summaryrefslogtreecommitdiffstats
path: root/auth/auth-service
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-service')
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java20
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java952
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java4
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java20
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java72
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java10
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java112
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java152
11 files changed, 674 insertions, 674 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
index 333c0fc1..bdba4696 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
@@ -196,11 +196,11 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
@Override
public void postStartup(final String hostname, final int port) throws APIException {
- try {
- CacheInfoDAO.startUpdate(env, aafCon().hman(), aafCon().securityInfo().defSS,hostname,port);
- } catch (CadiException | LocatorException e) {
- throw new APIException(e);
- }
+ try {
+ CacheInfoDAO.startUpdate(env, aafCon().hman(), aafCon().securityInfo().defSS,hostname,port);
+ } catch (CadiException | LocatorException e) {
+ throw new APIException(e);
+ }
}
@Override
@@ -241,11 +241,11 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
try {
new JettyServiceStarter<AuthzEnv,AuthzTrans>(
- new AAF_Service(new AuthzEnv(propAccess)),true)
- .start();
- } catch (Exception e) {
- propAccess.log(e);
- }
+ new AAF_Service(new AuthzEnv(propAccess)),true)
+ .start();
+ } catch (Exception e) {
+ propAccess.log(e);
+ }
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index d102b045..3b010821 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -118,7 +118,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
implements AuthzService <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> {
private static final String TWO_SPACE = " ";
- private Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper;
+ private Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper;
@Override
public Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {return mapper;}
@@ -816,120 +816,120 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// User Permission mechanism
if(newPd.value.ns.indexOf('@')>0) {
- PermDAO.Data pdd = newPd.value;
- if(trans.user().equals(newPd.value.ns)) {
- CachedPermDAO permDAO = ques.permDAO();
- Result<List<PermDAO.Data>> rlpdd = permDAO.read(trans, pdd);
- if(rlpdd.notOK()) {
- return Result.err(rlpdd);
- }
- if(!rlpdd.isEmpty()) {
- return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists");
- }
-
- RoleDAO.Data rdd = new RoleDAO.Data();
- rdd.ns = pdd.ns;
- rdd.name = "user";
-
- pdd.roles(true).add(rdd.fullName());
- Result<PermDAO.Data> rpdd = permDAO.create(trans, pdd);
- if(rpdd.notOK()) {
- return Result.err(rpdd);
- }
-
- CachedRoleDAO roleDAO = ques.roleDAO();
- Result<List<RoleDAO.Data>> rlrdd = roleDAO.read(trans, rdd);
- if(rlrdd.notOK()) {
- return Result.err(rlrdd);
- } else {
- if(!rlrdd.isEmpty()) {
- rdd = rlrdd.value.get(0);
- }
- }
-
- String eperm = pdd.encode();
- rdd.perms(true).add(eperm);
- Result<Void> rv = roleDAO.update(trans, rdd);
- if(rv.notOK()) {
- return rv;
- }
-
- CachedUserRoleDAO urDAO = ques.userRoleDAO();
- UserRoleDAO.Data urdd = new UserRoleDAO.Data();
- urdd.user = trans.user();
- urdd.ns = rdd.ns;
- urdd.rname = rdd.name;
- urdd.role = rdd.fullName();
- Result<List<UserRoleDAO.Data>> rlurdd = urDAO.read(trans, urdd);
- if(rlurdd.notOK()) {
- return Result.err(rlrdd);
- } else if(rlurdd.isEmpty()) {
- GregorianCalendar gc = trans.org().expiration(null, Expiration.UserInRole);
- if(gc==null) {
- return Result.err(Result.ERR_Policy,"Organzation does not grant Expiration for UserRole");
- } else {
- urdd.expires = gc.getTime();
- }
- Result<UserRoleDAO.Data> rurdd = urDAO.create(trans, urdd);
- return Result.err(rurdd);
- }
- return rv;
- } else {
- return Result.err(Result.ERR_Security,"Only the User can create User Permissions");
- }
+ PermDAO.Data pdd = newPd.value;
+ if(trans.user().equals(newPd.value.ns)) {
+ CachedPermDAO permDAO = ques.permDAO();
+ Result<List<PermDAO.Data>> rlpdd = permDAO.read(trans, pdd);
+ if(rlpdd.notOK()) {
+ return Result.err(rlpdd);
+ }
+ if(!rlpdd.isEmpty()) {
+ return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists");
+ }
+
+ RoleDAO.Data rdd = new RoleDAO.Data();
+ rdd.ns = pdd.ns;
+ rdd.name = "user";
+
+ pdd.roles(true).add(rdd.fullName());
+ Result<PermDAO.Data> rpdd = permDAO.create(trans, pdd);
+ if(rpdd.notOK()) {
+ return Result.err(rpdd);
+ }
+
+ CachedRoleDAO roleDAO = ques.roleDAO();
+ Result<List<RoleDAO.Data>> rlrdd = roleDAO.read(trans, rdd);
+ if(rlrdd.notOK()) {
+ return Result.err(rlrdd);
+ } else {
+ if(!rlrdd.isEmpty()) {
+ rdd = rlrdd.value.get(0);
+ }
+ }
+
+ String eperm = pdd.encode();
+ rdd.perms(true).add(eperm);
+ Result<Void> rv = roleDAO.update(trans, rdd);
+ if(rv.notOK()) {
+ return rv;
+ }
+
+ CachedUserRoleDAO urDAO = ques.userRoleDAO();
+ UserRoleDAO.Data urdd = new UserRoleDAO.Data();
+ urdd.user = trans.user();
+ urdd.ns = rdd.ns;
+ urdd.rname = rdd.name;
+ urdd.role = rdd.fullName();
+ Result<List<UserRoleDAO.Data>> rlurdd = urDAO.read(trans, urdd);
+ if(rlurdd.notOK()) {
+ return Result.err(rlrdd);
+ } else if(rlurdd.isEmpty()) {
+ GregorianCalendar gc = trans.org().expiration(null, Expiration.UserInRole);
+ if(gc==null) {
+ return Result.err(Result.ERR_Policy,"Organzation does not grant Expiration for UserRole");
+ } else {
+ urdd.expires = gc.getTime();
+ }
+ Result<UserRoleDAO.Data> rurdd = urDAO.create(trans, urdd);
+ return Result.err(rurdd);
+ }
+ return rv;
+ } else {
+ return Result.err(Result.ERR_Security,"Only the User can create User Permissions");
+ }
} else {
- // Does Perm Type exist as a Namespace?
