summaryrefslogtreecommitdiffstats
path: root/auth/auth-deforg
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-deforg')
-rw-r--r--auth/auth-deforg/.gitignore5
-rw-r--r--auth/auth-deforg/pom.xml184
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java666
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java170
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgWarnings.java63
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/Identities.java143
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java139
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgIdentity.java96
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgWarnings.java83
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Identities.java110
-rw-r--r--auth/auth-deforg/src/test/resources/test.txt0
11 files changed, 1659 insertions, 0 deletions
diff --git a/auth/auth-deforg/.gitignore b/auth/auth-deforg/.gitignore
new file mode 100644
index 00000000..ad5605e4
--- /dev/null
+++ b/auth/auth-deforg/.gitignore
@@ -0,0 +1,5 @@
+/bin/
+/target/
+/.classpath
+/.project
+/.settings
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
new file mode 100644
index 00000000..29de4fd3
--- /dev/null
+++ b/auth/auth-deforg/pom.xml
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>parent</artifactId>
+ <relativePath>../pom.xml</relativePath>
+ <groupId>org.onap.aaf.auth</groupId>
+ <version>2.1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>aaf-auth-deforg</artifactId>
+ <name>AAF Auth Default Organization</name>
+ <description>Example Organization Module</description>
+ <packaging>jar</packaging>
+
+ <developers>
+ <developer>
+ <name>Jonathan Gathman</name>
+ <email>jonathan.gathman@att.com</email>
+ <organization>ATT</organization>
+ <roles>
+ <role>Architect</role>
+ <role>Lead Developer</role>
+ </roles>
+ </developer>
+ <developer>
+ <name>Gabe Maurer</name>
+ <email>gabe.maurer@att.com</email>
+ <organization>ATT</organization>
+ <roles>
+ <role>Developer</role>
+ </roles>
+ </developer>
+ <developer>
+ <name>Ian Howell</name>
+ <email>ian.howell@att.com</email>
+ <organization>ATT</organization>
+ <roles>
+ <role>Developer</role>
+ </roles>
+ </developer>
+ </developers>
+
+
+ <properties>
+ <maven.test.failure.ignore>false</maven.test.failure.ignore>
+ </properties>
+
+
+ <dependencies>
+ <dependency>
+ <groupId>org.onap.aaf.cadi</groupId>
+ <artifactId>aaf-cadi-core</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.onap.aaf.auth</groupId>
+ <artifactId>aaf-auth-core</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.10.4</version>
+ <configuration>
+ <failOnError>false</failOnError>
+ </configuration>
+ <executions>
+ <execution>
+ <id>attach-javadocs</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <nexusUrl>${nexusproxy}</nexusUrl>
+ <stagingProfileId>176c31dfe190a</stagingProfileId>
+ <serverId>ecomp-staging</serverId>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>${jacoco.version}</version>
+ <configuration>
+ <excludes>
+ <exclude>**/gen/**</exclude>
+ <exclude>**/generated-sources/**</exclude>
+ <exclude>**/yang-gen/**</exclude>
+ <exclude>**/pax/**</exclude>
+ </excludes>
+ </configuration>
+ <executions>
+
+ <execution>
+ <id>pre-unit-test</id>
+ <goals>
+ <goal>prepare-agent</goal>
+ </goals>
+ <configuration>
+ <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>
+ <propertyName>surefireArgLine</propertyName>
+ </configuration>
+ </execution>
+
+
+ <execution>
+ <id>post-unit-test</id>
+ <phase>test</phase>
+ <goals>
+ <goal>report</goal>
+ </goals>
+ <configuration>
+ <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>
+ <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>
+ </configuration>
+ </execution>
+ <execution>
+ <id>pre-integration-test</id>
+ <phase>pre-integration-test</phase>
+ <goals>
+ <goal>prepare-agent</goal>
+ </goals>
+ <configuration>
+ <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>
+ <propertyName>failsafeArgLine</propertyName>
+ </configuration>
+ </execution>
+
+ <execution>
+ <id>post-integration-test</id>
+ <phase>post-integration-test</phase>
+ <goals>
+ <goal>report</goal>
+ </goals>
+ <configuration>
+ <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>
+ <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+
+</project>
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
new file mode 100644
index 00000000..63e83901
--- /dev/null
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -0,0 +1,666 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import javax.mail.Address;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.EmailWarnings;
+import org.onap.aaf.auth.org.Executor;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.util.FQI;
+import org.onap.aaf.misc.env.Env;
+
+public class DefaultOrg implements Organization {
+ private static final String AAF_DATA_DIR = "aaf_data_dir";
+ private static final String PROPERTY_IS_REQUIRED = " property is Required";
+ // Package on Purpose
+ final String domain;
+ final String atDomain;
+ final String realm;
+
+ private final String NAME,mailHost,mailFrom;
+
+ public DefaultOrg(Env env, String realm) throws OrganizationException {
+ this.realm = realm;
+ domain=FQI.reverseDomain(realm);
+ atDomain = '@'+domain;
+ String s;
+ NAME=env.getProperty(realm + ".name","Default Organization");
+ mailHost = env.getProperty(s=(realm + ".mailHost"), null);
+ if(mailHost==null) {
+ throw new OrganizationException(s + PROPERTY_IS_REQUIRED);
+ }
+ mailFrom = env.getProperty(s=(realm + ".mailFrom"), null);
+ if(mailFrom==null) {
+ throw new OrganizationException(s + PROPERTY_IS_REQUIRED);
+ }
+
+ System.getProperties().setProperty("mail.smtp.host",mailHost);
+ System.getProperties().setProperty("mail.user", mailFrom);
+ // Get the default Session object.
