summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java6
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java12
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java1
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java7
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java41
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java9
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java6
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java6
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java4
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java5
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java9
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java32
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java16
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java16
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java6
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java19
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java6
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java5
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/User.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java12
26 files changed, 148 insertions, 84 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java
index 8bade4a4..d91c42c0 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@ package org.onap.aaf.auth.batch.approvalsets;
import org.onap.aaf.cadi.CadiException;
+@FunctionalInterface
public interface Loader<T> {
public T load() throws CadiException;
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
index d3209a02..9906f499 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
@@ -3,6 +3,8 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modification Copyright (c) 2019 IBM
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,7 +22,6 @@
*/
package org.onap.aaf.auth.batch.helpers;
-import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@@ -34,7 +35,6 @@ import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.Hash;
-import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.env.util.Chrono;
@@ -135,8 +135,6 @@ public class BatchDataView implements DataView {
sb.append(add.id.toString());
sb.append(COMMA_QUOTE);
sb.append(add.approver);
-// sb.append(QUOTE_COMMA_QUOTE);
-// sb.append(Chrono.utcStamp(add.last_notified));
sb.append(QUOTE_COMMA_QUOTE);
sb.append(add.memo.replace("'", "''"));
sb.append(QUOTE_COMMA_QUOTE);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java
index 1a1bdf33..9cd7341c 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -51,15 +52,14 @@ public class CQLBatchLoop {
/**
* Assume this is another line in the Batch
* @return
- */
+ */
public StringBuilder inc() {
- if(i>=maxBatch || current.length()+sb.length()>MAX_CHARS) {
- if(i>0) {
- cqlBatch.execute(dryRun);
+ if((i>=maxBatch || current.length()+sb.length()>MAX_CHARS)&&(i>0)) {
+
+ cqlBatch.execute(dryRun);
i = -1;
incBatch();
- }
- }
+ }
if(i<0) {
cqlBatch.begin();
i=0;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java
index a4cfcbec..84d7b5a2 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +32,7 @@ public class CacheChange<T extends CacheChange.Data> {
removed = new ArrayList<>();
}
+ @FunctionalInterface
interface Data {
public abstract void expunge();
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
index 258f430e..6f228e08 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
@@ -119,6 +119,7 @@ public class LastNotified {
return last;
}
+ @FunctionalInterface
private interface MarkDelete {
boolean process(String fullKey, Date last);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
index d5c0d771..dd24d7d9 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -128,10 +129,10 @@ public class UserRole implements Cloneable, CacheChange.Data {
public static void load(Trans trans, CSV csv, Creator<UserRole> creator, Visitor<UserRole> visitor) throws IOException, CadiException {
// public UserRole(String user, String role, String ns, String rname, Date expires) {
- csv.visit( row -> {
+ csv.visit( row ->
visitor.visit(new UserRole(row.get(1),row.get(2),row.get(3),row.get(4),
- new Date(Long.parseLong(row.get(6)))));
- });
+ new Date(Long.parseLong(row.get(6)))))
+ );
}
private static void load(Trans trans, Session session, Creator<UserRole> creator, String where, Visitor<UserRole> visitor) {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
index 3e7b30b2..38a76477 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
@@ -3,7 +3,6 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,7 +20,6 @@
package org.onap.aaf.auth.batch.helpers;
-@FunctionalInterface
public interface Visitor<T> {
void visit(T t);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
index ea196b1f..880173b9 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -3,7 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (C) 2019 IBM.
