2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.service.validation;
24 import org.onap.aaf.auth.dao.cass.CredDAO;
25 import org.onap.aaf.auth.dao.cass.DelegateDAO;
26 import org.onap.aaf.auth.dao.cass.Namespace;
27 import org.onap.aaf.auth.dao.cass.PermDAO;
28 import org.onap.aaf.auth.dao.cass.RoleDAO;
29 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
30 import org.onap.aaf.auth.env.AuthzTrans;
31 import org.onap.aaf.auth.layer.Result;
32 import org.onap.aaf.auth.org.Organization;
33 import org.onap.aaf.auth.rserv.Pair;
34 import org.onap.aaf.auth.validation.Validator;
38 * Consistently apply content rules for content (incoming)
40 * Note: We restrict content for usability in URLs (because RESTful service), and avoid
41 * issues with Regular Expressions, and other enabling technologies.
45 public class ServiceValidator extends Validator {
46 public ServiceValidator perm(Result<PermDAO.Data> rpd) {
56 public ServiceValidator perm(PermDAO.Data pd) {
58 msg("Perm Data is null.");
61 permType(pd.type,pd.ns);
62 permInstance(pd.instance);
63 permAction(pd.action);
65 for(String role : pd.roles) {
70 for(String r : pd.roles) {
74 description("Perm",pd.description);
79 public ServiceValidator role(Result<RoleDAO.Data> rrd) {
88 public ServiceValidator role(RoleDAO.Data pd) {
90 msg("Role Data is null.");
95 for(String perm : pd.perms) {
96 String[] ps = perm.split("\\|");
98 msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");
100 permType(ps[0],null);
106 description("Role",pd.description);
111 public ServiceValidator delegate(Organization org, Result<DelegateDAO.Data> rdd) {
115 delegate(org, rdd.value);
120 public ServiceValidator delegate(Organization org, DelegateDAO.Data dd) {
122 msg("Delegate Data is null.");
125 user(org,dd.delegate);
131 public ServiceValidator cred(AuthzTrans trans, Organization org, Result<CredDAO.Data> rcd, boolean isNew) {
135 cred(trans, org,rcd.value,isNew);
140 public ServiceValidator cred(AuthzTrans trans, Organization org, CredDAO.Data cd, boolean isNew) {
142 msg("Cred Data is null.");
144 if(!org.isValidCred(trans, cd.id)) {
145 msg("ID [" + cd.id + "] is invalid in " + org.getName());
148 int idx = str.indexOf('@');
150 str = str.substring(0,idx);
153 if(org.supportsRealm(cd.id)) {
154 String resp = org.isValidID(trans, str);
155 if(isNew && (resp!=null && resp.length()>0)) {
161 msg("Credential Type must be set");
164 case CredDAO.BASIC_AUTH_SHA256:
168 msg("Credential Type [",Integer.toString(cd.type),"] is invalid");
176 public ServiceValidator user(Organization org, String user) {
177 if(nob(user,ID_CHARS)) {
178 msg("User [",user,"] is invalid.");
183 public ServiceValidator ns(Result<Namespace> nsd) {
189 public ServiceValidator ns(Namespace ns) {
191 for(String s : ns.admin) {
192 if(nob(s,ID_CHARS)) {
193 msg("Admin [" + s + "] is invalid.");
197 for(String s : ns.owner) {
198 if(nob(s,ID_CHARS)) {
199 msg("Responsible [" + s + "] is invalid.");
204 if(ns.attrib!=null) {
205 for(Pair<String, String> at : ns.attrib) {
206 if(nob(at.x,NAME_CHARS)) {
207 msg("Attribute tag [" + at.x + "] is invalid.");
209 if(nob(at.x,NAME_CHARS)) {
210 msg("Attribute value [" + at.y + "] is invalid.");
215 description("Namespace",ns.description);
219 public ServiceValidator user_role(UserRoleDAO.Data urdd) {
221 msg("UserRole is null");
224 nullOrBlank("UserRole.ns",urdd.ns);
225 nullOrBlank("UserRole.rname",urdd.rname);
230 public ServiceValidator nullOrBlank(PermDAO.Data pd) {
232 msg("Permission is null");
234 nullOrBlank("NS",pd.ns).
235 nullOrBlank("Type",pd.type).
236 nullOrBlank("Instance",pd.instance).
237 nullOrBlank("Action",pd.action);
242 public ServiceValidator nullOrBlank(RoleDAO.Data rd) {
246 nullOrBlank("NS",rd.ns).
247 nullOrBlank("Name",rd.name);