diff options
26 files changed, 148 insertions, 84 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java index 8bade4a4..d91c42c0 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ package org.onap.aaf.auth.batch.approvalsets; import org.onap.aaf.cadi.CadiException; +@FunctionalInterface public interface Loader<T> { public T load() throws CadiException; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java index d3209a02..9906f499 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +22,6 @@ */ package org.onap.aaf.auth.batch.helpers; -import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -34,7 +35,6 @@ import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.Hash; -import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Chrono; @@ -135,8 +135,6 @@ public class BatchDataView implements DataView { sb.append(add.id.toString()); sb.append(COMMA_QUOTE); sb.append(add.approver); -// sb.append(QUOTE_COMMA_QUOTE); -// sb.append(Chrono.utcStamp(add.last_notified)); sb.append(QUOTE_COMMA_QUOTE); sb.append(add.memo.replace("'", "''")); sb.append(QUOTE_COMMA_QUOTE); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java index 1a1bdf33..9cd7341c 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,15 +52,14 @@ public class CQLBatchLoop { /** * Assume this is another line in the Batch * @return - */ + */ public StringBuilder inc() { - if(i>=maxBatch || current.length()+sb.length()>MAX_CHARS) { - if(i>0) { - cqlBatch.execute(dryRun); + if((i>=maxBatch || current.length()+sb.length()>MAX_CHARS)&&(i>0)) { + + cqlBatch.execute(dryRun); i = -1; incBatch(); - } - } + } if(i<0) { cqlBatch.begin(); i=0; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java index a4cfcbec..84d7b5a2 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +32,7 @@ public class CacheChange<T extends CacheChange.Data> { removed = new ArrayList<>(); } + @FunctionalInterface interface Data { public abstract void expunge(); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java index 258f430e..6f228e08 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java @@ -119,6 +119,7 @@ public class LastNotified { return last; } + @FunctionalInterface private interface MarkDelete { boolean process(String fullKey, Date last); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java index d5c0d771..dd24d7d9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -128,10 +129,10 @@ public class UserRole implements Cloneable, CacheChange.Data { public static void load(Trans trans, CSV csv, Creator<UserRole> creator, Visitor<UserRole> visitor) throws IOException, CadiException { // public UserRole(String user, String role, String ns, String rname, Date expires) { - csv.visit( row -> { + csv.visit( row -> visitor.visit(new UserRole(row.get(1),row.get(2),row.get(3),row.get(4), - new Date(Long.parseLong(row.get(6))))); - }); + new Date(Long.parseLong(row.get(6))))) + ); } private static void load(Trans trans, Session session, Creator<UserRole> creator, String where, Visitor<UserRole> visitor) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java index 3e7b30b2..38a76477 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java @@ -3,7 +3,6 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +20,6 @@ package org.onap.aaf.auth.batch.helpers; -@FunctionalInterface public interface Visitor<T> { void visit(T t); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index ea196b1f..880173b9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -3,7 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. + * Modifications Copyright (C) 2018 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,7 +52,6 @@ public class ApprovedRpt extends Batch { private static final String APPR_RPT = "ApprovedRpt"; private static final String CSV = ".csv"; - private static final String INFO = "info"; private Date now; private Writer approvedW; private CSV historyR; @@ -64,6 +63,13 @@ public class ApprovedRpt extends Batch { TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB); try { +// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); +// try { +// session = cluster.connect(); +// } finally { +// tt.done(); +// } + now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),APPR_RPT + sdate +CSV); @@ -80,17 +86,32 @@ public class ApprovedRpt extends Batch { @Override protected void run(AuthzTrans trans) { - try { - Map<String,Boolean> checked = new TreeMap<String, Boolean>(); - - final AuthzTrans transNoAvg = trans.env().newTransNoAvg(); - int totalLoaded = 0; - Date d; + try { +// ResultSet results; +// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" ); +// results = session.execute(stmt); +// Iterator<Row> iter = results.iterator(); +// Row row; + /* + * while (iter.hasNext()) { + ++totalLoaded; + row = iter.next(); + d = row.getTimestamp(0); + if(d.after(begin)) { + approvedW.row("aprvd", + Chrono.dateOnlyStamp(d), + row.getString(1), + row.getString(2), + row.getString(3), + row.getString(4), + row.getString(5) + ); + } + } + */ GregorianCalendar gc = new GregorianCalendar(); gc.add(GregorianCalendar.MONTH, -2); - Date begin = gc.getTime(); approvedW.comment("date, approver, status, user, role, memo"); - historyR.visit(row -> { String s = row.get(7); if(s.equals(yr_mon)) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java index ec8d1451..6c95f02e 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -205,15 +206,13 @@ public abstract class NotifyBody { for(String cls : classNames) { try { Class<?