1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.authz.service.mapper;
\r
25 import java.nio.ByteBuffer;
\r
26 import java.util.ArrayList;
\r
27 import java.util.Collection;
\r
28 import java.util.Collections;
\r
29 import java.util.Comparator;
\r
30 import java.util.Date;
\r
31 import java.util.GregorianCalendar;
\r
32 import java.util.List;
\r
33 import java.util.UUID;
\r
35 import javax.xml.datatype.XMLGregorianCalendar;
\r
37 import org.onap.aaf.authz.env.AuthzTrans;
\r
38 import org.onap.aaf.authz.layer.Result;
\r
39 import org.onap.aaf.authz.org.Organization;
\r
40 import org.onap.aaf.authz.org.Organization.Expiration;
\r
41 import org.onap.aaf.authz.service.MayChange;
\r
42 import org.onap.aaf.cssa.rserv.Pair;
\r
43 import org.onap.aaf.dao.Bytification;
\r
44 import org.onap.aaf.dao.aaf.cass.ApprovalDAO;
\r
45 import org.onap.aaf.dao.aaf.cass.CertDAO;
\r
46 import org.onap.aaf.dao.aaf.cass.CredDAO;
\r
47 import org.onap.aaf.dao.aaf.cass.DelegateDAO;
\r
48 import org.onap.aaf.dao.aaf.cass.FutureDAO;
\r
49 import org.onap.aaf.dao.aaf.cass.HistoryDAO;
\r
50 import org.onap.aaf.dao.aaf.cass.Namespace;
\r
51 import org.onap.aaf.dao.aaf.cass.NsSplit;
\r
52 import org.onap.aaf.dao.aaf.cass.NsType;
\r
53 import org.onap.aaf.dao.aaf.cass.PermDAO;
\r
54 import org.onap.aaf.dao.aaf.cass.RoleDAO;
\r
55 import org.onap.aaf.dao.aaf.cass.Status;
\r
56 import org.onap.aaf.dao.aaf.cass.UserRoleDAO;
\r
57 import org.onap.aaf.dao.aaf.cass.DelegateDAO.Data;
\r
58 import org.onap.aaf.dao.aaf.hl.Question;
\r
59 import org.onap.aaf.dao.aaf.hl.Question.Access;
\r
61 import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;
\r
62 import org.onap.aaf.cadi.util.Vars;
\r
63 import org.onap.aaf.inno.env.Env;
\r
64 import org.onap.aaf.inno.env.TimeTaken;
\r
65 import org.onap.aaf.inno.env.util.Chrono;
\r
66 import org.onap.aaf.rosetta.Marshal;
\r
68 import aaf.v2_0.Api;
\r
69 import aaf.v2_0.Approval;
\r
70 import aaf.v2_0.Approvals;
\r
71 import aaf.v2_0.Certs;
\r
72 import aaf.v2_0.Certs.Cert;
\r
73 import aaf.v2_0.CredRequest;
\r
74 import aaf.v2_0.Delg;
\r
75 import aaf.v2_0.DelgRequest;
\r
76 import aaf.v2_0.Delgs;
\r
77 import aaf.v2_0.Error;
\r
78 import aaf.v2_0.History;
\r
79 import aaf.v2_0.History.Item;
\r
80 import aaf.v2_0.Keys;
\r
81 import aaf.v2_0.NsRequest;
\r
82 import aaf.v2_0.Nss;
\r
83 import aaf.v2_0.Nss.Ns;
\r
84 import aaf.v2_0.Nss.Ns.Attrib;
\r
85 import aaf.v2_0.Perm;
\r
86 import aaf.v2_0.PermKey;
\r
87 import aaf.v2_0.PermRequest;
\r
88 import aaf.v2_0.Perms;
\r
89 import aaf.v2_0.Pkey;
\r
90 import aaf.v2_0.Request;
\r
91 import aaf.v2_0.Role;
\r
92 import aaf.v2_0.RolePermRequest;
\r
93 import aaf.v2_0.RoleRequest;
\r
94 import aaf.v2_0.Roles;
\r
95 import aaf.v2_0.UserRole;
\r
96 import aaf.v2_0.UserRoleRequest;
\r
97 import aaf.v2_0.UserRoles;
\r
98 import aaf.v2_0.Users;
\r
99 import aaf.v2_0.Users.User;
\r
101 public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> {
\r
102 private Question q;
\r
104 public Mapper_2_0(Question q) {
\r
109 * @see org.onap.aaf.authz.service.mapper.Mapper#ns(java.lang.Object, org.onap.aaf.authz.service.mapper.Mapper.Holder)
\r
112 public Result<Namespace> ns(AuthzTrans trans, Request base) {
\r
113 NsRequest from = (NsRequest)base;
\r
114 Namespace namespace = new Namespace();
\r
115 namespace.name = from.getName();
\r
116 namespace.admin = from.getAdmin();
