X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdao%2Fhl%2FQuestion.java;h=bd0c8355631c44df494bbe77176c55a7f4d24d47;hb=ff1417ff60baee231a28272f9a16ef2c9c8ea0a2;hp=f55e1c1c0bc94f14aefbd3d30ee4dc748fee049e;hpb=8cd88b8fbd5cdaa3fe796a11c0788ba202a808a3;p=aaf%2Fauthz.git

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index f55e1c1c..bd0c8355 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -27,7 +27,6 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.List;
@@ -62,6 +61,7 @@ import org.onap.aaf.auth.dao.cass.PermDAO;
 import org.onap.aaf.auth.dao.cass.RoleDAO;
 import org.onap.aaf.auth.dao.cass.Status;
 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.env.AuthzEnv;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
 import org.onap.aaf.auth.env.AuthzTransFilter;
@@ -89,7 +89,7 @@ import com.datastax.driver.core.Cluster;
 public class Question {
 
     // DON'T CHANGE FROM lower Case!!!
-    public static enum Type {
+    public enum Type {
         ns, role, perm, cred
     };
 
@@ -101,7 +101,7 @@ public class Question {
 
     static final String ASTERIX = "*";
 
-    public static enum Access {
+    public enum Access {
         read, write, create
     };
 
@@ -130,20 +130,65 @@ public class Question {
     private static Slot transIDSlot = null;
 
 
-    public final HistoryDAO historyDAO;
-    public final CachedNSDAO nsDAO;
-    public final CachedRoleDAO roleDAO;
-    public final CachedPermDAO permDAO;
-    public final CachedUserRoleDAO userRoleDAO;
-    public final CachedCredDAO credDAO;
-    public final CachedCertDAO certDAO;
-    public final DelegateDAO delegateDAO;
-    public final FutureDAO futureDAO;
-    public final ApprovalDAO approvalDAO;
-    private final CacheInfoDAO cacheInfoDAO;
+    private final HistoryDAO historyDAO;
+    public HistoryDAO historyDAO() {
+    	return historyDAO;
+    }
+    
+    private final CachedNSDAO nsDAO;
+    public CachedNSDAO nsDAO() {
+    	return nsDAO;
+    }
+    
+    private final CachedRoleDAO roleDAO;
+    public CachedRoleDAO roleDAO() {
+    	return roleDAO;
+    }
+    
+    private final CachedPermDAO permDAO;
+    public CachedPermDAO permDAO() {
+    	return permDAO;
+    }
+    
+    private final CachedUserRoleDAO userRoleDAO;
+    public CachedUserRoleDAO userRoleDAO() {
+    	return userRoleDAO;
+    }
+    
+    private final CachedCredDAO credDAO;
+    public CachedCredDAO credDAO() {
+    	return credDAO;
+    }
+    
+    private final CachedCertDAO certDAO;
+    public CachedCertDAO certDAO() {
+    	return certDAO;
+    }
+    
+    private final DelegateDAO delegateDAO;
+    public DelegateDAO delegateDAO() {
+    	return delegateDAO;
+    }
+    
+    private final FutureDAO futureDAO;
+    public FutureDAO futureDAO() {
+    	return futureDAO;
+    }
+    
+    private final ApprovalDAO approvalDAO;
+    public ApprovalDAO approvalDAO() {
+    	return approvalDAO;
+    }
+    
     public final LocateDAO locateDAO;
+    public LocateDAO locateDAO() {
+    	return locateDAO;
+    }
+    
+    private final CacheInfoDAO cacheInfoDAO;
+	private final int cldays;
 
-    public Question(AuthzTrans trans, Cluster cluster, String keyspace, boolean startClean) throws APIException, IOException {
+    public Question(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {
         PERMS = trans.slot("USER_PERMS");
         trans.init().log("Instantiating DAOs");
         long expiresIn = Long.parseLong(trans.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF));
@@ -164,14 +209,6 @@ public class Question {
         delegateDAO = new DelegateDAO(trans, historyDAO);
         approvalDAO = new ApprovalDAO(trans, historyDAO);
 
-        // Only want to aggressively cleanse User related Caches... The others,
-        // just normal refresh
-        if (startClean) {
-            CachedDAO.startCleansing(trans.env(), credDAO, userRoleDAO);
-            CachedDAO.startRefresh(trans.env(), cacheInfoDAO);
-        }
-        // Set a Timer to Check Caches to send messages for Caching changes
-        
         if (specialLogSlot==null) {
             specialLogSlot = trans.slot(AuthzTransFilter.SPECIAL_LOG_SLOT);
         }
@@ -181,9 +218,17 @@ public class Question {
         }
         
         AbsCassDAO.primePSIs(trans);
+        
+        cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
     }
 
