import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
import org.onap.aaf.auth.env.AuthzTransFilter;
public class Question {
// DON'T CHANGE FROM lower Case!!!
- public static enum Type {
+ public enum Type {
ns, role, perm, cred
};
static final String ASTERIX = "*";
- public static enum Access {
+ public enum Access {
read, write, create
};
private static Slot transIDSlot = null;
- public final HistoryDAO historyDAO;
- public final CachedNSDAO nsDAO;
- public final CachedRoleDAO roleDAO;
- public final CachedPermDAO permDAO;
- public final CachedUserRoleDAO userRoleDAO;
- public final CachedCredDAO credDAO;
- public final CachedCertDAO certDAO;
- public final DelegateDAO delegateDAO;
- public final FutureDAO futureDAO;
- public final ApprovalDAO approvalDAO;
- private final CacheInfoDAO cacheInfoDAO;
+ private final HistoryDAO historyDAO;
+ public HistoryDAO historyDAO() {
+ return historyDAO;
+ }
+
+ private final CachedNSDAO nsDAO;
+ public CachedNSDAO nsDAO() {
+ return nsDAO;
+ }
+
+ private final CachedRoleDAO roleDAO;
+ public CachedRoleDAO roleDAO() {
+ return roleDAO;
+ }
+
+ private final CachedPermDAO permDAO;
+ public CachedPermDAO permDAO() {
+ return permDAO;
+ }
+
+ private final CachedUserRoleDAO userRoleDAO;
+ public CachedUserRoleDAO userRoleDAO() {
+ return userRoleDAO;
+ }
+
+ private final CachedCredDAO credDAO;
+ public CachedCredDAO credDAO() {
+ return credDAO;
+ }
+
+ private final CachedCertDAO certDAO;
+ public CachedCertDAO certDAO() {
+ return certDAO;
+ }
+
+ private final DelegateDAO delegateDAO;
+ public DelegateDAO delegateDAO() {
+ return delegateDAO;
+ }
+
+ private final FutureDAO futureDAO;
+ public FutureDAO futureDAO() {
+ return futureDAO;
+ }
+
+ private final ApprovalDAO approvalDAO;
+ public ApprovalDAO approvalDAO() {
+ return approvalDAO;
+ }
+
public final LocateDAO locateDAO;
+ public LocateDAO locateDAO() {
+ return locateDAO;
+ }
+
+ private final CacheInfoDAO cacheInfoDAO;
+ private final int cldays;
- public Question(AuthzTrans trans, Cluster cluster, String keyspace, boolean startClean) throws APIException, IOException {
+ public Question(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {
PERMS = trans.slot("USER_PERMS");
trans.init().log("Instantiating DAOs");
long expiresIn = Long.parseLong(trans.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF));
delegateDAO = new DelegateDAO(trans, historyDAO);
approvalDAO = new ApprovalDAO(trans, historyDAO);
- // Only want to aggressively cleanse User related Caches... The others,
- // just normal refresh
- if (startClean) {
- CachedDAO.startCleansing(trans.env(), credDAO, userRoleDAO);
- CachedDAO.startRefresh(trans.env(), cacheInfoDAO);
- }
- // Set a Timer to Check Caches to send messages for Caching changes
-
if (specialLogSlot==null) {
specialLogSlot = trans.slot(AuthzTransFilter.SPECIAL_LOG_SLOT);
}
}
AbsCassDAO.primePSIs(trans);
+
+ cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
}
-
+ public void startTimers(AuthzEnv env) {
+ // Only want to aggressively cleanse User related Caches... The others,
+ // just normal refresh
+ CachedDAO.startCleansing(env, credDAO, userRoleDAO);
+ CachedDAO.startRefresh(env, cacheInfoDAO);
+ }
+
public void close(AuthzTrans trans) {
historyDAO.close(trans);
cacheInfoDAO.close(trans);
return Result.ok(nsd);
} else {
int dot = str.lastIndexOf('.');
-
- if (dot < 0) {
- return Result.err(Status.ERR_NsNotFound, "No Namespace for [%s]", str);
- } else {
- return deriveFirstNsForType(trans, str.substring(0, dot),type);
- }
+
+ if (dot < 0) {
+ return Result.err(Status.ERR_NsNotFound, "No Namespace for [%s]", str);
+ } else {
+ return deriveFirstNsForType(trans, str.substring(0, dot),type);
+ }
}
} else {
- return Result.err(Status.ERR_NsNotFound,"There is no valid Company Namespace for %s",str);
+ int dot = str.lastIndexOf('.');
+
+ if (dot < 0) {
+ return Result.err(Status.ERR_NsNotFound,"There is no valid Company Namespace for %s",str);
+ } else {
+ return deriveFirstNsForType(trans, str.substring(0, dot),type);
+ }
}
}
return Result.err(Status.ERR_NotFound, str + " does not contain type " + type.name());
trans.audit().log("Special DEBUG:", user, " does not exist in DB");
}
} else {
- Date now = new Date();//long now = System.currentTimeMillis();
+ Date now = new Date();
// Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.