\r
117 namespace.owner = from.getResponsible();
\r
118 namespace.description = from.getDescription();
\r
119 trans.checkpoint(namespace.name, Env.ALWAYS);
\r
121 NsType nt = NsType.fromString(from.getType());
\r
122 if(nt.equals(NsType.UNKNOWN)) {
\r
123 String ns = namespace.name;
\r
125 for(int i=ns.indexOf('.');
\r
127 i=ns.indexOf('.',i+1)) {
\r
131 case 0: nt = NsType.ROOT;break;
\r
132 case 1: nt = NsType.COMPANY;break;
\r
133 default: nt = NsType.APP;
\r
136 namespace.type = nt.type;
\r
138 return Result.ok(namespace);
\r
142 public Result<Nss> nss(AuthzTrans trans, Namespace from, Nss to) {
\r
143 List<Ns> nss = to.getNs();
\r
145 ns.setName(from.name);
\r
146 if(from.admin!=null)ns.getAdmin().addAll(from.admin);
\r
147 if(from.owner!=null)ns.getResponsible().addAll(from.owner);
\r
148 if(from.attrib!=null) {
\r
149 for(Pair<String,String> attrib : from.attrib) {
\r
150 Attrib toAttrib = new Attrib();
\r
151 toAttrib.setKey(attrib.x);
\r
152 toAttrib.setValue(attrib.y);
\r
153 ns.getAttrib().add(toAttrib);
\r
157 ns.setDescription(from.description);
\r
159 return Result.ok(to);
\r
163 * Note: Prevalidate if NS given is allowed to be seen before calling
\r
166 public Result<Nss> nss(AuthzTrans trans, Collection<Namespace> from, Nss to) {
\r
167 List<Ns> nss = to.getNs();
\r
168 for(Namespace nd : from) {
\r
170 ns.setName(nd.name);
\r
171 ns.getAdmin().addAll(nd.admin);
\r
172 ns.getResponsible().addAll(nd.owner);
\r
173 ns.setDescription(nd.description);
\r
174 if(nd.attrib!=null) {
\r
175 for(Pair<String,String> attrib : nd.attrib) {
\r
176 Attrib toAttrib = new Attrib();
\r
177 toAttrib.setKey(attrib.x);
\r
178 toAttrib.setValue(attrib.y);
\r
179 ns.getAttrib().add(toAttrib);
\r
185 return Result.ok(to);
\r
189 public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, boolean filter) {
\r
190 List<Perm> perms = to.getPerm();
\r
191 TimeTaken tt = trans.start("Filter Perms before return", Env.SUB);
\r
194 for (PermDAO.Data data : from) {
\r
195 if(!filter || q.mayUser(trans, trans.user(), data, Access.read).isOK()) {
\r
196 Perm perm = new Perm();
\r
197 perm.setType(data.fullType());
\r
198 perm.setInstance(data.instance);
\r
199 perm.setAction(data.action);
\r
200 for(String role : data.roles(false)) {
\r
201 perm.getRoles().add(role);
\r
203 perm.setDescription(data.description);
\r
212 tt = trans.start("Sort Perms", Env.SUB);
\r
214 Collections.sort(perms, new Comparator<Perm>() {
\r
216 public int compare(Perm perm1, Perm perm2) {
\r
217 int typeCompare = perm1.getType().compareToIgnoreCase(perm2.getType());
\r
218 if (typeCompare == 0) {
\r
219 int instanceCompare = perm1.getInstance().compareToIgnoreCase(perm2.getInstance());
\r
220 if (instanceCompare == 0) {
\r
221 return perm1.getAction().compareToIgnoreCase(perm2.getAction());
\r
223 return instanceCompare;
\r
225 return typeCompare;
\r
231 return Result.ok(to);
\r
235 public Result<List<PermDAO.Data>> perms(AuthzTrans trans, Perms perms) {
\r
236 List<PermDAO.Data> lpd = new ArrayList<PermDAO.Data>();
\r
237 for (Perm p : perms.getPerm()) {
\r
238 Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());
\r
239 PermDAO.Data pd = new PermDAO.Data();
\r
241 pd.ns=nss.value.ns;
\r
242 pd.type = nss.value.name;
\r
243 pd.instance = p.getInstance();
\r
244 pd.action = p.getAction();
\r
245 for (String role : p.getRoles())
