diff options
Diffstat (limited to 'auth')
62 files changed, 376 insertions, 218 deletions
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml index 802538ab..8f9db7c6 100644 --- a/auth/auth-batch/pom.xml +++ b/auth/auth-batch/pom.xml @@ -25,7 +25,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> @@ -45,22 +45,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> @@ -123,12 +107,6 @@ <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-deforg</artifactId> </dependency> - - <!--dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </dependency --> - </dependencies> <build> diff --git a/auth/auth-batch/src/assemble/auth-batch.xml b/auth/auth-batch/src/assemble/auth-batch.xml index 1ba34da3..25b37b73 100644 --- a/auth/auth-batch/src/assemble/auth-batch.xml +++ b/auth/auth-batch/src/assemble/auth-batch.xml @@ -38,7 +38,20 @@ <include>org.onap.aaf.authz:aaf-cadi-core</include> <include>org.onap.aaf.authz:aaf-misc-env</include> <include>org.onap.aaf.authz:aaf-misc-rosetta</include> + <include>javax.xml.bind:jaxb-api</include> + <include>org.glassfish.jaxb:jaxb-runtime</include> </includes --> + <includes> + <include>org.onap.aaf.authz:aaf-auth-batch</include> + <include>org.onap.aaf.authz:aaf-auth-core</include> + <include>org.onap.aaf.authz:aaf-cadi-core</include> + <include>org.onap.aaf.authz:aaf-misc-env</include> + <include>org.onap.aaf.authz:aaf-misc-rosetta</include> + <include>javax.xml.bind:jaxb-api</include> + <include>org.glassfish.jaxb:jaxb-runtime</include> + <include>com.sun.istack:istack-commons-runtime</include> + <include>javax.activation:javax.activation-api</include> + </includes> </dependencySet> </dependencySets> </assembly>
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index a6c49f08..408a17bc 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -63,13 +63,6 @@ public class ApprovedRpt extends Batch { TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB); try { -// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); -// try { -// session = cluster.connect(); -// } finally { -// tt.done(); -// } - now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),APPR_RPT + sdate +CSV); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java index 3d26ce99..7c516b10 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java @@ -111,7 +111,7 @@ public class Remove extends Batch { final Holder<Boolean> ur = new Holder<>(false); final Holder<Boolean> cred = new Holder<>(false); final Holder<Boolean> x509 = new Holder<>(false); - final Holder<String> memoFmt = new Holder<String>(""); + final Holder<String> memoFmt = new Holder<>(""); final HistoryDAO.Data hdd = new HistoryDAO.Data(); final String orgName = trans.org().getName(); diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml index d8e25cc3..5e86ba60 100644 --- a/auth/auth-cass/pom.xml +++ b/auth/auth-cass/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> @@ -37,22 +37,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java index 75efdfae..31e5069b 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java @@ -129,7 +129,7 @@ public class FileGetter { public static void main(String[] args) { PropAccess access = new PropAccess(args); - access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat"); + access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat"); FileGetter fg = FileGetter.singleton(access); for(String id : new String[] {"m01891@aaf.att.com","bogus"}) { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 0d5c487d..e5cde35c 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -227,7 +227,6 @@ public class Function { if (rparent.notOK()) { return Result.err(rparent); } - parent = rparent.value.parent; if (!fromApproval) { rparent = q.mayUser(trans, user, rparent.value, Access.write); if (rparent.notOK()) { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 1809686a..39578f83 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -786,11 +786,17 @@ public class Question { return Result.err(Status.ERR_BadData, "[%s] cannot be a delegate for self", dd.user); } - if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG, - org.getDomain(), Question.CREATE)) { - return Result.err(Status.ERR_Denied, + if (!isUser) { + String supportedDomain = org.supportedDomain(dd.user); + if(supportedDomain==null) { + return Result.err(Status.ERR_Denied, + "[%s] may not create a delegate for the domain for [%s]", + trans.user(), dd.user); + } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) { + return Result.err(Status.ERR_Denied, "[%s] may not create a delegate for [%s]", trans.user(), dd.user); + } } break; case read: diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml index 69465b7d..64ab8372 100644 --- a/auth/auth-certman/pom.xml +++ b/auth/auth-certman/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java new file mode 100644 index 00000000..38429ad9 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.api; + +import java.security.cert.Certificate; +import java.util.Date; +import org.onap.aaf.auth.cm.cert.CSRMeta; +import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException; +import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException; + +/** + * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure + * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2). + */ +public interface CmpClient { + + /** + * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with + * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue + * encountered in fetching certificate from CA. + * + * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. + * Could be {@code null}. + * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}. + * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}. + * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. + * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date. + * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date. + * @return The newly created Certificate. + * + * @throws CAOfflineException if External CA that is offline + * @throws CmpClientException if client error occurs. + */ + Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr, + Date notBefore, Date notAfter) + throws CAOfflineException, CmpClientException; + + /** + * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with + * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue + * encountered in fetching certificate from CA. + * + * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could + * be {@code null}. + * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}. + * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. + * @return The newly created Certificate. + * + * @throws CAOfflineException if External CA that is offline + * @throws CmpClientException if client error occurs. + */ + Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr) + throws CAOfflineException, CmpClientException; + + /** + * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration + * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate + * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses. + * + * @param caName CA name. Could be {@code null}. + * @param cert Target certificate. Must not be {@code null}. + * @param reason Revocation reason. + * @param invalidityTime Invalidity time. Could be {@code null}. + * @return return Certificate. + * + * @throws CmpClientException if client error occurs. + */ + Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime) + throws CAOfflineException, CmpClientException; +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java new file mode 100644 index 00000000..d1484f30 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +/** + * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA + * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The + * connection was refused remotely (e.g., no process is listening on the remote address/port). + */ +public class CAOfflineException extends Exception { + + private static final long serialVersionUID = 2L; + + /** + * Creates a new instance without detail message. + */ + public CAOfflineException() { + super(); + } + + /** + * Constructs an instance with the specified detail message. + * + * @param msg the detail message. + */ + public CAOfflineException(String msg) { + super(msg); + } +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java new file mode 100644 index 00000000..2a17ab10 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +/** + * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code. + */ +public class CmpClientException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance with detail message. + */ + public CmpClientException(String message) { + super(message); + } + + /** + * Creates a new instance with detail Throwable cause. + */ + public CmpClientException(Throwable cause) { + super(cause); + } + + /** + * Creates a new instance with detail message and Throwable cause. + */ + public CmpClientException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java new file mode 100644 index 00000000..19cf634c --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +import java.security.cert.Certificate; +import java.util.Date; +import org.onap.aaf.auth.cm.cert.CSRMeta; +import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient; + +/** + * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 ( + * Certificate Request Message Format (CRMF)) standards. + */ +public final class CmpClientImpl implements CmpClient { + + @Override + public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta, + final Certificate csr, final Date notBefore, final Date notAfter) + throws CAOfflineException, CmpClientException { + + // TODO Auto-generated method stub + return null; + } + + @Override + public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta, + final Certificate csr) + throws CAOfflineException, CmpClientException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason, + final Date invalidityTime) + throws CAOfflineException, CmpClientException { + // TODO Auto-generated method stub + return null; + } +} + diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 6de09de5..2e7cb2d9 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -18,7 +18,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> @@ -58,22 +58,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml index 013010b5..ba312423 100644 --- a/auth/auth-cmd/src/assemble/auth-cmd.xml +++ b/auth/auth-cmd/src/assemble/auth-cmd.xml @@ -42,6 +42,10 @@ <include>org.onap.aaf.authz:aaf-misc-env</include> <include>org.onap.aaf.authz:aaf-misc-rosetta</include> <include>jline:jline</include> + <include>javax.xml.bind:jaxb-api</include> + <include>org.glassfish.jaxb:jaxb-runtime</include> + <include>com.sun.istack:istack-commons-runtime</include> + <include>javax.activation:javax.activation-api</include> </includes> </dependencySet> diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java