From d131f7ed38fd65d7f04b7d71368ba03e9000665c Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 27 Nov 2019 15:57:10 -0600 Subject: Fixes from Regression Tests Issue-ID: AAF-1058 Change-Id: I7d3ace9cef69a163c2ec0c9a48583fdfa9ca20af Signed-off-by: Instrumental --- .../main/java/org/onap/aaf/auth/dao/hl/Question.java | 12 +++++++++--- .../main/java/org/onap/aaf/auth/cmd/user/Cred.java | 13 ++++++++++++- .../main/java/org/onap/aaf/auth/org/Organization.java | 16 +++++++++++++++- .../src/main/java/org/onap/aaf/org/DefaultOrg.java | 19 +++++++++++++++++++ .../onap/aaf/auth/service/AuthzCassServiceImpl.java | 18 +++++++++++++----- .../src/main/java/org/onap/aaf/cadi/http/HClient.java | 2 ++ .../src/main/java/org/onap/aaf/cadi/PropAccess.java | 2 +- 7 files changed, 71 insertions(+), 11 deletions(-) diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 1809686a..39578f83 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -786,11 +786,17 @@ public class Question { return Result.err(Status.ERR_BadData, "[%s] cannot be a delegate for self", dd.user); } - if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG, - org.getDomain(), Question.CREATE)) { - return Result.err(Status.ERR_Denied, + if (!isUser) { + String supportedDomain = org.supportedDomain(dd.user); + if(supportedDomain==null) { + return Result.err(Status.ERR_Denied, + "[%s] may not create a delegate for the domain for [%s]", + trans.user(), dd.user); + } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) { + return Result.err(Status.ERR_Denied, "[%s] may not create a delegate for [%s]", trans.user(), dd.user); + } } break; case read: diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index 1a410088..9ef4c00a 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -132,11 +132,22 @@ public class Cred extends Cmd { // IMPORTANT! We do this backward, because it is looking for string // %1 or %13. If we replace %1 first, that messes up %13 + String var; for(int i=vars.size()-1;i>0;--i) { - text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i)); + var = vars.get(i); + if(aafcli.isTest()) { + int type = var.indexOf("U/P"); + if(type>0) { + var = var.substring(0,type+4) + " XXXX/XX/XX XX:XX UTC XXXXXXXXXXXXXXXXXX"; + } + } + text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var); } text = text.replace("%1",vars.get(0)); + if(aafcli.isTest()) { + + } pw().println(text); } else if (fp.code()==406 && option==1) { pw().println("You cannot delete this Credential"); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 288d79d3..73093099 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -95,7 +95,16 @@ public interface Organization { public void addSupportedRealm(String r); - public String getDomain(); + /** + * If Supported, returns Realm, ex: org.onap + * ELSE returns null + * + * @param user + * @return + */ + public String supportedDomain(String user); + + public String getDomain(); /** * Get Identity information based on userID @@ -420,6 +429,11 @@ public interface Organization { @Override public void addSupportedRealm(String r) { } + + @Override + public String supportedDomain(String r) { + return null; + } @Override public String getDomain() { diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 46d3db9b..70b3324a 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -637,6 +637,25 @@ public class DefaultOrg implements Organization { } return false; } + + @Override + public String supportedDomain(String user) { + if(user!=null) { + int after_at = user.indexOf('@')+1; + if(after_at> ddr = ques.delegateDAO().read(trans, dd); if (access==Access.create && ddr.isOKhasData()) { diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index cef4ae47..c7b2605f 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -32,6 +32,8 @@ import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.CadiException; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index c4719f86..0cebaa77 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -181,7 +181,7 @@ public class PropAccess implements Access { String value = es.getValue().toString(); props.put(key, value); if(key.contains("pass")) { - value = "XXXXXXX"; + value = "vi XX"; } printf(Level.DEBUG," %s=%s",key,value); } -- cgit 1.2.3-korg