\r
246 pd.roles(true).add(role);
\r
249 return Result.err(nss);
\r
252 return Result.ok(lpd);
\r
256 public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {
\r
257 return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());
\r
261 public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {
\r
262 RolePermRequest from = (RolePermRequest)req;
\r
263 Pkey perm = from.getPerm();
\r
264 if(perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");
\r
265 Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());
\r
266 PermDAO.Data pd = new PermDAO.Data();
\r
268 pd.ns=nss.value.ns;
\r
269 pd.type = nss.value.name;
\r
270 pd.instance = from.getPerm().getInstance();
\r
271 pd.action = from.getPerm().getAction();
\r
272 trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
\r
274 String[] roles = {};
\r
276 if (from.getRole() != null) {
\r
277 roles = from.getRole().split(",");
\r
279 for (String role : roles) {
\r
280 pd.roles(true).add(role);
\r
282 return Result.ok(pd);
\r
284 return Result.err(nss);
\r
289 public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {
\r
290 RolePermRequest from = (RolePermRequest)req;
\r
291 Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());
\r
292 RoleDAO.Data rd = new RoleDAO.Data();
\r
294 rd.ns = nss.value.ns;
\r
295 rd.name = nss.value.name;
\r
296 trans.checkpoint(rd.fullName(), Env.ALWAYS);
\r
297 return Result.ok(rd);
\r
299 return Result.err(nss);
\r
304 public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {
\r
305 PermRequest from = (PermRequest)req;
\r
306 Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
\r
307 PermDAO.Data pd = new PermDAO.Data();
\r
309 pd.ns=nss.value.ns;
\r
310 pd.type = nss.value.name;
\r
311 pd.instance = from.getInstance();
\r
312 pd.action = from.getAction();
\r
313 pd.description = from.getDescription();
\r
314 trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
\r
315 return Result.ok(pd);
\r
317 return Result.err(nss);
\r
322 public Result<RoleDAO.Data> role(AuthzTrans trans, Request base) {
\r
323 RoleRequest from = (RoleRequest)base;
\r
324 Result<NsSplit> nss = q.deriveNsSplit(trans, from.getName());
\r
326 RoleDAO.Data to = new RoleDAO.Data();
\r
327 to.ns = nss.value.ns;
\r
328 to.name = nss.value.name;
\r
329 to.description = from.getDescription();
\r
330 trans.checkpoint(to.fullName(), Env.ALWAYS);
\r
332 return Result.ok(to);
\r
334 return Result.err(nss);
\r
339 * @see org.onap.aaf.authz.service.mapper.Mapper#roles(java.util.List)
\r
342 public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
\r
343 for(RoleDAO.Data frole : from) {
\r
344 // Only Add Data to view if User is allowed to see this Role
\r
345 //if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) {
\r
346 if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
\r
347 Role role = new Role();
\r
348 role.setName(frole.ns + '.' + frole.name);
\r
349 role.setDescription(frole.description);
\r
350 for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for
\r
351 Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);
\r
352 if(rpa.notOK()) return Result.err(rpa);
\r
354 String[] pa = rpa.value;
\r
355 Pkey pKey = new Pkey();
\r
356 pKey.setType(pa[0]+'.'+pa[1]);
\r
357 pKey.setInstance(pa[2]);
\r
358 pKey.setAction(pa[3]);
\r
359 role.getPerms().add(pKey);
\r
361 to.getRole().add(role);
\r