-
+    public void startTimers(AuthzEnv env) {
+        // Only want to aggressively cleanse User related Caches... The others,
+        // just normal refresh
+        CachedDAO.startCleansing(env, credDAO, userRoleDAO);
+        CachedDAO.startRefresh(env, cacheInfoDAO);
+    }
+    
     public void close(AuthzTrans trans) {
         historyDAO.close(trans);
         cacheInfoDAO.close(trans);
@@ -754,7 +799,7 @@ public class Question {
                     trans.audit().log("Special DEBUG:", user, " does not exist in DB");
                 }
             } else {
-                Date now = new Date();//long now = System.currentTimeMillis();
+                Date now = new Date();
                 // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues.     
                 List<CredDAO.Data> cddl;
                 if (result.value.size() > 1) {
@@ -765,13 +810,7 @@ public class Question {
                         }
                     }
                     if (cddl.size()>1) {
-                        Collections.sort(cddl,new Comparator<CredDAO.Data>() {
-                            @Override
-                            public int compare(org.onap.aaf.auth.dao.cass.CredDAO.Data a,
-                                               org.onap.aaf.auth.dao.cass.CredDAO.Data b) {
-                                return b.expires.compareTo(a.expires);
-                            }
-                        });
+                    	Collections.sort(cddl, (a, b) -> b.expires.compareTo(a.expires));
                     }
                 } else {
                     cddl = result.value;
@@ -791,7 +830,7 @@ public class Question {
                                 case CredDAO.BASIC_AUTH:
                                     byte[] md5=Hash.hashMD5(cred);
                                     if (Hash.compareTo(md5,dbcred)==0) {
-                                        checkLessThanDays(trans,7,now,cdd);
+                                        checkLessThanDays(trans,cldays,now,cdd);
                                         return Result.ok(cdd.expires);
                                     } else if (debug!=null) {
                                         load(debug, cdd);
@@ -804,7 +843,7 @@ public class Question {
                                     byte[] hash = Hash.hashSHA256(bb.array());
     
                                     if (Hash.compareTo(hash,dbcred)==0) {
-                                        checkLessThanDays(trans,7,now,cdd);
+                                        checkLessThanDays(trans,cldays,now,cdd);
                                         return Result.ok(cdd.expires);
                                     } else if (debug!=null) {
                                         load(debug, cdd);
@@ -856,8 +895,9 @@ public class Question {
         long cexp=cdd.expires.getTime();
         if (cexp<close) {
             int daysLeft = days-(int)((close-cexp)/86400000);
-            trans.audit().printf("user=%s,ip=%s,expires=%s,days=%d,msg=\"Password expires in less than %d day%s\"",
-                cdd.id,trans.ip(),Chrono.dateOnlyStamp(cdd.expires),daysLeft, daysLeft,daysLeft==1?"":"s");
+            trans.audit().printf("user=%s,ip=%s,expires=%s,days=%d,tag=%s,msg=\"Password expires in less than %d day%s\"",
+                cdd.id,trans.ip(),Chrono.dateOnlyStamp(cdd.expires),daysLeft, cdd.tag, 
+                daysLeft,daysLeft==1?"":"s");
         }
     }
 
@@ -948,32 +988,32 @@ public class Question {
         Result<Void> rv = null;
 
         if (all || NsDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(NsDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, NsDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, NsDAO.TABLE, seg);
         }
         if (all || PermDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(PermDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, PermDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, PermDAO.TABLE,seg);
         }
         if (all || RoleDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(RoleDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, RoleDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, RoleDAO.TABLE,seg);
         }
         if (all || UserRoleDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(UserRoleDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, UserRoleDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, UserRoleDAO.TABLE,seg);
         }
         if (all || CredDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(CredDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, CredDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, CredDAO.TABLE,seg);
         }
         if (all || CertDAO.TABLE.equals(cname)) {
-            int seg[] = series(NsDAO.CACHE_SEG);
+            int[] seg = series(CertDAO.CACHE_SEG);
             for (int i: seg) {cacheClear(trans, CertDAO.TABLE,i);}
             rv = cacheInfoDAO.touch(trans, CertDAO.TABLE,seg);
         }
@@ -1100,11 +1140,13 @@ public class Question {
     public boolean isAdmin(AuthzTrans trans, String user, String ns) {
         Date now = new Date();
         Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_ADMIN);
-        if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
-            if (urdd.expires.after(now)) {
-                return true;
-            }
-        }};
+        if (rur.isOKhasData()) {
+        	for (UserRoleDAO.Data urdd : rur.value){
+	            if (urdd.expires.after(now)) {
+	                return true;
+	            }
+	        }
+        };
         return false;
     }