* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.auth.gui.Page;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.client.Future;
-import org.onap.aaf.cadi.client.Holder;
+import org.onap.aaf.cadi.util.Holder;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.util.Vars;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.Data.TYPE;
+import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.util.IPValidator;
import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.xgen.Cache;
import org.onap.aaf.misc.xgen.DynamicCode;
+import org.onap.aaf.misc.xgen.Mark;
import org.onap.aaf.misc.xgen.html.HTMLGen;
import aaf.v2_0.Error;
final Slot sOther = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[9]);
final Slot sType = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[10]);
final Slot sSans = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[11]);
-
+
@Override
public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI, AuthzTrans>() {
@Override
public void code(final AAF_GUI gui, final AuthzTrans trans,final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
-trans.info().log("Step 1");
+ trans.info().log("Step 1");
final Artifact arti = new Artifact();
final String machine = trans.get(sMachine,null);
final String ca = trans.get(sCA, null);
final String sans = ((String)trans.get(sSans,null));
- if(sans!=null) {
- for(String s: Split.splitTrim(',', sans)) {
+ if (sans!=null) {
+ for (String s: Split.splitTrim(',', sans)) {
arti.getSans().add(s);
}
}
- // Disallow IP entries, except by special Permission
- if(!trans.fish(getPerm(ca,"ip"))) {
- boolean ok=true;
- if(IPValidator.ip(machine)) {
- ok=false;
- }
- if(ok) {
- for(String s: arti.getSans()) {
- if(IPValidator.ip(s)) {
- ok=false;
- break;
+
+ // These checks to not apply to deletions
+ if(!CMArtiChangeForm.DELETE.equals(trans.get(sCmd, ""))) {
+ // Disallow IP entries, except by special Permission
+ if (!trans.fish(getPerm(ca,"ip"))) {
+ boolean ok=true;
+ if (IPValidator.ip(machine)) {
+ ok=false;
+ }
+ if (ok) {
+ for (String s: arti.getSans()) {
+ if (IPValidator.ip(s)) {
+ ok=false;
+ break;
+ }
}
}
+ if (!ok) {
+ hgen.p("Policy Failure: IPs in certificates are only allowed by Exception.");
+ return;
+ }
}
- if(!ok) {
- hgen.p("Policy Failure: IPs in certificates are only allowed by Exception.");
- return;
- }
- }
-
- // Disallow Domain based Definitions without exception
- if(machine.startsWith("*")) { // Domain set
- if(!trans.fish(getPerm(ca, "domain"))) {
- hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
- return;
- }
+
}
-
+
arti.setMechid((String)trans.get(sID,null));
arti.setMachine(machine);
arti.setNs((String)trans.get(sNS,null));
arti.setRenewDays(Integer.parseInt((String)trans.get(sRenewal, null)));
arti.setNotification((String)trans.get(sNotify, null));
String[] checkbox = trans.get(sType,null);
- for(int i=0;i<CMArtiChangeForm.types.length;++i) {
- if("on".equals(checkbox[i])) {
+ for (int i=0;i<CMArtiChangeForm.types.length;++i) {
+ if ("on".equals(checkbox[i])) {
arti.getType().add(CMArtiChangeForm.types[i]);
}
}
hgen.p("Data Entry Failure: Please enter a valid ID, including domain.");
// VALIDATE OTHERS?
} else { // everything else is checked by Server
-
+
try {
final Artifacts artifacts = new Artifacts();
artifacts.getArtifact().add(arti);
- final Holder<Boolean> ok = new Holder<Boolean>(false);
+ final Holder<Boolean> ok = new Holder<Boolean>(false);
final Holder<Boolean> deleted = new Holder<Boolean>(false);
Future<?> f = gui.cmClientAsUser(trans.getUserPrincipal(), new Retryable<Future<?>>() {
@Override
case CMArtiChangeForm.CREATE:
Future<Artifacts> fc;
rv = fc = client.create("/cert/artifacts", gui.artifactsDF, artifacts);
- if(fc.get(AAFcli.timeout())) {
+ if (fc.get(AAFcli.timeout())) {
hgen.p("Created Artifact " + arti.getMechid() + " on " + arti.getMachine());
ok.set(true);
}
break;
case CMArtiChangeForm.UPDATE:
Future<Artifacts> fu = client.update("/cert/artifacts", gui.artifactsDF, artifacts);
- if((rv=fu).get(AAFcli.timeout())) {
+ rv=fu;
+ if(rv.get(AAFcli.timeout())) {
hgen.p("Artifact " + arti.getMechid() + " on " + arti.getMachine() + " is updated");
ok.set(true);
}
case CMArtiChangeForm.COPY:
Future<Artifacts> future = client.read("/cert/artifacts/"+arti.getMechid()+'/'+arti.getMachine(), gui.artifactsDF);
rv = future;
- if(future.get(AAFcli.timeout())) {
- for(Artifact a : future.value.getArtifact()) { // only one, because these two are key
- for(String newMachine :Split.split(',', trans.get(sOther, ""))) {
+ if (future.get(AAFcli.timeout())) {
+ for (Artifact a : future.value.getArtifact()) { // only one, because these two are key
+ for (String newMachine :Split.split(',', trans.get(sOther, ""))) {
a.setMachine(newMachine);
Future<Artifacts> fup = client.update("/cert/artifacts", gui.artifactsDF, future.value);
- if(fup.get(AAFcli.timeout())) {
+ if (fup.get(AAFcli.timeout())) {
hgen.p("Copied to " + newMachine);
ok.set(true);
}
case CMArtiChangeForm.DELETE:
Future<Void> fv;
rv = fv = client.delete("/cert/artifacts/"+arti.getMechid()+"/"+arti.getMachine(),"application/json");
- if(fv.get(AAFcli.timeout())) {
+ if (fv.get(AAFcli.timeout())) {
hgen.p("Deleted " + arti.getMechid() + " on " + arti.getMachine());
ok.set(true);
deleted.set(true);
return rv;
}
});
- if(!ok.get()) {
- if(f==null) {
+ if (!ok.get()) {
+ if (f==null) {
hgen.p("Unknown Command");
} else {
- if(f.body().contains("%")) {
+ if (f.code() > 201) {
Error err = gui.getDF(Error.class).newData().in(TYPE.JSON).load(f.body()).asObject();
- hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ if(f.body().contains("%") ) {
+ hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ } else {
+ int colon = err.getText().indexOf(':');
+ if(colon>0) {
+ hgen.p(err.getMessageId() + ": " + err.getText().substring(0, colon));
+ Mark bq = new Mark();
+ hgen.incr(bq,"blockquote");
+ for(String em : Split.splitTrim('\n', err.getText().substring(colon+1))) {
+ hgen.p(em);
+ }
+ hgen.end(bq);
+ } else {
+ hgen.p(err.getMessageId() + ": " + err.getText());
+ }
+ }
} else {
hgen.p(arti.getMechid() + " on " + arti.getMachine() + ": " + f.body());
}
hgen.p("Unknown Error");
e.printStackTrace();
}
-
+
}
hgen.br();
}
Code Review / aaf / authz.git / blobdiff