+ session = Session.getDefaultInstance(System.getProperties());
+
+ try {
+ String defFile;
+ String temp=env.getProperty(defFile = (getClass().getName()+".file"));
+ File fIdentities=null;
+ if(temp==null) {
+ temp = env.getProperty(AAF_DATA_DIR);
+ if(temp!=null) {
+ env.warn().log(defFile, "is not defined. Using default: ",temp+"/identities.dat");
+ File dir = new File(temp);
+ fIdentities=new File(dir,"identities.dat");
+ if(!fIdentities.exists()) {
+ env.warn().log("No",fIdentities.getCanonicalPath(),"exists. Creating.");
+ if(!dir.exists()) {
+ dir.mkdirs();
+ }
+ fIdentities.createNewFile();
+ }
+ }
+ } else {
+ fIdentities = new File(temp);
+ if(!fIdentities.exists()) {
+ String dataDir = env.getProperty(AAF_DATA_DIR);
+ if(dataDir!=null) {
+ fIdentities = new File(dataDir,temp);
+ }
+ }
+ }
+
+ if(fIdentities!=null && fIdentities.exists()) {
+ identities = new Identities(fIdentities);
+ } else {
+ throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
+ }
+ } catch (IOException e) {
+ throw new OrganizationException(e);
+ }
+ }
+
+ // Implement your own Delegation System
+ static final List<String> NULL_DELEGATES = new ArrayList<String>();
+
+ public Identities identities;
+ private boolean dryRun;
+ private Session session;
+ public enum Types {Employee, Contractor, Application, NotActive};
+ private final static Set<String> typeSet;
+
+ static {
+ typeSet = new HashSet<String>();
+ for(Types t : Types.values()) {
+ typeSet.add(t.name());
+ }
+ }
+
+ private static final EmailWarnings emailWarnings = new DefaultOrgWarnings();
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ @Override
+ public String getRealm() {
+ return realm;
+ }
+
+ @Override
+ public String getDomain() {
+ return domain;
+ }
+
+ @Override
+ public DefaultOrgIdentity getIdentity(AuthzTrans trans, String id) throws OrganizationException {
+ int at = id.indexOf('@');
+ return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
+ }
+
+ // Note: Return a null if found; return a String Message explaining why not found.
+ @Override
+ public String isValidID(final AuthzTrans trans, final String id) {
+ try {
+ DefaultOrgIdentity u = getIdentity(trans,id);
+ return (u==null||!u.isFound())?id + "is not an Identity in " + getName():null;
+ } catch (OrganizationException e) {
+ return getName() + " could not lookup " + id + ": " + e.getLocalizedMessage();
+ }
+ }
+ // Possible ID Pattern
+ // private static final Pattern ID_PATTERN=Pattern.compile("([\\w.-]+@[\\w.-]+).{4-13}");
+ // Another one: ID_PATTERN = "(a-z[a-z0-9]{5-8}@.*).{4-13}";
+
+ @Override
+ public boolean isValidCred(final AuthzTrans trans, final String id) {
+ // have domain?
+ int at = id.indexOf('@');
+ String sid;
+ if(at > 0) {
+ // Use this to prevent passwords to any but THIS domain.
+// if(!id.regionMatches(at+1, domain, 0, id.length()-at-1)) {
+// return false;
+// }
+ sid = id.substring(0,at);
+ } else {
+ sid = id;
+ }
+ // We'll validate that it exists, rather than check patterns.
+
+ return isValidID(trans, sid)==null;
+ // Check Pattern (if checking existing is too long)
+ // if(id.endsWith(SUFFIX) && ID_PATTERN.matcher(id).matches()) {
+ // return true;
+ // }
+ // return false;
+ }
+
+ private static final String SPEC_CHARS = "!@#$%^*-+?/,:;.";
+ private static final Pattern PASS_PATTERN=Pattern.compile("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[" + SPEC_CHARS +"]).{6,20})");
+ /**
+ * Attribution: from mkyong.com
+ * ( # Start of group
+ * (?=.*\d) # must contains one digit from 0-9
+ * (?=.*[a-z]) # must contains one lowercase characters
+ * (?=.*[A-Z]) # must contains one uppercase characters
+ * (?=.*[@#$%]) # must contains one special symbols in the list SPEC_CHARS
+ * . # match anything with previous condition checking
+ * {6,20} # length at least 6 characters and maximum of 20
+ * ) # End of group
+ */
+ @Override
+ public String isValidPassword(final AuthzTrans trans, final String user, final String password, final String... prev) {
+ for(String p : prev) {
+ if(password.contains(p)) { // A more sophisticated algorithm might be better.
