auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  *
   7  * Modifications Copyright (C) 2019 IBM.
   8  * ===========================================================================
   9  * Licensed under the Apache License, Version 2.0 (the "License");
  10  * you may not use this file except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  * ============LICENSE_END====================================================
  21  *
  22  */
  23
  24 package org.onap.aaf.auth.cmd.user;
  25
  26 import java.util.List;
  27
  28 import org.onap.aaf.auth.cmd.AAFcli;
  29 import org.onap.aaf.auth.cmd.Cmd;
  30 import org.onap.aaf.auth.cmd.Param;
  31 import org.onap.aaf.auth.rserv.HttpMethods;
  32 import org.onap.aaf.cadi.CadiException;
  33 import org.onap.aaf.cadi.LocatorException;
  34 import org.onap.aaf.cadi.aaf.client.ErrMessage;
  35 import org.onap.aaf.cadi.client.Future;
  36 import org.onap.aaf.cadi.client.Rcli;
  37 import org.onap.aaf.cadi.client.Retryable;
  38 import org.onap.aaf.misc.env.APIException;
  39
  40 import aaf.v2_0.CredRequest;
  41 import aaf.v2_0.Error;
  42
  43 public class Cred extends Cmd {
  44     public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed.  Specifics witheld.";
  45     private static final String CRED_PATH = "/authn/cred";
  46     private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
  47     private ErrMessage em;
  48     public Cred(User parent) throws APIException {
  49         super(parent,"cred",
  50                 new Param(optionsToString(options),true),
  51                 new Param("id",true),
  52                 new Param("password (! D|E)",false),
  53                 new Param("entry# (if multi)",false)
  54         );
  55         em = new ErrMessage(aafcli.env());
  56     }
  57
  58     @Override
  59     public int _exec(int idxVar, final String ... args) throws CadiException, APIException, LocatorException {
  60         int idx = idxVar;
  61         String key = args[idx++];
  62         final int option = whichOption(options,key);
  63
  64         final CredRequest cr = new CredRequest();
  65         cr.setId(args[idx++]);
  66         if (option!=1 && option!=3) {
  67             if (idx>=args.length) {
  68                 throw new CadiException("Password Required");
  69             }
  70             cr.setPassword(args[idx++]);
  71         }
  72         if (args.length>idx) {
  73             cr.setEntry(args[idx]);
  74         }
  75
  76         // Set Start/End commands
  77         setStartEnd(cr);
  78         Integer ret = same(new Retryable<Integer>() {
  79             @Override
  80             public Integer code(Rcli<?> client) throws CadiException, APIException {
  81                 Future<CredRequest> fp=null;
  82                 String verb =null;
  83                 switch(option) {
  84                     case 0:
  85                         fp = client.create(
  86                             CRED_PATH,
  87                             getDF(CredRequest.class),
  88                             cr
  89                             );
  90                         verb = "Added Credential [";
  91                         break;
  92                     case 1:
  93                         setQueryParamsOn(client);
  94                         fp = client.delete(CRED_PATH,
  95                             getDF(CredRequest.class),
  96                             cr
  97                             );
  98                         verb = "Deleted Credential [";
  99                         break;
 100                     case 2:
 101                         fp = client.update(
 102                             CRED_PATH,
 103                             getDF(CredRequest.class),
 104                             cr
 105                             );
 106                         verb = "Reset Credential [";
 107                         break;
 108                     case 3:
 109                         fp = client.update(
 110                             CRED_PATH+"/5",
 111                             getDF(CredRequest.class),
 112                             cr
 113                             );
 114                         verb = "Extended Credential [";
 115                         break;
 116                     default:
 117                         break;
 118                 }
 119                 if (fp==null) {
 120                     return null; // get by Sonar check.
 121                 }
 122                 if (fp.get(AAFcli.timeout())) {
 123                     pw().print(verb);
 124                     pw().print(cr.getId());
 125                     pw().println(']');
 126                 } else if (fp.code()==202) {
 127                         pw().println("Credential Action Accepted, but requires Approvals before actualizing");
 128                 } else if (fp.code()==300 || fp.code()==406) {
 129                     Error err = em.getError(fp);
 130                     String text = err.getText();
 131                     List<String> vars = err.getVariables();
 132
 133                     // IMPORTANT! We do this backward, because it is looking for string
 134                     // %1 or %13.  If we replace %1 first, that messes up %13
 135                     String var;
 136                     for(int i=vars.size()-1;i>0;--i) {
 137                         var = vars.get(i);
 138                         if(aafcli.isTest()) {
 139                                 int type = var.indexOf("U/P");
 140                                 if(type>0) {
 141                                         var = var.substring(0,type+4) + "  XXXX/XX/XX XX:XX UTC  XXXXXXXXXXXXXXXXXX";
 142                                 }
 143                         }
 144                         text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var);
 145                     }
 146
 147                     text = text.replace("%1",vars.get(0));
 148                     if(aafcli.isTest()) {
 149
 150                     }
 151                     pw().println(text);
 152                 } else if (fp.code()==406 && option==1) {
 153                         pw().println("You cannot delete this Credential");
 154                 } else if (fp.code()==409 && option==0) {
 155                     pw().println("You cannot add two Passwords for same day");
 156                 } else {
 157                     pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
 158                 }
 159                 return fp.code();
 160             }
 161         });
 162         if (ret==null) {
 163             ret = -1;
 164         }
 165         return ret;
 166     }
 167
 168     @Override
 169     public void detailedHelp(int indentVar, StringBuilder sb) {
 170             int indent = indentVar;
 171         detailLine(sb,indent,"Add, Delete or Reset Credential");
 172         indent+=2;
 173         detailLine(sb,indent,"id       - the ID to create/delete/reset within AAF");
 174         detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");
 175         detailLine(sb,indent,"entry    - selected option when deleting/resetting a cred with multiple entries");
 176         sb.append('\n');
 177         detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
 178         detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
 179         detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
 180         sb.append('\n');
 181         detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");
 182         detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");
 183         sb.append('\n');
 184         detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On");
 185
 186         detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");
 187         indent-=2;
 188         api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
 189         api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
 190         api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);
 191     }
 192 }