- if(newPd.value.type.isEmpty() || ques.nsDAO().read(trans, newPd.value.fullType()).isOKhasData()) {
- return Result.err(Status.ERR_ConflictAlreadyExists,
- "Permission Type exists as a Namespace");
- }
-
- Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false,
- new Mapper.Memo() {
- @Override
- public String get() {
- return "Create Permission [" +
- newPd.value.fullType() + '|' +
- newPd.value.instance + '|' +
- newPd.value.action + ']';
- }
- },
- new MayChange() {
- private Result<NsDAO.Data> nsd;
- @Override
- public Result<?> mayChange() {
- if (nsd==null) {
- nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write);
- }
- return nsd;
- }
- });
-
- Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, newPd.value.ns);
- if (nsr.notOKorIsEmpty()) {
- return Result.err(nsr);
- }
- switch(fd.status) {
- case OK:
- Result<String> rfc = func.createFuture(trans,fd.value,
- newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action,
- trans.user(),
- nsr.value.get(0),
- FUTURE_OP.C);
- if (rfc.isOK()) {
- return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",
- newPd.value.ns,
- newPd.value.type,
- newPd.value.instance,
- newPd.value.action);
- } else {
- return Result.err(rfc);
- }
- case Status.ACC_Now:
- return func.createPerm(trans, newPd.value, true);
- default:
- return Result.err(fd);
- }
+ // Does Perm Type exist as a Namespace?
+ if(newPd.value.type.isEmpty() || ques.nsDAO().read(trans, newPd.value.fullType()).isOKhasData()) {
+ return Result.err(Status.ERR_ConflictAlreadyExists,
+ "Permission Type exists as a Namespace");
+ }
+
+ Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false,
+ new Mapper.Memo() {
+ @Override
+ public String get() {
+ return "Create Permission [" +
+ newPd.value.fullType() + '|' +
+ newPd.value.instance + '|' +
+ newPd.value.action + ']';
+ }
+ },
+ new MayChange() {
+ private Result<NsDAO.Data> nsd;
+ @Override
+ public Result<?> mayChange() {
+ if (nsd==null) {
+ nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write);
+ }
+ return nsd;
+ }
+ });
+
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, newPd.value.ns);
+ if (nsr.notOKorIsEmpty()) {
+ return Result.err(nsr);
+ }
+ switch(fd.status) {
+ case OK:
+ Result<String> rfc = func.createFuture(trans,fd.value,
+ newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action,
+ trans.user(),
+ nsr.value.get(0),
+ FUTURE_OP.C);
+ if (rfc.isOK()) {
+ return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",
+ newPd.value.ns,
+ newPd.value.type,
+ newPd.value.instance,
+ newPd.value.action);
+ } else {
+ return Result.err(rfc);
+ }
+ case Status.ACC_Now:
+ return func.createPerm(trans, newPd.value, true);
+ default:
+ return Result.err(fd);
+ }
}
}
@@ -1995,7 +1995,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nsd==null) {
nsd = ques.mayUser(trans, trans.user(), rpd.value, Access.write);
if(nsd.notOK()) {
- trans.requested(REQD_TYPE.future,true);
+ trans.requested(REQD_TYPE.future,true);
}
}
return nsd;
@@ -2006,32 +2006,32 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(nsr);
}
switch(fd.status) {
- case OK:
- Result<String> rfc = func.createFuture(trans,fd.value,
- rpd.value.fullPerm(),
- trans.user(),
- nsr.value.get(0),
- FUTURE_OP.G);
- if (rfc.isOK()) {
- return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",
- rpd.value.ns,
- rpd.value.type,
- rpd.value.instance,
- rpd.value.action);
- } else {
- return Result.err(rfc);
- }
- case Status.ACC_Now:
- Result<Void> rv = null;
- if (createPerm!=null) {// has been validated for creating
- rv = func.createPerm(trans, createPerm, false);
- }
- if (rv==null || rv.isOK()) {
- rv = func.addPermToRole(trans, rrd.value, rpd.value, false);
- }
- return rv;
- default:
- return Result.err(fd);
+ case OK:
+ Result<String> rfc = func.createFuture(trans,fd.value,
+ rpd.value.fullPerm(),
+ trans.user(),
+ nsr.value.get(0),
+ FUTURE_OP.G);
+ if (rfc.isOK()) {
+ return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",
+ rpd.value.ns,
+ rpd.value.type,
+ rpd.value.instance,
+ rpd.value.action);
+ } else {
+ return Result.err(rfc);
+ }
+ case Status.ACC_Now:
+ Result<Void> rv = null;
+ if (createPerm!=null) {// has been validated for creating
+ rv = func.createPerm(trans, createPerm, false);
+ }
+ if (rv==null || rv.isOK()) {
+ rv = func.addPermToRole(trans, rrd.value, rpd.value, false);
+ }
+ return rv;
+ default:
+ return Result.err(fd);
}
}
@@ -2310,12 +2310,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private class MayChangeCred implements MayChange {
private static final String EXTEND = "extend";
- private static final String RESET = "reset";
- private static final String DELETE = "delete";
- private Result<NsDAO.Data> nsd;
+ private static final String RESET = "reset";
+ private static final String DELETE = "delete";
+ private Result<NsDAO.Data> nsd;
private AuthzTrans trans;
private CredDAO.Data cred;
- private String action;
+ private String action;
public MayChangeCred(AuthzTrans trans, CredDAO.Data cred, String action) {
this.trans = trans;
this.cred = cred;
@@ -2330,35 +2330,35 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
// Get the Namespace
if (nsd.isOK()) {
- String ns = nsd.value.name;
- String user = trans.user();
- String company;
- String temp[] = Split.split('.',ns);
- switch(temp.length) {
- case 0:
- company = Defaults.AAF_NS;
- break;
- case 1:
- company = temp[0];
- break;
- default:
- company = temp[0] + '.' + temp[1];
- }
- switch(action) {
- case DELETE:
- if(ques.isOwner(trans, user,ns) ||
- ques.isAdmin(trans, user,ns) ||
- ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
- return Result.ok();
- }
- break;
- case RESET:
- case EXTEND:
+ String ns = nsd.value.name;
+ String user = trans.user();
+ String company;
+ String temp[] = Split.split('.',ns);
+ switch(temp.length) {
+ case 0:
+ company = Defaults.AAF_NS;
+ break;
+ case 1:
+ company = temp[0];
+ break;
+ default:
+ company = temp[0] + '.' + temp[1];
+ }
+ switch(action) {
+ case DELETE:
+ if(ques.isOwner(trans, user,ns) ||
+ ques.isAdmin(trans, user,ns) ||
+ ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
+ return Result.ok();
+ }
+ break;
+ case RESET:
+ case EXTEND:
if (ques.isGranted(trans, trans.user(), ROOT_NS,"password",company,action)) {
return Result.ok();
}
break;
- }
+ }
}
return Result.err(Status.ERR_Denied,"%s is not allowed to %s %s in %s",trans.user(),action,cred.id,cred.ns);
}
@@ -2432,27 +2432,27 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// password to validate char differences.
