2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.service.validation;
24 import org.onap.aaf.auth.dao.cass.CredDAO;
25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
26 import org.onap.aaf.auth.dao.cass.Namespace;
27 import org.onap.aaf.auth.dao.cass.PermDAO;
28 import org.onap.aaf.auth.dao.cass.RoleDAO;
29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
30 import org.onap.aaf.auth.env.AuthzTrans;
31 import org.onap.aaf.auth.layer.Result;
32 import org.onap.aaf.auth.org.Organization;
33 import org.onap.aaf.auth.rserv.Pair;
34 import org.onap.aaf.auth.validation.Validator;
38 * Consistently apply content rules for content (incoming)
40 * Note: We restrict content for usability in URLs (because RESTful service), and avoid
41 * issues with Regular Expressions, and other enabling technologies.
45 public class ServiceValidator extends Validator {
46 public ServiceValidator perm(Result<PermDAO.Data> rpd) {
56 public ServiceValidator perm(PermDAO.Data pd) {
58 msg("Perm Data is null.");
60 if(!pd.ns.contains("@")) {
63 permType(pd.type,pd.ns);
64 permInstance(pd.instance);
65 permAction(pd.action);
67 for (String role : pd.roles) {
72 for (String r : pd.roles) {
76 description("Perm",pd.description);
81 public ServiceValidator role(Result<RoleDAO.Data> rrd) {
90 public ServiceValidator role(RoleDAO.Data pd) {
92 msg("Role Data is null.");
97 for (String perm : pd.perms) {
98 String[] ps = perm.split("\\|");
100 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
102 permType(ps[0],null);
108 description("Role",pd.description);
113 public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
117 delegate(org, rdd.value);
122 public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
124 msg("Delegate Data is null.");
127 user(org,dd.delegate);
133 public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
137 cred(trans, org,rcd.value,isNew);
142 public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
144 msg("Cred Data is null.");
146 if (!org.isValidCred(trans, cd.id)) {
147 msg("ID [" + cd.id + "] is invalid in " + org.getName());
150 int idx = str.indexOf('@');
152 str = str.substring(0,idx);
155 if (org.supportsRealm(cd.id)) {
156 String resp = org.isValidID(trans, str);
157 if (isNew && (resp!=null && resp.length()>0)) {
163 msg("Credential Type must be set");
166 case CredDAO.BASIC_AUTH_SHA256:
171 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
179 public ServiceValidator user(Organization org, String user) {
180 if (nob(user,ID_CHARS)) {
181 msg("User [",user,"] is invalid.");
186 public ServiceValidator ns(Result<Namespace> nsd) {
192 public ServiceValidator ns(Namespace ns) {
194 for (String s : ns.admin) {
195 if (nob(s,ID_CHARS)) {
196 msg("Admin [" + s + "] is invalid.");
200 for (String s : ns.owner) {
201 if (nob(s,ID_CHARS)) {
202 msg("Responsible [" + s + "] is invalid.");
207 if (ns.attrib!=null) {
208 for (Pair<String, String> at : ns.attrib) {
209 if (nob(at.x,NAME_CHARS)) {
210 msg("Attribute tag [" + at.x + "] is invalid.");
212 if (nob(at.x,NAME_CHARS)) {
213 msg("Attribute value [" + at.y + "] is invalid.");
218 description("Namespace",ns.description);
222 public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) {
223 role(user,urdd.role);
224 if(!urdd.role.startsWith(user)) {
225 nullOrBlank("UserRole.ns",urdd.ns);
226 nullOrBlank("UserRole.rname",urdd.rname);
232 public ServiceValidator user_role(UserRoleDAO.Data urdd) {
234 msg("UserRole is null");
237 nullOrBlank("UserRole.ns",urdd.ns);
238 nullOrBlank("UserRole.rname",urdd.rname);
243 public ServiceValidator nullOrBlank(PermDAO.Data pd) {
245 msg("Permission is null");
247 nullOrBlank("NS",pd.ns).
248 nullOrBlank("Type",pd.type).
249 nullOrBlank("Instance",pd.instance).
250 nullOrBlank("Action",pd.action);
255 public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
259 nullOrBlank("NS",rd.ns).
260 nullOrBlank("Name",rd.name);