Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
changed to unmaintained
[aaf/authz.git] / auth / auth-deforg / src / main / java / org / onap / aaf / org / DefaultOrg.java
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 92db469..c7f3b1c 100644 (file)
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -32,6 +32,7 @@ import java.util.Set;
 import java.util.regex.Pattern;
 
 import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.local.AbsData.Reuse;
 import org.onap.aaf.auth.org.EmailWarnings;
 import org.onap.aaf.auth.org.Executor;
 import org.onap.aaf.auth.org.Mailer;
@@ -40,6 +41,7 @@ import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.util.FQI;
 import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.org.Identities.Data;
 
 public class DefaultOrg implements Organization {
     private static final String AAF_DATA_DIR = "aaf_data_dir";
@@ -47,7 +49,7 @@ public class DefaultOrg implements Organization {
     final String domain;
     final String atDomain;
     final String realm;
-       
+
     private final String root_ns;
 
     private final String NAME;
@@ -64,15 +66,14 @@ public class DefaultOrg implements Organization {
         atDomain = '@'+domain;
         NAME=env.getProperty(realm + ".name","Default Organization");
         root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
-        
+
         try {
-            String defFile;
-            String temp=env.getProperty(defFile = (getClass().getName()+".file"));
+            String temp=env.getProperty(realm +".file");
             File fIdentities=null;
             if (temp==null) {
                 temp = env.getProperty(AAF_DATA_DIR);
                 if (temp!=null) {
-                    env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat");
+                    env.warn().log("Datafile for " + realm + " is not defined. Using default: ",temp+"/identities.dat");
                     File dir = new File(temp);
                     fIdentities=new File(dir,"identities.dat");
 
@@ -83,6 +84,7 @@ public class DefaultOrg implements Organization {
                         }
                         fIdentities.createNewFile();
                     }
+
                 }
             } else {
                 fIdentities = new File(temp);
@@ -103,6 +105,24 @@ public class DefaultOrg implements Organization {
                     throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
                 }
             }
+
+            File fRevoked=null;
+            temp=env.getProperty(getClass().getName()+".file.revoked");
+            if(temp==null) {
+                temp = env.getProperty(AAF_DATA_DIR);
+                if (temp!=null) {
+                    File dir = new File(temp);
+                    fRevoked=new File(dir,"revoked.dat");
+                }
+            } else {
+                fRevoked = new File(temp);
+            }
+            if (fRevoked!=null && fRevoked.exists()) {
+                revoked = new Identities(fRevoked);
+            } else {
+                revoked = null;
+            }
+
         } catch (IOException e) {
             throw new OrganizationException(e);
         }
@@ -112,6 +132,7 @@ public class DefaultOrg implements Organization {
     static final List<String> NULL_DELEGATES = new ArrayList<>();
 
     public Identities identities;
+    public Identities revoked;
     private boolean dryRun;
     private Mailer mailer;
     public enum Types {Employee, Contractor, Application, NotActive};
@@ -147,30 +168,59 @@ public class DefaultOrg implements Organization {
         return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
     }
 
+    /**
+     * If the ID isn't in the revoked file, if it exists, it is revoked.
+     */
+    @Override
+    public Date isRevoked(AuthzTrans trans, String key) {
+        if(revoked!=null) {
+            try {
+                revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
+                try {
+                    Reuse r = revoked.reuse();
+                    int at = key.indexOf(domain);
+                    String search;
+                    if (at>=0) {
+                        search = key.substring(0,at);
+                    } else {
+                        search = key;
+                    }
+                    Data revokedData = revoked.find(search, r);
+                    return revokedData==null?null:new Date();
+                } finally {
+                    revoked.close(trans);
+                }
+            } catch (IOException e) {
+                trans.error().log(e);
+            }
+        }
+        return null;
+    }
+
     /* (non-Javadoc)
-        * @see org.onap.aaf.auth.org.Organization#getEsclaations(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, int)
-        */
-       @Override
-       public List<Identity> getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException {
-               List<Identity> rv = new ArrayList<>();
-               int end = Math.min(3,Math.abs(escalate));
-               Identity id = null;
-               for(int i=0;i<end;++i) {
-                       if(id==null) {
-                               id = getIdentity(trans,user);
-                       } else {
-                               id = id.responsibleTo();
-                       }
-                       if(id==null) {
-                               break;
-                       } else {
-                               rv.add(id);
-                       }
-               }
-               return rv;
-       }
+     * @see org.onap.aaf.auth.org.Organization#getEsclaations(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, int)
+     */
+    @Override
+    public List<Identity> getIDs(AuthzTrans trans, String user, int escalate) throws OrganizationException {
+        List<Identity> rv = new ArrayList<>();
+        int end = Math.min(3,Math.abs(escalate));
+        Identity id = null;
+        for(int i=0;i<end;++i) {
+            if(id==null) {
+                id = getIdentity(trans,user);
+            } else {
+                id = id.responsibleTo();
+            }
+            if(id==null) {
+                break;
+            } else {
+                rv.add(id);
+            }
+        }
+        return rv;
+    }
 
