package org.onap.aaf.auth.cm.validation;
import java.util.List;
+import java.util.regex.Pattern;
import org.onap.aaf.auth.dao.cass.ArtiDAO;
import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
*
*/
public class CertmanValidator extends Validator{
- // Repeated Msg fragments
- private static final String MECHID = "mechid";
- private static final String MACHINE = "machine";
- private static final String ARTIFACT_LIST_IS_NULL = "Artifact List is null.";
- private static final String Y = "y.";
- private static final String IES = "ies.";
- private static final String ENTR = " entr";
- private static final String MUST_HAVE_AT_LEAST = " must have at least ";
- private static final String IS_NULL = " is null.";
- private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
+ // Repeated Msg fragments
+ private static final String MECHID = "mechid";
+ private static final String MACHINE = "machine";
+ private static final String ARTIFACT_LIST_IS_NULL = "Artifact List is null.";
+ private static final String Y = "y.";
+ private static final String IES = "ies.";
+ private static final String ENTR = " entr";
+ private static final String MUST_HAVE_AT_LEAST = " must have at least ";
+ private static final String IS_NULL = " is null.";
+ private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
+ private static final Pattern ALPHA_NUM = Pattern.compile("[a-zA-Z0-9]*");
+
+ private static boolean disallowTmp = true;
+ public static void allowTmp() {
+ disallowTmp=false;
+ }
+
+ public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
+ if (list==null) {
+ msg(name + IS_NULL);
+ } else {
+ if (list.size()<min) {
+ msg(name + MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
+ } else {
+ for (String s : list) {
+ nullOrBlank("List Item",s);
+ }
+ }
+ }
+ return this;
+ }
- public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
- if(list==null) {
- msg(name + IS_NULL);
- } else {
- if(list.size()<min) {
- msg(name + MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
- } else {
- for(String s : list) {
- nullOrBlank("List Item",s);
- }
- }
- }
- return this;
- }
+ public CertmanValidator artisRequired(List<ArtiDAO.Data> list, int min) {
+ if (list==null) {
+ msg(ARTIFACT_LIST_IS_NULL);
+ } else {
+ if (list.size()<min) {
+ msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
+ } else {
+ for (ArtiDAO.Data a : list) {
+ allRequired(a);
+ if(disallowTmp && a.dir!=null && a.dir.startsWith("/tmp")) {
+ msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)");
+ }
+ }
+ }
+ }
+ return this;
+ }
- public CertmanValidator artisRequired(List<ArtiDAO.Data> list, int min) {
- if(list==null) {
- msg(ARTIFACT_LIST_IS_NULL);
- } else {
- if(list.size()<min) {
- msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
- } else {
- for(ArtiDAO.Data a : list) {
- allRequired(a);
- }
- }
- }
- return this;
- }
-
- public CertmanValidator artisKeys(List<ArtiDAO.Data> list, int min) {
- if(list==null) {
- msg(ARTIFACT_LIST_IS_NULL);
- } else {
- if(list.size()<min) {
- msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
- } else {
- for(ArtiDAO.Data a : list) {
- keys(a);
- }
- }
- }
- return this;
- }
-
-
- public CertmanValidator keys(ArtiDAO.Data add) {
- if(add==null) {
- msg("Artifact is null.");
- } else {
- nullOrBlank(MECHID, add.mechid);
- nullOrBlank(MACHINE, add.machine);
- }
- return this;
- }
-
- private CertmanValidator allRequired(Data a) {
- if(a==null) {
- msg("Artifact is null.");
- } else {
- nullOrBlank(MECHID, a.mechid);
- nullOrBlank(MACHINE, a.machine);
- nullOrBlank("ca",a.ca);
- nullOrBlank("dir",a.dir);
- nullOrBlank("os_user",a.os_user);
- // Note: AppName, Notify & Sponsor are currently not required
- }
- return this;
- }
+ public CertmanValidator keys(ArtiDAO.Data add) {
+ if (add==null) {
+ msg("Artifact is null.");
+ } else {
+ nullOrBlank(MECHID, add.mechid);
+ nullOrBlank(MACHINE, add.machine);
+ }
+ return this;
+ }
+
+ private CertmanValidator allRequired(Data a) {
+ if (a==null) {
+ msg("Artifact is null.");
+ } else {
+ nullOrBlank(MECHID, a.mechid);
+ nullOrBlank(MACHINE, a.machine);
+ nullOrBlank("ca",a.ca);
+ nullOrBlank("dir",a.dir);
+ match("NS must be dot separated AlphaNumeric",a.ns,NAME_CHARS);
+ match("O/S User must be AlphaNumeric",a.os_user,ALPHA_NUM);
+ // Note: AppName, Notify & Sponsor are currently not required
+ }
+ return this;
+ }
}
Code Review / aaf / authz.git / blobdiff