2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.cmd.user;
24 import org.onap.aaf.auth.cmd.AAFcli;
25 import org.onap.aaf.auth.cmd.Cmd;
26 import org.onap.aaf.auth.cmd.Param;
27 import org.onap.aaf.auth.rserv.HttpMethods;
28 import org.onap.aaf.cadi.CadiException;
29 import org.onap.aaf.cadi.LocatorException;
30 import org.onap.aaf.cadi.client.Future;
31 import org.onap.aaf.cadi.client.Rcli;
32 import org.onap.aaf.cadi.client.Retryable;
33 import org.onap.aaf.misc.env.APIException;
35 import aaf.v2_0.CredRequest;
37 public class Cred extends Cmd {
38 public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
39 private static final String CRED_PATH = "/authn/cred";
40 private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
41 public Cred(User parent) {
43 new Param(optionsToString(options),true),
45 new Param("password (! D|E)",false),
46 new Param("entry# (if multi)",false)
51 public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
53 String key = args[idx++];
54 final int option = whichOption(options,key);
56 final CredRequest cr = new CredRequest();
57 cr.setId(args[idx++]);
58 if (option!=1 && option!=3) {
59 if (idx>=args.length) throw new CadiException("Password Required");
60 cr.setPassword(args[idx++]);
63 cr.setEntry(args[idx]);
65 // Set Start/End commands
67 Integer ret = same(new Retryable<Integer>() {
69 public Integer code(Rcli<?> client) throws CadiException, APIException {
70 Future<CredRequest> fp=null;
76 getDF(CredRequest.class),
79 verb = "Added Credential [";
82 setQueryParamsOn(client);
83 fp = client.delete(CRED_PATH,
84 getDF(CredRequest.class),
87 verb = "Deleted Credential [";
92 getDF(CredRequest.class),
95 verb = "Reset Credential [";
100 getDF(CredRequest.class),
103 verb = "Extended Credential [";
109 return null; // get by Sonar check.
111 if (fp.get(AAFcli.timeout())) {
113 pw().print(cr.getId());
115 } else if (fp.code()==202) {
116 pw().println("Credential Action Accepted, but requires Approvals before actualizing");
117 } else if (fp.code()==406 && option==1) {
118 pw().println("You cannot delete this Credential");
120 pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD);
125 if (ret==null)ret = -1;
130 public void detailedHelp(int _indent, StringBuilder sb) {
131 int indent = _indent;
132 detailLine(sb,indent,"Add, Delete or Reset Credential");
134 detailLine(sb,indent,"id - the ID to create/delete/reset within AAF");
135 detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");
136 detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries");
138 detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
139 detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
140 detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
142 detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");
143 detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");
145 detailLine(sb,indent,"*NOTE: com.att.csp is a reserved Domain for Global Sign On");
147 detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");
149 api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
150 api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
151 api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);