summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth-client/pom.xml18
-rw-r--r--auth/auth-batch/pom.xml24
-rw-r--r--auth/auth-batch/src/assemble/auth-batch.xml13
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java2
-rw-r--r--auth/auth-cass/pom.xml18
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java1
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java12
-rw-r--r--auth/auth-certman/pom.xml2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java85
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java42
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java45
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java54
-rw-r--r--auth/auth-cmd/pom.xml18
-rw-r--r--auth/auth-cmd/src/assemble/auth-cmd.xml4
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java3
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java3
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java5
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java13
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java5
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java4
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java3
-rw-r--r--auth/auth-core/pom.xml18
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java16
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java6
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java25
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java3
-rw-r--r--auth/auth-deforg/pom.xml18
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java19
-rw-r--r--auth/auth-fs/pom.xml18
-rw-r--r--auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java4
-rw-r--r--auth/auth-gui/pom.xml2
-rw-r--r--auth/auth-hello/pom.xml2
-rw-r--r--auth/auth-locate/pom.xml2
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java2
-rw-r--r--auth/auth-oauth/pom.xml2
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java1
-rw-r--r--auth/auth-service/pom.xml2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java18
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java6
-rw-r--r--auth/docker/Dockerfile.base3
-rw-r--r--auth/docker/agent.sh3
-rw-r--r--auth/docker/d.props.csit2
-rw-r--r--auth/docker/d.props.init2
-rw-r--r--auth/docker/dclean.sh2
-rw-r--r--auth/docker/pom.xml2
-rw-r--r--auth/helm/.gitignore3
-rw-r--r--auth/helm/aaf-hello/values.yaml4
-rw-r--r--auth/helm/aaf/Chart.yaml2
-rw-r--r--auth/helm/aaf/values.yaml2
-rw-r--r--auth/pom.xml18
-rwxr-xr-xauth/sample/bin/client.sh2
-rw-r--r--auth/sample/bin/service.sh2
-rw-r--r--cadi/aaf/pom.xml18
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java2
-rw-r--r--cadi/client/pom.xml18
-rw-r--r--cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java2
-rw-r--r--cadi/core/pom.xml18
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java6
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java2
-rw-r--r--cadi/core/src/test/resources/cadi.properties49
-rw-r--r--cadi/oauth-enduser/pom.xml18
-rw-r--r--cadi/pom.xml18
-rw-r--r--cadi/servlet-sample/pom.xml2
-rw-r--r--misc/env/pom.xml18
-rw-r--r--misc/env/src/main/java/org/onap/aaf/misc/env/Data.java2
-rw-r--r--misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java5
-rw-r--r--misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java9
-rw-r--r--misc/log4j/pom.xml18
-rw-r--r--misc/pom.xml18
-rw-r--r--misc/rosetta/pom.xml35
-rw-r--r--misc/xgen/pom.xml18
-rw-r--r--pom.xml27
-rw-r--r--version.properties4
87 files changed, 453 insertions, 466 deletions
diff --git a/auth-client/pom.xml b/auth-client/pom.xml
index c404ab1f..f9f000f5 100644
--- a/auth-client/pom.xml
+++ b/auth-client/pom.xml
@@ -26,7 +26,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
@@ -66,22 +66,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 802538ab..8f9db7c6 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
@@ -123,12 +107,6 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-deforg</artifactId>
</dependency>
-
- <!--dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency -->
-
</dependencies>
<build>
diff --git a/auth/auth-batch/src/assemble/auth-batch.xml b/auth/auth-batch/src/assemble/auth-batch.xml
index 1ba34da3..25b37b73 100644
--- a/auth/auth-batch/src/assemble/auth-batch.xml
+++ b/auth/auth-batch/src/assemble/auth-batch.xml
@@ -38,7 +38,20 @@
<include>org.onap.aaf.authz:aaf-cadi-core</include>
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
</includes -->
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-batch</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
+ </includes>
</dependencySet>
</dependencySets>
</assembly> \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
index 3d26ce99..7c516b10 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
@@ -111,7 +111,7 @@ public class Remove extends Batch {
final Holder<Boolean> ur = new Holder<>(false);
final Holder<Boolean> cred = new Holder<>(false);
