3 files changed, 39 insertions, 6 deletions

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/DelegateDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/DelegateDAO.java
index b137b640..ad862176 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/DelegateDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/DelegateDAO.java
@@ -4,6 +4,8 @@
  * ===========================================================================
  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
  * ===========================================================================
+ * Modifications Copyright (C) 2018 IBM.
+ * ============================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -44,6 +46,7 @@ public class DelegateDAO extends CassDAOImpl<AuthzTrans, DelegateDAO.Data> {
 
     public static final String TABLE = "delegate";
     private PSInfo psByDelegate;
+    private static final int KEYLIMIT = 1;
     
     public DelegateDAO(AuthzTrans trans, Cluster cluster, String keyspace) {
         super(trans, DelegateDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
@@ -55,11 +58,11 @@ public class DelegateDAO extends CassDAOImpl<AuthzTrans, DelegateDAO.Data> {
         init(trans);
     }
     
-    private static final int KEYLIMIT = 1;
+    
     public static class Data implements Bytification {
-        public String user;
-        public String delegate;
-        public Date expires;
+        public static String user;
+        public static String delegate;
+        public static Date expires;
 
         @Override
         public ByteBuffer bytify() throws IOException {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
index 2c7aa12b..7c843dbd 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
@@ -66,11 +66,22 @@ public class PermEval {
                 if (sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
                     String[] skeys=Split.split(startChar,sInst);
                     String[] pkeys=Split.split(startChar,pInst);
-                    if (skeys.length!=pkeys.length) return false;
+                    if (pkeys.length<skeys.length) {
+                    	return false;
+                    } else if(pkeys.length > skeys.length && 
+                    		 (skeys.length==0 || !ASTERIX.equals(skeys[skeys.length-1]))) {
+                       	return false;
+                    }
 
                     boolean pass = true;
                     for (int i=1;pass && i<skeys.length;++i) {                  // We start at 1, because the first one, being ":" is always ""
-                        if (ASTERIX.equals(skeys[i]))continue;               // Server data accepts all for this key spot
+                        if (ASTERIX.equals(skeys[i])) {
+                        	if(i==skeys.length-1) {
+                        		// accept all after
+                        		return true;
+                        	}
+                        	continue;               // Server data accepts all for this key spot
+                        }
                         pass = false;
                         for (String sItem : Split.split(LIST_SEP,skeys[i])) {        // allow for "," definition in Action
                             if (pkeys[i].length()==0) {
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
index 3e137c25..5d242005 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
@@ -211,5 +211,24 @@ public class JU_PermEval {
         @SuppressWarnings("unused")
         PermEval pe = new PermEval();
     }
+    
+    @Test
+    public void pathTest() {
+        assertTrue(PermEval.evalInstance("/","/"));
+        assertFalse(PermEval.evalInstance("/","/hello"));
+        assertTrue(PermEval.evalInstance("/","/"));
+        assertTrue(PermEval.evalInstance("/onap/so/infra/*/*/*","/onap/so/infra/a/b/c"));
+        assertFalse(PermEval.evalInstance("/onap/so/infra/*","/onap/so/infra"));
+        assertTrue(PermEval.evalInstance("/onap/so/infra/*","/onap/so/infra/a/b/c"));
+        assertTrue(PermEval.evalInstance("/onap/so/infra*","/onap/so/infra"));
+        assertFalse(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra"));
+        assertFalse(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra23"));
+        assertTrue(PermEval.evalInstance("/onap/so/infra*/hello","/onap/so/infra23/hello"));
+        assertFalse(PermEval.evalInstance("/onap/so/*/hello","/onap/so/infra23"));
+        assertFalse(PermEval.evalInstance("/onap/so/*/","/onap/so/infra23"));
+        assertTrue(PermEval.evalInstance("/onap/so/*/","/onap/so/infra23/"));
+    }
+
+
 
 }