diff options
Diffstat (limited to 'auth')
18 files changed, 90 insertions, 55 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java index 8bade4a4..d91c42c0 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ package org.onap.aaf.auth.batch.approvalsets; import org.onap.aaf.cadi.CadiException; +@FunctionalInterface public interface Loader<T> { public T load() throws CadiException; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java index d3209a02..9906f499 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +22,6 @@ */ package org.onap.aaf.auth.batch.helpers; -import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -34,7 +35,6 @@ import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.Hash; -import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Chrono; @@ -135,8 +135,6 @@ public class BatchDataView implements DataView { sb.append(add.id.toString()); sb.append(COMMA_QUOTE); sb.append(add.approver); -// sb.append(QUOTE_COMMA_QUOTE); -// sb.append(Chrono.utcStamp(add.last_notified)); sb.append(QUOTE_COMMA_QUOTE); sb.append(add.memo.replace("'", "''")); sb.append(QUOTE_COMMA_QUOTE); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java index 1a1bdf33..9cd7341c 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,15 +52,14 @@ public class CQLBatchLoop { /** * Assume this is another line in the Batch * @return - */ + */ public StringBuilder inc() { - if(i>=maxBatch || current.length()+sb.length()>MAX_CHARS) { - if(i>0) { - cqlBatch.execute(dryRun); + if((i>=maxBatch || current.length()+sb.length()>MAX_CHARS)&&(i>0)) { + + cqlBatch.execute(dryRun); i = -1; incBatch(); - } - } + } if(i<0) { cqlBatch.begin(); i=0; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java index a4cfcbec..84d7b5a2 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +32,7 @@ public class CacheChange<T extends CacheChange.Data> { removed = new ArrayList<>(); } + @FunctionalInterface interface Data { public abstract void expunge(); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java index 258f430e..6f228e08 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java @@ -119,6 +119,7 @@ public class LastNotified { return last; } + @FunctionalInterface private interface MarkDelete { boolean process(String fullKey, Date last); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java index d5c0d771..dd24d7d9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -128,10 +129,10 @@ public class UserRole implements Cloneable, CacheChange.Data { public static void load(Trans trans, CSV csv, Creator<UserRole> creator, Visitor<UserRole> visitor) throws IOException, CadiException { // public UserRole(String user, String role, String ns, String rname, Date expires) { - csv.visit( row -> { + csv.visit( row -> visitor.visit(new UserRole(row.get(1),row.get(2),row.get(3),row.get(4), - new Date(Long.parseLong(row.get(6))))); - }); + new Date(Long.parseLong(row.get(6))))) + ); } private static void load(Trans trans, Session session, Creator<UserRole> creator, String where, Visitor<UserRole> visitor) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java index 3e7b30b2..38a76477 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java @@ -3,7 +3,6 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +20,6 @@ package org.onap.aaf.auth.batch.helpers; -@FunctionalInterface public interface Visitor<T> { void visit(T t); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index ea196b1f..880173b9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -3,7 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. + * Modifications Copyright (C) 2018 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,7 +52,6 @@ public class ApprovedRpt extends Batch { private static final String APPR_RPT = "ApprovedRpt"; private static final String CSV = ".csv"; - private static final String INFO = "info"; private Date now; private Writer approvedW; private CSV historyR; @@ -64,6 +63,13 @@ public class ApprovedRpt extends Batch { TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB); try { +// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); +// try { +// session = cluster.connect(); +// } finally { +// tt.done(); +// } + now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),APPR_RPT + sdate +CSV); @@ -80,17 +86,32 @@ public class ApprovedRpt extends Batch { @Override protected void run(AuthzTrans trans) { - try { - Map<String,Boolean> checked = new TreeMap<String, Boolean>(); - - final AuthzTrans transNoAvg = trans.env().newTransNoAvg(); - int totalLoaded = 0; - Date d; + try { +// ResultSet results; +// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" ); +// results = session.execute(stmt); +// Iterator<Row> iter = results.iterator(); +// Row row; + /* + * while (iter.hasNext()) { + ++totalLoaded; + row = iter.next(); + d = row.getTimestamp(0); + if(d.after(begin)) { + approvedW.row("aprvd", + Chrono.dateOnlyStamp(d), + row.getString(1), + row.getString(2), + row.getString(3), + row.getString(4), + row.getString(5) + ); + } + } + */ GregorianCalendar gc = new GregorianCalendar(); gc.add(GregorianCalendar.MONTH, -2); - Date begin = gc.getTime(); approvedW.comment("date, approver, status, user, role, memo"); - historyR.visit(row -> { String s = row.get(7); if(s.equals(yr_mon)) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java index ec8d1451..6c95f02e 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -205,15 +206,13 @@ public abstract class NotifyBody { for(String cls : classNames) { try { Class<?