<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-deforg</artifactId>
</dependency>
-
- <!--dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency -->
-
</dependencies>
<build>
<include>org.onap.aaf.authz:aaf-cadi-core</include>
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
</includes -->
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-batch</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
+ </includes>
</dependencySet>
</dependencySets>
</assembly>
\ No newline at end of file
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
public static void main(String[] args) {
PropAccess access = new PropAccess(args);
- access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat");
+ access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat");
FileGetter fg = FileGetter.singleton(access);
for(String id : new String[] {"m01891@aaf.att.com","bogus"}) {
if (rparent.notOK()) {
return Result.err(rparent);
}
- parent = rparent.value.parent;
if (!fromApproval) {
rparent = q.mayUser(trans, user, rparent.value, Access.write);
if (rparent.notOK()) {
return Result.err(Status.ERR_BadData,
"[%s] cannot be a delegate for self", dd.user);
}
- if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG,
- org.getDomain(), Question.CREATE)) {
- return Result.err(Status.ERR_Denied,
+ if (!isUser) {
+ String supportedDomain = org.supportedDomain(dd.user);
+ if(supportedDomain==null) {
+ return Result.err(Status.ERR_Denied,
+ "[%s] may not create a delegate for the domain for [%s]",
+ trans.user(), dd.user);
+ } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+ return Result.err(Status.ERR_Denied,
"[%s] may not create a delegate for [%s]",
trans.user(), dd.user);
+ }
}
break;
case read:
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
--- /dev/null
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.api;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
+
+/**
+ * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
+ * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
+ */
+public interface CmpClient {
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name.
+ * Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
+ * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
+ Date notBefore, Date notAfter)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
+ * be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
+ * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate
+ * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
+ *
+ * @param caName CA name. Could be {@code null}.
+ * @param cert Target certificate. Must not be {@code null}.
+ * @param reason Revocation reason.
+ * @param invalidityTime Invalidity time. Could be {@code null}.
+ * @return return Certificate.
+ *
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
+ throws CAOfflineException, CmpClientException;
+}
--- /dev/null
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA
+ * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The
+ * connection was refused remotely (e.g., no process is listening on the remote address/port).
+ */
+public class CAOfflineException extends Exception {
+
+ private static final long serialVersionUID = 2L;
+
+ /**
+ * Creates a new instance without detail message.
+ */
+ public CAOfflineException() {
+ super();
+ }
+
+ /**
+ * Constructs an instance with the specified detail message.
+ *
+ * @param msg the detail message.
+ */
+ public CAOfflineException(String msg) {
+ super(msg);
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code.
+ */
+public class CmpClientException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates a new instance with detail message.
+ */
+ public CmpClientException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new instance with detail Throwable cause.
+ */
+ public CmpClientException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Creates a new instance with detail message and Throwable cause.
+ */
+ public CmpClientException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient;
+
+/**
+ * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 (
+ * Certificate Request Message Format (CRMF)) standards.
