+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.authz.service.mapper;\r
-\r
-import java.nio.ByteBuffer;\r
-import java.util.ArrayList;\r
-import java.util.Collection;\r
-import java.util.Collections;\r
-import java.util.Comparator;\r
-import java.util.Date;\r
-import java.util.GregorianCalendar;\r
-import java.util.List;\r
-import java.util.UUID;\r
-\r
-import javax.xml.datatype.XMLGregorianCalendar;\r
-\r
-import org.onap.aaf.authz.env.AuthzTrans;\r
-import org.onap.aaf.authz.layer.Result;\r
-import org.onap.aaf.authz.org.Organization;\r
-import org.onap.aaf.authz.org.Organization.Expiration;\r
-import org.onap.aaf.authz.service.MayChange;\r
-import org.onap.aaf.cssa.rserv.Pair;\r
-import org.onap.aaf.dao.Bytification;\r
-import org.onap.aaf.dao.aaf.cass.ApprovalDAO;\r
-import org.onap.aaf.dao.aaf.cass.CertDAO;\r
-import org.onap.aaf.dao.aaf.cass.CredDAO;\r
-import org.onap.aaf.dao.aaf.cass.DelegateDAO;\r
-import org.onap.aaf.dao.aaf.cass.FutureDAO;\r
-import org.onap.aaf.dao.aaf.cass.HistoryDAO;\r
-import org.onap.aaf.dao.aaf.cass.Namespace;\r
-import org.onap.aaf.dao.aaf.cass.NsSplit;\r
-import org.onap.aaf.dao.aaf.cass.NsType;\r
-import org.onap.aaf.dao.aaf.cass.PermDAO;\r
-import org.onap.aaf.dao.aaf.cass.RoleDAO;\r
-import org.onap.aaf.dao.aaf.cass.Status;\r
-import org.onap.aaf.dao.aaf.cass.UserRoleDAO;\r
-import org.onap.aaf.dao.aaf.cass.DelegateDAO.Data;\r
-import org.onap.aaf.dao.aaf.hl.Question;\r
-import org.onap.aaf.dao.aaf.hl.Question.Access;\r
-\r
-import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;\r
-import org.onap.aaf.cadi.util.Vars;\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.TimeTaken;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.rosetta.Marshal;\r
-\r
-import aaf.v2_0.Api;\r
-import aaf.v2_0.Approval;\r
-import aaf.v2_0.Approvals;\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Certs.Cert;\r
-import aaf.v2_0.CredRequest;\r
-import aaf.v2_0.Delg;\r
-import aaf.v2_0.DelgRequest;\r
-import aaf.v2_0.Delgs;\r
-import aaf.v2_0.Error;\r
-import aaf.v2_0.History;\r
-import aaf.v2_0.History.Item;\r
-import aaf.v2_0.Keys;\r
-import aaf.v2_0.NsRequest;\r
-import aaf.v2_0.Nss;\r
-import aaf.v2_0.Nss.Ns;\r
-import aaf.v2_0.Nss.Ns.Attrib;\r
-import aaf.v2_0.Perm;\r
-import aaf.v2_0.PermKey;\r
-import aaf.v2_0.PermRequest;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Pkey;\r
-import aaf.v2_0.Request;\r
-import aaf.v2_0.Role;\r
-import aaf.v2_0.RolePermRequest;\r
-import aaf.v2_0.RoleRequest;\r
-import aaf.v2_0.Roles;\r
-import aaf.v2_0.UserRole;\r
-import aaf.v2_0.UserRoleRequest;\r
-import aaf.v2_0.UserRoles;\r
-import aaf.v2_0.Users;\r
-import aaf.v2_0.Users.User;\r
-\r
-public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> {\r
- private Question q;\r
-\r
- public Mapper_2_0(Question q) {\r
- this.q = q;\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see org.onap.aaf.authz.service.mapper.Mapper#ns(java.lang.Object, org.onap.aaf.authz.service.mapper.Mapper.Holder)\r
- */\r
- @Override\r
- public Result<Namespace> ns(AuthzTrans trans, Request base) {\r
- NsRequest from = (NsRequest)base;\r
- Namespace namespace = new Namespace();\r
- namespace.name = from.getName();\r
- namespace.admin = from.getAdmin();\r
- namespace.owner = from.getResponsible();\r
- namespace.description = from.getDescription();\r
- trans.checkpoint(namespace.name, Env.ALWAYS);\r
