--- /dev/null
+.metadata
+.settings
+.classpath
+.project
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>com.att.authz</groupId>
+ <artifactId>parent</artifactId>
+ <version>2.0.15</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>authz-batch</artifactId>
+ <name>Authz Batch</name>
+ <description>Batch Processing for Authz</description>
+ <packaging>jar</packaging>
+ <url>https://github.com/att/AAF</url>
+ <licenses>
+ <license>
+ <name>BSD License</name>
+ <url> </url>
+ </license>
+ </licenses>
+ <developers>
+ <developer>
+ <name>Jonathan Gathman</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl></organizationUrl>
+ </developer>
+ </developers>
+
+ <properties>
+ <maven.test.failure.ignore>false</maven.test.failure.ignore>
+ <project.swmVersion>1</project.swmVersion>
+ </properties>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>env</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>rosetta</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-core</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ </dependency>
+
+
+
+ <!-- <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-att</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-client</artifactId>
+ </exclusion>
+ </exclusions>
+
+ </dependency> -->
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-cass</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-client</artifactId>
+ </exclusion>
+
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-time</artifactId>
+ <version>2.5</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
+
+ <!-- Data Migration
+ <dependency>
+ <groupId>com.oracle</groupId>
+ <artifactId>ojdbc6</artifactId>
+ <version>11.2.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.opencsv</groupId>
+ <artifactId>opencsv</artifactId>
+ <version>3.3</version>
+ </dependency>
+ -->
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.4</version>
+
+ <configuration>
+ <classifier>tests</classifier>
+ <archive>
+ <manifestEntries>
+ <Sealed>true</Sealed>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <id>depends</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ <archive>
+ <manifest>
+ <mainClass>com.att.authz.Batch</mainClass>
+ </manifest>
+ </archive>
+ </configuration>
+ </execution>
+ <execution>
+ <id>swm</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <finalName>authz-batch-${project.version}.${project.swmVersion}</finalName>
+ <descriptors>
+ <descriptor>../authz-service/src/main/assemble/swm.xml</descriptor>
+ </descriptors>
+ <archive>
+ </archive>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <failOnError>false</failOnError>
+ </configuration>
+ <executions>
+ <execution>
+ <id>attach-javadocs</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.2.1</version>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.5</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <serverId>ossrhdme</serverId>
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
--- /dev/null
+##
+## AUTHZ Batch (authz-batch) Properties
+##
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+
+DRY_RUN=false
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.props;_COMMON_DIR_/com.att.aaf.common.props
+
+
+## -------------------------------------
+## Batch specific Settings
+## -------------------------------------
+SPECIAL_NAMES=testunused,testid,unknown
+
+
+## ----------------------------------------------
+## Email Server settings
+## ----------------------------------------------
+#Sender's email ID needs to be mentioned
+mailFromUserId=DL-aaf-support@att.com
+mailHost=smtp.it.att.com
+
+ALERT_TO_ADDRESS=DL-aaf-support@att.com
+
+PASSWORD_RESET_URL=_AUTHZ_GUI_URL_/gui/passwd
+APPROVALS_URL=_AUTHZ_GUI_URL_/gui/approve
+
+
--- /dev/null
+###############################################################################
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+###############################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.rootLogger=INFO,FA
+log4j.logger.aspr=INFO,aspr
+log4j.additivity.aspr=false
+log4j.logger.authz-batch=INFO,authz-batch
+log4j.logger.sync=INFO,sync
+log4j.additivity.sync=false
+log4j.logger.jobchange=INFO,jobchange
+log4j.additivity.jobchange=false
+log4j.logger.validateuser=INFO,validateuser
+log4j.additivity.validateuser=false
+
+
+log4j.appender.FA=org.apache.log4j.RollingFileAppender
+log4j.appender.FA.File=${LOG4J_FILENAME_authz-batch}
+log4j.appender.FA.MaxFileSize=10000KB
+log4j.appender.FA.MaxBackupIndex=7
+log4j.appender.FA.layout=org.apache.log4j.PatternLayout
+log4j.appender.FA.layout.ConversionPattern=%d %p [%c] - %m %n
+
+log4j.appender.stderr=org.apache.log4j.ConsoleAppender
