alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
}
+
+ /**
+ * Note: This Constructor created for JUNIT Purposes. Do not use otherwise.
+ */
+ public Question(AuthzTrans trans, HistoryDAO historyDAO, CacheInfoDAO cacheInfoDAO,
+ CachedNSDAO nsDAO, CachedPermDAO permDAO, CachedRoleDAO roleDAO,
+ CachedUserRoleDAO userRoleDAO, CachedCredDAO credDAO, CachedCertDAO certDAO,
+ LocateDAO locateDAO,FutureDAO futureDAO, DelegateDAO delegateDAO,
+ ApprovalDAO approvalDAO ) {
+ this.historyDAO = historyDAO;
+ this.cacheInfoDAO = cacheInfoDAO;
+ this.nsDAO = nsDAO;
+ this.permDAO = permDAO;
+ this.roleDAO = roleDAO;
+ this.userRoleDAO = userRoleDAO;
+ this.credDAO = credDAO;
+ this.certDAO = certDAO;
+ this.locateDAO = locateDAO;
+ this.futureDAO = futureDAO;
+ this.delegateDAO = delegateDAO;
+ this.approvalDAO = approvalDAO;
+
+ cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
+ alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
+ }
public void startTimers(AuthzEnv env) {
// Only want to aggressively cleanse User related Caches... The others,
approvalDAO.close(trans);
}
- public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,
- String instance, String action) {
- Result<NsDAO.Data> rnd = deriveNs(trans, type);
- if (rnd.isOK()) {
- return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
- instance, action));
- } else {
- return Result.err(rnd);
- }
+ public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type, String instance, String action) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ PermDAO.Data pdd = new PermDAO.Data();
+ pdd.ns = type.substring(0, colon);
+ pdd.type = type.substring(colon+1);
+ pdd.instance = instance;
+ pdd.action = action;
+
+ return Result.ok(pdd);
+ } else {
+ return Result.err(Result.ERR_BadData,"Could not extract ns and type from " + type);
+ }
+ } else {
+ Result<NsDAO.Data> rnd = deriveNs(trans, type);
+ if (rnd.isOK()) {
+ return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
+ instance, action));
+ } else {
+ return Result.err(rnd);
+ }
+ }
}
/**
return Result.ok(rlpUser);
}
- public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {
- Result<NsSplit> nss = deriveNsSplit(trans, perm);
- if (nss.notOK()) {
- return Result.err(nss);
- }
- return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String type) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ return permDAO.readByType(trans, type.substring(0, colon),type.substring(colon+1));
+ } else {
+ return Result.err(Result.ERR_BadData, "%s is malformed",type);
+ }
+ } else {
+ Result<NsSplit> nss = deriveNsSplit(trans, type);
+ if (nss.notOK()) {
+ return Result.err(nss);
+ }
+ return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ }
}
- public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans,
- String type, String instance, String action) {
- Result<NsSplit> nss = deriveNsSplit(trans, type);
- if (nss.notOK()) {
- return Result.err(nss);
- }
- return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+ public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ return permDAO.read(trans, type.substring(0, colon),type.substring(colon+1), instance,action);
+ } else {
+ return Result.err(Result.ERR_BadData, "%s is malformed",type);
+ }
+ } else {
+ Result<NsSplit> nss = deriveNsSplit(trans, type);
+ if (nss.notOK()) {
+ return Result.err(nss);
+ }
+
+ return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+ }
}
public Result<List<PermDAO.Data>> getPermsByRole(AuthzTrans trans, String role, boolean lookup) {
return Result.ok(perms);
}
- public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans,
- String role) {
+ public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans, String role) {
+ if(role.startsWith(trans.user()) ) {
+ if(role.endsWith(":user")) {
+ return roleDAO.read(trans,trans.user(), "user");
+ } else {
+ return Result.err(Result.ERR_BadData,"%s is a badly formatted role",role);
+ }
+ }
Result<NsSplit> nss = deriveNsSplit(trans, role);
if (nss.notOK()) {
return Result.err(nss);
if (r.isOKhasData()) {
return Result.ok(r.value.get(0));
} else {
- int dot;
- if (child==null) {
- return Result.err(Status.ERR_NsNotFound, "No Namespace");
- } else {
- dot = child.lastIndexOf('.');
- }
+ int dot = child.lastIndexOf('.');
if (dot < 0) {
return Result.err(Status.ERR_NsNotFound, "No Namespace for [%s]", child);
} else {
}
public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user, RoleDAO.Data rdd, Access access) {
+ if(trans.user().equals(rdd.ns)) {
+ return Result.ok((NsDAO.Data)null);
+ }
Result<NsDAO.Data> rnsd = deriveNs(trans, rdd.ns);
if (rnsd.isOK()) {
return mayUser(trans, user, rnsd.value, rdd, access);
public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) {
if(pdd.ns.indexOf('@')>-1) {
- if(user.equals(pdd.ns)) {
+ if(user.equals(pdd.ns) || isGranted(trans,user,Define.ROOT_NS(),"access",pdd.instance,READ)) {
NsDAO.Data ndd = new NsDAO.Data();
ndd.name = user;
ndd.type = NsDAO.USER;
}
public Result<Boolean> userCredCheck(AuthzTrans trans, CredDAO.Data orig, final byte[] raw) {
- TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
- try {
- switch(orig.type) {
- case CredDAO.BASIC_AUTH_SHA256:
- ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
- bb.putInt(orig.other);
- bb.put(raw);
- return Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
- case CredDAO.BASIC_AUTH:
- return Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
- default:
- return Result.ok(false);
- }
- } catch (NoSuchAlgorithmException e) {
- return Result.err(Status.ERR_General,e.getLocalizedMessage());
- } finally {
- tt.done();
+ Result<Boolean> rv;
+ TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
+ try {
+ switch(orig.type) {
+ case CredDAO.BASIC_AUTH_SHA256:
+ ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
+ bb.putInt(orig.other);
+ bb.put(raw);
+ rv = Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
+ case CredDAO.BASIC_AUTH:
+ rv= Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
+ case CredDAO.FQI:
+ default:
+ rv = Result.ok(false);
}
+ } catch (NoSuchAlgorithmException e) {
+ rv = Result.err(Status.ERR_General,e.getLocalizedMessage());
+ } finally {
+ tt.done();
+ }
+ return rv;
}
public static final String APPROVED = "APPROVE";
}
public boolean isAdmin(AuthzTrans trans, String user, String ns) {
- Date now = new Date();
Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_ADMIN);
if (rur.isOKhasData()) {
+ Date now = new Date();
for (UserRoleDAO.Data urdd : rur.value){
if (urdd.expires.after(now)) {
return true;
}
public boolean isOwner(AuthzTrans trans, String user, String ns) {
- Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);
- Date now = new Date();
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER);
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
+ Date now = new Date();
if (urdd.expires.after(now)) {
return true;
}
}
public int countOwner(AuthzTrans trans, String ns) {
- Result<List<UserRoleDAO.Data>> rur = userRoleDAO.readByRole(trans,ns+DOT_OWNER);
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO().readByRole(trans,ns+DOT_OWNER);
Date now = new Date();
int count = 0;
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){