From 98adb75e5e627d28ecdf659f4c8ed640ce53ed5e Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Fri, 31 May 2019 10:02:47 -0500
Subject: Update DNSLocator code and use

Issue-ID: AAF-838
Change-Id: Ieaf112365e40237b6f252371d2d2f95e9bc47f89
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/auth/dao/cass/CredDAO.java   |   9 +-
 .../java/org/onap/aaf/auth/dao/hl/Question.java    |   3 +
 .../main/java/org/onap/aaf/auth/cmd/ns/List.java   |   3 +-
 .../main/java/org/onap/aaf/auth/cmd/user/ID.java   | 125 +++++++++++++++++++++
 .../main/java/org/onap/aaf/auth/cmd/user/User.java |   1 +
 .../main/java/org/onap/aaf/auth/gui/AAF_GUI.java   |   3 +-
 .../aaf/auth/service/AuthzCassServiceImpl.java     |   5 +-
 .../onap/aaf/auth/service/mapper/Mapper_2_0.java   |  35 +++---
 .../auth/service/validation/ServiceValidator.java  |   1 +
 auth/helm/aaf/values.yaml                          |   2 +-
 10 files changed, 165 insertions(+), 22 deletions(-)
 create mode 100644 auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java

(limited to 'auth')

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
index 9c57d200..868f9ac2 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
@@ -53,6 +53,7 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {
     public static final String TABLE = "cred";
     public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F
     public static final int RAW = -1;
+    public static final int FQI = 0;
     public static final int BASIC_AUTH = 1;
     public static final int BASIC_AUTH_SHA256 = 2;
     public static final int CERT_SHA256_RSA =200;
@@ -225,8 +226,12 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {
 	@Override
 	public Result<Data> create(AuthzTrans trans, Data data) {
 		if(data.tag == null) {
-			long l = srand.nextLong();
-			data.tag = Long.toHexString(l);
+			if(data.type==0) {
+				data.tag="PlaceHolder";
+			} else {
+				long l = srand.nextLong();
+				data.tag = Long.toHexString(l);
+			}
 		}
 		return super.create(trans, data);
 	}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index bd0c8355..2c98a9bc 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -920,6 +920,9 @@ public class Question {
                 tt.done();
             }
             
+        } else if (cred.type==CredDAO.FQI) {
+        	cred.cred = null;
+        	return Result.ok(cred);
         }
         return Result.err(Status.ERR_Security,"invalid/unreadable credential");
     }
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
index 3dae0fa5..42306c85 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java
@@ -163,8 +163,9 @@ public class List extends BaseCmd<NS> {
             type = 9999;
         } 
         switch(type) {
+        	case 0:	  return "NoCrd";
             case 1:   return "U/P";
-            case 2:      return "U/P2";
+            case 2:   return "U/P2";
             case 10:  return "Cert";
             case 200: return "x509";
             default:
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java
new file mode 100644
index 00000000..12035a16
--- /dev/null
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java
@@ -0,0 +1,125 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.cmd.user;
+
+import org.onap.aaf.auth.cmd.AAFcli;
+import org.onap.aaf.auth.cmd.Cmd;
+import org.onap.aaf.auth.cmd.Param;
+import org.onap.aaf.auth.rserv.HttpMethods;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.misc.env.APIException;
+
+import aaf.v2_0.CredRequest;
+
+public class ID extends Cmd {
+    public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed.  Specifics witheld.";
+    private static final String CRED_PATH = "/authn/cred";
+    private static final String[] options = {"add","del"};
+    public ID(User parent) {
+        super(parent,"fqi",
+                new Param(optionsToString(options),true),
+                new Param("id",true)
+        );
+    }
+
+    @Override
+    public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { 
+        int idx = _idx;
+        String key = args[idx++];
+        final int option = whichOption(options,key);
+
+        final CredRequest cr = new CredRequest();
+        cr.setId(args[idx++]);
+        cr.setType(0);
+        if (args.length>idx)
+            cr.setEntry(args[idx]);
+        
+        // Set Start/End commands
+        setStartEnd(cr);
+        Integer ret = same(new Retryable<Integer>() {
+            @Override
+            public Integer code(Rcli<?> client) throws CadiException, APIException {
+                Future<CredRequest> fp=null;
+                String verb =null;
+                switch(option) {
+                    case 0:
+                        fp = client.create(
+                            CRED_PATH, 
+                            getDF(CredRequest.class), 
+                            cr
+                            );
+                        verb = "Added ID [";
+                        break;
+                    case 1:
+                        setQueryParamsOn(client);
+                        fp = client.delete(CRED_PATH,
+                            getDF(CredRequest.class),
+                            cr
+                            );
+                        verb = "Deleted ID [";
+                        break;
+                    default:
+                        break;
+                }
+                if (fp==null) {
+                    return null; // get by Sonar check.
+                }
+                if (fp.get(AAFcli.timeout())) {
+                    pw().print(verb);
+                    pw().print(cr.getId());
+                    pw().println(']');
+                } else if (fp.code()==202) {
+                        pw().println("ID Action Accepted, but requires Approvals before actualizing");
+                } else if (fp.code()==406 && option==1) {
+                        pw().println("You cannot delete this ID");
+                } else {
+                    pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
+                }
+                return fp.code();
+            }
+        });
+        if (ret==null)ret = -1;
+        return ret;
+    }
+    
+    @Override
+    public void detailedHelp(int _indent, StringBuilder sb) {
+            int indent = _indent;
+        detailLine(sb,indent,"Add or Delete Fully Qualified Identity: An ID attached to the Namespace");
+        indent+=2;
+        detailLine(sb,indent,"fqi      - the ID to create/delete within AAF");
+        sb.append('\n');
+        detailLine(sb,indent,"This usage has NO Credential, and serves only to allow IDs to be attached");
+        detailLine(sb,indent,"to Roles before credentials such as Certificates are established.");
+        detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
+        detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
+        detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
+        indent-=2;
+        api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
+        api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
+        api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);
+    }
+}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
index 26e35bec..746f9c22 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/User.java
@@ -29,6 +29,7 @@ public class User extends BaseCmd<User> {
     public User(AAFcli aafcli) throws APIException {
         super(aafcli,"user");
         cmds.add(new Role(this));
+        cmds.add(new ID(this));
         cmds.add(new Cred(this));
         cmds.add(new Delg(this));
         cmds.add(new List(this));
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
index 359cb28b..f8aeb11b 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
@@ -131,7 +131,8 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E
         deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
 