+ return "Password too similar to previous passwords";
+ }
+ }
+ // If you have an Organization user/Password scheme, replace the following
+ if(PASS_PATTERN.matcher(password).matches()) {
+ return "";
+ }
+ return "Password does not match " + NAME + " Password Standards";
+ }
+
+ private static final String[] rules = new String[] {
+ "Passwords must contain one digit from 0-9",
+ "Passwords must contain one lowercase character",
+ "Passwords must contain one uppercase character",
+ "Passwords must contain one special symbols in the list \""+ SPEC_CHARS + '"',
+ "Passwords must be between 6 and 20 chars in length"
+ };
+
+ @Override
+ public String[] getPasswordRules() {
+ return rules;
+ }
+
+ @Override
+ public Set<String> getIdentityTypes() {
+ return typeSet;
+ }
+
+ @Override
+ public Response notify(AuthzTrans trans, Notify type, String url, String[] identities, String[] ccs, String summary, Boolean urgent) {
+ String system = trans.getProperty("CASS_ENV", "");
+
+ ArrayList<String> toList = new ArrayList<String>();
+ Identity identity;
+ if (identities != null) {
+ for (String user : identities) {
+ try {
+ identity = getIdentity(trans, user);
+ if (identity == null) {
+ trans.error().log(
+ "Failure to obtain User " + user + " for "
+ + getName());
+ } else {
+ toList.add(identity.email());
+ }
+ } catch (Exception e) {
+ trans.error().log(
+ e,
+ "Failure to obtain User " + user + " for "
+ + getName());
+ }
+ }
+ }
+
+ if (toList.isEmpty()) {
+ trans.error().log("No Users listed to email");
+ return Response.ERR_NotificationFailure;
+ }
+
+ ArrayList<String> ccList = new ArrayList<String>();
+
+ // If we're sending an urgent email, CC the user's supervisor
+ //
+ if (urgent) {
+ trans.info().log("urgent msg for: " + identities[0]);
+ try {
+ List<Identity> supervisors = getApprovers(trans, identities[0]);
+ for (Identity us : supervisors) {
+ trans.info().log("supervisor: " + us.email());
+ ccList.add(us.email());
+ }
+ } catch (Exception e) {
+ trans.error().log(e,
+ "Failed to find supervisor for " + identities[0]);
+ }
+ }
+
+ if (ccs != null) {
+ for (String user : ccs) {
+ try {
+ identity = getIdentity(trans, user);
+ ccList.add(identity.email());
+ } catch (Exception e) {
+ trans.error().log(
+ e,
+ "Failure to obtain User " + user + " for "
+ + getName());
+ }
+ }
+ }
+
+ if (summary == null) {
+ summary = "";
+ }
+
+ switch (type) {
+ case Approval:
+ try {
+ sendEmail(trans, toList, ccList,
+ "AAF Approval Notification "
+ + (system.length() == 0 ? "" : "(ENV: "
+ + system + ")"),
+ "AAF is the "
+ + NAME
+ + "System for Fine-Grained Authorizations. You are being asked to Approve"
+ + (system.length() == 0 ? "" : " in the "
+ + system + " environment")
+ + " before AAF Actions can be taken.\n\n"
+ + "Please follow this link: \n\n\t" + url
+ + "\n\n" + summary, urgent);
+ } catch (Exception e) {
+ trans.error().log(e, "Failure to send Email");
+ return Response.ERR_NotificationFailure;
+ }
+ break;
+ case PasswordExpiration:
+ try {
+ sendEmail(trans,
+ toList,
+ ccList,
+ "AAF Password Expiration Warning "
+ + (system.length() == 0 ? "" : "(ENV: "
+ + system + ")"),
+ "AAF is the "
+ + NAME
+ + " System for Authorizations.\n\nOne or more passwords will expire soon or have expired"
+ + (system.length() == 0 ? "" : " in the "
+ + system + " environment")
+ + ".\n\nPasswords expired for more than 30 days without action are subject to deletion.\n\n"
+ + "Please follow each link to add a New Password with Expiration Date. Either are valid until expiration. "
+ + "Use this time to change the passwords on your system. If issues, reply to this email.\n\n"
+ + summary, urgent);
+ } catch (Exception e) {
+ trans.error().log(e, "Failure to send Email");
+ return Response.ERR_NotificationFailure;
+ }
+ break;
+
+ case RoleExpiration:
+ try {
+ sendEmail(
+ trans,
+ toList,
+ ccList,
+ "AAF Role Expiration Warning "
+ + (system.length() == 0 ? "" : "(ENV: "
+ + system + ")"),
+ "AAF is the "
+ + NAME
+ + " System for Authorizations. One or more roles will expire soon"
+ + (system.length() == 0 ? "" : " in the "
+ + system + " environment")
+ + ".\n\nRoles expired for more than 30 days are subject to deletion."
+ + "Please follow this link the GUI Command line, and either 'extend' or 'del' the user in the role.\n"
+ + "If issues, reply to this email.\n\n\t" + url
+ + "\n\n" + summary, urgent);
+ } catch (Exception e) {
+ trans.error().log(e, "Failure to send Email");
+ return Response.ERR_NotificationFailure;
+ }
+ break;
+ default:
+ return Response.ERR_NotImplemented;
+ }
+ return Response.OK;
+ }
+
+ @Override
+ public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body,
+ Boolean urgent) throws OrganizationException {
+ int status = 1;
+
+ List<String> to = new ArrayList<String>();
+ for(String em : toList) {
+ if(em.indexOf('@')<0) {
+ to.add(new DefaultOrgIdentity(trans, em, this).email());
+ } else {
+ to.add(em);
+ }
+ }
+
+ List<String> cc = new ArrayList<String>();
+ if(ccList!=null && !ccList.isEmpty()) {
+ for(String em : ccList) {
+ if(em.indexOf('@')<0) {
+ cc.add(new DefaultOrgIdentity(trans, em, this).email());
+ } else {
+ cc.add(em);
+ }
+ }
+ }
+
+
+ // for now, I want all emails so we can see what goes out. Remove later
+ if (!ccList.contains(mailFrom)) {
+ ccList.add(mailFrom);
+ }
+
+ try {
+ // Create a default MimeMessage object.