final Holder<Boolean> x509 = new Holder<>(false);
- final Holder<String> memoFmt = new Holder<String>("");
+ final Holder<String> memoFmt = new Holder<>("");
final HistoryDAO.Data hdd = new HistoryDAO.Data();
final String orgName = trans.org().getName();
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index d8e25cc3..5e86ba60 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -37,22 +37,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
index 75efdfae..31e5069b 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
@@ -129,7 +129,7 @@ public class FileGetter {
public static void main(String[] args) {
PropAccess access = new PropAccess(args);
- access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat");
+ access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat");
FileGetter fg = FileGetter.singleton(access);
for(String id : new String[] {"m01891@aaf.att.com","bogus"}) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 0d5c487d..e5cde35c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -227,7 +227,6 @@ public class Function {
if (rparent.notOK()) {
return Result.err(rparent);
}
- parent = rparent.value.parent;
if (!fromApproval) {
rparent = q.mayUser(trans, user, rparent.value, Access.write);
if (rparent.notOK()) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1809686a..39578f83 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -786,11 +786,17 @@ public class Question {
return Result.err(Status.ERR_BadData,
"[%s] cannot be a delegate for self", dd.user);
}
- if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG,
- org.getDomain(), Question.CREATE)) {
- return Result.err(Status.ERR_Denied,
+ if (!isUser) {
+ String supportedDomain = org.supportedDomain(dd.user);
+ if(supportedDomain==null) {
+ return Result.err(Status.ERR_Denied,
+ "[%s] may not create a delegate for the domain for [%s]",
+ trans.user(), dd.user);
+ } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+ return Result.err(Status.ERR_Denied,
"[%s] may not create a delegate for [%s]",
trans.user(), dd.user);
+ }
}
break;
case read:
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 69465b7d..64ab8372 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
new file mode 100644
index 00000000..38429ad9
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.api;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
+
+/**
+ * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
+ * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
+ */
+public interface CmpClient {
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name.
+ * Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
+ * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
+ Date notBefore, Date notAfter)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
+ * be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
+ * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate
+ * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
+ *
+ * @param caName CA name. Could be {@code null}.
+ * @param cert Target certificate. Must not be {@code null}.
+ * @param reason Revocation reason.
+ * @param invalidityTime Invalidity time. Could be {@code null}.
+ * @return return Certificate.
+ *
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
+ throws CAOfflineException, CmpClientException;
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
new file mode 100644
index 00000000..d1484f30
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA
+ * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The
+ * connection was refused remotely (e.g., no process is listening on the remote address/port).
+ */
+public class CAOfflineException extends Exception {
+
+ private static final long serialVersionUID = 2L;
+
+ /**
+ * Creates a new instance without detail message.
+ */
+ public CAOfflineException() {
+ super();
+ }
+
+ /**
+ * Constructs an instance with the specified detail message.
+ *
+ * @param msg the detail message.
+ */
+ public CAOfflineException(String msg) {
+ super(msg);
+ }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
new file mode 100644
index 00000000..2a17ab10
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code.
+ */
+public class CmpClientException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates a new instance with detail message.
+ */
+ public CmpClientException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new instance with detail Throwable cause.
+ */
+ public CmpClientException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Creates a new instance with detail message and Throwable cause.
+ */
+ public CmpClientException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
new file mode 100644
index 00000000..19cf634c
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient;
+
+/**
+ * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 (
+ * Certificate Request Message Format (CRMF)) standards.
