2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
7 * Modifications Copyright (C) 2019 IBM.
8 * ===========================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END====================================================
24 package org.onap.aaf.auth.cmd.user;
26 import java.util.List;
28 import org.onap.aaf.auth.cmd.AAFcli;
29 import org.onap.aaf.auth.cmd.Cmd;
30 import org.onap.aaf.auth.cmd.Param;
31 import org.onap.aaf.auth.rserv.HttpMethods;
32 import org.onap.aaf.cadi.CadiException;
33 import org.onap.aaf.cadi.LocatorException;
34 import org.onap.aaf.cadi.aaf.client.ErrMessage;
35 import org.onap.aaf.cadi.client.Future;
36 import org.onap.aaf.cadi.client.Rcli;
37 import org.onap.aaf.cadi.client.Retryable;
38 import org.onap.aaf.misc.env.APIException;
40 import aaf.v2_0.CredRequest;
41 import aaf.v2_0.Error;
43 public class Cred extends Cmd {
44 public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
45 private static final String CRED_PATH = "/authn/cred";
46 private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
47 private ErrMessage em;
48 public Cred(User parent) throws APIException {
50 new Param(optionsToString(options),true),
52 new Param("password (! D|E)",false),
53 new Param("entry# (if multi)",false)
55 em = new ErrMessage(aafcli.env());
59 public int _exec(int idxVar, final String ... args) throws CadiException, APIException, LocatorException {
61 String key = args[idx++];
62 final int option = whichOption(options,key);
64 final CredRequest cr = new CredRequest();
65 cr.setId(args[idx++]);
66 if (option!=1 && option!=3) {
67 if (idx>=args.length) {
68 throw new CadiException("Password Required");
70 cr.setPassword(args[idx++]);
72 if (args.length>idx) {
73 cr.setEntry(args[idx]);
76 // Set Start/End commands
78 Integer ret = same(new Retryable<Integer>() {
80 public Integer code(Rcli<?> client) throws CadiException, APIException {
81 Future<CredRequest> fp=null;
87 getDF(CredRequest.class),
90 verb = "Added Credential [";
93 setQueryParamsOn(client);
94 fp = client.delete(CRED_PATH,
95 getDF(CredRequest.class),
98 verb = "Deleted Credential [";
103 getDF(CredRequest.class),
106 verb = "Reset Credential [";
111 getDF(CredRequest.class),
114 verb = "Extended Credential [";
120 return null; // get by Sonar check.
122 if (fp.get(AAFcli.timeout())) {
124 pw().print(cr.getId());
126 } else if (fp.code()==202) {
127 pw().println("Credential Action Accepted, but requires Approvals before actualizing");
128 } else if (fp.code()==300 || fp.code()==406) {
129 Error err = em.getError(fp);
130 String text = err.getText();
131 List<String> vars = err.getVariables();
133 // IMPORTANT! We do this backward, because it is looking for string
134 // %1 or %13. If we replace %1 first, that messes up %13
135 for(int i=vars.size()-1;i>0;--i) {
136 text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i));
139 text = text.replace("%1",vars.get(0));
141 } else if (fp.code()==406 && option==1) {
142 pw().println("You cannot delete this Credential");
143 } else if (fp.code()==409 && option==0) {
144 pw().println("You cannot add two Passwords for same day");
146 pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
158 public void detailedHelp(int indentVar, StringBuilder sb) {
159 int indent = indentVar;
160 detailLine(sb,indent,"Add, Delete or Reset Credential");
162 detailLine(sb,indent,"id - the ID to create/delete/reset within AAF");
163 detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");
164 detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries");
166 detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
167 detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
168 detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
170 detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");
171 detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");
173 detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On");
175 detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");
177 api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
178 api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
179 api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);