X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fmapper%2FMapper1_0.java;h=1c951961691875a4c8dcd9d1dd7e624f53e0086f;hb=6309ef454e6960d95d13534645e1f15904de6862;hp=3d865d30470dc8b9311147e7297cbc3c2603c1f1;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index 3d865d30..1c951961 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -24,6 +24,7 @@ package org.onap.aaf.auth.cm.mapper; import java.io.IOException; import java.util.ArrayList; import java.util.List; +import java.util.Set; import org.onap.aaf.auth.cm.data.CertDrop; import org.onap.aaf.auth.cm.data.CertRenew; @@ -31,11 +32,10 @@ import org.onap.aaf.auth.cm.data.CertReq; import org.onap.aaf.auth.cm.data.CertResp; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.auth.dao.cass.ArtiDAO; -import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.dao.cass.ArtiDAO.Data; +import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; -import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.cadi.util.Vars; import aaf.v2_0.Error; @@ -49,226 +49,245 @@ import certman.v1_0.CertificateRequest; public class Mapper1_0 implements Mapper { - - @Override - public Class getClass(API api) { - switch(api) { - case CERT_REQ: return CertificateRequest.class; - case CERT_RENEW: return CertificateRenew.class; - case CERT_DROP: return CertificateDrop.class; - case CERT: return CertInfo.class; - case ARTIFACTS: return Artifacts.class; - case ERROR: return Error.class; - case VOID: return Void.class; - } - return null; - } + + @Override + public Class getClass(API api) { + switch(api) { + case CERT_REQ: return CertificateRequest.class; + case CERT_RENEW: return CertificateRenew.class; + case CERT_DROP: return CertificateDrop.class; + case CERT: return CertInfo.class; + case ARTIFACTS: return Artifacts.class; + case ERROR: return Error.class; + case VOID: return Void.class; + } + return null; + } + + @SuppressWarnings("unchecked") + @Override + public A newInstance(API api) { + switch(api) { + case CERT_REQ: return (A) new CertificateRequest(); + case CERT_RENEW: return (A) new CertificateRenew(); + case CERT_DROP: return (A) new CertificateDrop(); + case CERT: return (A) new CertInfo(); + case ARTIFACTS: return (A) new Artifacts(); + case ERROR: return (A)new Error(); + case VOID: return null; + } + return null; + } + + ////////////// Mapping Functions ///////////// + @Override + public Error errorFromMessage(StringBuilder holder, String msgID, String text, Object ... var) { + Error err = new Error(); + err.setMessageId(msgID); + // AT&T Restful Error Format requires numbers "%" placements + err.setText(Vars.convert(holder, text, var)); + for (Object s : var) { + err.getVariables().add(s.toString()); + } + return err; + } + + /* (non-Javadoc) + * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result) + */ + @Override + public Result toCert(AuthzTrans trans, Result in, boolean withTrustChain) throws IOException { + if (!in.isOK()) { + return Result.err(in); + } - @SuppressWarnings("unchecked") - @Override - public A newInstance(API api) { - switch(api) { - case CERT_REQ: return (A) new CertificateRequest(); - case CERT_RENEW: return (A) new CertificateRenew(); - case CERT_DROP: return (A) new CertificateDrop(); - case CERT: return (A) new CertInfo(); - case ARTIFACTS: return (A) new Artifacts(); - case ERROR: return (A)new Error(); - case VOID: return null; - } - return null; - } + CertResp cin = in.value; + CertInfo cout = newInstance(API.CERT); + cout.setPrivatekey(cin.privateString()); + String value; + if ((value=cin.challenge())!=null) { + cout.setChallenge(value); + } + // In Version 1, Cert is always first + cout.getCerts().add(cin.asCertString()); + // Follow with Trust Chain + if (cin.trustChain()!=null) { + for (String c : cin.trustChain()) { + if (c!=null) { + cout.getCerts().add(c); + } + } + } - ////////////// Mapping Functions ///////////// - @Override - public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) { - Error err = new Error(); - err.setMessageId(msgID); - // AT&T Restful Error Format requires numbers "%" placements - err.setText(Vars.convert(holder, text, var)); - for(String s : var) { - err.getVariables().add(s); - } - return err; - } + // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup + // Certs in keystore versus Truststore. Separate in Version 2_0 + if (cin.trustCAs()!