index 6e6b40b4..8d4d66a8 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java @@ -61,7 +61,7 @@ public class Create extends Cmd { } String[] admin; if (args.length>idx) { - admin = args[idx++].split(COMMA); + admin = args[idx].split(COMMA); } else { admin = responsible; } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java index fd43e8da..e93ec052 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java @@ -49,7 +49,7 @@ public class Owner extends BaseCmd<NS> { final int option = whichOption(options, args[idx++]); final String ns = args[idx++]; - final String ids[] = args[idx++].split(","); + final String ids[] = args[idx].split(","); return same(new Retryable<Integer>() { @Override diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java index fc1f9363..f53ca4c8 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java @@ -57,7 +57,7 @@ public class Delete extends Cmd { PermRequest pk = new PermRequest(); pk.setType(args[idx++]); pk.setInstance(args[idx++]); - pk.setAction(args[idx++]); + pk.setAction(args[idx]); if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role client.setQueryParams("force"); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java index eb206970..3770a58c 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java @@ -74,7 +74,7 @@ public class Grant extends Cmd { Future<RolePermRequest> frpr = null; - String[] roles = args[idx++].split(","); + String[] roles = args[idx].split(","); String strA; String strB; for (String role : roles) { @@ -110,7 +110,6 @@ public class Grant extends Cmd { pw().println(" Accepted, but requires Approvals before actualizing"); } else { error(frpr); - idx=Integer.MAX_VALUE; } } } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java index 6400aad3..42725223 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java @@ -51,8 +51,7 @@ public class ListActivity extends Cmd { return same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { - int idx = index; - String type = args[idx++]; + String type = args[index]; Future<History> fp = client.read( "/authz/hist/perm/"+type, getDF(History.class) diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java index d868a7c8..36b5a966 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java @@ -65,7 +65,7 @@ public class Rename extends Cmd { PermRequest pr = new PermRequest(); pr.setType(args[idx++]); pr.setInstance(args[idx++]); - pr.setAction(args[idx++]); + pr.setAction(args[idx]); // Set Start/End commands setStartEnd(pr); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java index b6a8a0da..94338078 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java @@ -47,9 +47,8 @@ public class ListActivity extends Cmd { } @Override - public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; - final String role = args[idx++]; + public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException { + final String role = args[idx]; return same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java index 4641ade7..a0a8579b 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java @@ -63,7 +63,7 @@ public class User extends Cmd { Future<?> fp = null; - String[] ids = args[idx++].split(","); + String[] ids = args[idx].split(","); String verb=null,participle=null; // You can request to be added or removed from role. setQueryParamsOn(client); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index 1a410088..9ef4c00a 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -132,11 +132,22 @@ public class Cred extends Cmd { // IMPORTANT! We do this backward, because it is looking for string // %1 or %13. If we replace %1 first, that messes up %13 + String var; for(int i=vars.size()-1;i>0;--i) { - text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i)); + var = vars.get(i); + if(aafcli.isTest()) { + int type = var.indexOf("U/P"); + if(type>0) { + var = var.substring(0,type+4) + " XXXX/XX/XX XX:XX UTC XXXXXXXXXXXXXXXXXX"; + } + } + text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var); } text = text.replace("%1",vars.get(0)); + if(aafcli.isTest()) { + + } pw().println(text); } else if (fp.code()==406 && option==1) { pw().println("You cannot delete this Credential"); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java index f5cb4499..6e967286 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java @@ -72,7 +72,7 @@ public class Delg extends BaseCmd<User> { if (option<2 && args.length>idx) { Date date; try { - date = Chrono.dateOnlyFmt.parse(args[idx++]); + date = Chrono.dateOnlyFmt.parse(args[idx]); } catch (ParseException e) { throw new CadiException(e); } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java index 30c71e55..485e6d18 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java @@ -47,9 +47,8 @@ public class ListActivity extends Cmd { } @Override - public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; - final String user = fullID(args[idx++]); + public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException { + final String user = fullID(args[idx]); return same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java index 765bd0aa..17f3002a 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java @@ -50,10 +50,10 @@ public class ListApprovals extends Cmd { @Override public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; + int