// byte[] rawCred = rcred.value.type==CredDAO.RAW?null:; return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
- if(rcred.value.type==CredDAO.FQI ) {
- if(curr.type==CredDAO.FQI) {
- return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
- }
- } else {
-
- rb = ques.userCredCheck(trans, curr, rcred.value.cred!=null?rcred.value.cred.array():null);
- if (rb.notOK()) {
- return Result.err(rb);
- } else if (rb.value){
- return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
- } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires))
- && curr.type==rcred.value.type
- ) {
- // Allow if expiring differential is greater than 1 day (for TEMP)
- // Unless expiring in 1 day
- if(System.currentTimeMillis() - rcred.value.expires.getTime() > TimeUnit.DAYS.toMillis(1)) {
- return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
- }
- }
- }
+ if(rcred.value.type==CredDAO.FQI ) {
+ if(curr.type==CredDAO.FQI) {
+ return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
+ }
+ } else {
+
+ rb = ques.userCredCheck(trans, curr, rcred.value.cred!=null?rcred.value.cred.array():null);
+ if (rb.notOK()) {
+ return Result.err(rb);
+ } else if (rb.value){
+ return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
+ } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires))
+ && curr.type==rcred.value.type
+ ) {
+ // Allow if expiring differential is greater than 1 day (for TEMP)
+ // Unless expiring in 1 day
+ if(System.currentTimeMillis() - rcred.value.expires.getTime() > TimeUnit.DAYS.toMillis(1)) {
+ return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
+ }
+ }
+ }
}
} else {
try {
@@ -2510,18 +2510,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (firstID) {
// OK, it's a first ID, and not by NS Owner
if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
- // Admins are not allowed to set first Cred, but Org has already
- // said entity MAY create, typically by Permission
- // We can't know which reason they are allowed here, so we
- // have to assume that any with Special Permission would not be
- // an Admin.
- if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
- return Result.err(Result.ERR_Denied,
- "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
- } else {
- // Allow IDs that AREN'T part of NS with Org Onboarding Permission (see Org object) to create Temp Passwords.
+ // Admins are not allowed to set first Cred, but Org has already
+ // said entity MAY create, typically by Permission
+ // We can't know which reason they are allowed here, so we
+ // have to assume that any with Special Permission would not be
+ // an Admin.
+ if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+ return Result.err(Result.ERR_Denied,
+ "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
+ } else {
+ // Allow IDs that AREN'T part of NS with Org Onboarding Permission (see Org object) to create Temp Passwords.
rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();
- }
+ }
}
}
} catch (Exception e) {
@@ -2852,7 +2852,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
cd.tag = found.tag;
cd.expires = org.expiration(null, Expiration.ExtendPassword,days).getTime();
if(cd.expires.before(found.expires)) {
- return Result.err(Result.ERR_BadData,String.format("Credential's expiration date is more than %s days in the future",days));
+ return Result.err(Result.ERR_BadData,String.format("Credential's expiration date is more than %s days in the future",days));
}
cred = ques.credDAO().create(trans, cd);
@@ -2866,249 +2866,249 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = DELETE,
- path = "/authn/cred",
- params = {},
- expectedCode = 200,
- errorCodes = {300,403,404,406},
- text = { "Delete a Credential. If multiple credentials exist for this",
- "ID, you will need to specify which entry you are deleting in the",
- "CredRequest object."
- }
- )
- @Override
- public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST from) {
- final Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
- final Validator v = new ServiceValidator();
- if (v.nullOrBlank("cred", cred.value.id).err()) {
- return Result.err(Status.ERR_BadData,v.errs());
- }
-
- MayChange mc = new MayChangeCred(trans,cred.value,MayChangeCred.DELETE);
- Result<?> rmc = mc.mayChange();
- if (rmc.notOK()) {
- return Result.err(rmc);
- }
-
- boolean doForce = trans.requested(force);
- Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id);
- if (rlcd.notOKorIsEmpty()) {
- // Empty Creds should not have user_roles.
- Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, cred.value.id);
- if (rlurd.isOKhasData()) {
- for (UserRoleDAO.Data data : rlurd.value) {
- ques.userRoleDAO().delete(trans, data, false);
- }
- }
- return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
- }
- boolean isLastCred = rlcd.value.size()==1;
-
- int entry;
- CredRequest cr = (CredRequest)from;
- if(isLastCred) {
- if(cr.getEntry()==null || "1".equals(cr.getEntry())) {
- entry = 0;
- } else {
- return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
- }
- } else {
- entry = -1;
- int fentry = entry;
- if(cred.value.type==CredDAO.FQI) {
- entry = -1;
- for(CredDAO.Data cdd : rlcd.value) {
- ++fentry;
- if(cdd.type == CredDAO.FQI) {
- entry = fentry;
- break;
- }
- }
- } else {
- if (!doForce) {
- if (rlcd.value.size() > 1) {
- String inputOption = cr.getEntry();
- if (inputOption == null) {
- List<CredDAO.Data> list = filterList(rlcd.value,CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256,CredDAO.CERT_SHA256_RSA);
- String message = selectCredFromList(list, MayChangeCred.DELETE);
- Object[] variables = buildVariables(list);
- return Result.err(Status.ERR_ChoiceNeeded, message, variables);
- } else {
- try {
- if (inputOption.length()>5) { // should be a date
- Date d = Chrono.xmlDatatypeFactory.newXMLGregorianCalendar(inputOption).toGregorianCalendar().getTime();
- for (CredDAO.Data cd : rlcd.value) {
- ++fentry;
- if (cd.type.equals(cr.getType()) && cd.expires.equals(d)) {
- entry = fentry;
- break;
- }
- }
- } else {
- entry = Integer.parseInt(inputOption) - 1;
- int count = 0;
- for (CredDAO.Data cd : rlcd.value) {
- if(cd.type!=CredDAO.BASIC_AUTH && cd.type!=CredDAO.BASIC_AUTH_SHA256 && cd.type!=CredDAO.CERT_SHA256_RSA) {
- ++entry;
- }