+ */
+public final class CmpClientImpl implements CmpClient {
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr, final Date notBefore, final Date notAfter)
+ throws CAOfflineException, CmpClientException {
+
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason,
+ final Date invalidityTime)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+}
+
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index 6de09de5..2e7cb2d9 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -58,22 +58,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml
index 013010b5..ba312423 100644
--- a/auth/auth-cmd/src/assemble/auth-cmd.xml
+++ b/auth/auth-cmd/src/assemble/auth-cmd.xml
@@ -42,6 +42,10 @@
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
<include>jline:jline</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
</includes>
</dependencySet>
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
index 6e6b40b4..8d4d66a8 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
@@ -61,7 +61,7 @@ public class Create extends Cmd {
}
String[] admin;
if (args.length>idx) {
- admin = args[idx++].split(COMMA);
+ admin = args[idx].split(COMMA);
} else {
admin = responsible;
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
index fd43e8da..e93ec052 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
@@ -49,7 +49,7 @@ public class Owner extends BaseCmd<NS> {
final int option = whichOption(options, args[idx++]);
final String ns = args[idx++];
- final String ids[] = args[idx++].split(",");
+ final String ids[] = args[idx].split(",");
return same(new Retryable<Integer>() {
@Override
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
index fc1f9363..f53ca4c8 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
@@ -57,7 +57,7 @@ public class Delete extends Cmd {
PermRequest pk = new PermRequest();
pk.setType(args[idx++]);
pk.setInstance(args[idx++]);
- pk.setAction(args[idx++]);
+ pk.setAction(args[idx]);
if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role
client.setQueryParams("force");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
index eb206970..3770a58c 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
@@ -74,7 +74,7 @@ public class Grant extends Cmd {
Future<RolePermRequest> frpr = null;
- String[] roles = args[idx++].split(",");
+ String[] roles = args[idx].split(",");
String strA;
String strB;
for (String role : roles) {
@@ -110,7 +110,6 @@ public class Grant extends Cmd {
pw().println(" Accepted, but requires Approvals before actualizing");
} else {
error(frpr);
- idx=Integer.MAX_VALUE;
}
}
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
index 6400aad3..42725223 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
@@ -51,8 +51,7 @@ public class ListActivity extends Cmd {
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
- int idx = index;
- String type = args[idx++];
+ String type = args[index];
Future<History> fp = client.read(
"/authz/hist/perm/"+type,
getDF(History.class)
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
index d868a7c8..36b5a966 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
@@ -65,7 +65,7 @@ public class Rename extends Cmd {
PermRequest pr = new PermRequest();
pr.setType(args[idx++]);
pr.setInstance(args[idx++]);
- pr.setAction(args[idx++]);
+ pr.setAction(args[idx]);
// Set Start/End commands
setStartEnd(pr);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
index b6a8a0da..94338078 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
@@ -47,9 +47,8 @@ public class ListActivity extends Cmd {
}
@Override
- public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String role = args[idx++];
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+ final String role = args[idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
index 4641ade7..a0a8579b 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
@@ -63,7 +63,7 @@ public class User extends Cmd {
Future<?> fp = null;
- String[] ids = args[idx++].split(",");
+ String[] ids = args[idx].split(",");
String verb=null,participle=null;
// You can request to be added or removed from role.
setQueryParamsOn(client);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
index 1a410088..9ef4c00a 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
@@ -132,11 +132,22 @@ public class Cred extends Cmd {
// IMPORTANT! We do this backward, because it is looking for string
// %1 or %13. If we replace %1 first, that messes up %13
+ String var;
for(int i=vars.size()-1;i>0;--i) {
- text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i));
+ var = vars.get(i);
+ if(aafcli.isTest()) {
+ int type = var.indexOf("U/P");
+ if(type>0) {
+ var = var.substring(0,type+4) + " XXXX/XX/XX XX:XX UTC XXXXXXXXXXXXXXXXXX";
+ }
+ }
+ text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var);
}
text = text.replace("%1",vars.get(0));
+ if(aafcli.isTest()) {
+
+ }
pw().println(text);
} else if (fp.code()==406 && option==1) {
pw().println("You cannot delete this Credential");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
index f5cb4499..6e967286 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
@@ -72,7 +72,7 @@ public class Delg extends BaseCmd<User> {
