* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.CredDAO;
import org.onap.aaf.auth.dao.cass.DelegateDAO;
+import org.onap.aaf.auth.dao.cass.DelegateDAO.Data;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
import org.onap.aaf.auth.dao.cass.Namespace;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.DelegateDAO.Data;
import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.dao.hl.Question.Access;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.rserv.Pair;
import org.onap.aaf.auth.service.MayChange;
import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;
+import org.onap.aaf.cadi.util.Split;
import org.onap.aaf.cadi.util.Vars;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
public Mapper_2_0(Question q) {
this.q = q;
}
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#ns(java.lang.Object, org.onap.aaf.auth.service.mapper.Mapper.Holder)
*/
namespace.owner = from.getResponsible();
namespace.description = from.getDescription();
trans.checkpoint(namespace.name, Env.ALWAYS);
-
+
NsType nt = NsType.fromString(from.getType());
if (nt.equals(NsType.UNKNOWN)) {
String ns = namespace.name;
}
}
namespace.type = nt.type;
-
+
return Result.ok(namespace);
}
} finally {
tt.done();
}
-
+
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
return instanceCompare;
}
return typeCompare;
- }
+ }
});
} finally {
tt.done();
}
return Result.ok(to);
}
-
+
@Override
public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, String[] nss, boolean filter) {
List<Perm> perms = to.getPerm();
} finally {
tt.done();
}
-
+
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
return instanceCompare;
}
return typeCompare;
- }
+ }
});
} finally {
tt.done();
for (Perm p : perms.getPerm()) {
Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());
PermDAO.Data pd = new PermDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = p.getInstance();
return Result.ok(lpd);
}
-
+
@Override
public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {
return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());
}
-
+
@Override
public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
if (perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");
Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());
PermDAO.Data pd = new PermDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = from.getPerm().getInstance();
pd.action = from.getPerm().getAction();
trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
-
+
String[] roles = {};
-
+
if (from.getRole() != null) {
roles = from.getRole().split(",");
}
- for (String role : roles) {
+ for (String role : roles) {
pd.roles(true).add(role);
}
return Result.ok(pd);
return Result.err(nss);
}
}
-
+
@Override
public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());
RoleDAO.Data rd = new RoleDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
rd.ns = nss.value.ns;
rd.name = nss.value.name;
trans.checkpoint(rd.fullName(), Env.ALWAYS);
return Result.err(nss);
}
}
-
+
@Override
public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {
PermRequest from = (PermRequest)req;
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
+ String type = from.getType();
+ if(type==null) {
+ return Result.err(Result.ERR_BadData, "Invalid Perm Type");
+ }
PermDAO.Data pd = new PermDAO.Data();
- if (nss.isOK()) {
- pd.ns=nss.value.ns;
- pd.type = nss.value.name;
+ if(type.contains("@")) {
+ String[] split = Split.splitTrim(':', type);
+ pd.ns = split[0];
+ pd.type=split.length>1?split[1]:"";
pd.instance = from.getInstance();
pd.action = from.getAction();
pd.description = from.getDescription();
- trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
return Result.ok(pd);
- } else {
- return Result.err(nss);
+ } else {
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
+ if (nss.isOK()) {
+ pd.ns=nss.value.ns;
+ pd.type = nss.value.name;
+ pd.instance = from.getInstance();
+ pd.action = from.getAction();
+ pd.description = from.getDescription();
+ trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
+ return Result.ok(pd);
+ } else {
+ return Result.err(nss);
+ }
}
}
-
+
@Override
public Request ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action) {
RolePermRequest rpr = new RolePermRequest();
pkey.setInstance(instance);
pkey.setAction(action);
rpr.setPerm(pkey);
-
+
rpr.setRole(role);
return rpr;
}
*/
@Override
public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
- final boolean needNS = trans.requested(REQD_TYPE.ns);
+ final boolean needNS = trans.requested(REQD_TYPE.ns);
for (RoleDAO.Data frole : from) {
// Only Add Data to view if User is allowed to see this Role
if (!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);
if (rpa.notOK())