364 return Result.ok(to);
\r
369 * @see org.onap.aaf.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
\r
371 * Note: Prevalidate all data for permission to view
\r
374 public Result<Users> users(AuthzTrans trans, Collection<UserRoleDAO.Data> from, Users to) {
\r
375 List<User> cu = to.getUser();
\r
376 for(UserRoleDAO.Data urd : from) {
\r
377 User user = new User();
\r
378 user.setId(urd.user);
\r
379 user.setExpires(Chrono.timeStamp(urd.expires));
\r
382 return Result.ok(to);
\r
387 * @see org.onap.aaf.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
\r
389 * Note: Prevalidate all data for permission to view
\r
392 public Result<UserRoles> userRoles(AuthzTrans trans, Collection<UserRoleDAO.Data> from, UserRoles to) {
\r
393 List<UserRole> cu = to.getUserRole();
\r
394 for(UserRoleDAO.Data urd : from) {
\r
395 UserRole ur = new UserRole();
\r
396 ur.setUser(urd.user);
\r
397 ur.setRole(urd.role);
\r
398 ur.setExpires(Chrono.timeStamp(urd.expires));
\r
401 return Result.ok(to);
\r
411 public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) {
\r
413 UserRoleRequest from = (UserRoleRequest)base;
\r
415 // Setup UserRoleData, either for immediate placement, or for future
\r
416 UserRoleDAO.Data to = new UserRoleDAO.Data();
\r
417 if (from.getUser() != null) {
\r
418 String user = from.getUser();
\r
421 if (from.getRole() != null) {
\r
422 to.role(trans,q,from.getRole());
\r
424 to.expires = getExpires(trans.org(),Expiration.UserInRole,base,from.getUser());
\r
425 trans.checkpoint(to.toString(), Env.ALWAYS);
\r
427 return Result.ok(to);
\r
428 } catch (Exception t) {
\r
429 return Result.err(Status.ERR_BadData,t.getMessage());
\r
434 public Result<CredDAO.Data> cred(AuthzTrans trans, Request base, boolean requiresPass) {
\r
435 CredRequest from = (CredRequest)base;
\r
436 CredDAO.Data to = new CredDAO.Data();
\r
437 to.id=from.getId();
\r
438 to.ns = Question.domain2ns(to.id);
\r
439 String passwd = from.getPassword();
\r
441 String ok = trans.org().isValidPassword(to.id,passwd);
\r
442 if(ok.length()>0) {
\r
443 return Result.err(Status.ERR_BadData,ok);
\r
449 if(passwd != null) {
\r
450 to.cred = ByteBuffer.wrap(passwd.getBytes());
\r
451 to.type = CredDAO.RAW;
\r
456 // Note: Ensure requested EndDate created will match Organization Password Rules
\r
457 // P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
\r
458 to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
\r
459 trans.checkpoint(to.id, Env.ALWAYS);
\r
461 return Result.ok(to);
\r
465 public Result<Users> cred(List<CredDAO.Data> from, Users to) {
\r
466 List<User> cu = to.getUser();
\r
467 for(CredDAO.Data cred : from) {
\r
468 User user = new User();
\r
469 user.setId(cred.id);
\r
470 user.setExpires(Chrono.timeStamp(cred.expires));
\r
471 user.setType(cred.type);
\r
474 return Result.ok(to);
\r
478 public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {
\r
479 List<Cert> lc = to.getCert();
\r
480 for(CertDAO.Data fcred : from) {
\r
481 Cert cert = new Cert();
\r
482 cert.setId(fcred.id);
\r
483 cert.setX500(fcred.x500);
\r
484 /**TODO - change Interface
\r
486 cert.setFingerprint(fcred.serial.toByteArray());
\r
489 return Result.ok(to);
\r
493 * Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester
\r
494 * is allowed to change this value directly
\r
496 * Returning Result.OK means it should be done in the future.