List<CredDAO.Data> cddl;
if (result.value.size() > 1) {
}
}
if (cddl.size()>1) {
- Collections.sort(cddl,new Comparator<CredDAO.Data>() {
- @Override
- public int compare(org.onap.aaf.auth.dao.cass.CredDAO.Data a,
- org.onap.aaf.auth.dao.cass.CredDAO.Data b) {
- return b.expires.compareTo(a.expires);
- }
- });
+ Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires));
}
} else {
cddl = result.value;
case CredDAO.BASIC_AUTH:
byte[] md5=Hash.hashMD5(cred);
if (Hash.compareTo(md5,dbcred)==0) {
- checkLessThanDays(trans,7,now,cdd);
+ checkLessThanDays(trans,cldays,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
load(debug, cdd);
byte[] hash = Hash.hashSHA256(bb.array());
if (Hash.compareTo(hash,dbcred)==0) {
- checkLessThanDays(trans,7,now,cdd);
+ checkLessThanDays(trans,cldays,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
load(debug, cdd);
long cexp=cdd.expires.getTime();
if (cexp<close) {
int daysLeft = days-(int)((close-cexp)/86400000);
- trans.audit().printf("user=%s,ip=%s,expires=%s,days=%d,msg=\"Password expires in less than %d day%s\"",
- cdd.id,trans.ip(),Chrono.dateOnlyStamp(cdd.expires),daysLeft, daysLeft,daysLeft==1?"":"s");
+ trans.audit().printf("user=%s,ip=%s,expires=%s,days=%d,tag=%s,msg=\"Password expires in less than %d day%s\"",
+ cdd.id,trans.ip(),Chrono.dateOnlyStamp(cdd.expires),daysLeft, cdd.tag,
+ daysLeft,daysLeft==1?"":"s");
}
}
Result<Void> rv = null;
if (all || NsDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(NsDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, NsDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, NsDAO.TABLE, seg);
}
if (all || PermDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(PermDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, PermDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, PermDAO.TABLE,seg);
}
if (all || RoleDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(RoleDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, RoleDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, RoleDAO.TABLE,seg);
}
if (all || UserRoleDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(UserRoleDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, UserRoleDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, UserRoleDAO.TABLE,seg);
}
if (all || CredDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(CredDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, CredDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, CredDAO.TABLE,seg);
}
if (all || CertDAO.TABLE.equals(cname)) {
- int seg[] = series(NsDAO.CACHE_SEG);
+ int[] seg = series(CertDAO.CACHE_SEG);
for (int i: seg) {cacheClear(trans, CertDAO.TABLE,i);}
rv = cacheInfoDAO.touch(trans, CertDAO.TABLE,seg);
}
public boolean isAdmin(AuthzTrans trans, String user, String ns) {
Date now = new Date();
Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_ADMIN);
- if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
- if (urdd.expires.after(now)) {
- return true;
- }
- }};
+ if (rur.isOKhasData()) {
+ for (UserRoleDAO.Data urdd : rur.value){
+ if (urdd.expires.after(now)) {
+ return true;
+ }
+ }
+ };
return false;
}