return Result.err(rpa);
-
+
String[] pa = rpa.value;
Pkey pKey = new Pkey();
pKey.setType(pa[0]+'.'+pa[1]);
/*
* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
- *
+ *
* Note: Prevalidate all data for permission to view
*/
@Override
/*
* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
- *
+ *
* Note: Prevalidate all data for permission to view
*/
@Override
CredDAO.Data to = new CredDAO.Data();
to.id=from.getId();
to.ns = Question.domain2ns(to.id);
- String passwd = from.getPassword();
- if (requiresPass) {
- String ok = trans.org().isValidPassword(trans, to.id,passwd);
- if (ok.length()>0) {
- return Result.err(Status.ERR_BadData,ok);
- }
- } else {
- to.type=0;
- }
- if (passwd != null) {
- to.cred = ByteBuffer.wrap(passwd.getBytes());
- to.type = CredDAO.RAW;
+ to.type = from.getType();
+ if(to.type!=null && to.type==CredDAO.FQI) {
+ to.cred = null;
} else {
- to.type = 0;
+ String passwd = from.getPassword();
+ if (requiresPass) {
+ String ok = trans.org().isValidPassword(trans, to.id,passwd);
+ if (ok.length()>0) {
+ return Result.err(Status.ERR_BadData,ok);
+ }
+ }
+ if (passwd != null) {
+ to.cred = ByteBuffer.wrap(passwd.getBytes());
+ to.type = CredDAO.RAW;
+ } else {
+ to.type = CredDAO.NONE;
+ }
}
-
+
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
return Result.ok(to);
}
-
+
@Override
public Result<Users> cred(List<CredDAO.Data> from, Users to) {
List<User> cu = to.getUser();
user.setId(cred.id);
user.setExpires(Chrono.timeStamp(cred.expires));
user.setType(cred.type);
+ user.setTag(cred.tag);
cu.add(user);
}
return Result.ok(to);
}
-
+
@Override
public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {
List<Cert> lc = to.getCert();
Cert cert = new Cert();
cert.setId(fcred.id);
cert.setX500(fcred.x500);
- /**TODO - change Interface
+ /**TODO - change Interface
* @deprecated */
cert.setFingerprint(fcred.serial.toByteArray());
lc.add(cert);
/**
* Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester
* is allowed to change this value directly
- *
+ *
* Returning Result.OK means it should be done in the future.
* Returning Result.ACC_Now means to act on table change now.
*/
@Override
- public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
+ public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
Bytification content, boolean enableApproval, Memo memo, MayChange mc) {
Result<?> rMayChange;
- boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false;
+ boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false;
if (!needsAppr && (needsAppr = (rMayChange=mc.mayChange()).notOK())) {
if (enableApproval) {
if (!trans.requested(AuthzTrans.REQD_TYPE.future)) {
return Result.err(rMayChange);
}
}
- GregorianCalendar now = new GregorianCalendar();
+ GregorianCalendar now = new GregorianCalendar();
GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar();
-
+
GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);
XMLGregorianCalendar xgc;
if ((xgc=from.getEnd())!=null) {
GregorianCalendar fgc = xgc.toGregorianCalendar();
expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration
}
-
+
//TODO needs two answers from this. What's the NSS, and may Change.
FutureDAO.Data fto;
if (start.after(now) || needsAppr ) {
item.setUser(data.user);
items.add(item);
}
-
+
if (sort != 0) {
TimeTaken tt = trans.start("Sort ", Env.SUB);
try {
}
return err;
}
-
+
@Override
public Class<?> getClass(API api) {
switch(api) {
case ERROR: return (A)new Error();
case API: return (A)new Api();
case VOID: return null;
-
+
case APPROVALS: return (A) new Approvals();
case DELG_REQ: return (A) new DelgRequest();
}
return null;
}
-
+
@SuppressWarnings("unchecked")
/**
* Get Typed Marshaler as they are defined
- *
+ *
* @param api
* @return
*/
}
return Result.ok(apprs);
}
-
+
@Override
public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {
List<ApprovalDAO.Data> lappr = new ArrayList<>();
ad.status=a.getStatus();
ad.operation=a.getOperation();
ad.memo=a.getMemo();
-
+
XMLGregorianCalendar xgc = a.getUpdated();
if (xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();
lappr.add(ad);
/*
* We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever
* the date is created from.
- */
+ */
private Date getExpires(Organization org, Expiration exp, Request base, String id) {
XMLGregorianCalendar end = base.getEnd();
GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();
GregorianCalendar orggc;
- orggc = org.expiration(gc,exp,id);
+ orggc = org.expiration(gc,exp,id);
// We'll choose the lesser of dates to ensure Policy Compliance...
-
+
GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;
// Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.
endgc = Chrono.firstMomentOfDay(endgc);