-       // Note: Return a null if found; return a String Message explaining why not found.
+    // Note: Return a null if found; return a String Message explaining why not found.
     @Override
     public String isValidID(final AuthzTrans trans, final String id) {
         try {
@@ -213,11 +263,11 @@ public class DefaultOrg implements Organization {
     /**
      *  (                # Start of group
      *  (?=.*[a-z,A-Z])    #   must contain one character
-     *  
-     *  (?=.*\d)        #   must contain one digit from 0-9 
+     *
+     *  (?=.*\d)        #   must contain one digit from 0-9
      *        OR
      *  (?=.*[@#$%])    #   must contain one special symbols in the list SPEC_CHARS
-     *  
+     *
      *            .        #     match anything with previous condition checking
      *          {6,20}    #        length at least 6 characters and maximum of 20
      *  )                # End of group
@@ -466,6 +516,10 @@ public class DefaultOrg implements Organization {
                 now.add(GregorianCalendar.MONTH, 6);
                 rv = now;
                 break;
+            case RevokedGracePeriodEnds:
+               now.add(GregorianCalendar.DATE, 3);
+               rv = now;
+               break;
             default:
                 // Unless other wise set, 6 months is default
                 now.add(GregorianCalendar.MONTH, 6);
@@ -520,7 +574,7 @@ public class DefaultOrg implements Organization {
 
     @Override
     public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {
-       String user;
+        String user;
         switch(policy) {
             case OWNS_MECHID:
             case CREATE_MECHID:
@@ -546,11 +600,11 @@ public class DefaultOrg implements Organization {
             case CREATE_MECHID_BY_PERM_ONLY:
                 return getName() + " only allows sponsors to create MechIDs";
 
-                       case MAY_EXTEND_CRED_EXPIRES:
-                               // If parm, use it, otherwise, trans
-                               user = vars.length>1?vars[1]:trans.user();
-                               return executor.hasPermission(user, root_ns,"password", root_ns , "extend")
-                                               ?null:user + " does not have permission to extend passwords at " + getName();
+            case MAY_EXTEND_CRED_EXPIRES:
+                // If parm, use it, otherwise, trans
+                user = vars.length>1?vars[1]:trans.user();
+                return executor.hasPermission(user, root_ns,"password", root_ns , "extend")
+                        ?null:user + " does not have permission to extend passwords at " + getName();
 
             default:
                 return policy.name() + " is unsupported at " + getName();
@@ -588,6 +642,25 @@ public class DefaultOrg implements Organization {
         }
         return false;
     }
+    
+       @Override
+       public String supportedDomain(String user) {
+               if(user!=null) {
+                       int after_at = user.indexOf('@')+1;
+                       if(after_at<user.length()) {
+                               String ud = FQI.reverseDomain(user);
+                               if(ud.startsWith(getDomain())) {
+                                       return getDomain();
+                               }
+                               for(String s : supportedRealms) {
+                                       if(ud.startsWith(s)) {
+                                               return FQI.reverseDomain(s);
+                                       }
+                               }
+                       }
+               }
+               return null;
+       }
 
     @Override
     public synchronized void addSupportedRealm(final String r) {
@@ -598,7 +671,7 @@ public class DefaultOrg implements Organization {
     public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body,
             Boolean urgent) throws OrganizationException {
         if (mailer!=null) {
-               String mailFrom = mailer.mailFrom();
+            String mailFrom = mailer.mailFrom();
             List<String> to = new ArrayList<>();
             for (String em : toList) {
                 if (em.indexOf('@')<0) {
@@ -633,9 +706,8 @@ public class DefaultOrg implements Organization {
         }
     }
 
-       @Override
-       public boolean mayAutoDelete(AuthzTrans trans, String user) {
-               // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
-               return false;
-       }
+    @Override
+    public boolean isUserExpireExempt(String user, Date expires) {
+        return false;
+    }
 }
ARCHIVED- 2022-02-15 at the request of the project