+ */
+public final class CmpClientImpl implements CmpClient {
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr, final Date notBefore, final Date notAfter)
+ throws CAOfflineException, CmpClientException {
+
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason,
+ final Date invalidityTime)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+}
+
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
<include>jline:jline</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
</includes>
</dependencySet>
}
String[] admin;
if (args.length>idx) {
- admin = args[idx++].split(COMMA);
+ admin = args[idx].split(COMMA);
} else {
admin = responsible;
}
final int option = whichOption(options, args[idx++]);
final String ns = args[idx++];
- final String ids[] = args[idx++].split(",");
+ final String ids[] = args[idx].split(",");
return same(new Retryable<Integer>() {
@Override
PermRequest pk = new PermRequest();
pk.setType(args[idx++]);
pk.setInstance(args[idx++]);
- pk.setAction(args[idx++]);
+ pk.setAction(args[idx]);
if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role
client.setQueryParams("force");
Future<RolePermRequest> frpr = null;
- String[] roles = args[idx++].split(",");
+ String[] roles = args[idx].split(",");
String strA;
String strB;
for (String role : roles) {
pw().println(" Accepted, but requires Approvals before actualizing");
} else {
error(frpr);
- idx=Integer.MAX_VALUE;
}
}
}
// IMPORTANT! We do this backward, because it is looking for string
// %1 or %13. If we replace %1 first, that messes up %13
+ String var;
for(int i=vars.size()-1;i>0;--i) {
- text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i));
+ var = vars.get(i);
+ if(aafcli.isTest()) {
+ int type = var.indexOf("U/P");
+ if(type>0) {
+ var = var.substring(0,type+4) + " XXXX/XX/XX XX:XX UTC XXXXXXXXXXXXXXXXXX";
+ }
+ }
+ text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var);
}
text = text.replace("%1",vars.get(0));
+ if(aafcli.isTest()) {
+
+ }
pw().println(text);
} else if (fp.code()==406 && option==1) {
pw().println("You cannot delete this Credential");
if (option<2 && args.length>idx) {
Date date;
try {
- date = Chrono.dateOnlyFmt.parse(args[idx++]);
+ date = Chrono.dateOnlyFmt.parse(args[idx]);
} catch (ParseException e) {
throw new CadiException(e);
}
}
@Override
- public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String user = fullID(args[idx++]);
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+ final String user = fullID(args[idx]);
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
+ int idx = _idx;
final String type = args[idx++];
int option = whichOption(options,type);
- String value = args[idx++];
+ String value = args[idx];
final String fullValue;
if (option != 2) {
fullValue = fullID(value);
int idx = idxParam;
final int option = whichOption(options, args[idx++]);
final String which = options[option];
- final String value = args[idx++];
+ final String value = args[idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
String type = args[idx++];
String instance = args[idx++];
if ("\\*".equals(instance))instance="*";
- String action = args[idx++];
+ String action = args[idx];
if ("\\*".equals(action))action="*";
try {
Future<Users> fp = client.read(
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String role = args[idx++];
+ final String role = args[_idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
public void addSupportedRealm(String r);
- public String getDomain();
+ /**
+ * If Supported, returns Realm, ex: org.onap
+ * ELSE returns null
+ *
+ * @param user
+ * @return
+ */
+ public String supportedDomain(String user);
+
+ public String getDomain();
/**
* Get Identity information based on userID
@Override
public void addSupportedRealm(String r) {
}
+
+ @Override
+ public String supportedDomain(String r) {
+ return null;
+ }
@Override
public String getDomain() {
}
env.init().printf("Instantiated %s with %s%s",orgNS,orgClass,(isDefault?" as default":""));
}
- if (org==null) {
- if (defaultOrg!=null) {
+ if ( (org==null) && (defaultOrg!=null)){
+
org=defaultOrg;
orgs.put(orgNS, org);
}
}
- }
+
return org;
}
}
private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) {
-// int plus = str.indexOf('+');
-// if (plus<0) {
+
boolean ok = false;
boolean any = false;
for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
}
}
}
-// } else { // Handle Accepts with "+" as in application/xaml+xml
-// int prev = str.indexOf('/')+1;
-// String first = str.substring(0,prev);
-// String nstr;
-// while (prev!=0) {
-// nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus));
-//
-// for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
-// if (type.x.equals(nstr)) {
-// acceptable.add(type);
-// return type;
-// }
-// }
-// prev = plus+1;
-// plus=str.indexOf('+', prev);
-// };
-// }
+
return any;
}
if (type.y!=null) {
for (Pair<String,Object> prop : type.y.y){
if (tag.equals(prop.x)) {
- if (tag.equals("charset")) {