> c = cl.loadClass(cls); - if(c!=null) { - if(!Modifier.isAbstract(c.getModifiers())) { - Constructor<?> cst = c.getConstructor(Access.class); + if((c!=null)&&(!Modifier.isAbstract(c.getModifiers()))) { + Constructor<?> cst = c.getConstructor(Access.class); NotifyBody nb = (NotifyBody)cst.newInstance(access); if(nb!=null) { bodyMap.put("info|"+nb.name, nb); bodyMap.put(nb.type+'|'+nb.name, nb); - } - } + } } } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { e.printStackTrace(); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java index 8eaf6a86..7001c024 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java @@ -22,7 +22,7 @@ */ package org.onap.aaf.auth.batch.reports.bodies; - +import java.io.IOException; import java.util.GregorianCalendar; import java.util.List; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java index 417d4be4..82d1a624 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneMonthNotifyCredBody extends NotifyCredBody { - public OneMonthNotifyCredBody(Access access){ + public OneMonthNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java index dae48d85..caa44782 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneWeekNotifyCredBody extends NotifyCredBody { - public OneWeekNotifyCredBody(Access access){ + public OneWeekNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_WEEK); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java index 9d699cc3..7d1157cb 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java @@ -20,13 +20,12 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoMonthNotifyCredBody extends NotifyCredBody { - public TwoMonthNotifyCredBody(Access access) throws IOException { + public TwoMonthNotifyCredBody(Access access) { super(access, ExpireRange.TWO_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java index 77062f38..44aee670 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java @@ -20,13 +20,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoWeeksNotifyCredBody extends NotifyCredBody { - public TwoWeeksNotifyCredBody(Access access) throws IOException { + public TwoWeeksNotifyCredBody(Access access) { super(access, ExpireRange.TWO_WEEK); } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 1b20b900..c7ee5938 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -26,12 +26,13 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; -import java.util.Collections; +import java.util.Collection; import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeMap; import java.util.TreeSet; import org.onap.aaf.auth.common.Define; @@ -496,6 +497,7 @@ public class Question { Result<List<NsDAO.Data>> rld = nsDAO.read(trans, lookup); if (rld.isOKhasData()) { nsd=rld.value.get(0); + lookup = nsd.parent; if (type.type == nsd.type) { return Result.ok(nsd); } else { @@ -898,18 +900,28 @@ public class Question { } } else { Date now = new Date(); - // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. - List<CredDAO.Data> cddl; + // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. + // 9/14/2019. Use TreeSet for sorting, and using only the LAST of a Tagged entry + Collection<CredDAO.Data> cddl; if (result.value.size() > 1) { - cddl = new ArrayList<>(result.value.size()); - for (CredDAO.Data old : result.value) { - if (old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) { - cddl.add(old); + Map<String,CredDAO.Data> mcdd = new TreeMap<>(); + CredDAO.Data cdd; + String tag; + int pseudoTag = 0; + for (CredDAO.Data rcdd : result.value) { + if (rcdd.type==CredDAO.BASIC_AUTH || rcdd.type==CredDAO.BASIC_AUTH_SHA256) { + if(rcdd.tag==null) { + mcdd.put(Integer.toString(++pseudoTag),rcdd); + } else { + tag = rcdd.tag; + cdd = mcdd.get(tag); + if(cdd==null || cdd.expires.before(rcdd.expires)) { + mcdd.put(tag,rcdd); + } + } } } - if (cddl.size()>1) { - Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires)); - } + cddl = mcdd.values(); } else { cddl = result.value; } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 4788ee45..aa145f1c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -367,7 +367,7 @@ public class CMService { for(Iterator<? extends Certificate> iter = certs.iterator(); iter.hasNext();) { X509Certificate x509 = (X509Certificate)iter.next(); if(x509.getNotAfter().after(now) && x509.getSubjectDN().getName().contains(cn)) { - if(++count>MAX_X509s) { + if(++count>max_509s) { break; } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index e4420ab1..bd9f8875 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -167,6 +167,8 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> { // } sb.append(",ms="); sb.append(m.total); + sb.append(",status="); + sb.append(trans.hresp().getStatus()); sb.append(",meth="); sb.append(trans.meth()); sb.append(",path="); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index f7c38681..fbc1baa2 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -143,14 +143,16 @@ public class API_Creds { AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + // will be a valid Entity. Do we need to add permission + //if(trans.fish("ns","password","request")) or the like Result<Date> r = context.doesCredentialMatch(trans, req, resp); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden // Can't do "401", because that is on the call itself - resp.setStatus(HttpStatus.FORBIDDEN_403); + // 403 Implies you MAY NOT Ask. + resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406); } } }); |