- \r
- NsType nt = NsType.fromString(from.getType());\r
- if(nt.equals(NsType.UNKNOWN)) {\r
- String ns = namespace.name;\r
- int count = 0;\r
- for(int i=ns.indexOf('.');\r
- i>=0;\r
- i=ns.indexOf('.',i+1)) {\r
- ++count;\r
- }\r
- switch(count) {\r
- case 0: nt = NsType.ROOT;break;\r
- case 1: nt = NsType.COMPANY;break;\r
- default: nt = NsType.APP;\r
- }\r
- }\r
- namespace.type = nt.type;\r
- \r
- return Result.ok(namespace);\r
- }\r
-\r
- @Override\r
- public Result<Nss> nss(AuthzTrans trans, Namespace from, Nss to) {\r
- List<Ns> nss = to.getNs();\r
- Ns ns = new Ns();\r
- ns.setName(from.name);\r
- if(from.admin!=null)ns.getAdmin().addAll(from.admin);\r
- if(from.owner!=null)ns.getResponsible().addAll(from.owner);\r
- if(from.attrib!=null) {\r
- for(Pair<String,String> attrib : from.attrib) {\r
- Attrib toAttrib = new Attrib();\r
- toAttrib.setKey(attrib.x);\r
- toAttrib.setValue(attrib.y);\r
- ns.getAttrib().add(toAttrib);\r
- }\r
- }\r
-\r
- ns.setDescription(from.description);\r
- nss.add(ns);\r
- return Result.ok(to);\r
- }\r
-\r
- /**\r
- * Note: Prevalidate if NS given is allowed to be seen before calling\r
- */\r
- @Override\r
- public Result<Nss> nss(AuthzTrans trans, Collection<Namespace> from, Nss to) {\r
- List<Ns> nss = to.getNs();\r
- for(Namespace nd : from) {\r
- Ns ns = new Ns();\r
- ns.setName(nd.name);\r
- ns.getAdmin().addAll(nd.admin);\r
- ns.getResponsible().addAll(nd.owner);\r
- ns.setDescription(nd.description);\r
- if(nd.attrib!=null) {\r
- for(Pair<String,String> attrib : nd.attrib) {\r
- Attrib toAttrib = new Attrib();\r
- toAttrib.setKey(attrib.x);\r
- toAttrib.setValue(attrib.y);\r
- ns.getAttrib().add(toAttrib);\r
- }\r
- }\r
-\r
- nss.add(ns);\r
- }\r
- return Result.ok(to);\r
- }\r
-\r
- @Override\r
- public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, boolean filter) {\r
- List<Perm> perms = to.getPerm();\r
- TimeTaken tt = trans.start("Filter Perms before return", Env.SUB);\r
- try {\r
- if(from!=null) {\r
- for (PermDAO.Data data : from) {\r
- if(!filter || q.mayUser(trans, trans.user(), data, Access.read).isOK()) {\r
- Perm perm = new Perm();\r
- perm.setType(data.fullType());\r
- perm.setInstance(data.instance);\r
- perm.setAction(data.action);\r
- for(String role : data.roles(false)) {\r
- perm.getRoles().add(role);\r
- }\r
- perm.setDescription(data.description);\r
- perms.add(perm);\r
- }\r
- }\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- \r
- tt = trans.start("Sort Perms", Env.SUB);\r
- try {\r
- Collections.sort(perms, new Comparator<Perm>() {\r
- @Override\r
- public int compare(Perm perm1, Perm perm2) {\r
- int typeCompare = perm1.getType().compareToIgnoreCase(perm2.getType());\r
- if (typeCompare == 0) {\r
- int instanceCompare = perm1.getInstance().compareToIgnoreCase(perm2.getInstance());\r
- if (instanceCompare == 0) {\r
- return perm1.getAction().compareToIgnoreCase(perm2.getAction());\r
- }\r
- return instanceCompare;\r
- }\r
- return typeCompare;\r
- } \r
- });\r
- } finally {\r
- tt.done();\r
- }\r
- return Result.ok(to);\r
- }\r
- \r
- @Override\r
- public Result<List<PermDAO.Data>> perms(AuthzTrans trans, Perms perms) {\r
- List<PermDAO.Data> lpd = new ArrayList<PermDAO.Data>();\r
- for (Perm p : perms.getPerm()) {\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());\r
- PermDAO.Data pd = new PermDAO.Data();\r
- if(nss.isOK()) { \r