+log4j.appender.stderr.layout=org.apache.log4j.PatternLayout
+log4j.appender.stderr.layout.ConversionPattern=%d %p [%c] - %m %n
+log4j.appender.stderr.Target=System.err
+
+log4j.appender.authz-batch=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.authz-batch.encoding=UTF-8
+log4j.appender.authz-batch.layout=org.apache.log4j.PatternLayout
+log4j.appender.authz-batch.layout.ConversionPattern=%d [%p] %m %n
+log4j.appender.authz-batch.File=${LOG4J_FILENAME_authz-batch}
+log4j.appender.authz-batch.DatePattern='.'yyyy-MM
+
+log4j.appender.aspr=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.aspr.encoding=UTF-8
+log4j.appender.aspr.layout=org.apache.log4j.PatternLayout
+log4j.appender.aspr.layout.ConversionPattern=%d [%p] %m %n
+log4j.appender.aspr.File=${LOG4J_FILENAME_aspr}
+log4j.appender.aspr.DatePattern='.'yyyy-MM
+
+
+log4j.appender.jobchange=org.apache.log4j.RollingFileAppender
+log4j.appender.jobchange.File=${LOG4J_FILENAME_jobchange}
+log4j.appender.jobchange.MaxFileSize=10000KB
+log4j.appender.jobchange.MaxBackupIndex=7
+log4j.appender.jobchange.layout=org.apache.log4j.PatternLayout
+log4j.appender.jobchange.layout.ConversionPattern=%d %p [%c] - %m %n
+
+log4j.appender.validateuser=org.apache.log4j.RollingFileAppender
+log4j.appender.validateuser.File=${LOG4J_FILENAME_validateuser}
+log4j.appender.validateuser.MaxFileSize=10000KB
+log4j.appender.validateuser.MaxBackupIndex=7
+log4j.appender.validateuser.layout=org.apache.log4j.PatternLayout
+log4j.appender.validateuser.layout.ConversionPattern=%d %p [%c] - %m %n
+
+log4j.appender.sync=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.sync.encoding=UTF-8
+log4j.appender.sync.layout=org.apache.log4j.PatternLayout
+log4j.appender.sync.layout.ConversionPattern=%d [%p] %m %n
+log4j.appender.sync.File=${LOG4J_FILENAME_sync}
+log4j.appender.sync.DatePattern='.'yyyy-MM
+
+# General Apache libraries
+log4j.logger.org.apache=WARN
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Constructor;
+import java.net.InetAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+import java.text.SimpleDateFormat;
+import java.util.GregorianCalendar;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+import java.util.TimeZone;
+
+import org.apache.log4j.Logger;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.Organization;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.dao.CassAccess;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.StaticSlot;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.impl.Log4JLogTarget;
+import com.att.inno.env.log4j.LogFileNamer;
+import com.datastax.driver.core.Cluster;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.Statement;
+
+public abstract class Batch {
+ private static StaticSlot ssargs;
+
+ protected static final String STARS = "*****";
+
+ protected final Cluster cluster;
+ protected static AuthzEnv env;
+ protected static Session session;
+ protected static Logger aspr;
+ private static Set<String> specialNames = null;
+ protected static boolean dryRun;
+ protected static String batchEnv;
+
+ public static final String CASS_ENV = "CASS_ENV";
+ protected final static String PUNT="punt";
+ protected final static String VERSION="VERSION";
+ public final static String GUI_URL="GUI_URL";
+
+ protected final static String ORA_URL="ora_url";
+ protected final static String ORA_PASSWORD="ora_password";
+
+
+
+ protected Batch(AuthzEnv env) throws APIException, IOException {
+ // TODO - Property Driven Organization
+// try {
+// // att = new ATT(env);
+// } catch (OrganizationException e) {
+// throw new APIException(e);
+// }
+
+ // Be able to change Environments
+ // load extra properties, i.e.
+ // PERF.cassandra.clusters=....
+ batchEnv = env.getProperty(CASS_ENV);
+ if(batchEnv != null) {
+ batchEnv = batchEnv.trim();
+ env.info().log("Redirecting to ",batchEnv,"environment");
+ String str;
+ for(String key : new String[]{
+ CassAccess.CASSANDRA_CLUSTERS,
+ CassAccess.CASSANDRA_CLUSTERS_PORT,
+ CassAccess.CASSANDRA_CLUSTERS_USER_NAME,
+ CassAccess.CASSANDRA_CLUSTERS_PASSWORD,
+ VERSION,GUI_URL,PUNT,
+ // TEMP
+ ORA_URL, ORA_PASSWORD
+ }) {
+ if((str = env.getProperty(batchEnv+'.'+key))!=null) {
+ env.setProperty(key, str);
+ }
+ }
+ }
+
+ // Setup for Dry Run
+ cluster = CassAccess.cluster(env,batchEnv);
+ env.info().log("cluster name - ",cluster.getClusterName());
+ String dryRunStr = env.getProperty( "DRY_RUN" );
+ if ( dryRunStr == null || dryRunStr.equals("false") ) {
+ dryRun = false;
+ } else {
+ dryRun = true;
+ env.info().log("dryRun set to TRUE");
+ }
+
+ // Special names to allow behaviors beyond normal rules
+ String names = env.getProperty( "SPECIAL_NAMES" );
