add check and showpass

Issue-ID: AAF-378
Change-Id: If06c33ffd45eb61ab881cdb89f9689dae951f82c
Signed-off-by: Instrumental <jonathan.gathman@att.com>

7 files changed, 51 insertions, 36 deletions

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
index 6b69f790..c4ca8082 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
@@ -50,7 +50,11 @@ public class AAFPermission implements Permission {
 		type = name;
 		this.instance = instance;
 		this.action = action;
-		key = ns + '|' + type + '|' + instance + '|' + action;
+		if(ns==null) {
+			key = type + '|' + instance + '|' + action;
+		} else {
+			key = ns + '|' + type + '|' + instance + '|' + action;
+		}
 		this.roles = NO_ROLES;
 
 	}
@@ -60,7 +64,11 @@ public class AAFPermission implements Permission {
 		type = name;
 		this.instance = instance;
 		this.action = action;
-		key = ns + '|' + type + '|' + instance + '|' + action;
+		if(ns==null) {
+			key = type + '|' + instance + '|' + action;
+		} else {
+			key = ns + '|' + type + '|' + instance + '|' + action;
+		}
 		this.roles = roles==null?NO_ROLES:roles;
 	}
 	
@@ -117,7 +125,15 @@ public class AAFPermission implements Permission {
 			}
 		}
 		boolean typeMatches;
-		if(aafNS.length() == ns.length()) {
+		if(aafNS==null) {
+			if(ns==null) {
+				typeMatches = aafType.equals(type);
+			} else {
+				typeMatches = aafType.equals(ns+'.'+type);
+			}
+		} else if(ns==null) {
+			typeMatches = type.equals(aafNS+'.'+aafType);
+		} else if(aafNS.length() == ns.length()) {
 			typeMatches = aafNS.equals(ns) && aafType.equals(type);
 		} else { // Allow for restructuring of NS/Perm structure
 			typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index 3e90087c..df2ad4f8 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -55,7 +55,7 @@ public class TestConnectivity {
 			System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]");
 		} else {
 			print(true,"START OF CONNECTIVITY TESTS",new Date().toString(),System.getProperty("user.name"),
-					"Note: All API Calls are /authz/perms/user/<MechID/Alias of the caller>");
+					"Note: All API Calls are /authz/perms/user/<AppID/Alias of the caller>");
 
 			if(!args[0].contains(Config.CADI_PROP_FILES+'=')) {
 				args[0]=Config.CADI_PROP_FILES+'='+args[0];
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
index b7cf62cd..a5ef6d14 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
@@ -62,7 +62,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
 	private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
 
 	/**
-	 *  Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this
+	 *  Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
 	 *  point by AAF.  There is no "domain", aka, no "@att.com" in "ab1234@att.com".  
 	 *  
 	 *  The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.
@@ -107,12 +107,6 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
 
 	protected User<AAFPermission> loadUser(final Principal principal)  {
 		final String name = principal.getName();
-//		// Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't 
-//		// have domains.  We are going to make the Transitive Class (see this.transmutative) to convert
-//		final Principal tp = principal; //transmutate.mutate(principal);
-//		if(tp==null) {
-//			return null; // if not a valid Transmutated credential, don't bother calling...
-//		}
 //		TODO Create a dynamic way to declare domains supported.
 		final long start = System.nanoTime();
 		final boolean[] success = new boolean[]{false};
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index b3de9754..ef73adaa 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -89,8 +89,8 @@ public class Agent {
 	private static final String HASHES = "################################################################";
 	private static final String PRINT = "print";
 	private static final String FILE = "file";
-	private static final String PKCS12 = "pkcs12";
-	private static final String JKS = "jks";
+	public static final String PKCS12 = "pkcs12";
+	public static final String JKS = "jks";
 	private static final String SCRIPT="script";
 	
 	private static final String CM_VER = "1.0";
@@ -127,7 +127,7 @@ public class Agent {
 				AAFSSO aafsso=null;
 				PropAccess access;
 				
-				if(args.length>1 && args[0].equals("validate")) {
+				if(args.length>1 && args[0].equals("validate") ) {
 					int idx = args[1].indexOf('=');
 					aafsso = null;
 					access = new PropAccess(
@@ -329,7 +329,7 @@ public class Agent {
 	private static String fqi(Deque<String> cmds) {
 		if(cmds.size()<1) {
 			String alias = env.getProperty(Config.CADI_ALIAS);
-			return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");
+			return alias!=null?alias:AAFSSO.cons.readLine("AppID: ");
 		}
 		return cmds.removeFirst();	
 	}
@@ -360,11 +360,11 @@ public class Agent {
 		Artifacts artifacts = new Artifacts();
 		Artifact arti = new Artifact();
 		artifacts.getArtifact().add(arti);
-		arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));
+		arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("AppID: "));
 		arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));
 		arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));
 		