- pd.ns=nss.value.ns;\r
- pd.type = nss.value.name;\r
- pd.instance = p.getInstance();\r
- pd.action = p.getAction();\r
- for (String role : p.getRoles())\r
- pd.roles(true).add(role);\r
- lpd.add(pd);\r
- } else {\r
- return Result.err(nss);\r
- }\r
- }\r
- return Result.ok(lpd);\r
- }\r
-\r
- @Override\r
- public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {\r
- return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());\r
- }\r
- \r
- @Override\r
- public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {\r
- RolePermRequest from = (RolePermRequest)req;\r
- Pkey perm = from.getPerm();\r
- if(perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());\r
- PermDAO.Data pd = new PermDAO.Data();\r
- if(nss.isOK()) { \r
- pd.ns=nss.value.ns;\r
- pd.type = nss.value.name;\r
- pd.instance = from.getPerm().getInstance();\r
- pd.action = from.getPerm().getAction();\r
- trans.checkpoint(pd.fullPerm(), Env.ALWAYS);\r
- \r
- String[] roles = {};\r
- \r
- if (from.getRole() != null) {\r
- roles = from.getRole().split(",");\r
- }\r
- for (String role : roles) { \r
- pd.roles(true).add(role);\r
- }\r
- return Result.ok(pd);\r
- } else {\r
- return Result.err(nss);\r
- }\r
- }\r
- \r
- @Override\r
- public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {\r
- RolePermRequest from = (RolePermRequest)req;\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());\r
- RoleDAO.Data rd = new RoleDAO.Data();\r
- if(nss.isOK()) { \r
- rd.ns = nss.value.ns;\r
- rd.name = nss.value.name;\r
- trans.checkpoint(rd.fullName(), Env.ALWAYS);\r
- return Result.ok(rd);\r
- } else {\r
- return Result.err(nss);\r
- }\r
- }\r
- \r
- @Override\r
- public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {\r
- PermRequest from = (PermRequest)req;\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());\r
- PermDAO.Data pd = new PermDAO.Data();\r
- if(nss.isOK()) { \r
- pd.ns=nss.value.ns;\r
- pd.type = nss.value.name;\r
- pd.instance = from.getInstance();\r
- pd.action = from.getAction();\r
- pd.description = from.getDescription();\r
- trans.checkpoint(pd.fullPerm(), Env.ALWAYS);\r
- return Result.ok(pd);\r
- } else {\r
- return Result.err(nss);\r
- }\r
- }\r
-\r
- @Override\r
- public Result<RoleDAO.Data> role(AuthzTrans trans, Request base) {\r
- RoleRequest from = (RoleRequest)base;\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getName());\r
- if(nss.isOK()) {\r
- RoleDAO.Data to = new RoleDAO.Data();\r
- to.ns = nss.value.ns;\r
- to.name = nss.value.name;\r
- to.description = from.getDescription();\r
- trans.checkpoint(to.fullName(), Env.ALWAYS);\r
-\r
- return Result.ok(to);\r
- } else {\r
- return Result.err(nss);\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see org.onap.aaf.authz.service.mapper.Mapper#roles(java.util.List)\r
- */\r
- @Override\r
- public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {\r
- for(RoleDAO.Data frole : from) {\r
- // Only Add Data to view if User is allowed to see this Role \r
- //if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) {\r
- if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {\r
- Role role = new Role();\r
- role.setName(frole.ns + '.' + frole.name);\r
- role.setDescription(frole.description);\r
- for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for\r
- Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);\r
- if(rpa.notOK()) return Result.err(rpa);\r