idx = _idx; final String type = args[idx++]; int option = whichOption(options,type); - String value = args[idx++]; + String value = args[idx]; final String fullValue; if (option != 2) { fullValue = fullID(value); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java index 07a19d36..8502f398 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java @@ -60,7 +60,7 @@ public class ListForCreds extends Cmd { int idx = idxParam; final int option = whichOption(options, args[idx++]); final String which = options[option]; - final String value = args[idx++]; + final String value = args[idx]; return same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java index 0ab24900..6b9c83f7 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java @@ -64,7 +64,7 @@ public class ListForPermission extends Cmd { String type = args[idx++]; String instance = args[idx++]; if ("\\*".equals(instance))instance="*"; - String action = args[idx++]; + String action = args[idx]; if ("\\*".equals(action))action="*"; try { Future<Users> fp = client.read( diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java index 6fdf1628..13f0a00d 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java @@ -47,8 +47,7 @@ public class ListForRoles extends Cmd { @Override public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; - final String role = args[idx++]; + final String role = args[_idx]; return same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index 91517836..5409a327 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -25,7 +25,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> @@ -45,22 +45,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 288d79d3..73093099 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -95,7 +95,16 @@ public interface Organization { public void addSupportedRealm(String r); - public String getDomain(); + /** + * If Supported, returns Realm, ex: org.onap + * ELSE returns null + * + * @param user + * @return + */ + public String supportedDomain(String user); + + public String getDomain(); /** * Get Identity information based on userID @@ -420,6 +429,11 @@ public interface Organization { @Override public void addSupportedRealm(String r) { } + + @Override + public String supportedDomain(String r) { + return null; + } @Override public String getDomain() { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java index 867d2984..6d559de5 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java @@ -131,13 +131,13 @@ public class OrganizationFactory { } env.init().printf("Instantiated %s with %s%s",orgNS,orgClass,(isDefault?" as default":"")); } - if (org==null) { - if (defaultOrg!=null) { + if ( (org==null) && (defaultOrg!=null)){ + org=defaultOrg; orgs.put(orgNS, org); } } - } + return org; } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java index bd718e46..bf9f57e3 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java @@ -45,8 +45,7 @@ class Acceptor<TRANS extends Trans> { } private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) { -// int plus = str.indexOf('+'); -// if (plus<0) { + boolean ok = false; boolean any = false; for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) { @@ -61,23 +60,7 @@ class Acceptor<TRANS extends Trans> { } } } -// } else { // Handle Accepts with "+" as in application/xaml+xml -// int prev = str.indexOf('/')+1; -// String first = str.substring(0,prev); -// String nstr; -// while (prev!=0) { -// nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus)); -// -// for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) { -// if (type.x.equals(nstr)) { -// acceptable.add(type); -// return type; -// } -// } -// prev = plus+1; -// plus=str.indexOf('+', prev); -// }; -// } + return any; } @@ -93,9 +76,9 @@ class Acceptor<TRANS extends Trans> { if (type.y!=null) { for (Pair<String,Object> prop : type.y.y){ if (tag.equals(prop.x)) { - if (tag.equals("charset")) { + if ( "charset".equals(tag)) { return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched - } else if (tag.equals("version")) { + } else if ("version".equals(tag)) { return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding } else if (tag.equals(Content.Q)) { // replace Q value try { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java index 761fd8cc..172f386e 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java @@ -41,7 +41,7 @@ class CodeSetter<TRANS extends Trans> { this.resp = resp; } - public boolean matches(Route<TRANS> route) throws IOException, ServletException { + public boolean matches(Route<TRANS> route) { // Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists) return (code = route.getCode(trans, req, resp))!=null; } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java index f8c5ae19..03d6dfe2 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java @@ -21,10 +21,9 @@ package org.onap.aaf.auth.rserv; -import java.io.IOException; + import java.util.List; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml index 353d4b91..e9bee7b8 100644 --- a/auth/auth-deforg/pom.xml +++ b/auth/auth-deforg/pom.xml @@ -26,7 +26,7 @@ <artifactId>authparent</artifactId> <relativePath>../pom.xml</relativePath> <groupId>org.onap.aaf.authz</groupId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> </parent> <artifactId>aaf-auth-deforg</artifactId> @@ -45,22 +45,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 46d3db9b..70b3324a 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -637,6 +637,25 @@ public class DefaultOrg implements Organization { } return false; } + + @Override + public String supportedDomain(String user) { + if(user!