+ * Modifications Copyright (C) 2018 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,7 +52,6 @@ public class ApprovedRpt extends Batch {
private static final String APPR_RPT = "ApprovedRpt";
private static final String CSV = ".csv";
- private static final String INFO = "info";
private Date now;
private Writer approvedW;
private CSV historyR;
@@ -64,6 +63,13 @@ public class ApprovedRpt extends Batch {
TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
try {
+// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+// try {
+// session = cluster.connect();
+// } finally {
+// tt.done();
+// }
+
now = new Date();
String sdate = Chrono.dateOnlyStamp(now);
File file = new File(logDir(),APPR_RPT + sdate +CSV);
@@ -80,17 +86,32 @@ public class ApprovedRpt extends Batch {
@Override
protected void run(AuthzTrans trans) {
- try {
- Map<String,Boolean> checked = new TreeMap<String, Boolean>();
-
- final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
- int totalLoaded = 0;
- Date d;
+ try {
+// ResultSet results;
+// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
+// results = session.execute(stmt);
+// Iterator<Row> iter = results.iterator();
+// Row row;
+ /*
+ * while (iter.hasNext()) {
+ ++totalLoaded;
+ row = iter.next();
+ d = row.getTimestamp(0);
+ if(d.after(begin)) {
+ approvedW.row("aprvd",
+ Chrono.dateOnlyStamp(d),
+ row.getString(1),
+ row.getString(2),
+ row.getString(3),
+ row.getString(4),
+ row.getString(5)
+ );
+ }
+ }
+ */
GregorianCalendar gc = new GregorianCalendar();
gc.add(GregorianCalendar.MONTH, -2);
- Date begin = gc.getTime();
approvedW.comment("date, approver, status, user, role, memo");
-
historyR.visit(row -> {
String s = row.get(7);
if(s.equals(yr_mon)) {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
index ec8d1451..6c95f02e 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -205,15 +206,13 @@ public abstract class NotifyBody {
for(String cls : classNames) {
try {
Class<?> c = cl.loadClass(cls);
- if(c!=null) {
- if(!Modifier.isAbstract(c.getModifiers())) {
- Constructor<?> cst = c.getConstructor(Access.class);
+ if((c!=null)&&(!Modifier.isAbstract(c.getModifiers()))) {
+ Constructor<?> cst = c.getConstructor(Access.class);
NotifyBody nb = (NotifyBody)cst.newInstance(access);
if(nb!=null) {
bodyMap.put("info|"+nb.name, nb);
bodyMap.put(nb.type+'|'+nb.name, nb);
- }
- }
+ }
}
} catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
e.printStackTrace();
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
index 8eaf6a86..7001c024 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java
@@ -22,7 +22,7 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-
+import java.io.IOException;
import java.util.GregorianCalendar;
import java.util.List;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
index 417d4be4..82d1a624 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java
@@ -3,6 +3,8 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modification Copyright (c) 2019 IBM
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,13 +22,11 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-import java.io.IOException;
-
import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class OneMonthNotifyCredBody extends NotifyCredBody {
- public OneMonthNotifyCredBody(Access access){
+ public OneMonthNotifyCredBody(Access access) throws IOException {
super(access, ExpireRange.ONE_MONTH);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
index dae48d85..caa44782 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java
@@ -3,6 +3,8 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modification Copyright (c) 2019 IBM
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,13 +22,11 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-import java.io.IOException;
-
import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class OneWeekNotifyCredBody extends NotifyCredBody {
- public OneWeekNotifyCredBody(Access access){
+ public OneWeekNotifyCredBody(Access access) throws IOException {
super(access, ExpireRange.ONE_WEEK);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java
index 9d699cc3..1a047754 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,13 +21,12 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-import java.io.IOException;
import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class TwoMonthNotifyCredBody extends NotifyCredBody {