- \r
- String[] pa = rpa.value;\r
- Pkey pKey = new Pkey();\r
- pKey.setType(pa[0]+'.'+pa[1]);\r
- pKey.setInstance(pa[2]);\r
- pKey.setAction(pa[3]);\r
- role.getPerms().add(pKey);\r
- }\r
- to.getRole().add(role);\r
- }\r
- }\r
- return Result.ok(to);\r
- }\r
-\r
- /*\r
- * (non-Javadoc)\r
- * @see org.onap.aaf.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)\r
- * \r
- * Note: Prevalidate all data for permission to view\r
- */\r
- @Override\r
- public Result<Users> users(AuthzTrans trans, Collection<UserRoleDAO.Data> from, Users to) {\r
- List<User> cu = to.getUser();\r
- for(UserRoleDAO.Data urd : from) {\r
- User user = new User();\r
- user.setId(urd.user);\r
- user.setExpires(Chrono.timeStamp(urd.expires));\r
- cu.add(user);\r
- }\r
- return Result.ok(to);\r
- }\r
-\r
- /*\r
- * (non-Javadoc)\r
- * @see org.onap.aaf.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)\r
- * \r
- * Note: Prevalidate all data for permission to view\r
- */\r
- @Override\r
- public Result<UserRoles> userRoles(AuthzTrans trans, Collection<UserRoleDAO.Data> from, UserRoles to) {\r
- List<UserRole> cu = to.getUserRole();\r
- for(UserRoleDAO.Data urd : from) {\r
- UserRole ur = new UserRole();\r
- ur.setUser(urd.user);\r
- ur.setRole(urd.role);\r
- ur.setExpires(Chrono.timeStamp(urd.expires));\r
- cu.add(ur);\r
- }\r
- return Result.ok(to);\r
- }\r
-\r
- /**\r
- * \r
- * @param base\r
- * @param start\r
- * @return\r
- */\r
- @Override\r
- public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) {\r
- try {\r
- UserRoleRequest from = (UserRoleRequest)base;\r
-\r
- // Setup UserRoleData, either for immediate placement, or for future\r
- UserRoleDAO.Data to = new UserRoleDAO.Data();\r
- if (from.getUser() != null) {\r
- String user = from.getUser();\r
- to.user = user;\r
- }\r
- if (from.getRole() != null) {\r
- to.role(trans,q,from.getRole());\r
- }\r
- to.expires = getExpires(trans.org(),Expiration.UserInRole,base,from.getUser());\r
- trans.checkpoint(to.toString(), Env.ALWAYS);\r
-\r
- return Result.ok(to);\r
- } catch (Exception t) {\r
- return Result.err(Status.ERR_BadData,t.getMessage());\r
- }\r
- }\r
-\r
- @Override\r
- public Result<CredDAO.Data> cred(AuthzTrans trans, Request base, boolean requiresPass) {\r
- CredRequest from = (CredRequest)base;\r
- CredDAO.Data to = new CredDAO.Data();\r
- to.id=from.getId();\r
- to.ns = Question.domain2ns(to.id);\r
- String passwd = from.getPassword();\r
- if(requiresPass) {\r
- String ok = trans.org().isValidPassword(to.id,passwd);\r
- if(ok.length()>0) {\r
- return Result.err(Status.ERR_BadData,ok);\r
- }\r
-\r
- } else {\r
- to.type=0;\r
- }\r
- if(passwd != null) {\r
- to.cred = ByteBuffer.wrap(passwd.getBytes());\r
- to.type = CredDAO.RAW; \r
- } else {\r
- to.type = 0;\r
- }\r
- \r
- // Note: Ensure requested EndDate created will match Organization Password Rules\r
- // P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)\r
- to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());\r
- trans.checkpoint(to.id, Env.ALWAYS);\r
-\r
- return Result.ok(to);\r
- }\r
- \r
- @Override\r
- public Result<Users> cred(List<CredDAO.Data> from, Users to) {\r
- List<User> cu = to.getUser();\r
- for(CredDAO.Data cred : from) {\r
- User user = new User();\r
- user.setId(cred.id);\r
- user.setExpires(Chrono.timeStamp(cred.expires));\r
- user.setType(cred.type);\r
- cu.add(user);\r
