Add OneWeekCred notice

[aaf/authz.git] / auth / auth-deforg / src / main / java / org / onap / aaf / org / DefaultOrg.java
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java

index 3c6176e..50b65ff 100644 (file)
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -32,11 +32,13 @@ import java.util.Set;
  import java.util.regex.Pattern;
  
  import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.local.AbsData.Reuse;
  import org.onap.aaf.auth.org.EmailWarnings;
  import org.onap.aaf.auth.org.Executor;
  import org.onap.aaf.auth.org.Mailer;
  import org.onap.aaf.auth.org.Organization;
  import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.config.Config;
  import org.onap.aaf.cadi.util.FQI;
  import org.onap.aaf.misc.env.Env;
  
@@ -46,11 +48,14 @@ public class DefaultOrg implements Organization {
      final String domain;
      final String atDomain;
      final String realm;
+       
+    private final String root_ns;
  
      private final String NAME;
      private final Set<String> supportedRealms;
  
  
+
      public DefaultOrg(Env env, String realm) throws OrganizationException {
  
          this.realm = realm;
@@ -59,6 +64,7 @@ public class DefaultOrg implements Organization {
          domain=FQI.reverseDomain(realm);
          atDomain = '@'+domain;
          NAME=env.getProperty(realm + ".name","Default Organization");
+        root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
          
          try {
              String defFile;
@@ -78,6 +84,7 @@ public class DefaultOrg implements Organization {
                          }
                          fIdentities.createNewFile();
                      }
+                    
                  }
              } else {
                  fIdentities = new File(temp);
@@ -98,6 +105,24 @@ public class DefaultOrg implements Organization {
                      throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
                  }
              }
+
+            File fRevoked=null;
+            temp=env.getProperty(getClass().getName()+".file.revoked");
+            if(temp==null) {
+                temp = env.getProperty(AAF_DATA_DIR);
+                if (temp!=null) {
+                    File dir = new File(temp);
+                       fRevoked=new File(dir,"revoked.dat");
+                }
+            } else {
+               fRevoked = new File(temp);
+            }
+            if (fRevoked!=null && fRevoked.exists()) {
+                revoked = new Identities(fRevoked);
+            } else {
+               revoked = null;
+            }
+            
          } catch (IOException e) {
              throw new OrganizationException(e);
          }
@@ -107,6 +132,7 @@ public class DefaultOrg implements Organization {
      static final List<String> NULL_DELEGATES = new ArrayList<>();
  
      public Identities identities;
+    public Identities revoked;
      private boolean dryRun;
      private Mailer mailer;
      public enum Types {Employee, Contractor, Application, NotActive};
@@ -142,7 +168,58 @@ public class DefaultOrg implements Organization {
          return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
      }
  
-    // Note: Return a null if found; return a String Message explaining why not found.
+    /**
+     * If the ID isn't in the revoked file, if it exists, it is revoked.
+     */
+    @Override
+       public boolean isRevoked(AuthzTrans trans, String key) {
+       if(revoked!=null) {
+            try {
+               revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
+               try {
+                       Reuse r = revoked.reuse();
+                       int at = key.indexOf(domain);
+                       String search;
+                       if (at>=0) {
+                           search = key.substring(0,at);
+                       } else {
+                           search = key;
+                       }
+                       return revoked.find(search, r)!=null;
+                } finally {
+                    revoked.close(trans);
+                }
+                       } catch (IOException e) {
+                               trans.error().log(e);
+            }
+       }
+               return false;
+       }
+
+       /* (non-Javadoc)
+        * @see org.onap.aaf.auth.org.Organization#getEsclaations(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, int)
+        */
+       @Override
+       public List<Identity> getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException {
+               List<Identity> rv = new ArrayList<>();
+               int end = Math.min(3,Math.abs(escalate));
+               Identity id = null;
+               for(int i=0;i<end;++i) {
+                       if(id==null) {
+                               id = getIdentity(trans,user);
+                       } else {
+                               id = id.responsibleTo();
+                       }
+                       if(id==null) {
+                               break;
+                       } else {
+                               rv.add(id);
+                       }
+               }
+               return rv;
+       }
+
+       // Note: Return a null if found; return a String Message explaining why not found.
      @Override
      public String isValidID(final AuthzTrans trans, final String id) {
          try {
@@ -492,6 +569,7 @@ public class DefaultOrg implements Organization {
  
      @Override
      public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {
+       String user;
          switch(policy) {
              case OWNS_MECHID:
              case CREATE_MECHID:
@@ -517,6 +595,12 @@ public class DefaultOrg implements Organization {
              case CREATE_MECHID_BY_PERM_ONLY:
                  return getName() + " only allows sponsors to create MechIDs";
  
+                       case MAY_EXTEND_CRED_EXPIRES:
+                               // If parm, use it, otherwise, trans
+                               user = vars.length>1?vars[1]:trans.user();
+                               return executor.hasPermission(user, root_ns,"password", root_ns , "extend")
+                                               ?null:user + " does not have permission to extend passwords at " + getName();
+
              default:
                  return policy.name() + " is unsupported at " + getName();
          }
@@ -592,7 +676,7 @@ public class DefaultOrg implements Organization {
                  }
              }
  
-            return mailer.sendEmail(trans,dryRun,mailFrom,to,cc,subject,body,urgent);
+            return mailer.sendEmail(trans,dryRun?"DefaultOrg":null,to,cc,subject,body,urgent)?0:1;
          } else {
              return 0;
          }