- if(++count>entry) {
- break;
- }
- }
- }
- } catch (NullPointerException e) {
- return Result.err(Status.ERR_BadData, "Invalid Date Format for Entry");
- } catch (NumberFormatException e) {
- return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
- }
- }
- isLastCred = (entry==-1);
- } else {
- isLastCred = true;
- }
- if (entry < -1 || entry >= rlcd.value.size()) {
- return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
- }
- }
- }
- }
-
- Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false,
- () -> "Delete Credential [" +
- cred.value.id +
- ']',
- mc);
-
- Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, cred.value.ns);
- if (nsr.notOKorIsEmpty()) {
- return Result.err(nsr);
- }
-
- switch(fd.status) {
- case OK:
- Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id,
- trans.user(), nsr.value.get(0), FUTURE_OP.D);
-
- if (rfc.isOK()) {
- return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);
- } else {
- return Result.err(rfc);
- }
- case Status.ACC_Now:
- Result<?>udr = null;
- if (!trans.requested(force)) {
- if (entry<0 || entry >= rlcd.value.size()) {
- if(cred.value.type==CredDAO.FQI) {
- return Result.err(Status.ERR_BadData,"FQI does not exist");
- } else {
- return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id);
- }
- }
- udr = ques.credDAO().delete(trans, rlcd.value.get(entry),false);
- } else {
- for (CredDAO.Data curr : rlcd.value) {
- udr = ques.credDAO().delete(trans, curr, false);
- if (udr.notOK()) {
- return Result.err(udr);
- }
- }
- }
- if (isLastCred) {
- Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, cred.value.id);
- if (rlurd.isOK()) {
- for (UserRoleDAO.Data data : rlurd.value) {
- ques.userRoleDAO().delete(trans, data, false);
- }
- }
- }
- if (udr==null) {
- return Result.err(Result.ERR_NotFound,"No User Data found");
- }
- if (udr.isOK()) {
- return Result.ok();
- }
- return Result.err(udr);
- default:
- return Result.err(fd);
- }
-
- }
-
- /*
- * Codify the way to get Either Choice Needed or actual Integer from Credit Request
- */
- private Result<Integer> selectEntryIfMultiple(final CredRequest cr, List<CredDAO.Data> lcd, String action) {
- int entry = 0;
- if (lcd.size() > 1) {
- String inputOption = cr.getEntry();
- if (inputOption == null) {
- String message = selectCredFromList(lcd, action);
- Object[] variables = buildVariables(lcd);
- return Result.err(Status.ERR_ChoiceNeeded, message, variables);
- } else {
- if(MayChangeCred.EXTEND.equals(action)) {
- // might be Tag
- if(inputOption.length()>4) { //Tag is at least 12
- int e = 0;
- CredDAO.Data last = null;
- int lastIdx = -1;
- for(CredDAO.Data cdd : lcd) {
- if(inputOption.equals(cdd.tag)) {
- if(last==null) {
- last = cdd;
- lastIdx = e;
- } else {
- if(last.expires.before(cdd.expires)) {
- last = cdd;
- lastIdx = e;
- }
- }
- }
- ++e;
- }
- if(last!=null) {
- return Result.ok(lastIdx);
- }
- return Result.err(Status.ERR_BadData, "User chose unknown Tag");
- }
- }
- entry = Integer.parseInt(inputOption) - 1;
- }
- if (entry < 0 || entry >= lcd.size()) {
- return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
- }
- }
- return Result.ok(entry);
- }
-
- private List<CredDAO.Data> filterList(List<CredDAO.Data> orig, Integer ... types) {
- List<CredDAO.Data> rv = new ArrayList<>();
+ method = DELETE,
+ path = "/authn/cred",
+ params = {},
+ expectedCode = 200,
+ errorCodes = {300,403,404,406},
+ text = { "Delete a Credential. If multiple credentials exist for this",
+ "ID, you will need to specify which entry you are deleting in the",
+ "CredRequest object."
+ }
+ )
+ @Override
+ public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST from) {
+ final Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
+ final Validator v = new ServiceValidator();
+ if (v.nullOrBlank("cred", cred.value.id).err()) {
+ return Result.err(Status.ERR_BadData,v.errs());
+ }
+
+ MayChange mc = new MayChangeCred(trans,cred.value,MayChangeCred.DELETE);
+ Result<?> rmc = mc.mayChange();
+ if (rmc.notOK()) {
+ return Result.err(rmc);
+ }
+
+ boolean doForce = trans.requested(force);
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id);
+ if (rlcd.notOKorIsEmpty()) {
+ // Empty Creds should not have user_roles.
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, cred.value.id);
+ if (rlurd.isOKhasData()) {
+ for (UserRoleDAO.Data data : rlurd.value) {
+ ques.userRoleDAO().delete(trans, data, false);
+ }
+ }
+ return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
+ }
+ boolean isLastCred = rlcd.value.size()==1;
+
+ int entry;
+ CredRequest cr = (CredRequest)from;
+ if(isLastCred) {
+ if(cr.getEntry()==null || "1".equals(cr.getEntry())) {
+ entry = 0;
+ } else {
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
+ }
+ } else {
+ entry = -1;
+ int fentry = entry;
+ if(cred.value.type==CredDAO.FQI) {
+ entry = -1;
+ for(CredDAO.Data cdd : rlcd.value) {
+ ++fentry;
+ if(cdd.type == CredDAO.FQI) {
+ entry = fentry;
+ break;
+ }
+ }
+ } else {
+ if (!doForce) {
+ if (rlcd.value.size() > 1) {
+ String inputOption = cr.getEntry();
+ if (inputOption == null) {
+ List<CredDAO.Data> list = filterList(rlcd.value,CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256,CredDAO.CERT_SHA256_RSA);
+ String message = selectCredFromList(list, MayChangeCred.DELETE);
+ Object[] variables = buildVariables(list);
+ return Result.err(Status.ERR_ChoiceNeeded, message, variables);
+ } else {
+ try {
+ if (inputOption.length()>5) { // should be a date
+ Date d = Chrono.xmlDatatypeFactory.newXMLGregorianCalendar(inputOption).toGregorianCalendar().getTime();
+ for (CredDAO.Data cd : rlcd.value) {
+ ++fentry;
+ if (cd.type.equals(cr.getType()) && cd.expires.equals(d)) {
+ entry = fentry;
+ break;
+ }
+ }
+ } else {
+ entry = Integer.parseInt(inputOption) - 1;
+ int count = 0;
+ for (CredDAO.Data cd : rlcd.value) {
+ if(cd.type!=CredDAO.BASIC_AUTH && cd.type!=CredDAO.BASIC_AUTH_SHA256 && cd.type!=CredDAO.CERT_SHA256_RSA) {
+ ++entry;
+ }
+ if(++count>entry) {
+ break;
+ }
+ }
+ }
+ } catch (NullPointerException e) {
+ return Result.err(Status.ERR_BadData, "Invalid Date Format for Entry");
+ } catch (NumberFormatException e) {
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
+ }
+ }
+ isLastCred = (entry==-1);
