diff options
Diffstat (limited to 'auth')
21 files changed, 115 insertions, 73 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java index 8bade4a4..d91c42c0 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ package org.onap.aaf.auth.batch.approvalsets; import org.onap.aaf.cadi.CadiException; +@FunctionalInterface public interface Loader<T> { public T load() throws CadiException; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java index d3209a02..9906f499 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +22,6 @@ */ package org.onap.aaf.auth.batch.helpers; -import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -34,7 +35,6 @@ import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.Hash; -import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Chrono; @@ -135,8 +135,6 @@ public class BatchDataView implements DataView { sb.append(add.id.toString()); sb.append(COMMA_QUOTE); sb.append(add.approver); -// sb.append(QUOTE_COMMA_QUOTE); -// sb.append(Chrono.utcStamp(add.last_notified)); sb.append(QUOTE_COMMA_QUOTE); sb.append(add.memo.replace("'", "''")); sb.append(QUOTE_COMMA_QUOTE); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java index 1a1bdf33..9cd7341c 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatchLoop.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,15 +52,14 @@ public class CQLBatchLoop { /** * Assume this is another line in the Batch * @return - */ + */ public StringBuilder inc() { - if(i>=maxBatch || current.length()+sb.length()>MAX_CHARS) { - if(i>0) { - cqlBatch.execute(dryRun); + if((i>=maxBatch || current.length()+sb.length()>MAX_CHARS)&&(i>0)) { + + cqlBatch.execute(dryRun); i = -1; incBatch(); - } - } + } if(i<0) { cqlBatch.begin(); i=0; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java index a4cfcbec..84d7b5a2 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CacheChange.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +32,7 @@ public class CacheChange<T extends CacheChange.Data> { removed = new ArrayList<>(); } + @FunctionalInterface interface Data { public abstract void expunge(); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java index 258f430e..6f228e08 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java @@ -119,6 +119,7 @@ public class LastNotified { return last; } + @FunctionalInterface private interface MarkDelete { boolean process(String fullKey, Date last); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java index d5c0d771..dd24d7d9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -128,10 +129,10 @@ public class UserRole implements Cloneable, CacheChange.Data { public static void load(Trans trans, CSV csv, Creator<UserRole> creator, Visitor<UserRole> visitor) throws IOException, CadiException { // public UserRole(String user, String role, String ns, String rname, Date expires) { - csv.visit( row -> { + csv.visit( row -> visitor.visit(new UserRole(row.get(1),row.get(2),row.get(3),row.get(4), - new Date(Long.parseLong(row.get(6))))); - }); + new Date(Long.parseLong(row.get(6))))) + ); } private static void load(Trans trans, Session session, Creator<UserRole> creator, String where, Visitor<UserRole> visitor) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java index 3e7b30b2..38a76477 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java @@ -3,7 +3,6 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +20,6 @@ package org.onap.aaf.auth.batch.helpers; -@FunctionalInterface public interface Visitor<T> { void visit(T t); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index ea196b1f..880173b9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -3,7 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 IBM. + * Modifications Copyright (C) 2018 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,7 +52,6 @@ public class ApprovedRpt extends Batch { private static final String APPR_RPT = "ApprovedRpt"; private static final String CSV = ".csv"; - private static final String INFO = "info"; private Date now; private Writer approvedW; private CSV historyR; @@ -64,6 +63,13 @@ public class ApprovedRpt extends Batch { TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB); try { +// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); +// try { +// session = cluster.connect(); +// } finally { +// tt.done(); +// } + now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),APPR_RPT + sdate +CSV); @@ -80,17 +86,32 @@ public class ApprovedRpt extends Batch { @Override protected void run(AuthzTrans trans) { - try { - Map<String,Boolean> checked = new TreeMap<String, Boolean>(); - - final AuthzTrans transNoAvg = trans.env().newTransNoAvg(); - int totalLoaded = 0; - Date d; + try { +// ResultSet results; +// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" ); +// results = session.execute(stmt); +// Iterator<Row> iter = results.iterator(); +// Row row; + /* + * while (iter.hasNext()) { + ++totalLoaded; + row = iter.next(); + d = row.getTimestamp(0); + if(d.after(begin)) { + approvedW.row("aprvd", + Chrono.dateOnlyStamp(d), + row.getString(1), + row.getString(2), + row.getString(3), + row.getString(4), + row.getString(5) + ); + } + } + */ GregorianCalendar gc = new GregorianCalendar(); gc.add(GregorianCalendar.MONTH, -2); - Date begin = gc.getTime(); approvedW.comment("date, approver, status, user, role, memo"); - historyR.visit(row -> { String s = row.get(7); if(s.equals(yr_mon)) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java index ec8d1451..6c95f02e 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -205,15 +206,13 @@ public abstract class NotifyBody { for(String cls : classNames) { try { Class<?