> c = cl.loadClass(cls); - if(c!=null) { - if(!Modifier.isAbstract(c.getModifiers())) { - Constructor<?> cst = c.getConstructor(Access.class); + if((c!=null)&&(!Modifier.isAbstract(c.getModifiers()))) { + Constructor<?> cst = c.getConstructor(Access.class); NotifyBody nb = (NotifyBody)cst.newInstance(access); if(nb!=null) { bodyMap.put("info|"+nb.name, nb); bodyMap.put(nb.type+'|'+nb.name, nb); - } - } + } } } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { e.printStackTrace(); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java index 8eaf6a86..7001c024 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java @@ -22,7 +22,7 @@ */ package org.onap.aaf.auth.batch.reports.bodies; - +import java.io.IOException; import java.util.GregorianCalendar; import java.util.List; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java index 417d4be4..82d1a624 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneMonthNotifyCredBody extends NotifyCredBody { - public OneMonthNotifyCredBody(Access access){ + public OneMonthNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java index dae48d85..caa44782 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneWeekNotifyCredBody extends NotifyCredBody { - public OneWeekNotifyCredBody(Access access){ + public OneWeekNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_WEEK); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java index 9d699cc3..1a047754 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +21,12 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoMonthNotifyCredBody extends NotifyCredBody { - public TwoMonthNotifyCredBody(Access access) throws IOException { + public TwoMonthNotifyCredBody(Access access) { super(access, ExpireRange.TWO_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java index 77062f38..a802bb4e 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +21,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoWeeksNotifyCredBody extends NotifyCredBody { - public TwoWeeksNotifyCredBody(Access access) throws IOException { + public TwoWeeksNotifyCredBody(Access access) { super(access, ExpireRange.TWO_WEEK); } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java index 7e90bbb9..5583dc03 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java @@ -57,6 +57,7 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { private PSInfo psByTicket; private PSInfo psByStatus; + private static final int KEYLIMIT = 1; public ApprovalDAO(AuthzTrans trans, Cluster cluster, String keyspace) { super(trans, ApprovalDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); @@ -71,7 +72,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { init(trans); } - private static final int KEYLIMIT = 1; public static class Data { public UUID id; public UUID ticket; @@ -81,7 +81,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { public String status; public String memo; public String operation; -// public Date last_notified; public Date updated; } @@ -102,7 +101,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { data.status = row.getString(5); data.memo = row.getString(6); data.operation = row.getString(7); -// data.last_notified = row.getTimestamp(8); // This is used to get "WRITETIME(STATUS)" from Approval, which gives us an "updated" if (row.getColumnDefinitions().size()>8) { // Rows reported in MicroSeconds @@ -117,8 +115,8 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { } @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; + protected void body(Data data, int idxParam, Object[] obj) { + int idx = idxParam; obj[idx]=data.ticket; obj[++idx]=data.user; obj[++idx]=data.approver; @@ -126,7 +124,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { obj[++idx]=data.status; obj[++idx]=data.memo; obj[++idx]=data.operation; -// obj[++idx]=data.last_notified; } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 1b20b900..c7ee5938 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -26,12 +26,13 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; -import java.util.Collections; +import java.util.Collection; import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeMap; import java.util.TreeSet; import org.onap.aaf.auth.common.Define; @@ -496,6 +497,7 @@ public class Question { Result<List<NsDAO.Data>> rld = nsDAO.read(trans, lookup); if (rld.isOKhasData()) { nsd=rld.value.get(0); + lookup = nsd.parent; if (type.type == nsd.type) { return Result.ok(nsd); } else { @@ -898,18 +900,28 @@ public class Question { } } else { Date now = new Date(); - // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. - List<CredDAO.Data> cddl; + // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. + // 9/14/2019. Use TreeSet for sorting, and using only the LAST of a Tagged entry + Collection<CredDAO.Data> cddl; if (result.value.size() > 1) { - cddl = new ArrayList<>(result.value.size()); - for (CredDAO.Data old : result.value) { - if (old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) { - cddl.add(old); + Map<String,CredDAO.Data> mcdd = new TreeMap<>(); + CredDAO.Data cdd; + String tag; + int pseudoTag = 0; + for (CredDAO.Data rcdd : result.value) { + if (rcdd.type==CredDAO.BASIC_AUTH || rcdd.type==CredDAO.BASIC_AUTH_SHA256) { + if(rcdd.tag==null) { + mcdd.put(Integer.toString(++pseudoTag),rcdd); + } else { + tag = rcdd.tag; + cdd = mcdd.get(tag); + if(cdd==null || cdd.expires.before(rcdd.expires)) { + mcdd.put(tag,rcdd); + } + } } } - if (cddl.size()>1) { - Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires)); - } + cddl = mcdd.values(); } else { cddl = result.value; } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 4788ee45..aa145f1c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -367,7 +367,7 @@ public class CMService { for(Iterator<? extends Certificate> iter = certs.iterator(); iter.hasNext();) { X509Certificate x509 = (X509Certificate)iter.next(); if(x509.getNotAfter().after(now) && x509.getSubjectDN().getName().contains(cn)) { - if(++count>MAX_X509s) { + if(++count>max_509s) { break; } } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java index d4d6c702..37d328bd 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -86,10 +88,10 @@ public class List extends BaseCmd<Role> { } } - private final static String roleFormat = "%-56s Expires %s\n"; - private final static String roleFormatNoDate = "%-61s\n"; - private final static String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n"; - private final static String permFormat = " %-30s %-30s %-15s\n"; + private static final String roleFormat = "%-56s Expires %s\n"; + private static final String roleFormatNoDate = "%-61s\n"; + private static final String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n"; + private static final String permFormat = " %-30s %-30s %-15s\n"; private static final Comparator<aaf.v2_0.Role> roleCompare = new Comparator<aaf.v2_0.Role>() { @@ -106,9 +108,11 @@ public class List extends BaseCmd<Role> { } else if (aafcli.isDetailed()){ if (str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) { String description = roles.getRole().get(0).getDescription(); - if (description == null) description = ""; + if (description == null) { + description = ""; + } reportColHead("%-80s\n","Description: " + description); - } + } String fullFormat = roleFormat+permFormat; reportColHead(fullFormat,"[ROLE NS].Name","","[PERM NS].Type","Instance","Action"); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java index 4977b752..176787ea 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -44,7 +46,7 @@ import aaf.v2_0.Users.User; * */ public class ListForCreds extends Cmd { - private final static String[] options = {"ns","id"}; + private static final String[] options = {"ns","id"}; private static final String HEADER = "List creds by Namespace or ID "; public ListForCreds(List parent) { @@ -54,8 +56,8 @@ public class ListForCreds extends Cmd { } @Override - public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; + public int _exec(int idxParam, final String ... args) throws CadiException, APIException, LocatorException { + int idx = idxParam; final int option = whichOption(options, args[idx++]); final String which = options[option]; final String value = args[idx++]; @@ -75,7 +77,9 @@ public class ListForCreds extends Cmd { } }); ((org.onap.aaf.auth.cmd.user.List)parent).report(fp.value,option==1,HEADER+which,value); - if (fp.code()==404)return 200; + if (fp.code()==404) { + return 200; + } } else { error(fp); } @@ -85,8 +89,8 @@ public class ListForCreds extends Cmd { } @Override - public void detailedHelp(int _indent, StringBuilder sb) { - int indent = _indent; + public void detailedHelp(int indentParam, StringBuilder sb) { + int indent = indentParam; detailLine(sb,indent,HEADER); indent+=2; detailLine(sb,indent,"This report lists the users associated to either Namespaces or IDs."); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index e4420ab1..bd9f8875 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -167,6 +167,8 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> { // } sb.append(",ms="); sb.append(m.total); + sb.append(",status="); + sb.append(trans.hresp().getStatus()); sb.append(",meth="); sb.append(trans.meth()); sb.append(",path="); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index f7c38681..fbc1baa2 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -143,14 +143,16 @@ public class API_Creds { AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + // will be a valid Entity. Do we need to add permission + //if(trans.fish("ns","password","request")) or the like Result<Date> r = context.doesCredentialMatch(trans, req, resp); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden // Can't do "401", because that is on the call itself - resp.setStatus(HttpStatus.FORBIDDEN_403); + // 403 Implies you MAY NOT Ask. + resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406); } } }); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java