1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
/**
* ============LICENSE_START====================================================
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END====================================================
*
*/
package org.onap.aaf.auth.cmd.user;
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.Cmd;
import org.onap.aaf.auth.cmd.Param;
import org.onap.aaf.auth.rserv.HttpMethods;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.misc.env.APIException;
import aaf.v2_0.CredRequest;
public class Cred extends Cmd {
public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
private static final String CRED_PATH = "/authn/cred";
private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
public Cred(User parent) {
super(parent,"cred",
new Param(optionsToString(options),true),
new Param("id",true),
new Param("password (! D|E)",false),
new Param("entry# (if multi)",false)
);
}
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
int idx = _idx;
String key = args[idx++];
final int option = whichOption(options,key);
final CredRequest cr = new CredRequest();
cr.setId(args[idx++]);
if (option!=1 && option!=3) {
if (idx>=args.length) throw new CadiException("Password Required");
cr.setPassword(args[idx++]);
}
if (args.length>idx)
cr.setEntry(args[idx]);
// Set Start/End commands
setStartEnd(cr);
Integer ret = same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
Future<CredRequest> fp=null;
String verb =null;
switch(option) {
case 0:
fp = client.create(
CRED_PATH,
getDF(CredRequest.class),
cr
);
verb = "Added Credential [";
break;
case 1:
setQueryParamsOn(client);
fp = client.delete(CRED_PATH,
getDF(CredRequest.class),
cr
);
verb = "Deleted Credential [";
break;
case 2:
fp = client.update(
CRED_PATH,
getDF(CredRequest.class),
cr
);
verb = "Reset Credential [";
break;
case 3:
fp = client.update(
CRED_PATH+"/5",
getDF(CredRequest.class),
cr
);
verb = "Extended Credential [";
break;
default:
break;
}
if (fp==null) {
return null; // get by Sonar check.
}
if (fp.get(AAFcli.timeout())) {
pw().print(verb);
pw().print(cr.getId());
pw().println(']');
} else if (fp.code()==202) {
pw().println("Credential Action Accepted, but requires Approvals before actualizing");
} else if (fp.code()==406 && option==1) {
pw().println("You cannot delete this Credential");
} else {
pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
}
return fp.code();
}
});
if (ret==null)ret = -1;
return ret;
}
@Override
public void detailedHelp(int _indent, StringBuilder sb) {
int indent = _indent;
detailLine(sb,indent,"Add, Delete or Reset Credential");
indent+=2;
detailLine(sb,indent,"id - the ID to create/delete/reset within AAF");
detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");
detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries");
sb.append('\n');
detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
sb.append('\n');
detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");
detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");
sb.append('\n');
detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On");
detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");
indent-=2;
api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);
}
}
|