+ } else {
+ isLastCred = true;
+ }
+ if (entry < -1 || entry >= rlcd.value.size()) {
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
+ }
+ }
+ }
+ }
+
+ Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false,
+ () -> "Delete Credential [" +
+ cred.value.id +
+ ']',
+ mc);
+
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, cred.value.ns);
+ if (nsr.notOKorIsEmpty()) {
+ return Result.err(nsr);
+ }
+
+ switch(fd.status) {
+ case OK:
+ Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id,
+ trans.user(), nsr.value.get(0), FUTURE_OP.D);
+
+ if (rfc.isOK()) {
+ return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);
+ } else {
+ return Result.err(rfc);
+ }
+ case Status.ACC_Now:
+ Result<?>udr = null;
+ if (!trans.requested(force)) {
+ if (entry<0 || entry >= rlcd.value.size()) {
+ if(cred.value.type==CredDAO.FQI) {
+ return Result.err(Status.ERR_BadData,"FQI does not exist");
+ } else {
+ return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id);
+ }
+ }
+ udr = ques.credDAO().delete(trans, rlcd.value.get(entry),false);
+ } else {
+ for (CredDAO.Data curr : rlcd.value) {
+ udr = ques.credDAO().delete(trans, curr, false);
+ if (udr.notOK()) {
+ return Result.err(udr);
+ }
+ }
+ }
+ if (isLastCred) {
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, cred.value.id);
+ if (rlurd.isOK()) {
+ for (UserRoleDAO.Data data : rlurd.value) {
+ ques.userRoleDAO().delete(trans, data, false);
+ }
+ }
+ }
+ if (udr==null) {
+ return Result.err(Result.ERR_NotFound,"No User Data found");
+ }
+ if (udr.isOK()) {
+ return Result.ok();
+ }
+ return Result.err(udr);
+ default:
+ return Result.err(fd);
+ }
+
+ }
+
+ /*
+ * Codify the way to get Either Choice Needed or actual Integer from Credit Request
+ */
+ private Result<Integer> selectEntryIfMultiple(final CredRequest cr, List<CredDAO.Data> lcd, String action) {
+ int entry = 0;
+ if (lcd.size() > 1) {
+ String inputOption = cr.getEntry();
+ if (inputOption == null) {
+ String message = selectCredFromList(lcd, action);
+ Object[] variables = buildVariables(lcd);
+ return Result.err(Status.ERR_ChoiceNeeded, message, variables);
+ } else {
+ if(MayChangeCred.EXTEND.equals(action)) {
+ // might be Tag
+ if(inputOption.length()>4) { //Tag is at least 12
+ int e = 0;
+ CredDAO.Data last = null;
+ int lastIdx = -1;
+ for(CredDAO.Data cdd : lcd) {
+ if(inputOption.equals(cdd.tag)) {
+ if(last==null) {
+ last = cdd;
+ lastIdx = e;
+ } else {
+ if(last.expires.before(cdd.expires)) {
+ last = cdd;
+ lastIdx = e;
+ }
+ }
+ }
+ ++e;
+ }
+ if(last!=null) {
+ return Result.ok(lastIdx);
+ }
+ return Result.err(Status.ERR_BadData, "User chose unknown Tag");
+ }
+ }
+ entry = Integer.parseInt(inputOption) - 1;
+ }
+ if (entry < 0 || entry >= lcd.size()) {
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");
+ }
+ }
+ return Result.ok(entry);
+ }
+
+ private List<CredDAO.Data> filterList(List<CredDAO.Data> orig, Integer ... types) {
+ List<CredDAO.Data> rv = new ArrayList<>();
for(CredDAO.Data cdd : orig) {
- if(cdd!=null) {
- for(int t : types) {
- if(t==cdd.type) {
- rv.add(cdd);
- }
- }
- }
+ if(cdd!=null) {
+ for(int t : types) {
+ if(t==cdd.type) {
+ rv.add(cdd);
+ }
+ }
+ }
}
Collections.sort(rv, (o1,o2) -> {
- if(o1.type==o2.type) {
- return o1.expires.compareTo(o2.expires);
- } else {
- return o1.type.compareTo(o2.type);
- }
+ if(o1.type==o2.type) {
+ return o1.expires.compareTo(o2.expires);
+ } else {
+ return o1.type.compareTo(o2.type);
+ }
});
- return rv;
- }
+ return rv;
+ }
- private String[] buildVariables(List<CredDAO.Data> value) {
+ private String[] buildVariables(List<CredDAO.Data> value) {
String [] vars = new String[value.size()];
CredDAO.Data cdd;
for (int i = 0; i < value.size(); i++) {
- cdd = value.get(i);
- vars[i] = cdd.id + TWO_SPACE + Define.getCredType(cdd.type) + TWO_SPACE + Chrono.niceUTCStamp(cdd.expires) + TWO_SPACE + cdd.tag;
+ cdd = value.get(i);
+ vars[i] = cdd.id + TWO_SPACE + Define.getCredType(cdd.type) + TWO_SPACE + Chrono.niceUTCStamp(cdd.expires) + TWO_SPACE + cdd.tag;
}
return vars;
}
@@ -3116,8 +3116,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private String selectCredFromList(List<CredDAO.Data> value, String action) {
StringBuilder errMessage = new StringBuilder();
String userPrompt = MayChangeCred.DELETE.equals(action)?
- "Select which cred to delete (set force=true to delete all):":
- "Select which cred to " + action + ':';
+ "Select which cred to delete (set force=true to delete all):":
+ "Select which cred to " + action + ':';
int numSpaces = value.get(0).id.length() - "Id".length();
errMessage.append(userPrompt + '\n');
@@ -3132,7 +3132,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if(MayChangeCred.EXTEND.equals(action)) {
errMessage.append("Run same command again with chosen entry or Tag as last parameter");
} else {
- errMessage.append("Run same command again with chosen entry as last parameter");
+ errMessage.append("Run same command again with chosen entry as last parameter");
}
return errMessage.toString();
@@ -3193,20 +3193,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = GET,
- path = "/authn/basicAuth",
- params = {},
- expectedCode = 200,
- errorCodes = { 403 },
- text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n"
- + "Use /authn/validate instead\n"
- + "Note: Validate a Password using BasicAuth Base64 encoded Header. This HTTP/S call is intended as a fast"
- + " User/Password lookup for Security Frameworks, and responds 200 if it passes BasicAuth "
- + "security, and 403 if it does not." }
- )
- private void basicAuth() {
- // This is a place holder for Documentation. The real BasicAuth API does not call Service.
- }
+ method = GET,
+ path = "/authn/basicAuth",
+ params = {},
+ expectedCode = 200,
+ errorCodes = { 403 },
+ text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n"
+ + "Use /authn/validate instead\n"
+ + "Note: Validate a Password using BasicAuth Base64 encoded Header. This HTTP/S call is intended as a fast"
+ + " User/Password lookup for Security Frameworks, and responds 200 if it passes BasicAuth "
+ + "security, and 403 if it does not." }
+ )
+ private void basicAuth() {
+ // This is a place holder for Documentation. The real BasicAuth API does not call Service.
