summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java9
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java3
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java3
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java125
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java1
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java3
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java5
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java35
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java1
-rw-r--r--auth/helm/aaf/values.yaml2
10 files changed, 165 insertions, 22 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
index 9c57d200..868f9ac2 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
@@ -53,6 +53,7 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {
public static final String TABLE = "cred";
public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F
public static final int RAW = -1;
+ public static final int FQI = 0;
public static final int BASIC_AUTH = 1;
public static final int BASIC_AUTH_SHA256 = 2;
public static final int CERT_SHA256_RSA =200;
@@ -225,8 +226,12 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {
@Override
public Result<Data> create(AuthzTrans trans, Data data) {
if(data.tag == null) {
- long l = srand.nextLong();
- data.tag = Long.toHexString(l);
+ if(data.type==0) {
+ data.tag="PlaceHolder";
+ } else {
+ long l = srand.nextLong();
+ data.tag = Long.toHexString(l);
+ }
}
return super.create(trans, data);
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index bd0c8355..2c98a9bc 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -920,6 +920,9 @@ public class Question {
tt.done();
}
+ } else if (cred.type==CredDAO.FQI) {
+ cred.cred = null;
+ return Result.ok(cred);
}
return Result.err(Status.ERR_Security,"invalid/unreadable credential");
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
index 3dae0fa5..42306c85 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
@@ -163,8 +163,9 @@ public class List extends BaseCmd<NS> {
type = 9999;
}
switch(type) {
+ case 0: return "NoCrd";
case 1: return "U/P";
- case 2: return "U/P2";
+ case 2: return "U/P2";
case 10: return "Cert";
case 200: return "x509";
default:
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java
new file mode 100644
index 00000000..12035a16
--- /dev/null
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java
@@ -0,0 +1,125 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.cmd.user;
+
+import org.onap.aaf.auth.cmd.AAFcli;
+import org.onap.aaf.auth.cmd.Cmd;
+import org.onap.aaf.auth.cmd.Param;
+import org.onap.aaf.auth.rserv.HttpMethods;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.misc.env.APIException;
+
+import aaf.v2_0.CredRequest;
+
+public class ID extends Cmd {
+ public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
+ private static final String CRED_PATH = "/authn/cred";
+ private static final String[] options = {"add","del"};
+ public ID(User parent) {
+ super(parent,"fqi",
+ new Param(optionsToString(options),true),
+ new Param("id",true)
+ );
+ }
+
+ @Override
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
+ int idx = _idx;
+ String key = args[idx++];
+ final int option = whichOption(options,key);
+
+ final CredRequest cr = new CredRequest();
+ cr.setId(args[idx++]);
+ cr.setType(0);
+ if (args.length>idx)
+ cr.setEntry(args[idx]);
+
+ // Set Start/End commands
+ setStartEnd(cr);
+ Integer ret = same(new Retryable<Integer>() {
+ @Override
+ public Integer code(Rcli<?> client) throws CadiException, APIException {
+ Future<CredRequest> fp=null;
+ String verb =null;
+ switch(option) {
+ case 0:
+ fp = client.create(
+ CRED_PATH,
+ getDF(CredRequest.class),
+ cr
+ );
+ verb = "Added ID [";
+ break;
+ case 1:
+ setQueryParamsOn(client);
+ fp = client.delete(CRED_PATH,
+ getDF(CredRequest.class),
+ cr
+ );
+ verb = "Deleted ID [";
+ break;
+ default:
+ break;
+ }
+ if (fp==null) {
+ return null; // get by Sonar check.