- }\r
- return Result.ok(to);\r
- }\r
- \r
-@Override\r
- public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {\r
- List<Cert> lc = to.getCert();\r
- for(CertDAO.Data fcred : from) {\r
- Cert cert = new Cert();\r
- cert.setId(fcred.id);\r
- cert.setX500(fcred.x500);\r
- /**TODO - change Interface \r
- * @deprecated */\r
- cert.setFingerprint(fcred.serial.toByteArray());\r
- lc.add(cert);\r
- }\r
- return Result.ok(to);\r
- }\r
-\r
- /**\r
- * Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester\r
- * is allowed to change this value directly\r
- * \r
- * Returning Result.OK means it should be done in the future.\r
- * Returning Result.ACC_Now means to act on table change now.\r
- */\r
- @Override\r
- public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from, \r
- Bytification content, boolean enableApproval, Memo memo, MayChange mc) {\r
- Result<?> rMayChange = mc.mayChange();\r
- boolean needsAppr;\r
- if(needsAppr = rMayChange.notOK()) {\r
- if(enableApproval) {\r
- if(!trans.futureRequested()) {\r
- return Result.err(rMayChange);\r
- }\r
- } else {\r
- return Result.err(rMayChange);\r
- }\r
- }\r
- GregorianCalendar now = new GregorianCalendar(); \r
- GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar();\r
- \r
- GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);\r
- XMLGregorianCalendar xgc;\r
- if((xgc=from.getEnd())!=null) {\r
- GregorianCalendar fgc = xgc.toGregorianCalendar();\r
- expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration\r
- }\r
- \r
- //TODO needs two answers from this. What's the NSS, and may Change.\r
- FutureDAO.Data fto;\r
- if(start.after(now) || needsAppr ) {\r
- //String user = trans.user();\r
- fto = new FutureDAO.Data();\r
- fto.target=table;\r
- fto.memo = memo.get();\r
- fto.start = start.getTime();\r
- fto.expires = expires.getTime();\r
- if(needsAppr) { // Need to add Approvers...\r
- /*\r
- Result<Data> rslt = mc.getNsd();\r
- if(rslt.notOKorIsEmpty())return Result.err(rslt);\r
- appr.addAll(mc.getNsd().value.responsible);\r
- try {\r
- //Note from 2013 Is this getting Approvers for user only? What about Delegates?\r
- // 3/25/2014. Approvers are set by Corporate policy. We don't have to worry here about what that means.\r
- // It is important to get Delegates, if necessary, at notification time\r
- // If we add delegates now, it will get all confused as to who is actually responsible.\r
- for(Organization.User ou : org.getApprovers(trans, user)) {\r
- appr.add(ou.email);\r
- }\r
- } catch (Exception e) {\r
- return Result.err(Status.ERR_Policy,org.getName() + " did not respond with Approvers: " + e.getLocalizedMessage());\r
- }\r
- */\r
- }\r
- try {\r
- fto.construct = content.bytify();\r
- } catch (Exception e) {\r
- return Result.err(Status.ERR_BadData,"Data cannot be saved for Future.");\r
- }\r
- } else {\r
- return Result.err(Status.ACC_Now, "Make Data changes now.");\r
- }\r
- return Result.ok(fto);\r
- }\r
-\r
-\r
- /* (non-Javadoc)\r
- * @see org.onap.aaf.authz.service.mapper.Mapper#history(java.util.List)\r
- */\r
- @Override\r
- public Result<History> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort) {\r
- History hist = new History();\r
- List<Item> items = hist.getItem();\r
- for(HistoryDAO.Data data : history) {\r
- History.Item item = new History.Item();\r
- item.setYYYYMM(Integer.toString(data.yr_mon));\r