+ }
/***********************************
* USER-ROLE
@@ -3251,9 +3251,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private Result<NsDAO.Data> nsd;
@Override
public Result<?> mayChange() {
- if(urr.value.role.startsWith(urr.value.user)) {
- return Result.ok((NsDAO.Data)null);
- }
+ if(urr.value.role.startsWith(urr.value.user)) {
+ return Result.ok((NsDAO.Data)null);
+ }
if (nsd==null) {
RoleDAO.Data r = RoleDAO.Data.decode(userRole);
nsd = ques.mayUser(trans, trans.user(), r, Access.write);
@@ -3264,15 +3264,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
NsDAO.Data ndd;
if(userRole.role.startsWith(userRole.user)) {
- userRole.ns=userRole.user;
- userRole.rname="user";
- ndd = null;
+ userRole.ns=userRole.user;
+ userRole.rname="user";
+ ndd = null;
} else {
- Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role);
- if (nsr.notOK()) {
- return Result.err(nsr);
- }
- ndd = nsr.value;
+ Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role);
+ if (nsr.notOK()) {
+ return Result.err(nsr);
+ }
+ ndd = nsr.value;
}
switch(fd.status) {
@@ -3820,17 +3820,17 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of")
Result<List<HistoryDAO.Data>> resp;
if(type.startsWith(trans.user())) {
- resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
+ resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
} else {
Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);
- if (rnd.notOK()) {
- return Result.err(rnd);
- }
- rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
- if (rnd.notOK()) {
- return Result.err(rnd);
- }
- resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
+ if (rnd.notOK()) {
+ return Result.err(rnd);
+ }
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
+ if (rnd.notOK()) {
+ return Result.err(rnd);
+ }
+ resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
}
if (resp.notOK()) {
@@ -3864,8 +3864,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, final int sort) {
- NsDAO.Data ndd = new NsDAO.Data();
- ndd.name = FQI.reverseDomain(subject);
+ NsDAO.Data ndd = new NsDAO.Data();
+ ndd.name = FQI.reverseDomain(subject);
Result<Data> rnd = ques.mayUser(trans, trans.user(), ndd, Access.read);
if (rnd.notOK()) {
return Result.err(rnd);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
index 80d317f0..f9f23f46 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
@@ -644,7 +644,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* @param sort
* @return
*/
- public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort);
+ public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort);
/***********************************
* DELEGATE
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index c8bae9f0..f7c38681 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -194,7 +194,7 @@ public class API_Creds {
authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.createUserCred(trans, req);
+ Result<Void> r = context.createUserCred(trans, req);
if (r.isOK()) {
resp.setStatus(HttpStatus.CREATED_201);
} else {
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
index a56b7c26..15d2302f 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
@@ -114,7 +114,7 @@ public class API_UserRole {
authzAPI.route(PUT,"/authz/userRole/user",API.USER_ROLE_REQ,new Code(facade,"Update Roles for a user", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- context.error(trans,resp,removeAPI);
+ context.error(trans,resp,removeAPI);
}
});
@@ -125,7 +125,7 @@ public class API_UserRole {
authzAPI.route(PUT,"/authz/userRole/role",API.USER_ROLE_REQ,new Code(facade,"Update Users for a role", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- context.error(trans,resp,removeAPI);
+ context.error(trans,resp,removeAPI);
}
});
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
index 80e02264..f9ea39d6 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
@@ -243,7 +243,7 @@ public interface AuthzFacade {
public abstract Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String type, String subject, int[] yyyymm, int sort);
- /*
+ /*
* Cache
*/
public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
index 323c9fe0..10138d2c 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
@@ -174,16 +174,16 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (result.variables==null || result.variables.length<1) {
detail = new String[1];
} else {
- List<String> dlist = new ArrayList<String>();
- dlist.add(null);
- String os;
- for(Object s : result.variables) {
- if(s!=null && (os=s.toString()).length()>0) {
- dlist.add(os);
- }
- }
- detail = new String[dlist.size()];
- dlist.toArray(detail);
+ List<String> dlist = new ArrayList<String>();
+ dlist.add(null);
+ String os;
+ for(Object s : result.variables) {
+ if(s!=null && (os=s.toString()).length()>0) {
+ dlist.add(os);
+ }
+ }
+ detail = new String[dlist.size()];
+ dlist.toArray(detail);
}
//int httpstatus;
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 56ba5f5f..26216c65 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -367,30 +367,30 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
PermRequest from = (PermRequest)req;
String type = from.getType();
if(type==null) {
- return Result.err(Result.ERR_BadData, "Invalid Perm Type");
+ return Result.err(Result.ERR_BadData, "Invalid Perm Type");
}
PermDAO.Data pd = new PermDAO.Data();
if(type.contains("@")) {
- String[] split = Split.splitTrim(':', type);
- pd.ns = split[0];
- pd.type=split.length>1?split[1]:"";
- pd.instance = from.getInstance();
- pd.action = from.getAction();
- pd.description = from.getDescription();
- return Result.ok(pd);
+ String[] split = Split.splitTrim(':', type);
+ pd.ns = split[0];
+ pd.type=split.length>1?split[1]:"";
+ pd.instance = from.getInstance();
+ pd.action = from.getAction();
+ pd.description = from.getDescription();
+ return Result.ok(pd);
} else {
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
- if (nss.isOK()) {
- pd.ns=nss.value.ns;
- pd.type = nss.value.name;
- pd.instance = from.getInstance();
- pd.action = from.getAction();
- pd.description = from.getDescription();
- trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
- return Result.ok(pd);
- } else {
- return Result.err(nss);
- }
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
+ if (nss.isOK()) {
+ pd.ns=nss.value.ns;
+ pd.type = nss.value.name;
+ pd.instance = from.getInstance();
+ pd.action = from.getAction();
+ pd.description = from.getDescription();
+ trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
+ return Result.ok(pd);
+ } else {
+ return Result.err(nss);
+ }
}
}
@@ -526,23 +526,23 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
to.ns = Question.domain2ns(to.id);
to.type = from.getType();
if(to.type!=null && to.type==CredDAO.FQI) {