index ec0875c1..216468c2 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java @@ -29,9 +29,10 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.User; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.lur.ConfigPrincipal; +import aaf.v2_0.CredRequest; + public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> { private AAFCon<CLIENT> con; private String realm; @@ -139,12 +140,16 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> { try { Miss missed = missed(getName(),getCred()); if (missed==null || missed.mayContinue()) { - Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred()))); - Future<String> fp = client.read( - "/authn/basicAuth", - "text/plain" - ); - if (fp.get(con.timeout)) { + CredRequest cr = new CredRequest(); + cr.setId(getName()); + cr.setPassword(new String(getCred())); + Future<String> fp = con.client().readPost("/authn/validate", con.credReqDF, cr); + //Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred()))); + //Future<String> fp = client.read( + // "/authn/basicAuth", + // "text/plain" + // ); + if (fp.get(con.timeout)) { expires = System.currentTimeMillis() + timeToLive; addUser(new User<AAFPermission>(this, expires)); return Resp.REVALIDATED; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java index 40684057..3b97883b 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java @@ -28,6 +28,7 @@ import java.util.concurrent.ConcurrentHashMap; import org.onap.aaf.cadi.AbsUserCache; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; @@ -36,7 +37,6 @@ import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.SecuritySetter; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.aaf.marshal.CertsMarshal; import org.onap.aaf.cadi.client.Future; @@ -56,6 +56,7 @@ import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaEnv; import aaf.v2_0.Certs; +import aaf.v2_0.CredRequest; import aaf.v2_0.Error; import aaf.v2_0.Perms; import aaf.v2_0.Users; @@ -69,6 +70,7 @@ public abstract class AAFCon<CLIENT> implements Connector { final public RosettaDF<Perms> permsDF; final public RosettaDF<Certs> certsDF; final public RosettaDF<Users> usersDF; + final public RosettaDF<CredRequest> credReqDF; final public RosettaDF<Error> errDF; private String realm; public final String app; @@ -90,6 +92,7 @@ public abstract class AAFCon<CLIENT> implements Connector { permsDF = copy.permsDF; certsDF = copy.certsDF; usersDF = copy.usersDF; + credReqDF = copy.credReqDF; errDF = copy.errDF; app = copy.app; si = copy.si; @@ -186,6 +189,7 @@ public abstract class AAFCon<CLIENT> implements Connector { usersDF = env.newDataFactory(Users.class); certsDF = env.newDataFactory(Certs.class); certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling + credReqDF = env.newDataFactory(CredRequest.class); errDF = env.newDataFactory(Error.class); } catch (APIException e) { throw new CadiException("AAFCon cannot be configured",e); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java index 5ef25bcd..a654e6f6 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java @@ -236,7 +236,10 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> @Override public Item best() throws LocatorException { if (!hasItems()) { - throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + '/' + name + ':' + version + '\''); + throw new LocatorException(String.format("No Entries found for '%s/%s:%s'", + (aaf_locator_uri==null?aaf_locator_host:aaf_locator_uri.toString()), + name, + version)); } List<EP> lep = new ArrayList<>(); EP first = null; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java index 4848e504..cb3b4e8f 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/User.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/User.java @@ -40,7 +40,7 @@ public final class User<PERM extends Permission> { public String name; private byte[] cred; public Principal principal; - Map<String, Permission> perms ; + Map<String, Permission> perms; long permExpires; private final long interval; int count; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java index fbaa4a5a..2c9bb8c4 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java @@ -45,17 +45,20 @@ public class CSV { private Access access; private boolean processAll; private char delimiter = ','; + private boolean go; public CSV(Access access, File file) { this.access = access; csv = file; processAll = false; + go = true; } public CSV(Access access, String csvFilename) { this.access = access; csv = new File(csvFilename); processAll = false; + go = true; } public CSV setDelimiter(char delimiter) { @@ -88,7 +91,7 @@ public class CSV { try { String line; StringBuilder sb = new StringBuilder(); - while((line = br.readLine())!=null) { + while(go && (line = br.readLine())!=null) { line=line.trim(); if(!line.startsWith("#") && line.length()>0) { // System.out.println(line); uncomment to debug @@ -268,6 +271,13 @@ public class CSV { return csv.getAbsolutePath(); } } + + /** + * Provides a way to stop processing records from inside a Visit + */ + public void stop() { + go = false; + } public void delete() { csv.delete(); |