=null) { + for (String c : cin.trustCAs()) { + if (c!=null) { + if (!cout.getCerts().contains(c)) { + cout.getCerts().add(c); + } + } + } + } + if (cin.notes()!=null) { + boolean first = true; + StringBuilder sb = new StringBuilder(); + for (String n : cin.notes()) { + if (first) { + first = false; + } else { + sb.append('\n'); + } + sb.append(n); + } + cout.setNotes(sb.toString()); + } + List caIssuerDNs = cout.getCaIssuerDNs(); + for (String s : cin.caIssuerDNs()) { + caIssuerDNs.add(s); + } + cout.setEnv(cin.env()); + return Result.ok(cout); - /* (non-Javadoc) - * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result) - */ - @Override - public Result toCert(AuthzTrans trans, Result in, boolean withTrustChain) throws IOException { - if(in.isOK()) { - CertResp cin = in.value; - CertInfo cout = newInstance(API.CERT); - cout.setPrivatekey(cin.privateString()); - String value; - if((value=cin.challenge())!=null) { - cout.setChallenge(value); - } - cout.getCerts().add(cin.asCertString()); - if(cin.trustChain()!=null) { - for(String c : cin.trustChain()) { - if(c!=null) { - cout.getCerts().add(c); - } - } - } - // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup - // Certs in keystore versus Truststore. Separate in Version 2_0 - if(cin.trustCAs()!=null) { - for(String c : cin.trustCAs()) { - if(c!=null) { - cout.getCerts().add(c); - } - } - } - if(cin.notes()!=null) { - boolean first = true; - StringBuilder sb = new StringBuilder(); - for(String n : cin.notes()) { - if(first) { - first = false; - } else { - sb.append('\n'); - } - sb.append(n); - } - cout.setNotes(sb.toString()); - } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); - cout.setEnv(cin.env()); - return Result.ok(cout); - } else { - return Result.err(in); - } - } + } - @Override - public Result toCert(AuthzTrans trans, Result> in) { - if(in.isOK()) { - CertInfo cout = newInstance(API.CERT); - List certs = cout.getCerts(); - for(CertDAO.Data cdd : in.value) { - certs.add(cdd.x509); - } - return Result.ok(cout); - } else { - return Result.err(in); - } - } + @Override + public Result toCert(AuthzTrans trans, Result> in) { + if (in.isOK()) { + CertInfo cout = newInstance(API.CERT); + List certs = cout.getCerts(); + for (CertDAO.Data cdd : in.value) { + certs.add(cdd.x509); + } + return Result.ok(cout); + } else { + return Result.err(in); + } + } - /* (non-Javadoc) - * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) - */ - @Override - public Result toReq(AuthzTrans trans, BaseRequest req) { - CertificateRequest in; - try { - in = (CertificateRequest)req; - } catch(ClassCastException e) { - return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest"); - } + /* (non-Javadoc) + * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) + */ + @Override + public Result toReq(AuthzTrans trans, BaseRequest req) { + CertificateRequest in; + try { + in = (CertificateRequest)req; + } catch (ClassCastException e) { + return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest"); + } - CertReq out = new CertReq(); - CertmanValidator v = new CertmanValidator(); - v.isNull("CertRequest", req) - .nullOrBlank("MechID", out.mechid=in.getMechid()); - v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1); - if(v.err()) { - return Result.err(Result.ERR_BadData, v.errs()); - } - out.emails = in.getEmail(); - out.sponsor=in.getSponsor(); - out.start = in.getStart(); - out.end = in.getEnd(); - out.fqdns = in.getFqdns(); - return Result.ok(out); - } + CertReq out = new CertReq(); + CertmanValidator v = new CertmanValidator(); + out.mechid=in.getMechid(); + out.fqdns=in.getFqdns(); + v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid); + v.nullBlankMin("FQDNs", out.fqdns,1); + if (v.err()) { + return Result.err(Result.ERR_BadData, v.errs()); + } + out.emails = in.getEmail(); + out.sponsor=in.getSponsor(); + out.start = in.getStart(); + out.end = in.getEnd(); + out.fqdns = in.getFqdns(); + return Result.ok(out); + } - /* (non-Javadoc) - * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) - */ - @Override - public Result toRenew(AuthzTrans trans, BaseRequest req) { - return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet"); - } + /* (non-Javadoc) + * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) + */ + @Override + public Result