+ if ( "charset".equals(tag)) {
return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched
- } else if (tag.equals("version")) {
+ } else if ("version".equals(tag)) {
return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding
} else if (tag.equals(Content.Q)) { // replace Q value
try {
this.resp = resp;
}
- public boolean matches(Route<TRANS> route) throws IOException, ServletException {
+ public boolean matches(Route<TRANS> route) {
// Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)
return (code = route.getCode(trans, req, resp))!=null;
}
package org.onap.aaf.auth.rserv;
-import java.io.IOException;
+
import java.util.List;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
}
return false;
}
+
+ @Override
+ public String supportedDomain(String user) {
+ if(user!=null) {
+ int after_at = user.indexOf('@')+1;
+ if(after_at<user.length()) {
+ String ud = FQI.reverseDomain(user);
+ if(ud.startsWith(getDomain())) {
+ return getDomain();
+ }
+ for(String s : supportedRealms) {
+ if(ud.startsWith(s)) {
+ return FQI.reverseDomain(s);
+ }
+ }
+ }
+ }
+ return null;
+ }
@Override
public synchronized void addSupportedRealm(final String r) {
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.cadi.register.RemoteRegistrant;
-import org.onap.aaf.misc.env.APIException;
+
public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
// creates StaticSlot, needed for CachingFileAccess, and sets to public Dir
env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir");
- CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);
+ CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env);
route(env,GET,"/:key*", cfa);
final String aaf_locate_url = Config.getAAFLocateUrl(access);
if (aaf_locate_url == null) {
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
* @param facade
* @throws Exception
*/
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) {
String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null);
if (aafurl!=null) {
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.APIException;
+@FunctionalInterface
public interface JSONPermLoader {
public Result<String> loadJSONPerms(AuthzTrans trans, String user, Set<String> scopes) throws APIException, CadiException;
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
}
switch(action) {
case DELETE:
+ String why;
if(ques.isOwner(trans, user,ns) ||
- ques.isAdmin(trans, user,ns) ||
- ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
- return Result.ok();
+ ques.isAdmin(trans, user,ns) ||
+ ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
+ return Result.ok();
}
break;
case RESET:
try {
if (firstID) {
// OK, it's a first ID, and not by NS Owner
- if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
+ String user = trans.user();
+ if(!ques.isOwner(trans,user,cdd.ns)) {
// Admins are not allowed to set first Cred, but Org has already
// said entity MAY create, typically by Permission
// We can't know which reason they are allowed here, so we
// have to assume that any with Special Permission would not be
// an Admin.
- if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+ String domain = org.supportedDomain(user);
+ if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) &&
+ ques.isAdmin(trans, user, cdd.ns)) {
return Result.err(Result.ERR_Denied,
"Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
} else {
}
final DelegateDAO.Data dd = rd.value;
+
+ if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) {
+ return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self");
+ }
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd);
if (access==Access.create && ddr.isOKhasData()) {
(nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType);
(permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType);
(permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType);
-// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType);
+
(roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType);
(roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType);
(usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType);
if (result.variables==null || result.variables.length<1) {
detail = new String[1];
} else {
- List<String> dlist = new ArrayList<String>();
+ List<String> dlist = new ArrayList<>();
dlist.add(null);
String os;
for(Object s : result.variables) {
detail = new String[dlist.size()];
dlist.toArray(detail);
}
- //int httpstatus;
-
switch(result.status) {
case ERR_ActionNotCompleted:
msgId = "SVC1202";
#
# Use dbuild.sh input parameter to set registry
FROM ${REGISTRY}/openjdk:8-jre-alpine
+#FROM openjdk:12-jdk-alpine
+#FROM openjdk:13-jdk-alpine
+
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
. ./aaf.props
DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.16}
+VERSION=${VERSION}
+CADI_VERSION=${CADI_VERSION:=${VERSION}}
for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
if [ "$(grep $V ./aaf.props)" = "" ]; then
PROJECT=aaf
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