+ }
+ if (fp.get(AAFcli.timeout())) {
+ pw().print(verb);
+ pw().print(cr.getId());
+ pw().println(']');
+ } else if (fp.code()==202) {
+ pw().println("ID Action Accepted, but requires Approvals before actualizing");
+ } else if (fp.code()==406 && option==1) {
+ pw().println("You cannot delete this ID");
+ } else {
+ pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
+ }
+ return fp.code();
+ }
+ });
+ if (ret==null)ret = -1;
+ return ret;
+ }
+
+ @Override
+ public void detailedHelp(int _indent, StringBuilder sb) {
+ int indent = _indent;
+ detailLine(sb,indent,"Add or Delete Fully Qualified Identity: An ID attached to the Namespace");
+ indent+=2;
+ detailLine(sb,indent,"fqi - the ID to create/delete within AAF");
+ sb.append('\n');
+ detailLine(sb,indent,"This usage has NO Credential, and serves only to allow IDs to be attached");
+ detailLine(sb,indent,"to Roles before credentials such as Certificates are established.");
+ detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
+ detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
+ detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
+ indent-=2;
+ api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
+ api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
+ api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);
+ }
+}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
index 26e35bec..746f9c22 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
@@ -29,6 +29,7 @@ public class User extends BaseCmd<User> {
public User(AAFcli aafcli) throws APIException {
super(aafcli,"user");
cmds.add(new Role(this));
+ cmds.add(new ID(this));
cmds.add(new Cred(this));
cmds.add(new Delg(this));
cmds.add(new List(this));
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
index 359cb28b..f8aeb11b 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
@@ -131,7 +131,8 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E
deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
// Certificate Manager
- cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM);
+ String aaf_url_cm = env.getProperty(Config.AAF_URL_CM,Config.AAF_URL_CM_DEF);
+ cmCon = new AAFConHttp(env.access(),aaf_url_cm);
artifactsDF = env.newDataFactory(Artifacts.class);
certInfoDF = env.newDataFactory(CertInfo.class);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 751825c1..e311513e 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -2290,7 +2290,6 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
if (rcred.isOKhasData()) {
- byte[] rawCred = rcred.value.cred.array();
rcred = ques.userCredSetup(trans, rcred.value);
final ServiceValidator v = new ServiceValidator();
@@ -2333,7 +2332,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// Note: ASPR specifies character differences, but we don't actually store the
// password to validate char differences.
- rb = ques.userCredCheck(trans, curr, rawCred);
+// byte[] rawCred = rcred.value.type==CredDAO.RAW?null:;
+
+ rb = ques.userCredCheck(trans, curr, rcred.value.cred.array());
if (rb.notOK()) {
return Result.err(rb);
} else if (rb.value){
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 72a24d21..187f4e39 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -509,22 +509,27 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
CredDAO.Data to = new CredDAO.Data();
to.id=from.getId();
to.ns = Question.domain2ns(to.id);
- String passwd = from.getPassword();
- if (requiresPass) {
- String ok = trans.org().isValidPassword(trans, to.id,passwd);
- if (ok.length()>0) {
- return Result.err(Status.ERR_BadData,ok);
- }
- } else {
- to.type=0;
- }
- if (passwd != null) {
- to.cred = ByteBuffer.wrap(passwd.getBytes());
- to.type = CredDAO.RAW;
+ to.type = from.getType();
+ if(to.type!=null && to.type==CredDAO.FQI) {
+ to.cred = null;
} else {
- to.type = 0;
- }
-
+ String passwd = from.getPassword();
+ if (requiresPass) {
+ String ok = trans.org().isValidPassword(trans, to.id,passwd);
+ if (ok.length()>0) {
+ return Result.err(Status.ERR_BadData,ok);
+ }
+ } else {
+ to.type=0;
+ }
+ if (passwd != null) {
+ to.cred = ByteBuffer.wrap(passwd.getBytes());
+ to.type = CredDAO.RAW;
+ } else {
+ to.type = CredDAO.FQI;
+ }
+ }
+
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index 128fdcd1..adff4612 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -162,6 +162,7 @@ public class ServiceValidator extends Validator {
} else {
switch(cd.type) {
case CredDAO.BASIC_AUTH_SHA256:
+ case CredDAO.FQI:
// ok
break;
default:
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index 4ae0777e..fae26290 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -114,7 +114,7 @@ image:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.14
+ version: 2.1.14-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious