Add new JUnit Structure

[aaf/authz.git] / auth / auth-cass / src / main / java / org / onap / aaf / auth / dao / hl / Question.java

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 2c98a9b..6b6c23b 100644 (file)
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -187,6 +187,7 @@ public class Question {
     
     private final CacheInfoDAO cacheInfoDAO;
        private final int cldays;
+       private final boolean alwaysSpecial;
 
     public Question(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {
         PERMS = trans.slot("USER_PERMS");
@@ -220,6 +221,33 @@ public class Question {
         AbsCassDAO.primePSIs(trans);
         
         cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
+        
+        alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
+    }
+    
+    /**
+     * Note: This Constructor created for JUNIT Purposes.  Do not use otherwise.
+     */
+    public Question(AuthzTrans trans, HistoryDAO historyDAO, CacheInfoDAO cacheInfoDAO,
+               CachedNSDAO nsDAO, CachedPermDAO permDAO, CachedRoleDAO roleDAO,
+               CachedUserRoleDAO userRoleDAO, CachedCredDAO credDAO, CachedCertDAO certDAO,
+               LocateDAO locateDAO,FutureDAO futureDAO, DelegateDAO delegateDAO,
+               ApprovalDAO approvalDAO ) {
+       this.historyDAO = historyDAO;
+       this.cacheInfoDAO = cacheInfoDAO;
+       this.nsDAO = nsDAO;
+       this.permDAO = permDAO;
+       this.roleDAO = roleDAO;
+       this.userRoleDAO = userRoleDAO;
+       this.credDAO = credDAO;
+       this.certDAO = certDAO;
+        this.locateDAO = locateDAO;
+        this.futureDAO = futureDAO;
+        this.delegateDAO = delegateDAO;
+        this.approvalDAO = approvalDAO;
+
+        cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
+        alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
     }
 
     public void startTimers(AuthzEnv env) {
@@ -243,15 +271,29 @@ public class Question {
         approvalDAO.close(trans);
     }
 
-    public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,
-            String instance, String action) {
-        Result<NsDAO.Data> rnd = deriveNs(trans, type);
-        if (rnd.isOK()) {
-            return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
-                    instance, action));
-        } else {
-            return Result.err(rnd);
-        }
+    public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type, String instance, String action) {
+       if(type.indexOf('@') >= 0) {
+               int colon = type.indexOf(':');
+               if(colon>=0) {
+                       PermDAO.Data pdd = new PermDAO.Data();
+                       pdd.ns = type.substring(0, colon);
+                       pdd.type = type.substring(colon+1);
+                       pdd.instance = instance;
+                       pdd.action = action;
+               
+                       return Result.ok(pdd);
+               } else {
+                       return Result.err(Result.ERR_BadData,"Could not extract ns and type from " + type);
+               }
+       } else {
+               Result<NsDAO.Data> rnd = deriveNs(trans, type);
+               if (rnd.isOK()) {
+                   return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
+                           instance, action));
+               } else {
+                   return Result.err(rnd);
+               }
+       }
     }
 
     /**
@@ -314,21 +356,39 @@ public class Question {
         return Result.ok(rlpUser); 
     }
 
-    public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {
-        Result<NsSplit> nss = deriveNsSplit(trans, perm);
-        if (nss.notOK()) {
-            return Result.err(nss);
-        }
-        return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+    public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String type) {
+       if(type.indexOf('@') >= 0) {
+               int colon = type.indexOf(':');
+               if(colon>=0) {
+                       return permDAO.readByType(trans, type.substring(0, colon),type.substring(colon+1));
+               } else {
+                       return Result.err(Result.ERR_BadData, "%s is malformed",type);
+               }
+       } else {
+               Result<NsSplit> nss = deriveNsSplit(trans, type);
+               if (nss.notOK()) {
+                   return Result.err(nss);
+               }
+               return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+       }
     }
 
-    public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans,
-            String type, String instance, String action) {
-        Result<NsSplit> nss = deriveNsSplit(trans, type);
-        if (nss.notOK()) {
-            return Result.err(nss);
-        }
-        return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+    public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
+       if(type.indexOf('@') >= 0) {
+               int colon = type.indexOf(':');
+               if(colon>=0) {
+                       return permDAO.read(trans, type.substring(0, colon),type.substring(colon+1), instance,action);
+               } else {
+                       return Result.err(Result.ERR_BadData, "%s is malformed",type);
+               }
+       } else {
+               Result<NsSplit> nss = deriveNsSplit(trans, type);
+               if (nss.notOK()) {
+                   return Result.err(nss);
+               }
+               
+               return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+       }
     }
 
     public Result<List<PermDAO.Data>> getPermsByRole(AuthzTrans trans, String role, boolean lookup) {
@@ -374,8 +434,14 @@ public class Question {
         return Result.ok(perms);
     }
 
-    public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans,
-            String role) {
+    public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans, String role) {
+       if(role.startsWith(trans.user()) ) {
+               if(role.endsWith(":user")) {
+                       return roleDAO.read(trans,trans.user(), "user");
+               } else {
+                       return Result.err(Result.ERR_BadData,"%s is a badly formatted role",role);
+               }
+       }
         Result<NsSplit> nss = deriveNsSplit(trans, role);
         if (nss.notOK()) {
             return Result.err(nss);
@@ -412,12 +478,7 @@ public class Question {
         if (r.isOKhasData()) {
             return Result.ok(r.value.get(0));
         } else {
-            int dot;
-            if (child==null) {
-                return Result.err(Status.ERR_NsNotFound, "No Namespace");
-            } else {
-                dot = child.lastIndexOf('.');
-            }
+            int dot = child.lastIndexOf('.');
             if (dot < 0) {
                 return Result.err(Status.ERR_NsNotFound, "No Namespace for [%s]", child);
             } else {
@@ -558,6 +619,9 @@ public class Question {
     }
 
     public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user, RoleDAO.Data rdd, Access access) {
+       if(trans.user().equals(rdd.ns)) {
+               return Result.ok((NsDAO.Data)null);
+       }
         Result<NsDAO.Data> rnsd = deriveNs(trans, rdd.ns);
         if (rnsd.isOK()) {
             return mayUser(trans, user, rnsd.value, rdd, access);
@@ -612,6 +676,17 @@ public class Question {
     }
 
     public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) {
+       if(pdd.ns.indexOf('@')>-1) {
+               if(user.equals(pdd.ns) || isGranted(trans,user,Define.ROOT_NS(),"access",pdd.instance,READ)) {
+                       NsDAO.Data ndd = new NsDAO.Data();
+                       ndd.name = user;
+                       ndd.type = NsDAO.USER;
+                       ndd.parent = "";
+                       return Result.ok(ndd);
+               } else {
+                       return Result.err(Result.ERR_Security,"Only a User may modify User");
+               }
+       }
         Result<NsDAO.Data> rnsd = deriveNs(trans, pdd.ns);
         if (rnsd.isOK()) {
             return mayUser(trans, user, rnsd.value, pdd, access);
@@ -831,6 +906,7 @@ public class Question {
                                     byte[] md5=Hash.hashMD5(cred);
                                     if (Hash.compareTo(md5,dbcred)==0) {
                                         checkLessThanDays(trans,cldays,now,cdd);
+                                        trans.setTag(cdd.tag);
                                         return Result.ok(cdd.expires);
                                     } else if (debug!=null) {
                                         load(debug, cdd);
@@ -844,6 +920,7 @@ public class Question {
     