- to.cred = null;
+ to.cred = null;
} else {
- String passwd = from.getPassword();
- if (requiresPass) {
- String ok = trans.org().isValidPassword(trans, to.id,passwd);
- if (ok.length()>0) {
- return Result.err(Status.ERR_BadData,ok);
- }
- }
- if (passwd != null) {
- to.cred = ByteBuffer.wrap(passwd.getBytes());
- to.type = CredDAO.RAW;
- } else {
- to.type = CredDAO.NONE;
- }
- }
-
+ String passwd = from.getPassword();
+ if (requiresPass) {
+ String ok = trans.org().isValidPassword(trans, to.id,passwd);
+ if (ok.length()>0) {
+ return Result.err(Status.ERR_BadData,ok);
+ }
+ }
+ if (passwd != null) {
+ to.cred = ByteBuffer.wrap(passwd.getBytes());
+ to.type = CredDAO.RAW;
+ } else {
+ to.type = CredDAO.NONE;
+ }
+ }
+
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index df8bde8b..56785fee 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -57,9 +57,9 @@ public class ServiceValidator extends Validator {
if (pd==null) {
msg("Perm Data is null.");
} else {
- if(!pd.ns.contains("@")) {
- ns(pd.ns);
- }
+ if(!pd.ns.contains("@")) {
+ ns(pd.ns);
+ }
permType(pd.type,pd.ns);
permInstance(pd.instance);
permAction(pd.action);
@@ -222,8 +222,8 @@ public class ServiceValidator extends Validator {
public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) {
role(user,urdd.role);
if(!urdd.role.startsWith(user)) {
- nullOrBlank("UserRole.ns",urdd.ns);
- nullOrBlank("UserRole.rname",urdd.rname);
+ nullOrBlank("UserRole.ns",urdd.ns);
+ nullOrBlank("UserRole.rname",urdd.rname);
}
return this;
}
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
index 5e6cfb62..9a804c98 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
@@ -75,20 +75,20 @@ import aaf.v2_0.Users;
@RunWith(MockitoJUnitRunner.class)
public abstract class JU_BaseServiceImpl {
- protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals>
- acsi;
- protected Mapper_2_0 mapper;
+ protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals>
+ acsi;
+ protected Mapper_2_0 mapper;
- @Mock
+ @Mock
protected DefaultOrg org;
- @Mock
+ @Mock
protected DefaultOrgIdentity orgIdentity;
//
// NOTE: Annotation format (@Mock and @Spy) do NOT seem to always work as a Base Class,
// so we construct manually.
//
-// Mock Objects
+// Mock Objects
protected HistoryDAO historyDAO = mock(HistoryDAO.class);
protected CacheInfoDAO cacheInfoDAO = mock(CacheInfoDAO.class);
protected CachedNSDAO nsDAO = mock(CachedNSDAO.class);
@@ -102,47 +102,47 @@ public abstract class JU_BaseServiceImpl {
protected DelegateDAO delegateDAO = mock(DelegateDAO.class);
protected ApprovalDAO approvalDAO = mock(ApprovalDAO.class);
- // Spy Objects
+ // Spy Objects
@Spy
protected static PropAccess access = new PropAccess();
@Spy
- protected static AuthzEnv env = new AuthzEnv(access);
+ protected static AuthzEnv env = new AuthzEnv(access);
@Spy
protected static AuthzTrans trans = env.newTransNoAvg();
// @Spy doesn't seem to work on Question.
@Spy
protected Question question = spy(new Question(trans,
- historyDAO,cacheInfoDAO,nsDAO,permDAO,
- roleDAO,userRoleDAO,credDAO,certDAO,
- locateDAO,futureDAO,delegateDAO,approvalDAO));
+ historyDAO,cacheInfoDAO,nsDAO,permDAO,
+ roleDAO,userRoleDAO,credDAO,certDAO,
+ locateDAO,futureDAO,delegateDAO,approvalDAO));
- public void setUp() throws Exception {
- when(trans.org()).thenReturn(org);
- when(org.getDomain()).thenReturn("org.onap");
- Define.set(access);
- access.setProperty(Config.CADI_LATITUDE, "38.0");
- access.setProperty(Config.CADI_LONGITUDE, "-72.0");
-
- mapper = new Mapper_2_0(question);
- acsi = new AuthzCassServiceImpl<>(trans, mapper, question);
- }
-
- //////////
- // Common Data Objects
- /////////
+ public void setUp() throws Exception {
+ when(trans.org()).thenReturn(org);
+ when(org.getDomain()).thenReturn("org.onap");
+ Define.set(access);
+ access.setProperty(Config.CADI_LATITUDE, "38.0");
+ access.setProperty(Config.CADI_LONGITUDE, "-72.0");
+
+ mapper = new Mapper_2_0(question);
+ acsi = new AuthzCassServiceImpl<>(trans, mapper, question);
+ }
+
+ //////////
+ // Common Data Objects
+ /////////
protected List<NsDAO.Data> nsData(String name) {
- NsDAO.Data ndd = new NsDAO.Data();
- ndd.name=name;
- int dot = name.lastIndexOf('.');
- if(dot<0) {
- ndd.parent=".";
- } else {
- ndd.parent=name.substring(0,dot);
- }
- List<NsDAO.Data> rv = new ArrayList<NsDAO.Data>();
- rv.add(ndd);
- return rv;
+ NsDAO.Data ndd = new NsDAO.Data();
+ ndd.name=name;
+ int dot = name.lastIndexOf('.');
+ if(dot<0) {
+ ndd.parent=".";
+ } else {
+ ndd.parent=name.substring(0,dot);
+ }
+ List<NsDAO.Data> rv = new ArrayList<NsDAO.Data>();
+ rv.add(ndd);
+ return rv;
}
/**
@@ -155,36 +155,36 @@ public abstract class JU_BaseServiceImpl {
* @param days
*/
protected void whenRole(AuthzTrans trans, String user, String ns, String role, boolean exists, int days) {
- Result<List<UserRoleDAO.Data>> result;
- if(exists) {
- result = Result.ok(listOf(urData(user,ns,role,days)));
- } else {
- result = Result.ok(emptyList(UserRoleDAO.Data.class));
- }
- when(question.userRoleDAO().read(trans, user, ns+'.'+role)).thenReturn(result);
+ Result<List<UserRoleDAO.Data>> result;
+ if(exists) {
+ result = Result.ok(listOf(urData(user,ns,role,days)));
+ } else {
+ result = Result.ok(emptyList(UserRoleDAO.Data.class));
+ }
+ when(question.userRoleDAO().read(trans, user, ns+'.'+role)).thenReturn(result);
}
protected UserRoleDAO.Data urData(String user, String ns, String rname, int days) {
- UserRoleDAO.Data urdd = new UserRoleDAO.Data();
- urdd.user = user;
- urdd.ns = ns;
- urdd.rname = rname;
- urdd.role = ns + '.' + rname;
- GregorianCalendar gc = new GregorianCalendar();
- gc.add(GregorianCalendar.DAY_OF_YEAR, days);
- urdd.expires = gc.getTime();
- return urdd;
+ UserRoleDAO.Data urdd = new UserRoleDAO.Data();
+ urdd.user = user;
+ urdd.ns = ns;
+ urdd.rname = rname;
+ urdd.role = ns + '.' + rname;
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.add(GregorianCalendar.DAY_OF_YEAR, days);
+ urdd.expires = gc.getTime();
+ return urdd;
}
protected <T> List<T> listOf(T t) {
- List<T> list = new ArrayList<>();
- list.add(t);
- return list;
+ List<T> list = new ArrayList<>();
+ list.add(t);
+ return list;
}
protected <T> List<T> emptyList(Class<T> cls) {
- return new ArrayList<>();
+ return new ArrayList<>();
}
}
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
index 00da6b4c..2bb907ac 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
@@ -49,100 +49,100 @@ import junit.framework.Assert;
@RunWith(MockitoJUnitRunner.class)
public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl {
- @Mock
- private Result<CredDAO.Data> rcdd;
-
- @Before
- public void setUp() throws Exception {
- super.setUp();
- }
+ @Mock
