X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cmd%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcmd%2Fuser%2FCred.java;h=2d626d4e24430a3ea8b4c8e9d83d5e40c5b00cbe;hb=1338680ef142f9a33ee32a00b07c7d2ae658cb3a;hp=1033309129bc942e177138fe9d442d047b416dba;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index 10333091..2d626d4e 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -21,137 +21,156 @@ package org.onap.aaf.auth.cmd.user; +import java.util.List; + import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.Cmd; import org.onap.aaf.auth.cmd.Param; import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; +import org.onap.aaf.cadi.aaf.client.ErrMessage; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import aaf.v2_0.CredRequest; +import aaf.v2_0.Error; public class Cred extends Cmd { - public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld."; - private static final String CRED_PATH = "/authn/cred"; - private static final String[] options = {"add","del","reset","extend"/*,"clean"*/}; -// private Clean clean; - public Cred(User parent) { - super(parent,"cred", - new Param(optionsToString(options),true), - new Param("id",true), - new Param("password (! D|E)",false), - new Param("entry# (if multi)",false) - ); -// clean = new Clean(this); - } + public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld."; + private static final String CRED_PATH = "/authn/cred"; + private static final String[] options = {"add","del","reset","extend"/*,"clean"*/}; + private ErrMessage em; +// private RosettaDF errDF; + public Cred(User parent) throws APIException { + super(parent,"cred", + new Param(optionsToString(options),true), + new Param("id",true), + new Param("password (! D|E)",false), + new Param("entry# (if multi)",false) + ); + em = new ErrMessage(aafcli.env()); + } + + @Override + public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { + int idx = _idx; + String key = args[idx++]; + final int option = whichOption(options,key); - @Override - public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { - int idx = _idx; - String key = args[idx++]; - final int option = whichOption(options,key); + final CredRequest cr = new CredRequest(); + cr.setId(args[idx++]); + if (option!=1 && option!=3) { + if (idx>=args.length) throw new CadiException("Password Required"); + cr.setPassword(args[idx++]); + } + if (args.length>idx) { + cr.setEntry(args[idx]); + } + + // Set Start/End commands + setStartEnd(cr); + Integer ret = same(new Retryable() { + @Override + public Integer code(Rcli client) throws CadiException, APIException { + Future fp=null; + String verb =null; + switch(option) { + case 0: + fp = client.create( + CRED_PATH, + getDF(CredRequest.class), + cr + ); + verb = "Added Credential ["; + break; + case 1: + setQueryParamsOn(client); + fp = client.delete(CRED_PATH, + getDF(CredRequest.class), + cr + ); + verb = "Deleted Credential ["; + break; + case 2: + fp = client.update( + CRED_PATH, + getDF(CredRequest.class), + cr + ); + verb = "Reset Credential ["; + break; + case 3: + fp = client.update( + CRED_PATH+"/5", + getDF(CredRequest.class), + cr + ); + verb = "Extended Credential ["; + break; + default: + break; + } + if (fp==null) { + return null; // get by Sonar check. + } + if (fp.get(AAFcli.timeout())) { + pw().print(verb); + pw().print(cr.getId()); + pw().println(']'); + } else if (fp.code()==202) { + pw().println("Credential Action Accepted, but requires Approvals before actualizing"); + } else if (fp.code()==300 || fp.code()==406) { + Error err = em.getError(fp); + String text = err.getText(); + List vars = err.getVariables(); + + // IMPORTANT! We do this backward, because it is looking for string + // %1 or %13. If we replace %1 first, that messes up %13 + for(int i=vars.size()-1;i>0;--i) { + text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i)); + } - final CredRequest cr = new CredRequest(); - cr.setId(args[idx++]); - if(option!=1 && option!=3) { - if(idx>=args.length) throw new CadiException("Password Required"); - cr.setPassword(args[idx++]); - } - if(args.length>idx) - cr.setEntry(args[idx++]); - - // Set Start/End commands - setStartEnd(cr); -// final int cleanIDX = _idx+1; - Integer ret = same(new Retryable() { - @Override - public Integer code(Rcli client) throws CadiException, APIException { - Future fp=null; - String verb =null; - switch(option) { - case 0: - fp = client.create( - CRED_PATH, - getDF(CredRequest.class), - cr - ); - verb = "Added Credential ["; - break; - case 1: -// if(aafcli.addForce())cr.setForce("TRUE"); - setQueryParamsOn(client); - fp = client.delete(CRED_PATH, - getDF(CredRequest.class), - cr - ); - verb = "Deleted Credential ["; - break; - case 2: - fp = client.update( - CRED_PATH, - getDF(CredRequest.class), - cr - ); - verb = "Reset Credential ["; - break; - case 3: - fp = client.update( - CRED_PATH+"/5", - getDF(CredRequest.class), - cr - ); - verb = "Extended Credential ["; - break; -// case 4: -// return clean.exec(cleanIDX, args); - } - if(fp==null) { - return null; // get by Sonar check. - } - if(fp.get(AAFcli.timeout())) { - pw().print(verb); - pw().print(cr.getId()); - pw().println(']'); - } else if(fp.code()==202) { - pw().println("Credential Action Accepted, but requires Approvals before actualizing"); - } else if(fp.code()==406 && option==1) { - pw().println("You cannot delete this Credential"); - } else { - pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD); - } - return fp.code(); - } - }); - if(ret==null)ret = -1; - return ret; - } - - @Override - public void detailedHelp(int _indent, StringBuilder sb) { - int indent = _indent; - detailLine(sb,indent,"Add, Delete or Reset Credential"); - indent+=2; - detailLine(sb,indent,"id - the ID to create/delete/reset within AAF"); - detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)"); - detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries"); - sb.append('\n'); - detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *"); - detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. "); - detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com"); - sb.append('\n'); - detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you"); - detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)"); - sb.append('\n'); - detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On"); + text = text.replace("%1",vars.get(0)); + pw().println(text); + } else if (fp.code()==406 && option==1) { + pw().println("You cannot delete this Credential"); + } else if (fp.code()==409 && option==0) { + pw().println("You cannot add two Passwords for same day"); + } else { + pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD); + } + return fp.code(); + } + }); + if (ret==null)ret = -1; + return ret; + } + + @Override + public void detailedHelp(int _indent, StringBuilder sb) { + int indent = _indent; + detailLine(sb,indent,"Add, Delete or Reset Credential"); + indent+=2; + detailLine(sb,indent,"id - the ID to create/delete/reset within AAF"); + detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)"); + detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries"); + sb.append('\n'); + detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *"); + detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. "); + detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com"); + sb.append('\n'); + detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you"); + detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)"); + sb.append('\n'); + detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On"); - detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate"); - indent-=2; - api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true); - api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false); - api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false); - } + detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate"); + indent-=2; + api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true); + api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false); + api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false); + } }