X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-deforg%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Forg%2FDefaultOrg.java;h=c7f3b1cc992c652c15ff28ecb8d57b4f4b48ad65;hb=HEAD;hp=92db46945288e8637fecbeba34b9e8e368a516e0;hpb=d86e3224e6a5af2bd2b713f93bea5e6677d3ebc2;p=aaf%2Fauthz.git diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 92db4694..c7f3b1cc 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -32,6 +32,7 @@ import java.util.Set; import java.util.regex.Pattern; import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.local.AbsData.Reuse; import org.onap.aaf.auth.org.EmailWarnings; import org.onap.aaf.auth.org.Executor; import org.onap.aaf.auth.org.Mailer; @@ -40,6 +41,7 @@ import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.Env; +import org.onap.aaf.org.Identities.Data; public class DefaultOrg implements Organization { private static final String AAF_DATA_DIR = "aaf_data_dir"; @@ -47,7 +49,7 @@ public class DefaultOrg implements Organization { final String domain; final String atDomain; final String realm; - + private final String root_ns; private final String NAME; @@ -64,15 +66,14 @@ public class DefaultOrg implements Organization { atDomain = '@'+domain; NAME=env.getProperty(realm + ".name","Default Organization"); root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF); - + try { - String defFile; - String temp=env.getProperty(defFile = (getClass().getName()+".file")); + String temp=env.getProperty(realm +".file"); File fIdentities=null; if (temp==null) { temp = env.getProperty(AAF_DATA_DIR); if (temp!=null) { - env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat"); + env.warn().log("Datafile for " + realm + " is not defined. Using default: ",temp+"/identities.dat"); File dir = new File(temp); fIdentities=new File(dir,"identities.dat"); @@ -83,6 +84,7 @@ public class DefaultOrg implements Organization { } fIdentities.createNewFile(); } + } } else { fIdentities = new File(temp); @@ -103,6 +105,24 @@ public class DefaultOrg implements Organization { throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist."); } } + + File fRevoked=null; + temp=env.getProperty(getClass().getName()+".file.revoked"); + if(temp==null) { + temp = env.getProperty(AAF_DATA_DIR); + if (temp!=null) { + File dir = new File(temp); + fRevoked=new File(dir,"revoked.dat"); + } + } else { + fRevoked = new File(temp); + } + if (fRevoked!=null && fRevoked.exists()) { + revoked = new Identities(fRevoked); + } else { + revoked = null; + } + } catch (IOException e) { throw new OrganizationException(e); } @@ -112,6 +132,7 @@ public class DefaultOrg implements Organization { static final List NULL_DELEGATES = new ArrayList<>(); public Identities identities; + public Identities revoked; private boolean dryRun; private Mailer mailer; public enum Types {Employee, Contractor, Application, NotActive}; @@ -147,30 +168,59 @@ public class DefaultOrg implements Organization { return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this); } + /** + * If the ID isn't in the revoked file, if it exists, it is revoked. + */ + @Override + public Date isRevoked(AuthzTrans trans, String key) { + if(revoked!=null) { + try { + revoked.open(trans, DefaultOrgIdentity.TIMEOUT); + try { + Reuse r = revoked.reuse(); + int at = key.indexOf(domain); + String search; + if (at>=0) { + search = key.substring(0,at); + } else { + search = key; + } + Data revokedData = revoked.find(search, r); + return revokedData==null?null:new Date(); + } finally { + revoked.close(trans); + } + } catch (IOException e) { + trans.error().log(e); + } + } + return null; + } + /* (non-Javadoc) - * @see org.onap.aaf.auth.org.Organization#getEsclaations(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, int) - */ - @Override - public List getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException { - List rv = new ArrayList<>(); - int end = Math.min(3,Math.abs(escalate)); - Identity id = null; - for(int i=0;i getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException { + List rv = new ArrayList<>(); + int end = Math.min(3,Math.abs(escalate)); + Identity id = null; + for(int i=0;i1?vars[1]:trans.user(); - return executor.hasPermission(user, root_ns,"password", root_ns , "extend") - ?null:user + " does not have permission to extend passwords at " + getName(); + case MAY_EXTEND_CRED_EXPIRES: + // If parm, use it, otherwise, trans + user = vars.length>1?vars[1]:trans.user(); + return executor.hasPermission(user, root_ns,"password", root_ns , "extend") + ?null:user + " does not have permission to extend passwords at " + getName(); default: return policy.name() + " is unsupported at " + getName(); @@ -588,6 +642,25 @@ public class DefaultOrg implements Organization { } return false; } + + @Override + public String supportedDomain(String user) { + if(user!=null) { + int after_at = user.indexOf('@')+1; + if(after_at toList, List ccList, String subject, String body, Boolean urgent) throws OrganizationException { if (mailer!=null) { - String mailFrom = mailer.mailFrom(); + String mailFrom = mailer.mailFrom(); List to = new ArrayList<>(); for (String em : toList) { if (em.indexOf('@')<0) { @@ -633,9 +706,8 @@ public class DefaultOrg implements Organization { } } - @Override - public boolean mayAutoDelete(AuthzTrans trans, String user) { - // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table. - return false; - } + @Override + public boolean isUserExpireExempt(String user, Date expires) { + return false; + } }