- Date date = Chrono.uuidToDate(data.id);\r
- item.setTimestamp(Chrono.timeStamp(date));\r
- item.setAction(data.action);\r
- item.setMemo(data.memo);\r
- item.setSubject(data.subject);\r
- item.setTarget(data.target);\r
- item.setUser(data.user);\r
- items.add(item);\r
- }\r
- \r
- if(sort != 0) {\r
- TimeTaken tt = trans.start("Sort ", Env.SUB);\r
- try {\r
- java.util.Collections.sort(items, new Comparator<Item>() {\r
- @Override\r
- public int compare(Item o1, Item o2) {\r
- return sort*(o1.getTimestamp().compare(o2.getTimestamp()));\r
- }\r
- });\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- return Result.ok(hist);\r
- }\r
-\r
- @Override\r
- public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {\r
- Error err = new Error();\r
- err.setMessageId(msgID);\r
- // AT&T Restful Error Format requires numbers "%" placements\r
- err.setText(Vars.convert(holder, text, var));\r
- for(String s : var) {\r
- err.getVariables().add(s);\r
- }\r
- return err;\r
- }\r
- \r
- @Override\r
- public Class<?> getClass(API api) {\r
- switch(api) {\r
- case NSS: return Nss.class;\r
- case NS_REQ: return NsRequest.class;\r
- case PERMS: return Perms.class;\r
- case PERM_KEY: return PermKey.class;\r
- case ROLES: return Roles.class;\r
- case ROLE: return Role.class;\r
- case USERS: return Users.class;\r
- case DELGS: return Delgs.class;\r
- case CERTS: return Certs.class;\r
- case DELG_REQ: return DelgRequest.class;\r
- case PERM_REQ: return PermRequest.class;\r
- case ROLE_REQ: return RoleRequest.class;\r
- case CRED_REQ: return CredRequest.class;\r
- case USER_ROLE_REQ: return UserRoleRequest.class;\r
- case USER_ROLES: return UserRoles.class;\r
- case ROLE_PERM_REQ: return RolePermRequest.class;\r
- case APPROVALS: return Approvals.class;\r
- case KEYS: return Keys.class;\r
- case HISTORY: return History.class;\r
-// case MODEL: return Model.class;\r
- case ERROR: return Error.class;\r
- case API: return Api.class;\r
- case VOID: return Void.class;\r
- }\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- @Override\r
- public <A> A newInstance(API api) {\r
- switch(api) {\r
- case NS_REQ: return (A) new NsRequest();\r
- case NSS: return (A) new Nss();\r
- case PERMS: return (A)new Perms();\r
- case PERM_KEY: return (A)new PermKey();\r
- case ROLES: return (A)new Roles();\r
- case ROLE: return (A)new Role();\r
- case USERS: return (A)new Users();\r
- case DELGS: return (A)new Delgs();\r
- case CERTS: return (A)new Certs();\r
- case PERM_REQ: return (A)new PermRequest();\r
- case CRED_REQ: return (A)new CredRequest();\r
- case ROLE_REQ: return (A)new RoleRequest();\r
- case USER_ROLE_REQ: return (A)new UserRoleRequest();\r
- case USER_ROLES: return (A)new UserRoles();\r
- case ROLE_PERM_REQ: return (A)new RolePermRequest();\r
- case HISTORY: return (A)new History();\r
- case KEYS: return (A)new Keys();\r
- //case MODEL: return (A)new Model();\r
- case ERROR: return (A)new Error();\r
- case API: return (A)new Api();\r
- case VOID: return null;\r
- \r
- case APPROVALS: return (A) new Approvals();\r
- case DELG_REQ: return (A) new DelgRequest();\r
- }\r
- return null;\r
- }\r
- \r
- @SuppressWarnings("unchecked")\r
- /**\r
- * Get Typed Marshaler as they are defined\r
- * \r
- * @param api\r
- * @return\r
- */\r
- public <A> Marshal<A> getMarshal(API api) {\r
- switch(api) {\r
- case CERTS: return (Marshal<A>) new CertsMarshal();\r