+ MimeMessage message = new MimeMessage(session);
+
+ // Set From: header field of the header.
+ message.setFrom(new InternetAddress(mailFrom));
+
+ if (!dryRun) {
+ // Set To: header field of the header. This is a required field
+ // and calling module should make sure that it is not null or
+ // blank
+ message.addRecipients(Message.RecipientType.TO,getAddresses(to));
+
+ // Set CC: header field of the header.
+ if ((ccList != null) && (ccList.size() > 0)) {
+ message.addRecipients(Message.RecipientType.CC,getAddresses(cc));
+ }
+
+ // Set Subject: header field
+ message.setSubject(subject);
+
+ if (urgent) {
+ message.addHeader("X-Priority", "1");
+ }
+
+ // Now set the actual message
+ message.setText(body);
+ } else {
+ // override recipients
+ message.addRecipients(Message.RecipientType.TO,
+ InternetAddress.parse(mailFrom));
+
+ // Set Subject: header field
+ message.setSubject("[TESTMODE] " + subject);
+
+ if (urgent) {
+ message.addHeader("X-Priority", "1");
+ }
+
+ ArrayList<String> newBody = new ArrayList<String>();
+
+ Address temp[] = getAddresses(to);
+ String headerString = "TO:\t" + InternetAddress.toString(temp) + "\n";
+
+ temp = getAddresses(cc);
+ headerString += "CC:\t" + InternetAddress.toString(temp) + "\n";
+
+ newBody.add(headerString);
+
+ newBody.add("Text: \n");
+
+ newBody.add(body);
+ String outString = "";
+ for (String s : newBody) {
+ outString += s + "\n";
+ }
+
+ message.setText(outString);
+ }
+ // Send message
+ Transport.send(message);
+ status = 0;
+
+ } catch (MessagingException mex) {
+ throw new OrganizationException("Exception send email message "
+ + mex.getMessage());
+ }
+
+ return status;
+ }
+
+ /**
+ * Default Policy is to set to 6 Months for Notification Types.
+ * add others/change as required
+ */
+ @Override
+ public Date whenToValidate(Notify type, Date lastValidated) {
+ switch(type) {
+ case Approval:
+ case PasswordExpiration:
+ return null;
+ default:
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.setTime(lastValidated);
+ gc.add(GregorianCalendar.MONTH, 6); // 6 month policy
+ return gc.getTime();
+ }
+ }
+
+ @Override
+ public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String... extra) {
+ GregorianCalendar now = new GregorianCalendar();
+ GregorianCalendar rv = gc==null?now:(GregorianCalendar)gc.clone();
+ switch (exp) {
+ case ExtendPassword:
+ // Extending Password give 5 extra days, max 8 days from now
+ rv.add(GregorianCalendar.DATE, 5);
+ now.add(GregorianCalendar.DATE, 8);
+ if(rv.after(now)) {
+ rv = now;
+ }
+ break;
+ case Future:
+ // Future requests last 15 days.
+ now.add(GregorianCalendar.DATE, 15);
+ rv = now;
+ break;
+ case Password:
+ // Passwords expire in 90 days
+ now.add(GregorianCalendar.DATE, 90);
+ rv = now;
+ break;
+ case TempPassword:
+ // Temporary Passwords last for 12 hours.
+ now.add(GregorianCalendar.DATE, 90);
+ rv = now;
+ break;
+ case UserDelegate:
+ // Delegations expire max in 2 months, renewable to 3
+ rv.add(GregorianCalendar.MONTH, 2);
+ now.add(GregorianCalendar.MONTH, 3);
+ if(rv.after(now)) {
+ rv = now;
+ }
+ break;
+ case UserInRole:
+ // Roles expire in 6 months
+ now.add(GregorianCalendar.MONTH, 6);
+ rv = now;
+ break;
+ default:
+ // Unless other wise set, 6 months is default
+ now.add(GregorianCalendar.MONTH, 6);
+ rv = now;
+ break;
+ }
+ return rv;
+ }
+
+ @Override
+ public EmailWarnings emailWarningPolicy() {
+ return emailWarnings;
+ }
+
+ /**
+ * Assume the Supervisor is the Approver.
+ */
+ @Override
+ public List<Identity> getApprovers(AuthzTrans trans, String user) throws OrganizationException {
+ Identity orgIdentity = getIdentity(trans, user);
+ List<Identity> orgIdentitys = new ArrayList<Identity>();
+ if(orgIdentity!=null) {
+ Identity supervisor = orgIdentity.responsibleTo();
+ if(supervisor!=null) {
+ orgIdentitys.add(supervisor);
+ }
+ }
+ return orgIdentitys;
+ }
+
+ @Override
+ public String getApproverType() {
+ return "supervisor";
+ }
+
+ @Override
+ public int startOfDay() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public boolean canHaveMultipleCreds(String id) {
+ // External entities are likely mono-password... if you change it, it is a global change.
+ // This is great for people, but horrible for Applications.
+ //
+ // AAF's Password can have multiple Passwords, each with their own Expiration Date.
+ // For Default Org, we'll assume true for all, but when you add your external
+ // Identity stores, you need to return "false" if they cannot support multiple Passwords like AAF
+ return true;
+ }
+
+ @Override
+ public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {
+ switch(policy) {
+ case OWNS_MECHID:
+ case CREATE_MECHID:
+ if(vars.length>0) {
+ DefaultOrgIdentity thisID = getIdentity(trans,vars[0]);
+ if("a".equals(thisID.identity.status)) { // MechID
+ DefaultOrgIdentity requestor = getIdentity(trans, trans.user());
+ if(requestor!=null) {
+ Identity mechid = getIdentity(trans, vars[0]);
+ if(mechid!=null) {
+ Identity sponsor = mechid.responsibleTo();
+ if(sponsor!=null && requestor.equals(sponsor.fullID())) {
+ return null;
+ } else {
+ return trans.user() + " is not the Sponsor of MechID " + vars[0];
+ }
+ }
+ }
+ }
+ }
+ return null;
+
+ case CREATE_MECHID_BY_PERM_ONLY:
+ return getName() + " only allows sponsors to create MechIDs";
+
+ default:
+ return policy.name() + " is unsupported at " + getName();
+ }
+ }
+
+ @Override
+ public boolean isTestEnv() {
+ return false;
+ }
+
+ @Override
+ public void setTestMode(boolean dryRun) {
+ this.dryRun = dryRun;
+ }
+
+ /**
+ * Convert the delimiter String into Internet addresses with the default
+ * delimiter of ";"
+ * @param strAddress
+ * @return
+ */
+ private Address[] getAddresses(List<String> strAddress) throws OrganizationException {
+ return this.getAddresses(strAddress,";");
+ }
+ /**
+ * Convert the delimiter String into Internet addresses with the
+ * delimiter of provided
+ * @param strAddress
+ * @param delimiter
+ * @return
+ */
+ private Address[] getAddresses(List<String> strAddresses, String delimiter) throws OrganizationException {
+ Address[] addressArray = new Address[strAddresses.size()];
+ int count = 0;
+ for (String addr : strAddresses)
+ {
+ try{
+ addressArray[count] = new InternetAddress(addr);
+ count++;
+ }catch(Exception e){
+ throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage());
+ }
+ }
+ return addressArray;
+ }
+
+
+ }
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java
new file mode 100644
index 00000000..6d9003fd
--- /dev/null
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java
@@ -0,0 +1,170 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.local.AbsData.Reuse;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.org.Identities.Data;
+
+/**
+ * Org Users are essential representations of Identities within the Org. Since this is a highly individual
+ * thing for most Orgs, i.e. some use LDAP, some need feed, some use something else, this object will allow
+ * the Organization to connect to their own Identity systems...
+ *
+ *
+ */
+public class DefaultOrgIdentity implements Identity {
+ private static final String CONTRACTOR = "c";
+ private static final String EMPLOYEE = "e";
+ private static final String APPLICATION = "a";
+ private static final String NON_ACTIVE = "n";
+
+ private final static int TIMEOUT = Integer.parseInt(Config.AAF_CONN_TIMEOUT_DEF);
+
+ private DefaultOrg org;
+ //package on purpose
+ Data identity;
+ private AuthzTrans trans;
+
+ public DefaultOrgIdentity(AuthzTrans trans, String key, DefaultOrg dorg) throws OrganizationException {
+ this.trans = trans;
+ org = dorg;
+ identity=null;
+ try {
+ org.identities.open(trans, TIMEOUT);
+ try {
+ Reuse r = org.identities.reuse();
+ int at = key.indexOf(dorg.atDomain);
+ String search;
+ if(at>=0) {
+ search = key.substring(0,at);
+ } else {
+ search = key;
+ }
+ identity = org.identities.find(search, r);
+ if(identity==null) {
+ identity = Identities.NO_DATA;
+ }
+ } finally {
+ org.identities.close(trans);
+ }
+ } catch (IOException e) {
+ throw new OrganizationException(e);
+ }
+ }
+
+ @Override
+ public boolean equals(Object b) {
+ if(b instanceof DefaultOrgIdentity) {
+ return identity.id.equals(((DefaultOrgIdentity)b).identity.id);
+ }
+ return false;
+ }
+
+ @Override
+ public String id() {
+ return identity.id;
+ }
+
+ @Override
+ public String fullID() {
+ return identity.id+'@'+org.getDomain();
+ }
+
+ @Override
+ public String type() {
+ switch(identity.status) {
+ case EMPLOYEE: return DefaultOrg.Types.Employee.name();
+ case CONTRACTOR: return DefaultOrg.Types.Contractor.name();
+ case APPLICATION: return DefaultOrg.Types.Application.name();
+ case NON_ACTIVE: return DefaultOrg.Types.NotActive.name();
+ default:
+ return "Unknown";
+ }
+ }
+
+ @Override
+ public Identity responsibleTo() throws OrganizationException {
+ if("".equals(identity.responsibleTo) && isFound()) { // cover the situation of Top Dog... reports to no-one.