- public TwoMonthNotifyCredBody(Access access) throws IOException {
+ public TwoMonthNotifyCredBody(Access access) {
super(access, ExpireRange.TWO_MONTH);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java
index 77062f38..a802bb4e 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java
@@ -3,6 +3,7 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,13 +21,11 @@
*/
package org.onap.aaf.auth.batch.reports.bodies;
-import java.io.IOException;
-
import org.onap.aaf.auth.batch.helpers.ExpireRange;
import org.onap.aaf.cadi.Access;
public class TwoWeeksNotifyCredBody extends NotifyCredBody {
- public TwoWeeksNotifyCredBody(Access access) throws IOException {
+ public TwoWeeksNotifyCredBody(Access access) {
super(access, ExpireRange.TWO_WEEK);
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java
index 7e90bbb9..5583dc03 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java
@@ -57,6 +57,7 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
private PSInfo psByTicket;
private PSInfo psByStatus;
+ private static final int KEYLIMIT = 1;
public ApprovalDAO(AuthzTrans trans, Cluster cluster, String keyspace) {
super(trans, ApprovalDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
@@ -71,7 +72,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
init(trans);
}
- private static final int KEYLIMIT = 1;
public static class Data {
public UUID id;
public UUID ticket;
@@ -81,7 +81,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
public String status;
public String memo;
public String operation;
-// public Date last_notified;
public Date updated;
}
@@ -102,7 +101,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
data.status = row.getString(5);
data.memo = row.getString(6);
data.operation = row.getString(7);
-// data.last_notified = row.getTimestamp(8);
// This is used to get "WRITETIME(STATUS)" from Approval, which gives us an "updated"
if (row.getColumnDefinitions().size()>8) {
// Rows reported in MicroSeconds
@@ -117,8 +115,8 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
}
@Override
- protected void body(Data data, int _idx, Object[] obj) {
- int idx = _idx;
+ protected void body(Data data, int idxParam, Object[] obj) {
+ int idx = idxParam;
obj[idx]=data.ticket;
obj[++idx]=data.user;
obj[++idx]=data.approver;
@@ -126,7 +124,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {
obj[++idx]=data.status;
obj[++idx]=data.memo;
obj[++idx]=data.operation;
-// obj[++idx]=data.last_notified;
}
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1b20b900..c7ee5938 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -26,12 +26,13 @@ import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
-import java.util.Collections;
+import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.TreeMap;
import java.util.TreeSet;
import org.onap.aaf.auth.common.Define;
@@ -496,6 +497,7 @@ public class Question {
Result<List<NsDAO.Data>> rld = nsDAO.read(trans, lookup);
if (rld.isOKhasData()) {
nsd=rld.value.get(0);
+ lookup = nsd.parent;
if (type.type == nsd.type) {
return Result.ok(nsd);
} else {
@@ -898,18 +900,28 @@ public class Question {
}
} else {
Date now = new Date();
- // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
- List<CredDAO.Data> cddl;
+ // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
+ // 9/14/2019. Use TreeSet for sorting, and using only the LAST of a Tagged entry
+ Collection<CredDAO.Data> cddl;
if (result.value.size() > 1) {
- cddl = new ArrayList<>(result.value.size());
- for (CredDAO.Data old : result.value) {
- if (old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) {
- cddl.add(old);
+ Map<String,CredDAO.Data> mcdd = new TreeMap<>();
+ CredDAO.Data cdd;
+ String tag;
+ int pseudoTag = 0;
+ for (CredDAO.Data rcdd : result.value) {
+ if (rcdd.type==CredDAO.BASIC_AUTH || rcdd.type==CredDAO.BASIC_AUTH_SHA256) {
+ if(rcdd.tag==null) {
+ mcdd.put(Integer.toString(++pseudoTag),rcdd);
+ } else {
+ tag = rcdd.tag;
+ cdd = mcdd.get(tag);
+ if(cdd==null || cdd.expires.before(rcdd.expires)) {
+ mcdd.put(tag,rcdd);
+ }
+ }
}
}
- if (cddl.size()>1) {
- Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires));
- }
+ cddl = mcdd.values();
} else {
cddl = result.value;
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 4788ee45..aa145f1c 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -367,7 +367,7 @@ public class CMService {