=null) { + int after_at = user.indexOf('@')+1; + if(after_at<user.length()) { + String ud = FQI.reverseDomain(user); + if(ud.startsWith(getDomain())) { + return getDomain(); + } + for(String s : supportedRealms) { + if(ud.startsWith(s)) { + return FQI.reverseDomain(s); + } + } + } + } + return null; + } @Override public synchronized void addSupportedRealm(final String r) { diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 7b871267..87763650 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> @@ -57,22 +57,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java index 19a150da..64d93539 100644 --- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java +++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java @@ -44,7 +44,7 @@ import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.cadi.register.RemoteRegistrant; -import org.onap.aaf.misc.env.APIException; + public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { @@ -58,7 +58,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { // creates StaticSlot, needed for CachingFileAccess, and sets to public Dir env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir"); - CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env); + CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env); route(env,GET,"/:key*", cfa); final String aaf_locate_url = Config.getAAFLocateUrl(access); if (aaf_locate_url == null) { diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml index 6b003051..f93fb7e4 100644 --- a/auth/auth-gui/pom.xml +++ b/auth/auth-gui/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index 2cb8f571..47285766 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 3ea432b8..8df23909 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java index 962b9859..c77e9a85 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java @@ -59,7 +59,7 @@ public class API_Proxy { * @param facade * @throws Exception */ - public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception { + public static void init(final AAF_Locate gwAPI, LocateFacade facade) { String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null); if (aafurl!=null) { diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml index 5e0c56fb..cc0ed53e 100644 --- a/auth/auth-oauth/pom.xml +++ b/auth/auth-oauth/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java index 0126c2e2..a0644fd1 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java @@ -28,6 +28,7 @@ import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.misc.env.APIException; +@FunctionalInterface public interface JSONPermLoader { public Result<String> loadJSONPerms(AuthzTrans trans, String user, Set<String> scopes) throws APIException, CadiException; diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml index 63585f94..9f9ca869 100644 --- a/auth/auth-service/pom.xml +++ b/auth/auth-service/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 2431e0eb..67410305 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -2346,10 +2346,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } switch(action) { case DELETE: + String why; if(ques.isOwner(trans, user,ns) || - ques.isAdmin(trans, user,ns) || - ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) { - return Result.ok(); + ques.isAdmin(trans, user,ns) || + ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) { + return Result.ok(); } break; case RESET: @@ -2509,13 +2510,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { if (firstID) { // OK, it's a first ID, and not by NS Owner - if(!ques.isOwner(trans,trans.user(),cdd.ns)) { + String user = trans.user(); + if(!ques.isOwner(trans,user,cdd.ns)) { // Admins are not allowed to set first Cred, but Org has already // said entity MAY create, typically by Permission // We can't know which reason they are allowed here, so we // have to assume that any with Special Permission would not be // an Admin. - if(ques.isAdmin(trans, trans.user(), cdd.ns)) { + String domain = org.supportedDomain(user); + if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) && + ques.isAdmin(trans, user, cdd.ns)) { return Result.err(Result.ERR_Denied, "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" ); } else { @@ -3900,6 +3904,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } final DelegateDAO.Data dd = rd.value; + + if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) { + return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self"); + } Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd); if (access==Access.create && ddr.isOKhasData()) { diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java index 60b76ea2..4a299e7e 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java @@ -135,7 +135,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE (nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType); (permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType); (permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType); -// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType); + (roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType); (roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType); (usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType); @@ -174,7 +174,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (result.variables==null || result.variables.length<1) { detail = new String[1]; } else { - List<String> dlist = new ArrayList<String>(); + List<String> dlist = new ArrayList<>(); dlist.add(null); String os; for(Object s : result.variables) { @@ -185,8 +185,6 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE detail = new String[dlist.size()]; dlist.toArray(detail); } - //int httpstatus; - switch(result.status) { case ERR_ActionNotCompleted: msgId = "SVC1202"; diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index e7ae6432..4874f1aa 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -19,6 +19,9 @@ # # Use dbuild.sh input parameter to set registry FROM ${REGISTRY}/openjdk:8-jre-alpine +#FROM openjdk:12-jdk-alpine +#FROM openjdk:13-jdk-alpine + MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index 575e21f9..f59bd228 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -28,7 +28,8 @@ fi . ./aaf.props DOCKER=${DOCKER:=docker} -CADI_VERSION=${CADI_VERSION:=2.1.16} +VERSION=${VERSION} +CADI_VERSION=${CADI_VERSION:=${VERSION}} for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do if [ "$(grep $V ./aaf.props)" = "" ]; then diff --git a/auth/docker/d.props.csit b/auth/docker/d.props.csit index cdb6b5a0..27f539bb 100644 --- a/auth/docker/d.props.csit +++ b/auth/docker/d.props.csit @@ -28,7 +28,7 @@ ORG=onap PROJECT=aaf DOCKER_PULL_REGISTRY=nexus3.onap.org:10001 DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.16-SNAPSHOT +VERSION=2.1.17-SNAPSHOT CONF_ROOT_DIR=/opt/app/osaaf # For local builds, set PREFIX= PREFIX="$DOCKER_REPOSITORY/" diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index 41a30244..8ef2e31a 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -23,7 +23,7 @@ PROJECT=aaf # Note: Override can happen on dbuild.sh Commandline, -r <registry> DOCKER_PULL_REGISTRY=nexus3.onap.org:10001 DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.16-SNAPSHOT +VERSION=2.1.17-SNAPSHOT CONF_ROOT_DIR=/opt/app/osaaf # For local builds, set PREFIX= PREFIX="$DOCKER_REPOSITORY/" diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index 4fb4e07a..0e974aa6 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -23,7 +23,7 @@ DOCKER=${DOCKER:=docker} if [ "$1" == "" ]; then - AAF_COMPONENTS="$(cat components) config core agent " + AAF_COMPONENTS="$(cat components) config core agent base " else AAF_COMPONENTS="$@" fi diff --git a/auth/docker/pom.xml b/auth/docker/pom.xml index b4d3545c..9bfb80c8 100644 --- a/auth/docker/pom.xml +++ b/auth/docker/pom.xml @@ -25,7 +25,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/helm/.gitignore b/auth/helm/.gitignore index 44cae669..e106bce2 100644 --- a/auth/helm/.gitignore +++ b/auth/helm/.gitignore @@ -2,3 +2,6 @@ aaf.orig/ pause/ aaf.new/ aaf.props +.DS_Store +current +*.tgz diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml index 5a3931c2..130fa74e 100644 --- a/auth/helm/aaf-hello/values.yaml +++ b/auth/helm/aaf-hello/values.yaml @@ -37,8 +37,8 @@ image: # repository: localhost:5000/ service: - agentImage: onap/aaf/aaf_agent:2.1.16-SNAPSHOT - image: onap/aaf/aaf_hello:2.1.16-SNAPSHOT + agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT + image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT app_ns: "org.osaaf.aaf" fqi: "aaf@aaf.osaaf.org" fqdn: "aaf-hello" diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml index f83041e9..976e2efe 100644 --- a/auth/helm/aaf/Chart.yaml +++ b/auth/helm/aaf/Chart.yaml @@ -22,4 +22,4 @@ apiVersion: v1 appVersion: "1.0" description: AAF Helm Chart name: aaf -version: 2.1.16-SNAPSHOT +version: 2.1.17-SNAPSHOT diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml index b320d9c8..9cfee331 100644 --- a/auth/helm/aaf/values.yaml +++ b/auth/helm/aaf/values.yaml @@ -104,7 +104,7 @@ image: # When using Docker Repo, add, and include trailing "/" # repository: nexus3.onap.org:10003/ # repository: localhost:5000/ - version: 2.1.16-SNAPSHOT + version: 2.1.17-SNAPSHOT resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/auth/pom.xml b/auth/pom.xml index 27abccdb..eb65a5d3 100644 --- a/auth/pom.xml +++ b/auth/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>parent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> </parent> <artifactId>authparent</artifactId> <name>AAF Auth Parent</name> @@ -66,22 +66,6 @@ </roles> </developer> <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> <name>Sai Gandham</name> <email>sai.gandham@att.com</email> <organization>ATT</organization> diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index 4768d81c..4132e6ca 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -21,7 +21,7 @@ # This script is run when starting client Container. # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) # -JAVA=/usr/bin/java +JAVA=${JAVA_HOME}/bin/java AAF_INTERFACE_VERSION=2.1 # Extract Name, Domain and NS from FQI diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index bddd42c9..10a3e15e 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -39,7 +39,7 @@ cadi_longitude=${cadi_longitude:-"${LONGITUDE}"} cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"} aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"} -JAVA=/usr/bin/java +JAVA=${JAVA_HOME}/bin/java OSAAF=/opt/app/osaaf LOCAL=$OSAAF/local |