- default:\r
- return null;\r
- }\r
- }\r
-\r
- @Override\r
- public Result<Approvals> approvals(List<ApprovalDAO.Data> lAppr) {\r
- Approvals apprs = new Approvals();\r
- List<Approval> lappr = apprs.getApprovals();\r
- Approval a;\r
- for(ApprovalDAO.Data appr : lAppr) {\r
- a = new Approval();\r
- a.setId(appr.id.toString());\r
- a.setTicket(appr.ticket.toString());\r
- a.setUser(appr.user);\r
- a.setApprover(appr.approver);\r
- a.setType(appr.type);\r
- a.setStatus(appr.status);\r
- a.setMemo(appr.memo);\r
- a.setOperation(appr.operation);\r
- a.setUpdated(Chrono.timeStamp(appr.updated));\r
- lappr.add(a);\r
- }\r
- return Result.ok(apprs);\r
- }\r
- \r
- @Override\r
- public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {\r
- List<ApprovalDAO.Data> lappr = new ArrayList<ApprovalDAO.Data>();\r
- for(Approval a : apprs.getApprovals()) {\r
- ApprovalDAO.Data ad = new ApprovalDAO.Data();\r
- String str = a.getId();\r
- if(str!=null)ad.id=UUID.fromString(str);\r
- str = a.getTicket();\r
- if(str!=null)ad.ticket=UUID.fromString(str);\r
- ad.user=a.getUser();\r
- ad.approver=a.getApprover();\r
- ad.type=a.getType();\r
- ad.status=a.getStatus();\r
- ad.operation=a.getOperation();\r
- ad.memo=a.getMemo();\r
- \r
- XMLGregorianCalendar xgc = a.getUpdated();\r
- if(xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();\r
- lappr.add(ad);\r
- }\r
- return Result.ok(lappr);\r
- }\r
-\r
- @Override\r
- public Result<Delgs> delegate(List<DelegateDAO.Data> lDelg) {\r
- Delgs delgs = new Delgs();\r
- List<Delg> ldelg = delgs.getDelgs();\r
- Delg d;\r
- for(DelegateDAO.Data del: lDelg) {\r
- d = new Delg();\r
- d.setUser(del.user);\r
- d.setDelegate(del.delegate);\r
- if(del.expires!=null)d.setExpires(Chrono.timeStamp(del.expires));\r
- ldelg.add(d);\r
- }\r
- return Result.ok(delgs);\r
- }\r
-\r
- @Override\r
- public Result<Data> delegate(AuthzTrans trans, Request base) {\r
- try {\r
- DelgRequest from = (DelgRequest)base;\r
- DelegateDAO.Data to = new DelegateDAO.Data();\r
- String user = from.getUser();\r
- to.user = user;\r
- String delegate = from.getDelegate();\r
- to.delegate = delegate;\r
- to.expires = getExpires(trans.org(),Expiration.UserDelegate,base,from.getUser());\r
- trans.checkpoint(to.user+"=>"+to.delegate, Env.ALWAYS);\r
-\r
- return Result.ok(to);\r
- } catch (Exception t) {\r
- return Result.err(Status.ERR_BadData,t.getMessage());\r
- }\r
- }\r
-\r
- /*\r
- * We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever\r
- * the date is created from.\r
- */ \r
- private Date getExpires(Organization org, Expiration exp, Request base, String id) {\r
- XMLGregorianCalendar end = base.getEnd();\r
- GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();\r
- GregorianCalendar orggc;\r
- orggc = org.expiration(gc,exp,id); \r
-\r
- // We'll choose the lesser of dates to ensure Policy Compliance...\r
- \r
- GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;\r
- // Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.\r
- endgc = Chrono.firstMomentOfDay(endgc);\r
- endgc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay());\r
- return endgc.getTime();\r
- }\r
-\r
-\r
- @Override\r
- public Result<Keys> keys(Collection<String> from) {\r
- Keys keys = new Keys();\r
- keys.getKey().addAll(from);\r
- return Result.ok(keys).emptyList(from.isEmpty());\r
- }\r
-\r
-}\r
Code Review / aaf / authz.git / blobdiff