for(Iterator<? extends Certificate> iter = certs.iterator(); iter.hasNext();) {
X509Certificate x509 = (X509Certificate)iter.next();
if(x509.getNotAfter().after(now) && x509.getSubjectDN().getName().contains(cn)) {
- if(++count>MAX_X509s) {
+ if(++count>max_509s) {
break;
}
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java
index d4d6c702..37d328bd 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java
@@ -3,6 +3,8 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modification Copyright (c) 2019 IBM
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -86,10 +88,10 @@ public class List extends BaseCmd<Role> {
}
}
- private final static String roleFormat = "%-56s Expires %s\n";
- private final static String roleFormatNoDate = "%-61s\n";
- private final static String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n";
- private final static String permFormat = " %-30s %-30s %-15s\n";
+ private static final String roleFormat = "%-56s Expires %s\n";
+ private static final String roleFormatNoDate = "%-61s\n";
+ private static final String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n";
+ private static final String permFormat = " %-30s %-30s %-15s\n";
private static final Comparator<aaf.v2_0.Role> roleCompare = new Comparator<aaf.v2_0.Role>() {
@@ -106,9 +108,11 @@ public class List extends BaseCmd<Role> {
} else if (aafcli.isDetailed()){
if (str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) {
String description = roles.getRole().get(0).getDescription();
- if (description == null) description = "";
+ if (description == null) {
+ description = "";
+ }
reportColHead("%-80s\n","Description: " + description);
- }
+ }
String fullFormat = roleFormat+permFormat;
reportColHead(fullFormat,"[ROLE NS].Name","","[PERM NS].Type","Instance","Action");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
index 4977b752..176787ea 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
@@ -3,6 +3,8 @@
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modification Copyright (c) 2019 IBM
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -44,7 +46,7 @@ import aaf.v2_0.Users.User;
*
*/
public class ListForCreds extends Cmd {
- private final static String[] options = {"ns","id"};
+ private static final String[] options = {"ns","id"};
private static final String HEADER = "List creds by Namespace or ID ";
public ListForCreds(List parent) {
@@ -54,8 +56,8 @@ public class ListForCreds extends Cmd {
}
@Override
- public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
+ public int _exec(int idxParam, final String ... args) throws CadiException, APIException, LocatorException {
+ int idx = idxParam;
final int option = whichOption(options, args[idx++]);
final String which = options[option];
final String value = args[idx++];
@@ -75,7 +77,9 @@ public class ListForCreds extends Cmd {
}
});
((org.onap.aaf.auth.cmd.user.List)parent).report(fp.value,option==1,HEADER+which,value);
- if (fp.code()==404)return 200;
+ if (fp.code()==404) {
+ return 200;
+ }
} else {
error(fp);
}
@@ -85,8 +89,8 @@ public class ListForCreds extends Cmd {
}
@Override
- public void detailedHelp(int _indent, StringBuilder sb) {
- int indent = _indent;
+ public void detailedHelp(int indentParam, StringBuilder sb) {
+ int indent = indentParam;
detailLine(sb,indent,HEADER);
indent+=2;
detailLine(sb,indent,"This report lists the users associated to either Namespaces or IDs.");
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
index e4420ab1..bd9f8875 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java
@@ -167,6 +167,8 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> {
// }
sb.append(",ms=");
sb.append(m.total);
+ sb.append(",status=");
+ sb.append(trans.hresp().getStatus());
sb.append(",meth=");
sb.append(trans.meth());
sb.append(",path=");
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index f7c38681..fbc1baa2 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -143,14 +143,16 @@ public class API_Creds {
AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+ // will be a valid Entity. Do we need to add permission
+ //if(trans.fish("ns","password","request")) or the like
Result<Date> r = context.doesCredentialMatch(trans, req, resp);
if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
// Can't do "401", because that is on the call itself
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ // 403 Implies you MAY NOT Ask.
+ resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
}
}
});
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
index ec0875c1..216468c2 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
@@ -29,9 +29,10 @@ import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.User;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
-import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.lur.ConfigPrincipal;
+import aaf.v2_0.CredRequest;
+
public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
private AAFCon<CLIENT> con;
private String realm;
@@ -139,12 +140,16 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
try {
Miss missed = missed(getName(),getCred());
if (missed==null || missed.mayContinue()) {
- Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred())));
- Future<String> fp = client.read(
- "/authn/basicAuth",
- "text/plain"
- );
- if (fp.get(con.timeout)) {
+ CredRequest cr = new CredRequest();
+ cr.setId(getName());
+ cr.setPassword(new String(getCred()));
+ Future<String> fp = con.client().readPost("/authn/validate", con.credReqDF, cr);
+ //Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred())));
+ //Future<String> fp = client.read(
+ // "/authn/basicAuth",
+ // "text/plain"
+ // );
+ if (fp.get(con.timeout)) {
expires = System.currentTimeMillis() + timeToLive;
addUser(new User<AAFPermission>(this, expires));
return Resp.REVALIDATED;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
index 40684057..3b97883b 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
@@ -28,6 +28,7 @@ import java.util.concurrent.ConcurrentHashMap;
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CadiWrap;
import org.onap.aaf.cadi.Connector;
@@ -36,7 +37,6 @@ import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;
import org.onap.aaf.cadi.client.Future;
@@ -56,6 +56,7 @@ import org.onap.aaf.misc.rosetta.env.RosettaDF;
import org.onap.aaf.misc.rosetta.env.RosettaEnv;
import aaf.v2_0.Certs;
+import aaf.v2_0.CredRequest;
import aaf.v2_0.Error;
import aaf.v2_0.Perms;
import aaf.v2_0.Users;
@@ -69,6 +70,7 @@ public abstract class AAFCon<CLIENT> implements Connector {
final public RosettaDF<Perms> permsDF;
final public RosettaDF<Certs> certsDF;
final public RosettaDF<Users> usersDF;
+ final public RosettaDF<CredRequest> credReqDF;
final public RosettaDF<Error> errDF;
private String realm;
public final String app;
@@ -90,6 +92,7 @@ public abstract class AAFCon<CLIENT> implements Connector {
permsDF = copy.permsDF;
certsDF = copy.certsDF;
usersDF = copy.usersDF;
+ credReqDF = copy.credReqDF;
errDF = copy.errDF;
app = copy.app;
si = copy.si;
@@ -186,6 +189,7 @@ public abstract class AAFCon<CLIENT> implements Connector {
usersDF = env.newDataFactory(Users.class);
certsDF = env.newDataFactory(Certs.class);
certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling
+ credReqDF = env.newDataFactory(CredRequest.class);
errDF = env.newDataFactory(Error.class);
} catch (APIException e) {
throw new CadiException("AAFCon cannot be configured",e);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index 5ef25bcd..a654e6f6 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -236,7 +236,10 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
@Override
public Item best() throws LocatorException {
if (!hasItems()) {
- throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + '/' + name + ':' + version + '\'');
+ throw new LocatorException(String.format("No Entries found for '%s/%s:%s'",
+ (aaf_locator_uri==null?aaf_locator_host:aaf_locator_uri.toString()),
+ name,
+ version));
}
List<EP> lep = new ArrayList<>();
EP first = null;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java
index 4848e504..cb3b4e8f 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java
@@ -40,7 +40,7 @@ public final class User<PERM extends Permission> {
public String name;
private byte[] cred;
public Principal principal;
- Map<String, Permission> perms ;
+ Map<String, Permission> perms;
long permExpires;
private final long interval;
int count;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
index fbaa4a5a..2c9bb8c4 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
@@ -45,17 +45,20 @@ public class CSV {
private Access access;
private boolean processAll;
private char delimiter = ',';
+ private boolean go;
public CSV(Access access, File file) {
this.access = access;
csv = file;
processAll = false;
+ go = true;
}
public CSV(Access access, String csvFilename) {
this.access = access;
csv = new File(csvFilename);
processAll = false;
+ go = true;
}
public CSV setDelimiter(char delimiter) {
@@ -88,7 +91,7 @@ public class CSV {
try {
String line;
StringBuilder sb = new StringBuilder();
- while((line = br.readLine())!=null) {
+ while(go && (line = br.readLine())!=null) {
line=line.trim();
if(!line.startsWith("#") && line.length()>0) {
// System.out.println(line); uncomment to debug
@@ -268,6 +271,13 @@ public class CSV {
return csv.getAbsolutePath();
}
}
+
+ /**
+ * Provides a way to stop processing records from inside a Visit
+ */
+ public void stop() {
+ go = false;
+ }
public void delete() {
csv.delete();