+ private Result<CredDAO.Data> rcdd;
+
+ @Before
+ public void setUp() throws Exception {
+ super.setUp();
+ }
@Test
public void validCreateNewIsOwner() throws OrganizationException {
- CredRequest cr = credRequest1();
- final String fqi = "bob@people.onap.org";
- when(trans.user()).thenReturn(fqi);
- when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
- when(org.isValidCred(trans, cr.getId())).thenReturn(true);
- when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
- when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
- when(orgIdentity.isFound()).thenReturn(true);
- final String ns = "org.onap.sample";
- whenRole(trans, fqi, ns, "owner", false, 100);
- when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
- when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
- when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
- when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
- Result<?> result = acsi.createUserCred(trans,cr);
- // Owner may do FIRST Creds
- Assert.assertEquals(Result.OK,result.status);
+ CredRequest cr = credRequest1();
+ final String fqi = "bob@people.onap.org";
+ when(trans.user()).thenReturn(fqi);
+ when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+ when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+ when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+ when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+ when(orgIdentity.isFound()).thenReturn(true);
+ final String ns = "org.onap.sample";
+ whenRole(trans, fqi, ns, "owner", false, 100);
+ when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+ when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
+ when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
+ when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
+ Result<?> result = acsi.createUserCred(trans,cr);
+ // Owner may do FIRST Creds
+ Assert.assertEquals(Result.OK,result.status);
}
@Test
public void validCreateNewOnlyAdmin() throws OrganizationException {
- CredRequest cr = credRequest1();
- final String fqi = "bob@people.onap.org";
- when(trans.user()).thenReturn(fqi);
- when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
- when(org.isValidCred(trans, cr.getId())).thenReturn(true);
- when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
- when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
- when(orgIdentity.isFound()).thenReturn(true);
- final String ns = "org.onap.sample";
- whenRole(trans,fqi,ns,"owner",false, 100);
- whenRole(trans,fqi,ns,"admin",true, 100);
- when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
- when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
- when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
- when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
- Result<?> result = acsi.createUserCred(trans,cr);
- // Admins may not do FIRST Creds
- Assert.assertEquals(Result.ERR_Denied,result.status);
+ CredRequest cr = credRequest1();
+ final String fqi = "bob@people.onap.org";
+ when(trans.user()).thenReturn(fqi);
+ when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+ when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+ when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+ when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+ when(orgIdentity.isFound()).thenReturn(true);
+ final String ns = "org.onap.sample";
+ whenRole(trans,fqi,ns,"owner",false, 100);
+ whenRole(trans,fqi,ns,"admin",true, 100);
+ when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+ when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
+ when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
+ when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
+ Result<?> result = acsi.createUserCred(trans,cr);
+ // Admins may not do FIRST Creds
+ Assert.assertEquals(Result.ERR_Denied,result.status);
}
@Test
public void validCreateExisting() throws OrganizationException {
- CredRequest cr = credRequest1();
- when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
- when(org.isValidCred(trans, cr.getId())).thenReturn(true);
- when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
- when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
- when(orgIdentity.isFound()).thenReturn(true);
- String ns = "org.onap.sample";
- when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
-
- CredDAO.Data cdd = credDataFound(cr,100);
- when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(cdd));
- when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(listOf(cdd)));
+ CredRequest cr = credRequest1();
+ when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+ when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+ when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+ when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+ when(orgIdentity.isFound()).thenReturn(true);
+ String ns = "org.onap.sample";
+ when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+
+ CredDAO.Data cdd = credDataFound(cr,100);
+ when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(cdd));
+ when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(listOf(cdd)));
- Result<?> result = acsi.createUserCred(trans,cr);
- Assert.assertEquals(Result.OK,result.status);
+ Result<?> result = acsi.createUserCred(trans,cr);
+ Assert.assertEquals(Result.OK,result.status);
}
private CredRequest credRequest1() {
- CredRequest cr = new CredRequest();
- cr.setId("m12345@sample.onap.org");
- cr.setPassword("BobAndWeave");
- cr.setType(CredDAO.RAW);
- return cr;
+ CredRequest cr = new CredRequest();
+ cr.setId("m12345@sample.onap.org");
+ cr.setPassword("BobAndWeave");
+ cr.setType(CredDAO.RAW);
+ return cr;
}
private CredDAO.Data credDataFound(CredRequest cr, int days) {
- CredDAO.Data cdd = new CredDAO.Data();
- cdd.id = cr.getId();
- cdd.ns = FQI.reverseDomain(cr.getId());
- cdd.other = 12345;
- cdd.tag = "1355434";
- cdd.type = CredDAO.BASIC_AUTH_SHA256;
- try {
- cdd.cred = ByteBuffer.wrap(Hash.hashSHA256(cr.getPassword().getBytes()));
- } catch (NoSuchAlgorithmException e) {
- Assert.fail(e.getMessage());
- }
- GregorianCalendar gc = new GregorianCalendar();
- gc.add(GregorianCalendar.DAY_OF_YEAR, days);
- cdd.expires = gc.getTime();
- return cdd;
+ CredDAO.Data cdd = new CredDAO.Data();
+ cdd.id = cr.getId();
+ cdd.ns = FQI.reverseDomain(cr.getId());
+ cdd.other = 12345;
+ cdd.tag = "1355434";
+ cdd.type = CredDAO.BASIC_AUTH_SHA256;
+ try {
+ cdd.cred = ByteBuffer.wrap(Hash.hashSHA256(cr.getPassword().getBytes()));
+ } catch (NoSuchAlgorithmException e) {
+ Assert.fail(e.getMessage());
+ }
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.add(GregorianCalendar.DAY_OF_YEAR, days);
+ cdd.expires = gc.getTime();
+ return cdd;
}
} \ No newline at end of file