+ return this;
+ } else {
+ return org.getIdentity(trans, identity.responsibleTo);
+ }
+ }
+
+ @Override
+ public List<String> delegate() {
+ //NOTE: implement Delegate system, if desired
+ return DefaultOrg.NULL_DELEGATES;
+ }
+
+ @Override
+ public String email() {
+ return identity.email;
+ }
+
+ @Override
+ public String fullName() {
+ return identity.name;
+ }
+
+ @Override
+ public String firstName() {
+ return identity.fname;
+ }
+
+ @Override
+ public String mayOwn() {
+ // Assume only Employees are responsible for Resources.
+ if(identity.status==null|| identity.status.length()==0) {
+ return "Identity must have valid status";
+ } else if(EMPLOYEE.equals(identity.status)) {
+ return null; // This is "Yes, is Responsible"
+ } else {
+ return "Reponsible Party must be an Employee";
+ }
+ }
+
+ @Override
+ public boolean isFound() {
+ return identity!=Identities.NO_DATA; // yes, object comparison intended
+ }
+
+ @Override
+ public boolean isPerson() {
+ return !identity.status.equals(APPLICATION);
+ }
+
+ @Override
+ public Organization org() {
+ return org;
+ }
+
+
+}
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgWarnings.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgWarnings.java
new file mode 100644
index 00000000..c04707ee
--- /dev/null
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgWarnings.java
@@ -0,0 +1,63 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org;
+
+import org.onap.aaf.auth.org.EmailWarnings;
+
+public class DefaultOrgWarnings implements EmailWarnings {
+
+ @Override
+ public long credEmailInterval()
+ {
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7
+ }
+
+ @Override
+ public long roleEmailInterval()
+ {
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7
+ }
+
+ @Override
+ public long apprEmailInterval() {
+ return 259200000L; // 3 days in millis 1000 * 86400 * 3
+ }
+
+ @Override
+ public long credExpirationWarning()
+ {
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds
+ }
+
+ @Override
+ public long roleExpirationWarning()
+ {
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds
+ }
+
+ @Override
+ public long emailUrgentWarning()
+ {
+ return( 1209600000L ); // Two weeks, in milliseconds 1000 * 86400 * 14 in milliseconds
+ }
+
+}
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/Identities.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/Identities.java
new file mode 100644
index 00000000..f3067fe6
--- /dev/null
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/Identities.java
@@ -0,0 +1,143 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.onap.aaf.auth.local.AbsData;
+import org.onap.aaf.auth.local.DataFile.Token.Field;
+
+/*
+ * Example User Data file, which can be modified for many different kinds of Data Feeds.
+ *
+ * Note: This has shown to be extremely effective in AT&T, an acknowledged very large organizations,
+ * because there is no need to synchronize records. AAF simply receives a Data Feed in Organization
+ * defined intervals. (You might want to check for validity, such as size, etc), then is copied into
+ * Data Directory. You will want to do so first creating a "lock" file. Assuming the File name is "users.dat",
+ * the Lock File is "users.lock".
+ *
+ * After the movement of the Datafile into place, it is best to remove the Index File, then remove the lock file.
+ *
+ * Note, Any AAF Programs needing this data WILL wait on the Lock file, so you should get fresh Data files
+ * in a "stage" directory, from WEB, or wherever, and then, after it is correct, do the following as fast as feasible.
+ *
+ * a) lock
+ * b) copy from stage
+ * c) remove idx
+ * d) unlock
+ *
+ * If the Index File is either non-existent or out of date from the Data File, it will be reindexed, which
+ * has proven to be a very quick function, even with large numbers of entries.
+ *
+ * This Sample Feed is set for a file with delimiter of "|". 512 is maximum expected line length. The "0" is the
+ * field offset for the "key" to the record, which, for user, should be the unique Organization Identity.
+ *
+ */
+public class Identities extends AbsData {
+ public final static Data NO_DATA = new Data();
+
+ public Identities(File users) {
+ super(users,'|',512,0);
+ }
+
+ /*
+ * Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
+ * out AppIDs, choose your own status indicators, or whatever you use.