if (option<2 && args.length>idx) {
Date date;
try {
- date = Chrono.dateOnlyFmt.parse(args[idx++]);
+ date = Chrono.dateOnlyFmt.parse(args[idx]);
} catch (ParseException e) {
throw new CadiException(e);
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
index 30c71e55..485e6d18 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
@@ -47,9 +47,8 @@ public class ListActivity extends Cmd {
}
@Override
- public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String user = fullID(args[idx++]);
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+ final String user = fullID(args[idx]);
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
index 765bd0aa..17f3002a 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
@@ -50,10 +50,10 @@ public class ListApprovals extends Cmd {
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
+ int idx = _idx;
final String type = args[idx++];
int option = whichOption(options,type);
- String value = args[idx++];
+ String value = args[idx];
final String fullValue;
if (option != 2) {
fullValue = fullID(value);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
index 07a19d36..8502f398 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
@@ -60,7 +60,7 @@ public class ListForCreds extends Cmd {
int idx = idxParam;
final int option = whichOption(options, args[idx++]);
final String which = options[option];
- final String value = args[idx++];
+ final String value = args[idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
index 0ab24900..6b9c83f7 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
@@ -64,7 +64,7 @@ public class ListForPermission extends Cmd {
String type = args[idx++];
String instance = args[idx++];
if ("\\*".equals(instance))instance="*";
- String action = args[idx++];
+ String action = args[idx];
if ("\\*".equals(action))action="*";
try {
Future<Users> fp = client.read(
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
index 6fdf1628..13f0a00d 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
@@ -47,8 +47,7 @@ public class ListForRoles extends Cmd {
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String role = args[idx++];
+ final String role = args[_idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 91517836..5409a327 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 288d79d3..73093099 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -95,7 +95,16 @@ public interface Organization {
public void addSupportedRealm(String r);
- public String getDomain();
+ /**
+ * If Supported, returns Realm, ex: org.onap
+ * ELSE returns null
+ *
+ * @param user
+ * @return
+ */
+ public String supportedDomain(String user);
+
+ public String getDomain();
/**
* Get Identity information based on userID
@@ -420,6 +429,11 @@ public interface Organization {
@Override
public void addSupportedRealm(String r) {
}
+
+ @Override
+ public String supportedDomain(String r) {
+ return null;
+ }
@Override
public String getDomain() {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 867d2984..6d559de5 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -131,13 +131,13 @@ public class OrganizationFactory {
}
env.init().printf("Instantiated %s with %s%s",orgNS,orgClass,(isDefault?" as default":""));
}
- if (org==null) {
- if (defaultOrg!=null) {
+ if ( (org==null) && (defaultOrg!=null)){
+
org=defaultOrg;
orgs.put(orgNS, org);
}
}
- }
+
return org;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
index bd718e46..bf9f57e3 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
@@ -45,8 +45,7 @@ class Acceptor<TRANS extends Trans> {
}
private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) {
-// int plus = str.indexOf('+');
-// if (plus<0) {
+
boolean ok = false;
boolean any = false;
for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
@@ -61,23 +60,7 @@ class Acceptor<TRANS extends Trans> {
}
}
}
-// } else { // Handle Accepts with "+" as in application/xaml+xml
-// int prev = str.indexOf('/')+1;
-// String first = str.substring(0,prev);
-// String nstr;
-// while (prev!=0) {
-// nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus));
-//
-// for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
-// if (type.x.equals(nstr)) {
-// acceptable.add(type);
-// return type;
-// }
-// }
-// prev = plus+1;
-// plus=str.indexOf('+', prev);
-// };
-// }
+
return any;
}
@@ -93,9 +76,9 @@ class Acceptor<TRANS extends Trans> {
if (type.y!=null) {
for (Pair<String,Object> prop : type.y.y){
if (tag.equals(prop.x)) {
- if (tag.equals("charset")) {
+ if ( "charset".equals(tag)) {
return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched
- } else if (tag.equals("version")) {
+ } else if ("version".equals(tag)) {
return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding
} else if (tag.equals(Content.Q)) { // replace Q value
try {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
index 761fd8cc..172f386e 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
@@ -41,7 +41,7 @@ class CodeSetter<TRANS extends Trans> {
this.resp = resp;
}
- public boolean matches(Route<TRANS> route) throws IOException, ServletException {
+ public boolean matches(Route<TRANS> route) {
// Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)
return (code = route.getCode(trans, req, resp))!=null;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
index f8c5ae19..03d6dfe2 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
@@ -21,10 +21,9 @@
package org.onap.aaf.auth.rserv;
-import java.io.IOException;
+
import java.util.List;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index 353d4b91..e9bee7b8 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 46d3db9b..70b3324a 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -637,6 +637,25 @@ public class DefaultOrg implements Organization {
}
return false;
}
+
+ @Override
+ public String supportedDomain(String user) {
+ if(user!=null) {
+ int after_at = user.indexOf('@')+1;
+ if(after_at<user.length()) {
+ String ud = FQI.reverseDomain(user);
+ if(ud.startsWith(getDomain())) {
+ return getDomain();
+ }
+ for(String s : supportedRealms) {
+ if(ud.startsWith(s)) {
+ return FQI.reverseDomain(s);
+ }
+ }
+ }
+ }
+ return null;
+ }
@Override
public synchronized void addSupportedRealm(final String r) {
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index 7b871267..87763650 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -57,22 +57,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
index 19a150da..64d93539 100644
--- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
+++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
@@ -44,7 +44,7 @@ import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.cadi.register.RemoteRegistrant;
-import org.onap.aaf.misc.env.APIException;
+
public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
@@ -58,7 +58,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
// creates StaticSlot, needed for CachingFileAccess, and sets to public Dir
env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir");
- CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);
+ CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env);
route(env,GET,"/:key*", cfa);
final String aaf_locate_url = Config.getAAFLocateUrl(access);
if (aaf_locate_url == null) {
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 6b003051..f93fb7e4 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 2cb8f571..47285766 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 3ea432b8..8df23909 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
index 962b9859..c77e9a85 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
@@ -59,7 +59,7 @@ public class API_Proxy {
* @param facade
* @throws Exception
*/
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) {
String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null);
if (aafurl!=null) {
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 5e0c56fb..cc0ed53e 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
index 0126c2e2..a0644fd1 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
@@ -28,6 +28,7 @@ import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.APIException;
+@FunctionalInterface
public interface JSONPermLoader {
public Result<String> loadJSONPerms(AuthzTrans trans, String user, Set<String> scopes) throws APIException, CadiException;
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index 63585f94..9f9ca869 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 2431e0eb..67410305 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -2346,10 +2346,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
switch(action) {
case DELETE:
+ String why;
if(ques.isOwner(trans, user,ns) ||
- ques.isAdmin(trans, user,ns) ||
- ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
- return Result.ok();
+ ques.isAdmin(trans, user,ns) ||
+ ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
+ return Result.ok();
}
break;
case RESET:
@@ -2509,13 +2510,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
if (firstID) {
// OK, it's a first ID, and not by NS Owner
- if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
+ String user = trans.user();
+ if(!ques.isOwner(trans,user,cdd.ns)) {
// Admins are not allowed to set first Cred, but Org has already
// said entity MAY create, typically by Permission
// We can't know which reason they are allowed here, so we
// have to assume that any with Special Permission would not be
// an Admin.
- if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+ String domain = org.supportedDomain(user);
+ if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) &&
+ ques.isAdmin(trans, user, cdd.ns)) {
return Result.err(Result.ERR_Denied,
"Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
} else {
@@ -3900,6 +3904,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
final DelegateDAO.Data dd = rd.value;
+
+ if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) {
+ return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self");
+ }
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd);
if (access==Access.create && ddr.isOKhasData()) {
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
index 60b76ea2..4a299e7e 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
@@ -135,7 +135,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
(nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType);
(permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType);
(permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType);
-// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType);
+
(roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType);
(roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType);
(usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType);
@@ -174,7 +174,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (result.variables==null || result.variables.length<1) {
detail = new String[1];
} else {
- List<String> dlist = new ArrayList<String>();
+ List<String> dlist = new ArrayList<>();
dlist.add(null);
String os;
for(Object s : result.variables) {
@@ -185,8 +185,6 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
detail = new String[dlist.size()];
dlist.toArray(detail);
}
- //int httpstatus;
-
switch(result.status) {
case ERR_ActionNotCompleted:
msgId = "SVC1202";
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index e7ae6432..4874f1aa 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -19,6 +19,9 @@
#
# Use dbuild.sh input parameter to set registry
FROM ${REGISTRY}/openjdk:8-jre-alpine
+#FROM openjdk:12-jdk-alpine
+#FROM openjdk:13-jdk-alpine
+
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 575e21f9..f59bd228 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -28,7 +28,8 @@ fi
. ./aaf.props
DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.16}
+VERSION=${VERSION}
+CADI_VERSION=${CADI_VERSION:=${VERSION}}
for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
if [ "$(grep $V ./aaf.props)" = "" ]; then
diff --git a/auth/docker/d.props.csit b/auth/docker/d.props.csit
index cdb6b5a0..27f539bb 100644
--- a/auth/docker/d.props.csit
+++ b/auth/docker/d.props.csit
@@ -28,7 +28,7 @@ ORG=onap
PROJECT=aaf
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
index 41a30244..8ef2e31a 100644
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -23,7 +23,7 @@ PROJECT=aaf
# Note: Override can happen on dbuild.sh Commandline, -r <registry>
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index 4fb4e07a..0e974aa6 100644
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -23,7 +23,7 @@
DOCKER=${DOCKER:=docker}
if [ "$1" == "" ]; then
- AAF_COMPONENTS="$(cat components) config core agent "
+ AAF_COMPONENTS="$(cat components) config core agent base "
else
AAF_COMPONENTS="$@"
fi
diff --git a/auth/docker/pom.xml b/auth/docker/pom.xml
index b4d3545c..9bfb80c8 100644
--- a/auth/docker/pom.xml
+++ b/auth/docker/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/helm/.gitignore b/auth/helm/.gitignore
index 44cae669..e106bce2 100644
--- a/auth/helm/.gitignore
+++ b/auth/helm/.gitignore
@@ -2,3 +2,6 @@ aaf.orig/
pause/
aaf.new/
aaf.props
+.DS_Store
+current
+*.tgz
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index 5a3931c2..130fa74e 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -37,8 +37,8 @@ image:
# repository: localhost:5000/
service:
- agentImage: onap/aaf/aaf_agent:2.1.16-SNAPSHOT
- image: onap/aaf/aaf_hello:2.1.16-SNAPSHOT
+ agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT
+ image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT
app_ns: "org.osaaf.aaf"
fqi: "aaf@aaf.osaaf.org"
fqdn: "aaf-hello"
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index f83041e9..976e2efe 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@ apiVersion: v1
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.16-SNAPSHOT
+version: 2.1.17-SNAPSHOT
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index b320d9c8..9cfee331 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -104,7 +104,7 @@ image:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.16-SNAPSHOT
+ version: 2.1.17-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/pom.xml b/auth/pom.xml
index 27abccdb..eb65a5d3 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
@@ -66,22 +66,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index 4768d81c..4132e6ca 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -21,7 +21,7 @@
# This script is run when starting client Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
AAF_INTERFACE_VERSION=2.1
# Extract Name, Domain and NS from FQI
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index bddd42c9..10a3e15e 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -39,7 +39,7 @@ cadi_longitude=${cadi_longitude:-"${LONGITUDE}"}
cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"}
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
OSAAF=/opt/app/osaaf
LOCAL=$OSAAF/local
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index 1fa4ab59..5d277be5 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -61,22 +61,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
index f3a45e5e..943e43ef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
@@ -67,7 +67,7 @@ public class AAFListedCertIdentity implements CertIdentity {
private static Map<String,Set<String>> trusted =null;
- public AAFListedCertIdentity(Access access, AAFCon<?> aafcon) throws APIException {
+ public AAFListedCertIdentity(Access access, AAFCon<?> aafcon) {
synchronized(AAFListedCertIdentity.class) {
if (certIDs==null) {