\r
497 * Returning Result.ACC_Now means to act on table change now.
\r
500 public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
\r
501 Bytification content, boolean enableApproval, Memo memo, MayChange mc) {
\r
502 Result<?> rMayChange = mc.mayChange();
\r
504 if(needsAppr = rMayChange.notOK()) {
\r
505 if(enableApproval) {
\r
506 if(!trans.futureRequested()) {
\r
507 return Result.err(rMayChange);
\r
510 return Result.err(rMayChange);
\r
513 GregorianCalendar now = new GregorianCalendar();
\r
514 GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar();
\r
516 GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);
\r
517 XMLGregorianCalendar xgc;
\r
518 if((xgc=from.getEnd())!=null) {
\r
519 GregorianCalendar fgc = xgc.toGregorianCalendar();
\r
520 expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration
\r
523 //TODO needs two answers from this. What's the NSS, and may Change.
\r
524 FutureDAO.Data fto;
\r
525 if(start.after(now) || needsAppr ) {
\r
526 //String user = trans.user();
\r
527 fto = new FutureDAO.Data();
\r
529 fto.memo = memo.get();
\r
530 fto.start = start.getTime();
\r
531 fto.expires = expires.getTime();
\r
532 if(needsAppr) { // Need to add Approvers...
\r
534 Result<Data> rslt = mc.getNsd();
\r
535 if(rslt.notOKorIsEmpty())return Result.err(rslt);
\r
536 appr.addAll(mc.getNsd().value.responsible);
\r
538 //Note from 2013 Is this getting Approvers for user only? What about Delegates?
\r
539 // 3/25/2014. Approvers are set by Corporate policy. We don't have to worry here about what that means.
\r
540 // It is important to get Delegates, if necessary, at notification time
\r
541 // If we add delegates now, it will get all confused as to who is actually responsible.