> c = cl.loadClass(cls); - if(c!=null) { - if(!Modifier.isAbstract(c.getModifiers())) { - Constructor<?> cst = c.getConstructor(Access.class); + if((c!=null)&&(!Modifier.isAbstract(c.getModifiers()))) { + Constructor<?> cst = c.getConstructor(Access.class); NotifyBody nb = (NotifyBody)cst.newInstance(access); if(nb!=null) { bodyMap.put("info|"+nb.name, nb); bodyMap.put(nb.type+'|'+nb.name, nb); - } - } + } } } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { e.printStackTrace(); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java index 8eaf6a86..7001c024 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyCredBody.java @@ -22,7 +22,7 @@ */ package org.onap.aaf.auth.batch.reports.bodies; - +import java.io.IOException; import java.util.GregorianCalendar; import java.util.List; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java index 417d4be4..82d1a624 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneMonthNotifyCredBody extends NotifyCredBody { - public OneMonthNotifyCredBody(Access access){ + public OneMonthNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java index dae48d85..caa44782 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +22,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class OneWeekNotifyCredBody extends NotifyCredBody { - public OneWeekNotifyCredBody(Access access){ + public OneWeekNotifyCredBody(Access access) throws IOException { super(access, ExpireRange.ONE_WEEK); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java index 9d699cc3..1a047754 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoMonthNotifyCredBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +21,12 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoMonthNotifyCredBody extends NotifyCredBody { - public TwoMonthNotifyCredBody(Access access) throws IOException { + public TwoMonthNotifyCredBody(Access access) { super(access, ExpireRange.TWO_MONTH); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java index 77062f38..a802bb4e 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/TwoWeeksNotifyCredBody.java @@ -3,6 +3,7 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +21,11 @@ */ package org.onap.aaf.auth.batch.reports.bodies; -import java.io.IOException; - import org.onap.aaf.auth.batch.helpers.ExpireRange; import org.onap.aaf.cadi.Access; public class TwoWeeksNotifyCredBody extends NotifyCredBody { - public TwoWeeksNotifyCredBody(Access access) throws IOException { + public TwoWeeksNotifyCredBody(Access access) { super(access, ExpireRange.TWO_WEEK); } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java index 7e90bbb9..5583dc03 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/ApprovalDAO.java @@ -57,6 +57,7 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { private PSInfo psByTicket; private PSInfo psByStatus; + private static final int KEYLIMIT = 1; public ApprovalDAO(AuthzTrans trans, Cluster cluster, String keyspace) { super(trans, ApprovalDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE)); @@ -71,7 +72,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { init(trans); } - private static final int KEYLIMIT = 1; public static class Data { public UUID id; public UUID ticket; @@ -81,7 +81,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { public String status; public String memo; public String operation; -// public Date last_notified; public Date updated; } @@ -102,7 +101,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { data.status = row.getString(5); data.memo = row.getString(6); data.operation = row.getString(7); -// data.last_notified = row.getTimestamp(8); // This is used to get "WRITETIME(STATUS)" from Approval, which gives us an "updated" if (row.getColumnDefinitions().size()>8) { // Rows reported in MicroSeconds @@ -117,8 +115,8 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { } @Override - protected void body(Data data, int _idx, Object[] obj) { - int idx = _idx; + protected void body(Data data, int idxParam, Object[] obj) { + int idx = idxParam; obj[idx]=data.ticket; obj[++idx]=data.user; obj[++idx]=data.approver; @@ -126,7 +124,6 @@ public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> { obj[++idx]=data.status; obj[++idx]=data.memo; obj[++idx]=data.operation; -// obj[++idx]=data.last_notified; } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 1b20b900..c7ee5938 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -26,12 +26,13 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; -import java.util.Collections; +import java.util.Collection; import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeMap; import java.util.TreeSet; import org.onap.aaf.auth.common.Define; @@ -496,6 +497,7 @@ public class Question { Result<List<NsDAO.Data>> rld = nsDAO.read(trans, lookup); if (rld.isOKhasData()) { nsd=rld.value.get(0); + lookup = nsd.parent; if (type.type == nsd.type) { return Result.ok(nsd); } else { @@ -898,18 +900,28 @@ public class Question { } } else { Date now = new Date(); - // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. - List<CredDAO.Data> cddl; + // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. + // 