String cip = access.getProperty(Config.AAF_CERT_IDS, null);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
index b62bc404..7ccf3e60 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
@@ -54,7 +54,7 @@ public class AAFConHttp extends AAFCon<HttpURLConnection> {
hman = new HMangr(access,Config.loadLocator(si, access.getProperty(Config.AAF_URL,null)));
}
- protected SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) throws CadiException {
+ protected SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) {
return si.defSS;
}
diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml
index 38d50820..8217f646 100644
--- a/cadi/client/pom.xml
+++ b/cadi/client/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -61,22 +61,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
index cef4ae47..c7b2605f 100644
--- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
+++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
@@ -32,6 +32,8 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.CadiException;
diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml
index aa50090b..36e54093 100644
--- a/cadi/core/pom.xml
+++ b/cadi/core/pom.xml
@@ -16,7 +16,7 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -52,22 +52,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
index b6aabf32..e3a65cec 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
@@ -84,12 +84,12 @@ public class BufferedServletInputStream extends ServletInputStream {
}
return value;
}
-
+ @Override
public int read(byte[] b) throws IOException {
return read(b,0,b.length);
}
-
-
+
+ @Override
public int read(byte[] b, int off, int len) throws IOException {
int count = -1;
if (capacitor==null) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
index 88ac57e6..c5f60d2e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
@@ -21,6 +21,7 @@
package org.onap.aaf.cadi;
+@FunctionalInterface
public interface Connector {
public Lur newLur() throws CadiException;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
index 4c5ca543..c813754a 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
@@ -21,6 +21,8 @@
package org.onap.aaf.cadi;
+
+@FunctionalInterface
public interface GetCred {
byte[] getCred();
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index c4719f86..0cebaa77 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -181,7 +181,7 @@ public class PropAccess implements Access {
String value = es.getValue().toString();
props.put(key, value);
if(key.contains("pass")) {
- value = "XXXXXXX";
+ value = "vi XX";
}
printf(Level.DEBUG," %s=%s",key,value);
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
index 33a5bc91..68533414 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
@@ -21,7 +21,7 @@
package org.onap.aaf.cadi;
-
+@FunctionalInterface
public interface Revalidator<TRANS> {
/**
* Re-Validate Credential
diff --git a/cadi/core/src/test/resources/cadi.properties b/cadi/core/src/test/resources/cadi.properties
deleted file mode 100644
index a6e256e5..00000000
--- a/cadi/core/src/test/resources/cadi.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-#########
-# ============LICENSE_START====================================================
-# org.onap.aaf
-# ===========================================================================
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-# ===========================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END====================================================
-#
-
-hostname=veeger.mo.sbc.com
-
-port=2533
-
-# CSP has Production mode (active users) or DEVL mode (for
-# Testing purposes... Bogus users)
-#csp_domain=DEVL
-csp_domain=PROD
-
-# Report all AUTHN and AUTHZ activity
-loglevel=AUDIT
-
-#
-# BasicAuth and other User/Password support
-#
-# The realm reported on BasicAuth callbacks
-basic_realm=spiderman.agile.att.com
-users=ks%xiVUs_25_1jqGdJ24hqy43Gi;
-groups=aaf:Jd8bb3jslg88b@spiderman.agile.att.com%7sZCPBZ_8iWbslqdjWFIDLgTZlm9ung0ym-G,\
- jg1555,lg2384,rd8227,tp007s,pe3617;
-
-
-# Keyfile (with relative path) for encryption. This file
-# should be marked as ReadOnly by Only the running process
-# for security's sake
-keyfile=conf/keyfile
-
-# This is here to force property chaining in tests
-cadi_prop_files=test/cadi.properties.duplicate
diff --git a/cadi/oauth-enduser/pom.xml b/cadi/oauth-enduser/pom.xml
index efc32dd4..be68eb97 100644
--- a/cadi/oauth-enduser/pom.xml
+++ b/cadi/oauth-enduser/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -61,22 +61,6 @@
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
</developers>
<dependencies>
diff --git a/cadi/pom.xml b/cadi/pom.xml
index 9075385a..d023218b 100644
--- a/cadi/pom.xml
+++ b/cadi/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
@@ -68,22 +68,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/cadi/servlet-sample/pom.xml b/cadi/servlet-sample/pom.xml
index 7ca8aa4b..2b41d92f 100644
--- a/cadi/servlet-sample/pom.xml
+++ b/cadi/servlet-sample/pom.xml
@@ -4,7 +4,7 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<name>CADI Servlet Sample (Test Only)</name>
diff --git a/misc/env/pom.xml b/misc/env/pom.xml