+ * 0 - unique ID
+ * 1 - full name
+ * 2 - first name
+ * 3 - last name
+ * 4 - phone
+ * 5 - official email
+ * 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
+ * 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
+ */
+ public static class Data {
+ public final String id;
+ public final String name;
+ public final String fname;
+ public final String lname;
+ public final String phone;
+ public final String email;
+ public final String status;
+ public final String responsibleTo;
+
+ private Data(Field f) {
+ f.reset();
+ id=f.next();
+ name=f.next();
+ fname=f.next();
+ lname=f.next();
+ phone=f.next();
+ email=f.next();
+ status=f.next();
+ responsibleTo =f.next();
+ }
+
+ private Data() {
+ id = name = fname = lname =
+ phone = email = status = responsibleTo
+ = "";
+ }
+
+ public String toString() {
+ return id + '|' +
+ name + '|' +
+ lname + '|' +
+ fname + '|' +
+ phone + '|' +
+ email + '|' +
+ status + '|' +
+ responsibleTo;
+ }
+
+ // Here, make up your own Methods which help you easily determine your Organization's structure
+ // in your Organization Object
+ public boolean hasStatus(String possible) {
+ return possible.contains(status);
+ }
+
+ public boolean isEmployee() {
+ return "e".equals(status);
+ }
+
+ public boolean isContractor() {
+ return "c".equals(status);
+ }
+
+ public boolean isApplication() {
+ return "a".equals(status);
+ }
+ }
+
+ public Data find(Object key,Reuse r) throws IOException {
+ r.reset();
+ // These are new, to allow for Thread Safety
+ int rec = ti.find(key,r,0);
+ if(rec<0) {
+ return null;
+ }
+ r.pos(rec);
+ return new Data(r.getFieldData());
+ }
+}
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
new file mode 100644
index 00000000..72b15480
--- /dev/null
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
@@ -0,0 +1,139 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org.test;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Matchers;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.auth.env.AuthzEnv;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.org.DefaultOrg;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+public class JU_DefaultOrg {
+
+ DefaultOrg defaultOrg;
+ //private DefaultOrg defaultOrgMock;
+ @Mock
+ AuthzEnv authzEnvMock;
+
+ @Mock
+ AuthzTrans authzTransMock;
+
+ @Mock
+ File fIdentitiesMock;
+
+ private static final String PROPERTY_IS_REQUIRED = " property is Required";
+ private static final String DOMAIN = "osaaf.com";
+ private static final String REALM = "com.osaaf";
+ private static final String NAME = "Default Organization";
+ private static final String NO_PASS = NAME + " does not support Passwords. Use AAF";
+ String mailHost,mailFromUserId,supportAddress;
+ private String SUFFIX;
+ String s;
+ String defFile;
+
+ @Before
+ public void setUp() throws OrganizationException{
+ MockitoAnnotations.initMocks(this);
+ PowerMockito.when(authzEnvMock.getProperty(s=(REALM + ".mailHost"), null)).thenReturn("hello");
+ PowerMockito.when(authzEnvMock.getProperty(s=(REALM + ".supportEmail"), null)).thenReturn("notnull");
+ PowerMockito.when(authzEnvMock.getProperty(Matchers.anyString())).thenReturn("src" + File.separator + "test" + File.separator + "resources" + File.separator + "test.txt");
+ PowerMockito.when(fIdentitiesMock.exists()).thenReturn(true);
+ //PowerMockito.when((fIdentitiesMock!=null && fIdentitiesMock.exists())).thenReturn(true);
+ defaultOrg = new DefaultOrg(authzEnvMock, REALM);
+ }
+
+ @Test //(expected=OrganizationException.class)
+ public void test() throws OrganizationException{
+ //PowerMockito.when(authzEnvMock.getProperty(Matchers.anyString())).thenReturn(" ");
+ //defaultOrg = new DefaultOrg(authzEnvMock);
+ assertTrue(defaultOrg != null);
+ }
+
+
+ @Test //(expected=OrganizationException.class)
+ public void testMultipleCreds() throws OrganizationException{
+ String id = "test";
+ //PowerMockito.when(authzEnvMock.getProperty(Matchers.anyString())).thenReturn(" ");
+ //defaultOrg = new DefaultOrg(authzEnvMock);
+ boolean canHaveMultipleCreds;
+ canHaveMultipleCreds = defaultOrg.canHaveMultipleCreds(id );
+ System.out.println("value of canHaveMultipleCreds: " + canHaveMultipleCreds);
+ assertTrue(canHaveMultipleCreds);
+ }
+
+
+ @Test
+ public void testGetIdentityTypes() throws OrganizationException{
+ Set<String> identityTypes = defaultOrg.getIdentityTypes();
+ System.out.println("value of IdentityTypes: " + identityTypes);
+ assertTrue(identityTypes.size() == 4);
+ }
+
+
+ @Test
+ public void testGetRealm() throws OrganizationException{
+ String realmTest = defaultOrg.getRealm();
+ System.out.println("value of realm: " + realmTest);
+ assertTrue(realmTest == REALM);
+ }
+
+ @Test
+ public void testGetName() throws OrganizationException{
+ String testName = defaultOrg.getName();
+ System.out.println("value of name: " + testName);
+ assertTrue(testName == NAME);
+ }
+
+
+ @Test
+ public void testGetDomain() throws OrganizationException{
+ String testDomain = defaultOrg.getDomain();
+ System.out.println("value of domain: " + testDomain);
+ assertTrue(testDomain == DOMAIN);
+ }
+
+ // @Test
+ // public void testIsValidID(){
+ // String Result = defaultOrg.isValidID(Matchers.anyString());
+ // System.out.println("value of res " +Result);
+ // assertNotNull(Result);
+ // }
+
+ @Test
+ public void notYetImplemented() {
+ fail("Tests in this file should not be trusted");
+ }
+
+}
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgIdentity.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgIdentity.java
new file mode 100644