9/14/2019. Use TreeSet for sorting, and using only the LAST of a Tagged entry + Collection<CredDAO.Data> cddl; if (result.value.size() > 1) { - cddl = new ArrayList<>(result.value.size()); - for (CredDAO.Data old : result.value) { - if (old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) { - cddl.add(old); + Map<String,CredDAO.Data> mcdd = new TreeMap<>(); + CredDAO.Data cdd; + String tag; + int pseudoTag = 0; + for (CredDAO.Data rcdd : result.value) { + if (rcdd.type==CredDAO.BASIC_AUTH || rcdd.type==CredDAO.BASIC_AUTH_SHA256) { + if(rcdd.tag==null) { + mcdd.put(Integer.toString(++pseudoTag),rcdd); + } else { + tag = rcdd.tag; + cdd = mcdd.get(tag); + if(cdd==null || cdd.expires.before(rcdd.expires)) { + mcdd.put(tag,rcdd); + } + } } } - if (cddl.size()>1) { - Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires)); - } + cddl = mcdd.values(); } else { cddl = result.value; } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 4788ee45..aa145f1c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -367,7 +367,7 @@ public class CMService { for(Iterator<? extends Certificate> iter = certs.iterator(); iter.hasNext();) { X509Certificate x509 = (X509Certificate)iter.next(); if(x509.getNotAfter().after(now) && x509.getSubjectDN().getName().contains(cn)) { - if(++count>MAX_X509s) { + if(++count>max_509s) { break; } } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java index d4d6c702..37d328bd 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -86,10 +88,10 @@ public class List extends BaseCmd<Role> { } } - private final static String roleFormat = "%-56s Expires %s\n"; - private final static String roleFormatNoDate = "%-61s\n"; - private final static String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n"; - private final static String permFormat = " %-30s %-30s %-15s\n"; + private static final String roleFormat = "%-56s Expires %s\n"; + private static final String roleFormatNoDate = "%-61s\n"; + private static final String roleExpiredFormat = "%-53s !!! EXPIRED !!! %s\n"; + private static final String permFormat = " %-30s %-30s %-15s\n"; private static final Comparator<aaf.v2_0.Role> roleCompare = new Comparator<aaf.v2_0.Role>() { @@ -106,9 +108,11 @@ public class List extends BaseCmd<Role> { } else if (aafcli.isDetailed()){ if (str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) { String description = roles.getRole().get(0).getDescription(); - if (description == null) description = ""; + if (description == null) { + description = ""; + } reportColHead("%-80s\n","Description: " + description); - } + } String fullFormat = roleFormat+permFormat; reportColHead(fullFormat,"[ROLE NS].Name","","[PERM NS].Type","Instance","Action"); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java index 4977b752..176787ea 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modification Copyright (c) 2019 IBM * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -44,7 +46,7 @@ import aaf.v2_0.Users.User; * */ public class ListForCreds extends Cmd { - private final static String[] options = {"ns","id"}; + private static final String[] options = {"ns","id"}; private static final String HEADER = "List creds by Namespace or ID "; public ListForCreds(List parent) { @@ -54,8 +56,8 @@ public class ListForCreds extends Cmd { } @Override - public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; + public int _exec(int idxParam, final String ... args) throws CadiException, APIException, LocatorException { + int idx = idxParam; final int option = whichOption(options, args[idx++]); final String which = options[option]; final String value = args[idx++]; @@ -75,7 +77,9 @@ public class ListForCreds extends Cmd { } }); ((org.onap.aaf.auth.cmd.user.List)parent).report(fp.value,option==1,HEADER+which,value); - if (fp.code()==404)return 200; + if (fp.code()==404) { + return 200; + } } else { error(fp); } @@ -85,8 +89,8 @@ public class ListForCreds extends Cmd { } @Override - public void detailedHelp(int _indent, StringBuilder sb) { - int indent = _indent; + public void detailedHelp(int indentParam, StringBuilder sb) { + int indent = indentParam; detailLine(sb,indent,HEADER); indent+=2; detailLine(sb,indent,"This report lists the users associated to either Namespaces or IDs."); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index e4420ab1..bd9f8875 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -167,6 +167,8 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> { // } sb.append(",ms="); sb.append(m.total); + sb.append(",status="); + sb.append(trans.hresp().getStatus()); sb.append(",meth="); sb.append(trans.meth()); sb.append(",path="); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index f7c38681..fbc1baa2 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -143,14 +143,16 @@ public class API_Creds { AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + // will be a valid Entity. Do we need to add permission + //if(trans.fish("ns","password","request")) or the like Result<Date> r = context.doesCredentialMatch(trans, req, resp); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden // Can't do "401", because that is on the call itself - resp.setStatus(HttpStatus.FORBIDDEN_403); + // 403 Implies you MAY NOT Ask. + resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406); } } }); |