index 360b920c..f432fce2 100644
--- a/misc/env/pom.xml
+++ b/misc/env/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -63,22 +63,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java b/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
index 4c64e5de..caa8ff13 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
@@ -50,7 +50,7 @@ import java.io.Writer;
* @param <T>
*/
public interface Data<T> {
- static enum TYPE {XML,JSON,JAXB,RAW,DEFAULT};
+ enum TYPE {XML,JSON,JAXB,RAW,DEFAULT};
// can & with 0xFFFF;
// public static final int XML = 0x1;
// public static final int JSON = 0x2;
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java b/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
index 9edd3bf4..c785f2cb 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
@@ -122,7 +122,8 @@ public abstract class AbsTrans<ENV extends Env> implements TransStore {
@Override
public Metric auditTrail(LogTarget lt, int indent, StringBuilder sb, int ... flags) {
Metric metric = new Metric();
- int last = (metric.entries = trail.size()) -1;
+ metric.entries = trail.size();
+ int last = (metric.entries) -1;
metric.buckets = flags.length==0?EMPTYF:new float[flags.length];
if (last>=0) {
TimeTaken first = trail.get(0);
@@ -159,7 +160,7 @@ public abstract class AbsTrans<ENV extends Env> implements TransStore {
}
}
} else {
- Stack<Long> stack = new Stack<Long>();
+ Stack<Long> stack = new Stack<>();
for (TimeTaken tt : trail) {
// Create Indentation based on SUB
while (!stack.isEmpty() && tt.end()>stack.peek()) {
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
index 6d83aca4..a5f10e0f 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
@@ -117,7 +117,8 @@ public final class JAXBData<T> implements Data<T>{
if (dataAsString!=null) {
return dataAsString;
} else {
- return dataAsString = stringifier.stringify(env, dataAsObject);
+ dataAsString = stringifier.stringify(env, dataAsObject);
+ return dataAsString;
}
}
@@ -134,7 +135,8 @@ public final class JAXBData<T> implements Data<T>{
if (dataAsString!=null) {
return dataAsString;
} else {
- return dataAsString = stringifier.stringify(creatingEnv, dataAsObject,options);
+ dataAsString = stringifier.stringify(creatingEnv, dataAsObject,options);
+ return dataAsString;
}
}
@@ -243,7 +245,8 @@ public final class JAXBData<T> implements Data<T>{
return dataAsString;
} else {
try {
- return dataAsString = stringifier.stringify(creatingEnv, dataAsObject);
+ dataAsString = stringifier.stringify(creatingEnv, dataAsObject);
+ return dataAsString;
} catch (APIException e) {
return "ERROR - Can't Stringify from Object " + e.getLocalizedMessage();
}
diff --git a/misc/log4j/pom.xml b/misc/log4j/pom.xml
index 7bfc1bce..65929e65 100644
--- a/misc/log4j/pom.xml
+++ b/misc/log4j/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -44,22 +44,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/misc/pom.xml b/misc/pom.xml
index 68e3c4b1..3d182c4a 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
@@ -42,22 +42,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/misc/rosetta/pom.xml b/misc/rosetta/pom.xml
index 9c6d003a..73d388dd 100644
--- a/misc/rosetta/pom.xml
+++ b/misc/rosetta/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -44,22 +44,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
@@ -93,8 +77,23 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-env</artifactId>
- <version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.istack</groupId>
+ <artifactId>istack-commons-runtime</artifactId>
+ <version>2.2</version>
+ <scope>runtime</scope>
+ </dependency>
+
</dependencies>
diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index 83153890..83a4ad3c 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -44,22 +44,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/pom.xml b/pom.xml
index 55c36e02..a7530708 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,14 +22,19 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<name>aaf-authz</name>
<packaging>pom</packaging>
<parent>
<groupId>org.onap.oparent</groupId>
<artifactId>oparent</artifactId>
+ <!-- Official Released Version
<version>2.1.0</version>
+
+ Frankfurt working Version
+ -->
+ <version>3.0.0-SNAPSHOT</version>
</parent>
<properties>
@@ -51,7 +56,8 @@
<project.interfaceVersion>${project.version}</project.interfaceVersion>
<project.jettyVersion>9.4.12.v20180830</project.jettyVersion>
<project.cassVersion>3.6.0</project.cassVersion>
-
+ <project.jaxbVersion>2.3.1</project.jaxbVersion>
+ <project.glassfishJaxbVersion>3.0-b71</project.glassfishJaxbVersion>
</properties>
<build>
<plugins>
@@ -342,6 +348,23 @@
<scope>test</scope>
</dependency>
+ <!-- Javax removed as of JDK 9 -->
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>
diff --git a/version.properties b/version.properties
index 564f55f4..de52dc04 100644
--- a/version.properties
+++ b/version.properties
@@ -24,10 +24,10 @@
# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-# This TAG <version>2.1.16-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.17-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
major=2
minor=1
-patch=16
+patch=17
base_version=${major}.${minor}.${patch}