X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-deforg%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Forg%2FDefaultOrg.java;h=b36c6f24e9da5df2e8cd021a35e7e3c4e31bc0c3;hb=refs%2Fchanges%2F51%2F56951%2F1;hp=63e83901963f625fead5e6421a8fa1569f3dd1db;hpb=71037c39a37d3549dcfe31926832a657744fbe05;p=aaf%2Fauthz.git diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 63e83901..b36c6f24 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -54,11 +54,16 @@ public class DefaultOrg implements Organization { final String domain; final String atDomain; final String realm; - + private final String NAME,mailHost,mailFrom; + private final Set supportedRealms; + public DefaultOrg(Env env, String realm) throws OrganizationException { + this.realm = realm; + supportedRealms=new HashSet<>(); + supportedRealms.add(realm); domain=FQI.reverseDomain(realm); atDomain = '@'+domain; String s; @@ -71,7 +76,7 @@ public class DefaultOrg implements Organization { if(mailFrom==null) { throw new OrganizationException(s + PROPERTY_IS_REQUIRED); } - + System.getProperties().setProperty("mail.smtp.host",mailHost); System.getProperties().setProperty("mail.user", mailFrom); // Get the default Session object. @@ -84,9 +89,10 @@ public class DefaultOrg implements Organization { if(temp==null) { temp = env.getProperty(AAF_DATA_DIR); if(temp!=null) { - env.warn().log(defFile, "is not defined. Using default: ",temp+"/identities.dat"); + env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat"); File dir = new File(temp); fIdentities=new File(dir,"identities.dat"); + if(!fIdentities.exists()) { env.warn().log("No",fIdentities.getCanonicalPath(),"exists. Creating."); if(!dir.exists()) { @@ -104,33 +110,37 @@ public class DefaultOrg implements Organization { } } } - + if(fIdentities!=null && fIdentities.exists()) { identities = new Identities(fIdentities); } else { - throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist."); + if(fIdentities==null) { + throw new OrganizationException("No Identities"); + } else { + throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist."); + } } } catch (IOException e) { throw new OrganizationException(e); } } - + // Implement your own Delegation System - static final List NULL_DELEGATES = new ArrayList(); + static final List NULL_DELEGATES = new ArrayList<>(); public Identities identities; private boolean dryRun; private Session session; public enum Types {Employee, Contractor, Application, NotActive}; private final static Set typeSet; - + static { - typeSet = new HashSet(); + typeSet = new HashSet<>(); for(Types t : Types.values()) { typeSet.add(t.name()); } } - + private static final EmailWarnings emailWarnings = new DefaultOrgWarnings(); @Override @@ -154,7 +164,7 @@ public class DefaultOrg implements Organization { return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this); } - // Note: Return a null if found; return a String Message explaining why not found. + // Note: Return a null if found; return a String Message explaining why not found. @Override public String isValidID(final AuthzTrans trans, final String id) { try { @@ -178,29 +188,42 @@ public class DefaultOrg implements Organization { // if(!id.regionMatches(at+1, domain, 0, id.length()-at-1)) { // return false; // } - sid = id.substring(0,at); + sid = id.substring(0,at); } else { sid = id; } // We'll validate that it exists, rather than check patterns. - + return isValidID(trans, sid)==null; // Check Pattern (if checking existing is too long) // if(id.endsWith(SUFFIX) && ID_PATTERN.matcher(id).matches()) { // return true; // } - // return false; + // return false; } private static final String SPEC_CHARS = "!@#$%^*-+?/,:;."; - private static final Pattern PASS_PATTERN=Pattern.compile("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[" + SPEC_CHARS +"]).{6,20})"); + private static final Pattern PASS_PATTERN=Pattern.compile("(((?=.*[a-z,A-Z])(((?=.*\\d))|(?=.*[" + SPEC_CHARS +"]))).{6,20})"); /** + * ( # Start of group + * (?=.*[a-z,A-Z]) # must contain one character + * + * (?=.*\d) # must contain one digit from 0-9 + * OR + * (?=.