# Note: Override can happen on dbuild.sh Commandline, -r <registry>
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
DOCKER=${DOCKER:=docker}
if [ "$1" == "" ]; then
- AAF_COMPONENTS="$(cat components) config core agent "
+ AAF_COMPONENTS="$(cat components) config core agent base "
else
AAF_COMPONENTS="$@"
fi
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
pause/
aaf.new/
aaf.props
+.DS_Store
+current
+*.tgz
# repository: localhost:5000/
service:
- agentImage: onap/aaf/aaf_agent:2.1.16-SNAPSHOT
- image: onap/aaf/aaf_hello:2.1.16-SNAPSHOT
+ agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT
+ image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT
app_ns: "org.osaaf.aaf"
fqi: "aaf@aaf.osaaf.org"
fqdn: "aaf-hello"
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.16-SNAPSHOT
+version: 2.1.17-SNAPSHOT
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.16-SNAPSHOT
+ version: 2.1.17-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
# This script is run when starting client Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
AAF_INTERFACE_VERSION=2.1
# Extract Name, Domain and NS from FQI
cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"}
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
OSAAF=/opt/app/osaaf
LOCAL=$OSAAF/local
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
import java.net.URL;
import java.util.ArrayList;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.CadiException;
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
}
return value;
}
-
+ @Override
public int read(byte[] b) throws IOException {
return read(b,0,b.length);
}
-
-
+
+ @Override
public int read(byte[] b, int off, int len) throws IOException {
int count = -1;
if (capacitor==null) {
String value = es.getValue().toString();
props.put(key, value);
if(key.contains("pass")) {
- value = "XXXXXXX";
+ value = "vi XX";
}
printf(Level.DEBUG," %s=%s",key,value);
}
+++ /dev/null
-#########
-# ============LICENSE_START====================================================
-# org.onap.aaf
-# ===========================================================================
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-# ===========================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END====================================================
-#
-
-hostname=veeger.mo.sbc.com
-
-port=2533
-
-# CSP has Production mode (active users) or DEVL mode (for
-# Testing purposes... Bogus users)
-#csp_domain=DEVL
-csp_domain=PROD
-
-# Report all AUTHN and AUTHZ activity
-loglevel=AUDIT
-
-#
-# BasicAuth and other User/Password support
-#
-# The realm reported on BasicAuth callbacks
-basic_realm=spiderman.agile.att.com
-users=ks%xiVUs_25_1jqGdJ24hqy43Gi;
-groups=aaf:Jd8bb3jslg88b@spiderman.agile.att.com%7sZCPBZ_8iWbslqdjWFIDLgTZlm9ung0ym-G,\
- jg1555,lg2384,rd8227,tp007s,pe3617;
-
-
-# Keyfile (with relative path) for encryption. This file
-# should be marked as ReadOnly by Only the running process
-# for security's sake
-keyfile=conf/keyfile
-
-# This is here to force property chaining in tests
-cadi_prop_files=test/cadi.properties.duplicate
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
</developers>
<dependencies>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<name>CADI Servlet Sample (Test Only)</name>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-env</artifactId>
- <version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.istack</groupId>
+ <artifactId>istack-commons-runtime</artifactId>
+ <version>2.2</version>
+ <scope>runtime</scope>
+ </dependency>
+
</dependencies>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<role>Lead Developer</role>
</roles>
</developer>
- <developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
<developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<name>aaf-authz</name>
<packaging>pom</packaging>
<parent>
<groupId>org.onap.oparent</groupId>
<artifactId>oparent</artifactId>
+ <!-- Official Released Version
<version>2.1.0</version>
+
+ Frankfurt working Version
+ -->
+ <version>3.0.0-SNAPSHOT</version>
</parent>
<properties>
<project.interfaceVersion>${project.version}</project.interfaceVersion>
<project.jettyVersion>9.4.12.v20180830</project.jettyVersion>
<project.cassVersion>3.6.0</project.cassVersion>
-
+ <project.jaxbVersion>2.3.1</project.jaxbVersion>
+ <project.glassfishJaxbVersion>3.0-b71</project.glassfishJaxbVersion>
</properties>
<build>
<plugins>
<scope>test</scope>
</dependency>
+ <!-- Javax removed as of JDK 9 -->
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ <version>${project.jaxbVersion}</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>
# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-# This TAG <version>2.1.16-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.17-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
major=2
minor=1
-patch=16
+patch=17
base_version=${major}.${minor}.${patch}
Code Review / aaf / authz.git / commitdiff