2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.service.validation;
24 import org.onap.aaf.auth.dao.cass.CredDAO;
25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
26 import org.onap.aaf.auth.dao.cass.Namespace;
27 import org.onap.aaf.auth.dao.cass.PermDAO;
28 import org.onap.aaf.auth.dao.cass.RoleDAO;
29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
30 import org.onap.aaf.auth.env.AuthzTrans;
31 import org.onap.aaf.auth.layer.Result;
32 import org.onap.aaf.auth.org.Organization;
33 import org.onap.aaf.auth.rserv.Pair;
34 import org.onap.aaf.auth.validation.Validator;
38 * Consistently apply content rules for content (incoming)
40 * Note: We restrict content for usability in URLs (because RESTful service), and avoid
41 * issues with Regular Expressions, and other enabling technologies.
45 public class ServiceValidator extends Validator {
46 public ServiceValidator perm(Result<PermDAO.Data> rpd) {
56 public ServiceValidator perm(PermDAO.Data pd) {
58 msg("Perm Data is null.");
61 permType(pd.type,pd.ns);
62 permInstance(pd.instance);
63 permAction(pd.action);
65 for(String role : pd.roles) {
70 for(String r : pd.roles) {
74 description("Perm",pd.description);
79 public ServiceValidator role(Result<RoleDAO.Data> rrd) {
88 public ServiceValidator role(RoleDAO.Data pd) {
90 msg("Role Data is null.");
95 for(String perm : pd.perms) {
96 String[] ps = perm.split("\\|");
98 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
100 permType(ps[0],null);
106 description("Role",pd.description);
111 public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
115 delegate(org, rdd.value);
120 public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
122 msg("Delegate Data is null.");
125 user(org,dd.delegate);
131 public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
135 cred(trans, org,rcd.value,isNew);
140 public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
142 msg("Cred Data is null.");
144 if(nob(cd.id,ID_CHARS)) {
145 msg("ID [" + cd.id + "] is invalid in " + org.getName());
147 if(!org.isValidCred(trans, cd.id)) {
148 msg("ID [" + cd.id + "] is invalid for a cred in " + org.getName());
151 int idx = str.indexOf('@');
153 str = str.substring(0,idx);
156 if(cd.id.endsWith(org.getRealm())) {
157 if(isNew && (str=org.isValidID(trans, str)).length()>0) {
163 msg("Credential Type must be set");
166 case CredDAO.BASIC_AUTH_SHA256:
170 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
178 public ServiceValidator user(Organization org, String user) {
179 if(nob(user,ID_CHARS)) {
180 msg("User [",user,"] is invalid.");
185 public ServiceValidator ns(Result<Namespace> nsd) {
191 public ServiceValidator ns(Namespace ns) {
193 for(String s : ns.admin) {
194 if(nob(s,ID_CHARS)) {
195 msg("Admin [" + s + "] is invalid.");
199 for(String s : ns.owner) {
200 if(nob(s,ID_CHARS)) {
201 msg("Responsible [" + s + "] is invalid.");
206 if(ns.attrib!=null) {
207 for(Pair<String, String> at : ns.attrib) {
208 if(nob(at.x,NAME_CHARS)) {
209 msg("Attribute tag [" + at.x + "] is invalid.");
211 if(nob(at.x,NAME_CHARS)) {
212 msg("Attribute value [" + at.y + "] is invalid.");
217 description("Namespace",ns.description);
221 public ServiceValidator user_role(UserRoleDAO.Data urdd) {
223 msg("UserRole is null");
226 nullOrBlank("UserRole.ns",urdd.ns);
227 nullOrBlank("UserRole.rname",urdd.rname);
232 public ServiceValidator nullOrBlank(PermDAO.Data pd) {
234 msg("Permission is null");
236 nullOrBlank("NS",pd.ns).
237 nullOrBlank("Type",pd.type).
238 nullOrBlank("Instance",pd.instance).
239 nullOrBlank("Action",pd.action);
244 public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
248 nullOrBlank("NS",rd.ns).
249 nullOrBlank("Name",rd.name);