*[@#$%]) # must contain one special symbols in the list SPEC_CHARS + * + * . # match anything with previous condition checking + * {6,20} # length at least 6 characters and maximum of 20 + * ) # End of group + * + * Another example, more stringent pattern + private static final Pattern PASS_PATTERN=Pattern.compile("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[" + SPEC_CHARS +"]).{6,20})"); * Attribution: from mkyong.com * ( # Start of group - * (?=.*\d) # must contains one digit from 0-9 - * (?=.*[a-z]) # must contains one lowercase characters - * (?=.*[A-Z]) # must contains one uppercase characters - * (?=.*[@#$%]) # must contains one special symbols in the list SPEC_CHARS + * (?=.*\d) # must contain one digit from 0-9 + * (?=.*[a-z]) # must contain one lowercase characters + * (?=.*[A-Z]) # must contain one uppercase characters + * (?=.*[@#$%]) # must contain one special symbols in the list SPEC_CHARS * . # match anything with previous condition checking * {6,20} # length at least 6 characters and maximum of 20 * ) # End of group @@ -220,11 +243,11 @@ public class DefaultOrg implements Organization { } private static final String[] rules = new String[] { - "Passwords must contain one digit from 0-9", - "Passwords must contain one lowercase character", - "Passwords must contain one uppercase character", - "Passwords must contain one special symbols in the list \""+ SPEC_CHARS + '"', - "Passwords must be between 6 and 20 chars in length" + "Passwords must contain letters", + "Passwords must contain one of the following:", + " Number", + " One special symbols in the list \""+ SPEC_CHARS + '"', + "Passwords must be between 6 and 20 chars in length", }; @Override @@ -241,7 +264,7 @@ public class DefaultOrg implements Organization { public Response notify(AuthzTrans trans, Notify type, String url, String[] identities, String[] ccs, String summary, Boolean urgent) { String system = trans.getProperty("CASS_ENV", ""); - ArrayList toList = new ArrayList(); + ArrayList toList = new ArrayList<>(); Identity identity; if (identities != null) { for (String user : identities) { @@ -268,7 +291,7 @@ public class DefaultOrg implements Organization { return Response.ERR_NotificationFailure; } - ArrayList ccList = new ArrayList(); + ArrayList ccList = new ArrayList<>(); // If we're sending an urgent email, CC the user's supervisor // @@ -320,6 +343,7 @@ public class DefaultOrg implements Organization { + "Please follow this link: \n\n\t" + url + "\n\n" + summary, urgent); } catch (Exception e) { + trans.error().log(e, "Failure to send Email"); return Response.ERR_NotificationFailure; } @@ -379,9 +403,10 @@ public class DefaultOrg implements Organization { @Override public int sendEmail(AuthzTrans trans, List toList, List ccList, String subject, String body, Boolean urgent) throws OrganizationException { + int status = 1; - - List to = new ArrayList(); + + List to = new ArrayList<>(); for(String em : toList) { if(em.indexOf('@')<0) { to.add(new DefaultOrgIdentity(trans, em, this).email()); @@ -389,22 +414,24 @@ public class DefaultOrg implements Organization { to.add(em); } } - - List cc = new ArrayList(); - if(ccList!=null && !ccList.isEmpty()) { - for(String em : ccList) { - if(em.indexOf('@')<0) { - cc.add(new DefaultOrgIdentity(trans, em, this).email()); - } else { - cc.add(em); + + List cc = new ArrayList<>(); + if(ccList!=null) { + if(!ccList.isEmpty()) { + + for(String em : ccList) { + if(em.indexOf('@')<0) { + cc.add(new DefaultOrgIdentity(trans, em, this).email()); + } else { + cc.add(em); + } } } - } - - - // for now, I want all emails so we can see what goes out. Remove later - if (!ccList.contains(mailFrom)) { - ccList.add(mailFrom); + + // for now, I want all emails so we can see what goes out. Remove later + if (!ccList.contains(mailFrom)) { + ccList.add(mailFrom); + } } try { @@ -435,6 +462,7 @@ public class DefaultOrg implements Organization { // Now set the actual message message.setText(body); } else { + // override recipients message.addRecipients(Message.RecipientType.TO, InternetAddress.parse(mailFrom)); @@ -446,7 +474,7 @@ public class DefaultOrg implements Organization { message.addHeader("X-Priority", "1"); } - ArrayList newBody = new ArrayList(); + ArrayList newBody = new ArrayList<>(); Address temp[] = getAddresses(to); String headerString = "TO:\t" + InternetAddress.toString(temp) + "\n"; @@ -471,11 +499,13 @@ public class DefaultOrg implements Organization { status = 0; } catch (MessagingException mex) { + System.out.println("Error messaging: "+ mex.getMessage()); + System.out.println("Error messaging: "+ mex.toString()); throw new OrganizationException("Exception send email message " + mex.getMessage()); } - return status; + return status; } /** @@ -498,8 +528,8 @@ public class DefaultOrg implements Organization { @Override public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String... extra) { - GregorianCalendar now = new GregorianCalendar(); - GregorianCalendar rv = gc==null?now:(GregorianCalendar)gc.clone(); + GregorianCalendar now = new GregorianCalendar(); + GregorianCalendar rv = gc==null?now:(GregorianCalendar)gc.clone(); switch (exp) { case ExtendPassword: // Extending Password give 5 extra days, max 8 days from now @@ -557,14 +587,14 @@ public class DefaultOrg implements Organization { @Override public List getApprovers(AuthzTrans trans, String user) throws OrganizationException { Identity orgIdentity = getIdentity(trans, user); - List orgIdentitys = new ArrayList(); + List orgIdentitys = new ArrayList<>(); if(orgIdentity!=null) { Identity supervisor = orgIdentity.responsibleTo(); if(supervisor!=null) { orgIdentitys.add(supervisor); } } - return orgIdentitys; + return orgIdentitys; } @Override @@ -581,7 +611,7 @@ public class DefaultOrg implements Organization { @Override public boolean canHaveMultipleCreds(String id) { // External entities are likely mono-password... if you change it, it is a global change. - // This is great for people, but horrible for Applications. + // This is great for people, but horrible for Applications. // // AAF's Password can have multiple Passwords, each with their own Expiration Date. // For Default Org, we'll assume true for all, but when you add your external @@ -602,7 +632,7 @@ public class DefaultOrg implements Organization { Identity mechid = getIdentity(trans, vars[0]); if(mechid!=null) { Identity sponsor = mechid.responsibleTo(); - if(sponsor!=null && requestor.equals(sponsor.fullID())) { + if(sponsor!=null && requestor.fullID().equals(sponsor.fullID())) { return null; } else { return trans.user() + " is not the Sponsor of MechID " + vars[0]; @@ -612,13 +642,13 @@ public class DefaultOrg implements Organization { } } return null; - + case CREATE_MECHID_BY_PERM_ONLY: return getName() + " only allows sponsors to create MechIDs"; - + default: return policy.name() + " is unsupported at " + getName(); - } + } } @Override @@ -641,9 +671,9 @@ public class DefaultOrg implements Organization { return this.getAddresses(strAddress,";"); } /** - * Convert the delimiter String into Internet addresses with the + * Convert the delimiter String into Internet addresses with the * delimiter of provided - * @param strAddress + * @param strAddresses * @param delimiter * @return */ @@ -652,15 +682,41 @@ public class DefaultOrg implements Organization { int count = 0; for (String addr : strAddresses) { - try{ - addressArray[count] = new InternetAddress(addr); - count++; - }catch(Exception e){ - throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage()); - } - } - return addressArray; + try{ + addressArray[count] = new InternetAddress(addr); + count++; + }catch(Exception e){ + throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage()); + } + } + return addressArray; } - + private String extractRealm(final String r) { + int at; + if((at=r.indexOf('@'))>=0) { + return FQI.reverseDomain(r.substring(at+1)); + } + return r; + } + @Override + public boolean supportsRealm(final String r) { + if(r.endsWith(realm)) { + return true; + } else { + String erealm = extractRealm(r); + for(String sr : supportedRealms) { + if(erealm.startsWith(sr)) { + return true; + } + } + } + return false; + } + + @Override + public synchronized void addSupportedRealm(final String r) { + supportedRealms.add(extractRealm(r)); } + +}