                                     if (Hash.compareTo(hash,dbcred)==0) {
                                         checkLessThanDays(trans,cldays,now,cdd);
+                                        trans.setTag(cdd.tag);
                                         return Result.ok(cdd.expires);
                                     } else if (debug!=null) {
                                         load(debug, cdd);
@@ -858,34 +935,41 @@ public class Question {
                     } else {
                         if (expired==null || expired.before(cdd.expires)) {
                             expired = cdd.expires;
+                            trans.setTag(cdd.tag);
                         }
                     }
                 } // end for each
-                if (debug==null) {
-                    trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user);
-                } else {
-                    trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString());
-                }
+                
                 if (expired!=null) {
                     // Note: this is only returned if there are no good Credentials
                     rv = Result.err(Status.ERR_Security,
-                            "Credentials %s from %s expired %s",trans.user(), trans.ip(), Chrono.dateTime(expired));
+                            "Credentials expired %s",Chrono.utcStamp(expired));
+                } else {
+                       if (debug==null && alwaysSpecial) {
+                               debug = new StringBuilder();
+                       }
+                       if (debug!=null) {
+                               debug.append(trans.env().encryptor().encrypt(new String(cred)));
+                               rv = Result.err(Status.ERR_Security,String.format("invalid password - %s",debug.toString()));
+                       }
                 }
             }
         } else {
             return Result.err(result);
         }
-        return rv == null ? Result.create((Date) null, Status.ERR_Security, "Wrong credential") : rv;
+        return rv == null ? Result.err(Status.ERR_Security, "Wrong credential") : rv;
     }
 
 
     private void load(StringBuilder debug, Data cdd) {
-        debug.append("DB Entry: user=");
+        debug.append("\nDB Entry: user=");
         debug.append(cdd.id);
         debug.append(",type=");
         debug.append(cdd.type);
         debug.append(",expires=");
         debug.append(Chrono.dateTime(cdd.expires));
+        debug.append(",tag=");
+        debug.append(cdd.tag);
         debug.append('\n');
     }
 
@@ -928,24 +1012,27 @@ public class Question {
     }
     
     public Result<Boolean> userCredCheck(AuthzTrans trans, CredDAO.Data orig, final byte[] raw) {
-            TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
-            try {
-                switch(orig.type) {
-                    case CredDAO.BASIC_AUTH_SHA256:
-                        ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
-                        bb.putInt(orig.other);
-                        bb.put(raw);
-                        return Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
-                    case CredDAO.BASIC_AUTH:
-                        return Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
-                    default:
-                        return Result.ok(false);
-                }
-            } catch (NoSuchAlgorithmException e) {
-                return Result.err(Status.ERR_General,e.getLocalizedMessage());
-            } finally {
-                tt.done();
+       Result<Boolean> rv;
+        TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
+        try {
+            switch(orig.type) {
+                case CredDAO.BASIC_AUTH_SHA256:
+                    ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
+                    bb.putInt(orig.other);
+                    bb.put(raw);
+                    rv = Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
+                case CredDAO.BASIC_AUTH:
+                    rv= Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
+                case CredDAO.FQI:
+                default:
+                    rv = Result.ok(false);
             }
+        } catch (NoSuchAlgorithmException e) {
+            rv = Result.err(Status.ERR_General,e.getLocalizedMessage());
+        } finally {
+            tt.done();
+        }
+        return rv;
     }
 
     public static final String APPROVED = "APPROVE";
@@ -1141,9 +1228,9 @@ public class Question {
     }
 
     public boolean isAdmin(AuthzTrans trans, String user, String ns) {
-        Date now = new Date();
         Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_ADMIN);
         if (rur.isOKhasData()) {
+            Date now = new Date();
                for (UserRoleDAO.Data urdd : rur.value){
                    if (urdd.expires.after(now)) {
                        return true;
@@ -1154,9 +1241,9 @@ public class Question {
     }
     
     public boolean isOwner(AuthzTrans trans, String user, String ns) {
-        Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);
-        Date now = new Date();
+        Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER);
         if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
+            Date now = new Date();
             if (urdd.expires.after(now)) {
                 return true;
             }
@@ -1165,7 +1252,7 @@ public class Question {
     }
 
     public int countOwner(AuthzTrans trans, String ns) {
-        Result<List<UserRoleDAO.Data>> rur = userRoleDAO.readByRole(trans,ns+DOT_OWNER);
+        Result<List<UserRoleDAO.Data>> rur = userRoleDAO().readByRole(trans,ns+DOT_OWNER);
         Date now = new Date();
         int count = 0;
         if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){