENT; } - + } public static class EndDocument extends XEvent { @@ -117,7 +117,7 @@ public abstract class XEvent { public int getEventType() { return XMLEvent.END_DOCUMENT; } - + } public static class Comment extends XEvent { public final String value; @@ -129,7 +129,7 @@ public abstract class XEvent { public int getEventType() { return XMLEvent.COMMENT; } - + } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java index aa46bec5..e820197b 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,16 +34,16 @@ import javax.xml.stream.XMLStreamException; /** * XReader - * This class works similarly as StAX, except StAX has more behavior than is needed. That would be ok, but + * This class works similarly as StAX, except StAX has more behavior than is needed. That would be ok, but * StAX also was Buffering in their code in such as way as to read most if not all the incoming stream into memory, * defeating the purpose of pre-reading only the Header - * + * * This Reader does no back-tracking, but is able to create events based on syntax and given state only, leaving the * Read-ahead mode of the InputStream up to the other classes. - * - * At this time, we only implement the important events, though if this is good enough, it could be expanded, perhaps to + * + * At this time, we only implement the important events, though if this is good enough, it could be expanded, perhaps to * replace the original XMLReader from StAX. - * + * * @author Jonathan * */ @@ -53,18 +53,18 @@ public class XReader { private InputStream is; private ByteArrayOutputStream baos; private int state, count, last; - + private Stack<Map<String,String>> nsses; - + public XReader(InputStream is) { this.is = is; curr = another = null; baos = new ByteArrayOutputStream(); - state = BEGIN_DOC; + state = BEGIN_DOC; count = 0; nsses = new Stack<Map<String,String>>(); } - + public boolean hasNext() throws XMLStreamException { if (curr==null) { curr = parse(); @@ -78,7 +78,7 @@ public class XReader { return xe; } - // + // // State Flags // // Note: The State of parsing XML can be complicated. There are too many to cleanly keep in "booleans". Additionally, @@ -100,20 +100,20 @@ public class XReader { // useful combined Comment states private final static int IN_COMMENT=COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2; private final static int COMPLETE_COMMENT = COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2|COMMENT_D3|COMMENT_D4; - - + + private XEvent parse() throws XMLStreamException { Map<String,String> nss = nsses.isEmpty()?null:nsses.peek(); XEvent rv; - if ((rv=another)!=null) { // "another" is a tag that may have needed to be created, but not + if ((rv=another)!=null) { // "another" is a tag that may have needed to be created, but not // immediately returned. Save for next parse. If necessary, this could be turned into // a FIFO storage, but a single reference is enough for now. another = null; // "rv" is now set for the Event, and will be returned. Set to Null. } else { boolean go = true; int c=0; - + try { while (go && (c=is.read())>=0) { ++count; @@ -134,9 +134,9 @@ public class XReader { String ns; switch(t.state&(START_TAG|END_TAG)) { case START_TAG: - nss = getNss(nss,t); // Only Start Tags might have NS Attributes - // Get any NameSpace elements from tag. If there are, nss will become - // a new Map with all the previous NSs plus the new. This provides + nss = getNss(nss,t); // Only Start Tags might have NS Attributes + // Get any NameSpace elements from tag. If there are, nss will become + // a new Map with all the previous NSs plus the new. This provides // scoping behavior when used with the Stack // drop through on purpose case END_TAG: @@ -148,8 +148,8 @@ public class XReader { if (ns==null) throw new XMLStreamException("Invalid Namespace Prefix at " + count); go = false; - switch(t.state) { // based on - case DOC_TYPE: + switch(t.state) { // based on + case DOC_TYPE: rv = new XEvent.StartDocument(); break; case COMMENT: @@ -168,14 +168,14 @@ public class XReader { if (last=='/')another = new XEvent.EndElement(ns,t.name); } if (cxe!=null) { // if there is a Character Event, it actually should go first. ow. - another = rv; // Make current Event the "another" or next event, and + another = rv; // Make current Event the "another" or next event, and rv = cxe; // send Character Event now } break; case ' ': case '\t': case '\n': - if ((state&BEGIN_DOC)==BEGIN_DOC) { // if Whitespace before doc, just ignore + if ((state&BEGIN_DOC)==BEGIN_DOC) { // if Whitespace before doc, just ignore break; } // fallthrough on purpose @@ -190,17 +190,17 @@ public class XReader { } catch (IOException e) { throw new XMLStreamException(e); // all errors parsing will be treated as XMLStreamErrors (like StAX) } - if (c==-1 && (state&BEGIN_DOC)==BEGIN_DOC) { // Normally, end of stream is ok, however, we need to know if the - throw new XMLStreamException("Premature End of File"); // document isn't an XML document, so we throw exception if it + if (c==-1 && (state&BEGIN_DOC)==BEGIN_DOC) { // Normally, end of stream is ok, however, we need to know if the + throw new XMLStreamException("Premature End of File"); // document isn't an XML document, so we throw exception if it } // hasn't yet been determined to be an XML Doc } return rv; } - + /** * parseTag - * - * Parsing a Tag is somewhat complicated, so it's helpful to separate this process from the + * + * Parsing a Tag is somewhat complicated, so it's helpful to separate this process from the * higher level Parsing effort * @return * @throws IOException @@ -213,7 +213,7 @@ public class XReader { int c, quote=0; // If "quote" is 0, then we're not in a quote. We set ' (in pretag) or " in attribs accordingly to denote quoted String prefix=null,name=null,value=null; baos.reset(); - + while (go && (c=is.read())>=0) { ++count; if (quote!=0) { // If we're in a quote, we only end if we hit another quote of the same time, not preceded by \ @@ -225,7 +225,7 @@ public class XReader { } else if ((state&COMMENT)==COMMENT) { // similar to Quote is being in a comment switch(c) { case '-': - switch(state) { // XML has a complicated Quote set... <!-- --> ... we keep track if each has been met with flags. + switch(state) { // XML has a complicated Quote set... <!-- --> ... we keep track if each has been met with flags. case COMMENT|COMMENT_E: state|=COMMENT_D1; break; @@ -259,7 +259,7 @@ public class XReader { } } else { // Normal Tag Processing loop switch(c) { - case '?': + case '?': switch(state & (QUESTION_F|QUESTION)) { // Validate the state of Doc tag... <?xml ... ?> case QUESTION_F: state |= DOC_TYPE; @@ -273,7 +273,7 @@ public class XReader { } break; case '!': - if (last=='<') { + if (last=='<') { state|=COMMENT|COMMENT_E; // likely a comment, continue processing in Comment Loop } baos.write(c); @@ -321,7 +321,7 @@ public class XReader { // Fallthrough ok default: baos.write(c); // write any unprocessed bytes into buffer - + } } last = c; @@ -338,12 +338,12 @@ public class XReader { /** * getNSS - * + * * If the tag contains some Namespace attributes, create a new nss from the passed in one, copy all into it, then add * This provides Scoping behavior - * + * * if Nss is null in the first place, create an new nss, so we don't have to deal with null Maps. - * + * * @param nss * @param t * @return @@ -374,10 +374,10 @@ public class XReader { /** * The result of the parseTag method - * + * * Data is split up into prefix, name and value portions. "Tags" with Values that are inside a Tag are known in XLM - * as Attributes. - * + * as Attributes. + * * @author Jonathan * */ @@ -390,7 +390,7 @@ public class XReader { this.prefix = prefix; this.name = name; this.value = value; - attribs = null; + attribs = null; } /** @@ -404,7 +404,7 @@ public class XReader { } attribs.add(attrib); } - + public String toString() { StringBuffer sb = new StringBuffer(); if (prefix!=null) { |