\r
542 for(Organization.User ou : org.getApprovers(trans, user)) {
\r
543 appr.add(ou.email);
\r
545 } catch (Exception e) {
\r
546 return Result.err(Status.ERR_Policy,org.getName() + " did not respond with Approvers: " + e.getLocalizedMessage());
\r
551 fto.construct = content.bytify();
\r
552 } catch (Exception e) {
\r
553 return Result.err(Status.ERR_BadData,"Data cannot be saved for Future.");
\r
556 return Result.err(Status.ACC_Now, "Make Data changes now.");
\r
558 return Result.ok(fto);
\r
563 * @see org.onap.aaf.authz.service.mapper.Mapper#history(java.util.List)
\r
566 public Result<History> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort) {
\r
567 History hist = new History();
\r
568 List<Item> items = hist.getItem();
\r
569 for(HistoryDAO.Data data : history) {
\r
570 History.Item item = new History.Item();
\r
571 item.setYYYYMM(Integer.toString(data.yr_mon));
\r
572 Date date = Chrono.uuidToDate(data.id);
\r
573 item.setTimestamp(Chrono.timeStamp(date));
\r
574 item.setAction(data.action);
\r
575 item.setMemo(data.memo);
\r
576 item.setSubject(data.subject);
\r
577 item.setTarget(data.target);
\r
578 item.setUser(data.user);
\r
583 TimeTaken tt = trans.start("Sort ", Env.SUB);
\r
585 java.util.Collections.sort(items, new Comparator<Item>() {
\r
587 public int compare(Item o1, Item o2) {
\r
588 return sort*(o1.getTimestamp().compare(o2.getTimestamp()));
\r
595 return Result.ok(hist);
\r
599 public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {
\r
600 Error err = new Error();
\r
601 err.setMessageId(msgID);
\r
602 // AT&T Restful Error Format requires numbers "%" placements
\r
603 err.setText(Vars.convert(holder, text, var));
\r
604 for(String s : var) {
\r
605 err.getVariables().add(s);
\r
611 public Class<?> getClass(API api) {
\r
613 case NSS: return Nss.class;
\r
614 case NS_REQ: return NsRequest.class;
\r
615 case PERMS: return Perms.class;
\r
616 case PERM_KEY: return PermKey.class;
\r
617 case ROLES: return Roles.class;
\r
618 case ROLE: return Role.class;
\r
619 case USERS: return Users.class;
\r
620 case DELGS: return Delgs.class;
\r
621 case CERTS: return Certs.class;
\r
622 case DELG_REQ: return DelgRequest.class;
\r
623 case PERM_REQ: return PermRequest.class;
\r
624 case ROLE_REQ: return RoleRequest.class;
\r
625 case CRED_REQ: return CredRequest.class;
\r
626 case USER_ROLE_REQ: return UserRoleRequest.class;
\r
627 case USER_ROLES: return UserRoles.class;
\r
628 case ROLE_PERM_REQ: return RolePermRequest.class;
\r
629 case APPROVALS: return Approvals.class;
\r
630 case KEYS: return Keys.class;
\r
631 case HISTORY: return History.class;
\r
632 // case MODEL: return Model.class;
\r
633 case ERROR: return Error.class;
\r
634 case API: return Api.class;
\r
635 case VOID: return Void.class;
\r
640 @SuppressWarnings("unchecked")
\r
642 public <A> A newInstance(API api) {
\r
644 case NS_REQ: return (A) new NsRequest();
\r
645 case NSS: return (A) new Nss();
\r
646 case PERMS: return (A)new Perms();
\r
647 case PERM_KEY: return (A)new PermKey();
\r
648 case ROLES: return (A)new Roles();
\r
649 case ROLE: return (A)new Role();
\r
650 case USERS: return (A)new Users();
\r
651 case DELGS: return (A)new Delgs();
\r
652 case CERTS: return (A)new Certs();
\r
653 case PERM_REQ: return (A)new PermRequest();
\r
654 case CRED_REQ: return (A)new CredRequest();
\r
655 case ROLE_REQ: return (A)new RoleRequest();
\r
656 case USER_ROLE_REQ: return (A)new UserRoleRequest();
\r
657 case USER_ROLES: return (A)new UserRoles();
\r
658 case ROLE_PERM_REQ: return (A)new RolePermRequest();
\r
659 case HISTORY: return (A)new History();
\r
660 case KEYS: return (A)new Keys();
\r