index 00000000..1577d9e6
--- /dev/null
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgIdentity.java
@@ -0,0 +1,96 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org.test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.org.DefaultOrg;
+import org.onap.aaf.org.DefaultOrgIdentity;
+import org.onap.aaf.org.Identities.Data;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+public class JU_DefaultOrgIdentity {
+
+ private DefaultOrgIdentity defaultOrgIdentity;
+ private DefaultOrgIdentity defaultOrgIdentityMock;
+
+ @Mock
+ AuthzTrans authzTransMock;
+
+ String key="key";
+
+ @Mock
+ private DefaultOrg defaultOrgMock;
+ @Mock
+ private Data dataMock;
+ @Mock
+ private Identity identityMock;
+
+ @Before
+ public void setUp() throws OrganizationException{
+ MockitoAnnotations.initMocks(this);
+ defaultOrgIdentityMock = PowerMockito.mock(DefaultOrgIdentity.class);
+ }
+
+ @Test
+ public void testEquals(){
+ Object b = null;
+ Boolean res = defaultOrgIdentityMock.equals(b);
+ System.out.println("value of res " +res);
+ }
+
+
+ @Test
+ public void testIsFound(){
+ defaultOrgIdentityMock.isFound();
+ System.out.println("value of found " +defaultOrgIdentityMock.isFound());
+ assertFalse(defaultOrgIdentityMock.isFound());
+ }
+
+ @Test
+ public void testIsResponsible(){
+ defaultOrgIdentityMock.mayOwn();
+ System.out.println("value of res " +defaultOrgIdentityMock.mayOwn());
+ assertNull(defaultOrgIdentityMock.mayOwn());
+ }
+
+ @Test
+ public void testFullName(){
+ String fullName = defaultOrgIdentityMock.fullName();
+ System.out.println("value of fullname " +fullName);
+ assertTrue(fullName == null);
+ }
+
+
+}
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgWarnings.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgWarnings.java
new file mode 100644
index 00000000..3b4d5543
--- /dev/null
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrgWarnings.java
@@ -0,0 +1,83 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org.test;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.org.DefaultOrgWarnings;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+public class JU_DefaultOrgWarnings {
+
+ private DefaultOrgWarnings defaultOrgWarningsMock;
+ private DefaultOrgWarnings defaultOrgWarnings;
+
+
+ @Before
+ public void setUp(){
+ MockitoAnnotations.initMocks(this);
+
+ defaultOrgWarningsMock = PowerMockito.mock(DefaultOrgWarnings.class);
+
+ defaultOrgWarnings = new DefaultOrgWarnings();
+ }
+
+
+ @Test
+ public void testApprEmailInterval() {
+
+ assertEquals(259200000, defaultOrgWarnings.apprEmailInterval() );
+ }
+
+ @Test
+ public void testCredEmailInterval() {
+ assertEquals(604800000, defaultOrgWarnings.credEmailInterval());
+
+ }
+
+ @Test
+ public void testCredExpirationWarning() {
+ assertEquals(2592000000L, defaultOrgWarnings.credExpirationWarning());
+ }
+
+ @Test
+ public void testEmailUrgentWarning() {
+ assertEquals(1209600000L, defaultOrgWarnings.emailUrgentWarning());
+ }
+
+ @Test
+ public void testRoleEmailInterval() {
+ assertEquals(604800000L, defaultOrgWarnings.roleEmailInterval());
+ }
+
+ @Test
+ public void testRoleExpirationWarning() {
+ assertEquals(2592000000L, defaultOrgWarnings.roleExpirationWarning());
+ }
+
+}
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Identities.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Identities.java
new file mode 100644
index 00000000..e32ce844
--- /dev/null
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Identities.java
@@ -0,0 +1,110 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+/**
+ *
+ */
+package org.onap.aaf.org.test;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.onap.aaf.auth.env.AuthzEnv;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.local.AbsData.Reuse;
+import org.onap.aaf.org.Identities;
+import org.onap.aaf.org.Identities.Data;
+
+/**
+ *
+ */
+public class JU_Identities {
+
+ private static final String DATA_IDENTITIES = "/opt/app/onap/data/identities.dat";
+ private static File fids;
+ private static Identities ids;
+ private static AuthzEnv env;
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+ env = new AuthzEnv();
+ AuthzTrans trans = env.newTransNoAvg();
+ // Note: utilize TimeTaken, from trans.start if you want to time.
+ fids = new File(DATA_IDENTITIES);
+ if(fids.exists()) {
+ ids = new Identities(fids);
+ ids.open(trans, 5000);
+ } else {
+
+ throw new Exception("Data File for Tests, \"" + DATA_IDENTITIES
+ + "\" must exist before test can run. (Current dir is " + System.getProperty("user.dir") + ")");
+ }
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @AfterClass
+ public static void tearDownAfterClass() throws Exception {
+ AuthzTrans trans = env.newTransNoAvg();
+ if(ids!=null) {
+ ids.close(trans);
+ }
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @Before
+ public void setUp() throws Exception {
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @After
+ public void tearDown() throws Exception {
+ }
+
+ @Test
+ public void test() throws IOException {
+ Reuse reuse = ids.reuse(); // this object can be reused within the same thread.
+ Data id = ids.find("osaaf",reuse);
+ Assert.assertNotNull(id);
+ System.out.println(id);
+
+ id = ids.find("mmanager",reuse);
+ Assert.assertNotNull(id);
+ System.out.println(id);
+
+ //TODO Fill out JUnit with Tests of all Methods in "Data id"
+ }
+
+}
diff --git a/auth/auth-deforg/src/test/resources/test.txt b/auth/auth-deforg/src/test/resources/test.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/auth/auth-deforg/src/test/resources/test.txt