         // Certificate Manager
-        cmCon =  new AAFConHttp(env.access(),Config.AAF_URL_CM);
+        String aaf_url_cm = env.getProperty(Config.AAF_URL_CM,Config.AAF_URL_CM_DEF);
+        cmCon =  new AAFConHttp(env.access(),aaf_url_cm);
         artifactsDF = env.newDataFactory(Artifacts.class);
         certInfoDF  = env.newDataFactory(CertInfo.class);
         
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 751825c1..e311513e 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -2290,7 +2290,6 @@ public class AuthzCassServiceImpl    <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
         try {
             Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
             if (rcred.isOKhasData()) {
-                byte[] rawCred = rcred.value.cred.array();
                 rcred = ques.userCredSetup(trans, rcred.value);
                 
                 final ServiceValidator v = new ServiceValidator();
@@ -2333,7 +2332,9 @@ public class AuthzCassServiceImpl    <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
                         // Note: ASPR specifies character differences, but we don't actually store the
                         // password to validate char differences.
                         
-                        rb = ques.userCredCheck(trans, curr, rawCred);
+//                      byte[] rawCred = rcred.value.type==CredDAO.RAW?null:;
+
+                        rb = ques.userCredCheck(trans, curr, rcred.value.cred.array());
                         if (rb.notOK()) {
                             return Result.err(rb);
                         } else if (rb.value){
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 72a24d21..187f4e39 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -509,22 +509,27 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
         CredDAO.Data to = new CredDAO.Data();
         to.id=from.getId();
         to.ns = Question.domain2ns(to.id);
-        String passwd = from.getPassword();
-        if (requiresPass) {
-            String ok = trans.org().isValidPassword(trans, to.id,passwd);
-            if (ok.length()>0) {
-                return Result.err(Status.ERR_BadData,ok);
-            }
-        } else {
-            to.type=0;
-        }
-        if (passwd != null) {
-            to.cred = ByteBuffer.wrap(passwd.getBytes());
-            to.type = CredDAO.RAW; 
+        to.type = from.getType();
+        if(to.type!=null && to.type==CredDAO.FQI) {
+        	to.cred = null;
         } else {
-            to.type = 0;
-        }
-        
+        	String passwd = from.getPassword();
+	        if (requiresPass) {
+	            String ok = trans.org().isValidPassword(trans, to.id,passwd);
+	            if (ok.length()>0) {
+	                return Result.err(Status.ERR_BadData,ok);
+	            }
+	        } else {
+	            to.type=0;
+	        }
+	        if (passwd != null) {
+	            to.cred = ByteBuffer.wrap(passwd.getBytes());
+	            to.type = CredDAO.RAW; 
+	        } else {
+	            to.type = CredDAO.FQI;
+	        }
+        }
+	        
         // Note: Ensure requested EndDate created will match Organization Password Rules
         //  P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
         to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index 128fdcd1..adff4612 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -162,6 +162,7 @@ public class ServiceValidator extends Validator {
             } else {
                 switch(cd.type) {
                     case CredDAO.BASIC_AUTH_SHA256:
+                    case CredDAO.FQI:
                         // ok
                         break;
                     default:
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index 4ae0777e..fae26290 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -114,7 +114,7 @@ image:
   # When using Docker Repo, add, and include trailing "/"
   # repository: nexus3.onap.org:10003/
   # repository: localhost:5000/
-  version: 2.1.14
+  version: 2.1.14-SNAPSHOT
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
-- 
cgit 1.2.3-korg