-		String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");
+		String resp = AAFSSO.cons.readLine("Types [file,pkcs12,jks,script] (%s): ", PKCS12);
 		for(String s : Split.splitTrim(',', resp)) {
 			arti.getType().add(s);
 		}
@@ -419,7 +419,7 @@ public class Agent {
 			if(future.get(TIMEOUT)) {
 				boolean printed = false;
 				for(Artifact a : future.value.getArtifact()) {
-					AAFSSO.cons.printf("MechID:          %s\n",a.getMechid()); 
+					AAFSSO.cons.printf("AppID:          %s\n",a.getMechid()); 
 					AAFSSO.cons.printf("  Sponsor:       %s\n",a.getSponsor()); 
 					AAFSSO.cons.printf("Machine:         %s\n",a.getMachine()); 
 					AAFSSO.cons.printf("CA:              %s\n",a.getCa()); 
@@ -650,7 +650,7 @@ public class Agent {
 				// Have to wait for JDK 1.7 source...
 				//switch(artifact.getType()) {
 				if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
-					AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);
+					AAFSSO.cons.printf("No Artifacts found for %s on %s ", mechID, machine);
 				} else {
 					String id = aafcon.defID();
 					boolean allowed;
@@ -660,7 +660,7 @@ public class Agent {
 										&& aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));
 						if(!allowed) {
 							Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + 
-									a.getNs() + ".certman|"+a.getCa()+"|showpass","*/*");
+									a.getNs()+"|certman|"+a.getCa()+"|showpass","*/*");
 							if(pf.get(TIMEOUT)) {
 								allowed = true;
 							} else {
@@ -1017,13 +1017,13 @@ public class Agent {
 							String prop;						
 							File f;
 	
-							if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||
+							if((prop=trans.getProperty(Config.CADI_KEYFILE))==null ||
 								!(f=new File(prop)).exists()) {
 									trans.error().printf("Keyfile must exist to check Certificates for %s on %s",
 										a.getMechid(), a.getMachine());
 							} else {
-								String ksf = props.getProperty(Config.CADI_KEYSTORE);
-								String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+								String ksf = trans.getProperty(Config.CADI_KEYSTORE);
+								String ksps = trans.getProperty(Config.CADI_KEYSTORE_PASSWORD);
 								if(ksf==null || ksps == null) {
 									trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
 											Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index 3123b89e..c5413919 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -28,7 +28,6 @@ import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -51,7 +50,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
 
 	@Override
 	public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
-		File fks = new File(dir,arti.getNs()+'.'+(kst=="pkcs12"?"p12":kst));
+		File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
 		try {
 			KeyStore jks = KeyStore.getInstance(kst);
 			if(fks.exists()) {
@@ -125,7 +124,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
 				fks.renameTo(backup);
 			}	
 
-			jks = KeyStore.getInstance("jks");
+			jks = KeyStore.getInstance(Agent.JKS);
 			
 			// Set Truststore Password
 			addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
index ecadb6ed..d50b87a2 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
@@ -42,6 +42,7 @@ import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
 import org.onap.aaf.cadi.configure.ArtifactDir;
 import org.onap.aaf.cadi.util.Chmod;
 import org.onap.aaf.misc.env.Trans;
@@ -112,7 +113,7 @@ public class JU_ArtifactDir {
 		} catch(NullPointerException e) {
 		}
 		
-		KeyStore ks = KeyStore.getInstance("pkcs12");
+		KeyStore ks = KeyStore.getInstance(Agent.PKCS12);
 		try {
 			ArtifactDir.write(writableFile, Chmod.to755, ks, luggagePassword.toCharArray());
 			fail("Should've thrown an exception");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
index 0b086f11..d61ac499 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
@@ -21,9 +21,11 @@
 
 package org.onap.aaf.cadi.cm.test;
 
-import static org.junit.Assert.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
@@ -31,14 +33,17 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileReader;
 import java.io.IOException;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 
-import java.security.cert.CertificateException;
-
-import org.junit.*;
-import org.mockito.*;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
 import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
 import org.onap.aaf.cadi.configure.PlaceArtifactInKeystore;
 import org.onap.aaf.misc.env.Env;
 import org.onap.aaf.misc.env.TimeTaken;
@@ -97,12 +102,12 @@ public class JU_PlaceArtifactInKeystore {
 	@Test
 	public void test() throws CadiException {
 		// Note: PKCS12 can't be tested in JDK 7 and earlier.  Can't handle Trusting Certificates.
-		PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore("jks");
+		PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore(Agent.JKS);
 
 		certs.add(x509String);
 		certs.add(x509Chain);
 		assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true));
-		for (String ext : new String[] {"chal", "keyfile", "jks", "trust.jks", "cred.props"}) {
+		for (String ext : new String[] {"chal", "keyfile", Agent.JKS, "trust.jks", "cred.props"}) {
 			File f = new File(dirName + '/' + nsName + '.' + ext);
 			assertThat(f.exists(), is(true));
 		}