661 //case MODEL: return (A)new Model();
\r
662 case ERROR: return (A)new Error();
\r
663 case API: return (A)new Api();
\r
664 case VOID: return null;
\r
666 case APPROVALS: return (A) new Approvals();
\r
667 case DELG_REQ: return (A) new DelgRequest();
\r
672 @SuppressWarnings("unchecked")
\r
674 * Get Typed Marshaler as they are defined
\r
679 public <A> Marshal<A> getMarshal(API api) {
\r
681 case CERTS: return (Marshal<A>) new CertsMarshal();
\r
688 public Result<Approvals> approvals(List<ApprovalDAO.Data> lAppr) {
\r
689 Approvals apprs = new Approvals();
\r
690 List<Approval> lappr = apprs.getApprovals();
\r
692 for(ApprovalDAO.Data appr : lAppr) {
\r
693 a = new Approval();
\r
694 a.setId(appr.id.toString());
\r
695 a.setTicket(appr.ticket.toString());
\r
696 a.setUser(appr.user);
\r
697 a.setApprover(appr.approver);
\r
698 a.setType(appr.type);
\r
699 a.setStatus(appr.status);
\r
700 a.setMemo(appr.memo);
\r
701 a.setOperation(appr.operation);
\r
702 a.setUpdated(Chrono.timeStamp(appr.updated));
\r
705 return Result.ok(apprs);
\r
709 public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {
\r
710 List<ApprovalDAO.Data> lappr = new ArrayList<ApprovalDAO.Data>();
\r
711 for(Approval a : apprs.getApprovals()) {
\r
712 ApprovalDAO.Data ad = new ApprovalDAO.Data();
\r
713 String str = a.getId();
\r
714 if(str!=null)ad.id=UUID.fromString(str);
\r
715 str = a.getTicket();
\r
716 if(str!=null)ad.ticket=UUID.fromString(str);
\r
717 ad.user=a.getUser();
\r
718 ad.approver=a.getApprover();
\r
719 ad.type=a.getType();
\r
720 ad.status=a.getStatus();
\r
721 ad.operation=a.getOperation();
\r
722 ad.memo=a.getMemo();
\r
724 XMLGregorianCalendar xgc = a.getUpdated();
\r
725 if(xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();
\r
728 return Result.ok(lappr);
\r
732 public Result<Delgs> delegate(List<DelegateDAO.Data> lDelg) {
\r
733 Delgs delgs = new Delgs();
\r
734 List<Delg> ldelg = delgs.getDelgs();
\r
736 for(DelegateDAO.Data del: lDelg) {
\r
738 d.setUser(del.user);
\r
739 d.setDelegate(del.delegate);
\r
740 if(del.expires!=null)d.setExpires(Chrono.timeStamp(del.expires));
\r
743 return Result.ok(delgs);
\r
747 public Result<Data> delegate(AuthzTrans trans, Request base) {
\r
749 DelgRequest from = (DelgRequest)base;
\r
750 DelegateDAO.Data to = new DelegateDAO.Data();
\r
751 String user = from.getUser();
\r
753 String delegate = from.getDelegate();
\r
754 to.delegate = delegate;
\r
755 to.expires = getExpires(trans.org(),Expiration.UserDelegate,base,from.getUser());
\r
756 trans.checkpoint(to.user+"=>"+to.delegate, Env.ALWAYS);
\r
758 return Result.ok(to);
\r
759 } catch (Exception t) {
\r
760 return Result.err(Status.ERR_BadData,t.getMessage());
\r
765 * We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever
\r
766 * the date is created from.
\r
768 private Date getExpires(Organization org, Expiration exp, Request base, String id) {
\r
769 XMLGregorianCalendar end = base.getEnd();
\r
770 GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();
\r
771 GregorianCalendar orggc;
\r
772 orggc = org.expiration(gc,exp,id);
\r
774 // We'll choose the lesser of dates to ensure Policy Compliance...
\r
776 GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;
\r
777 // Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.
\r
778 endgc = Chrono.firstMomentOfDay(endgc);
\r
779 endgc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay());
\r
780 return endgc.getTime();
\r
785 public Result<Keys> keys(Collection<String> from) {
\r
786 Keys keys = new Keys();
\r
787 keys.getKey().addAll(from);
\r
788 return Result.ok(keys).emptyList(from.isEmpty());
\r
Code Review / aaf / authz.git / blob