toRenew(AuthzTrans trans, BaseRequest req) { + return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet"); + } - /* (non-Javadoc) - * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) - */ - @Override - public Result toDrop(AuthzTrans trans, BaseRequest req) { - return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet"); - } + /* (non-Javadoc) + * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) + */ + @Override + public Result toDrop(AuthzTrans trans, BaseRequest req) { + return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet"); + } - /* (non-Javadoc) - * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) - */ - @Override - public List toArtifact(AuthzTrans trans, Artifacts artifacts) { - List ladd = new ArrayList(); - for(Artifact arti : artifacts.getArtifact()) { - ArtiDAO.Data data = new ArtiDAO.Data(); - data.mechid = arti.getMechid(); - data.machine = arti.getMachine(); - data.type(true).addAll(arti.getType()); - data.ca = arti.getCa(); - data.dir = arti.getDir(); - data.os_user = arti.getOsUser(); - // Optional (on way in) - data.ns = arti.getNs(); - data.renewDays = arti.getRenewDays(); - data.notify = arti.getNotification(); - - // Ignored on way in for create/update - data.sponsor = arti.getSponsor(); - data.expires = null; - - // Derive Optional Data from Machine (Domain) if exists - if(data.machine!=null) { - if(data.ca==null) { - if(data.machine.endsWith(".att.com")) { - data.ca = "aaf"; // default - } - } - if(data.ns==null ) { - data.ns=FQI.reverseDomain(data.machine); - } - } - data.sans(true).addAll(arti.getSans()); - ladd.add(data); - } - return ladd; - } + /* (non-Javadoc) + * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) + */ + @Override + public List toArtifact(AuthzTrans trans, Artifacts artifacts) { + List ladd = new ArrayList<>(); + for (Artifact arti : artifacts.getArtifact()) { + ArtiDAO.Data data = new ArtiDAO.Data(); + data.mechid = trim(arti.getMechid()); + data.machine = trim(arti.getMachine()); + if(arti.getType()!=null) { + Set ss = data.type(true); + for(String t : arti.getType()) { + ss.add(trim(t)); + } + } + data.ca = trim(arti.getCa()); + data.dir = trim(arti.getDir()); + data.os_user = trim(arti.getOsUser()); + // Optional (on way in) + data.ns = trim(arti.getNs()); + data.renewDays = arti.getRenewDays(); + data.notify = trim(arti.getNotification()); + + // Ignored on way in for create/update + data.sponsor = (arti.getSponsor()); + if(arti.getSans()!=null) { + Set ls = data.sans(true); + for(String t : arti.getSans()) { + ls.add(trim(t)); + } + } + data.expires = null; + ladd.add(data); + } + return ladd; + } - /* (non-Javadoc) - * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result) - */ - @Override - public Result fromArtifacts(Result> lArtiDAO) { - if(lArtiDAO.isOK()) { - Artifacts artis = new Artifacts(); - for(ArtiDAO.Data arti : lArtiDAO.value) { - Artifact a = new Artifact(); - a.setMechid(arti.mechid); - a.setMachine(arti.machine); - a.setSponsor(arti.sponsor); - a.setNs(arti.ns); - a.setCa(arti.ca); - a.setDir(arti.dir); - a.getType().addAll(arti.type(false)); - a.setOsUser(arti.os_user); - a.setRenewDays(arti.renewDays); - a.setNotification(arti.notify); - a.getSans().addAll(arti.sans(false)); - artis.getArtifact().add(a); - } - return Result.ok(artis); - } else { - return Result.err(lArtiDAO); - } - } - - + /* (non-Javadoc) + * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result) + */ + @Override + public Result fromArtifacts(Result> lArtiDAO) { + if (lArtiDAO.isOK()) { + Artifacts artis = new Artifacts(); + for (ArtiDAO.Data arti : lArtiDAO.value) { + Artifact a = new Artifact(); + a.setMechid(trim(arti.mechid)); + a.setMachine(trim(arti.machine)); + a.setSponsor(trim(arti.sponsor)); + a.setNs(trim(arti.ns)); + a.setCa(trim(arti.ca)); + a.setDir(trim(arti.dir)); + for(String t : arti.type(false)) { + a.getType().add(trim(t)); + } + a.setOsUser(trim(arti.os_user)); + a.setRenewDays(arti.renewDays); + a.setNotification(trim(arti.notify)); + for(String t : arti.sans(false)) { + a.getSans().add(trim(t)); + } + artis.getArtifact().add(a); + } + return Result.ok(artis); + } else { + return Result.err(lArtiDAO); + } + } + + + private String trim(String s) { + if(s==null) { + return s; + } else { + return s.trim(); + } + } } \ No newline at end of file