+ if ( names != null )
+ {
+ env.info().log("Loading SPECIAL_NAMES");
+ specialNames = new HashSet<String>();
+ for (String s :names.split(",") )
+ {
+ env.info().log("\tspecial: " + s );
+ specialNames.add( s.trim() );
+ }
+ }
+ }
+
+ protected abstract void run(AuthzTrans trans);
+ protected abstract void _close(AuthzTrans trans);
+
+ public String[] args() {
+ return (String[])env.get(ssargs);
+ }
+
+ public boolean isDryRun()
+ {
+ return( dryRun );
+ }
+
+ public boolean isSpecial(String user) {
+ if (specialNames != null && specialNames.contains(user)) {
+ env.info().log("specialName: " + user);
+
+ return (true);
+ } else {
+ return (false);
+ }
+ }
+
+ public boolean isMechID(String user) {
+ if (user.matches("m[0-9][0-9][0-9][0-9][0-9]")) {
+ return (true);
+ } else {
+ return (false);
+ }
+ }
+
+ protected PrintStream fallout(PrintStream _fallout, String logType)
+ throws IOException {
+ PrintStream fallout = _fallout;
+ if (fallout == null) {
+ File dir = new File("logs");
+ if (!dir.exists()) {
+ dir.mkdirs();
+ }
+
+ File f = null;
+ // String os = System.getProperty("os.name").toLowerCase();
+ long uniq = System.currentTimeMillis();
+
+ f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
+ + uniq + ".log");
+
+ fallout = new PrintStream(new FileOutputStream(f, true));
+ }
+ return fallout;
+ }
+
+ public Organization getOrgFromID(AuthzTrans trans, String user) {
+ Organization org;
+ try {
+ org = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
+ } catch (OrganizationException e1) {
+ trans.error().log(e1);
+ org=null;
+ }
+
+ if (org == null) {
+ PrintStream fallout = null;
+
+ try {
+ fallout = fallout(fallout, "Fallout");
+ fallout.print("INVALID_ID,");
+ fallout.println(user);
+ } catch (Exception e) {
+ env.error().log("Could not write to Fallout File", e);
+ }
+ return (null);
+ }
+
+ return (org);
+ }
+
+ public static Row executeDeleteQuery(Statement stmt) {
+ Row row = null;
+ if (!dryRun) {
+ row = session.execute(stmt).one();
+ }
+
+ return (row);
+
+ }
+
+ public static int acquireRunLock(String className) {
+ Boolean testEnv = true;
+ String envStr = env.getProperty("AFT_ENVIRONMENT");
+
+ if (envStr != null) {
+ if (envStr.equals("AFTPRD")) {
+ testEnv = false;
+ }
+ } else {
+ env.fatal()
+ .log("AFT_ENVIRONMENT property is required and was not found. Exiting.");
+ System.exit(1);
+ }
+
+ if (testEnv) {
+ env.info().log("TESTMODE: skipping RunLock");
+ return (1);
+ }
+
+ String hostname = null;
+ try {
+ hostname = InetAddress.getLocalHost().getHostName();
+ } catch (UnknownHostException e) {
+ e.printStackTrace();
+ env.warn().log("Unable to get hostname");
+ return (0);
+ }
+
+ ResultSet existing = session.execute(String.format(
+ "select * from authz.run_lock where class = '%s'", className));
+
+ for (Row row : existing) {
+ long curr = System.currentTimeMillis();
+ ByteBuffer lastRun = row.getBytesUnsafe(2); // Can I get this field
+ // by name?
+
+ long interval = (1 * 60 * 1000); // @@ Create a value in props file
+ // for this
+ long prev = lastRun.getLong();
+
+ if ((curr - prev) <= interval) {
+ env.warn().log(
+ String.format("Too soon! Last run was %d minutes ago.",
+ ((curr - prev) / 1000) / 60));
+ env.warn().log(
+ String.format("Min time between runs is %d minutes ",
+ (interval / 1000) / 60));
+ env.warn().log(
+ String.format("Last ran on machine: %s at %s",
+ row.getString("host"), row.getDate("start")));
+ return (0);
+ } else {
+ env.info().log("Delete old lock");
+ deleteLock(className);
+ }
+ }
+
+ GregorianCalendar current = new GregorianCalendar();
+
+ // We want our time in UTC, hence "+0000"
+ SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss+0000");
+ fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
+
+ String cql = String
+ .format("INSERT INTO authz.run_lock (class,host,start) VALUES ('%s','%s','%s') IF NOT EXISTS",
+ className, hostname, fmt.format(current.getTime()));
+
+ env.info().log(cql);
+
+ Row row = session.execute(cql).one();
+ if (!row.getBool("[applied]")) {
+ env.warn().log("Lightweight Transaction failed to write lock.");
+ env.warn().log(
+ String.format("host with lock: %s, running at %s",
+ row.getString("host"), row.getDate("start")));
+ return (0);
+ }
+ return (1);
+ }
+
+ private static void deleteLock( String className) {
+ Row row = session.execute( String.format( "DELETE FROM authz.run_lock WHERE class = '%s' IF EXISTS", className ) ).one();
+ if (! row.getBool("[applied]")) {
+ env.info().log( "delete failed" );
+ }
+ }
+
+ private static void transferVMProps(AuthzEnv env, String ... props) {
+ String value;
+ for(String key : props) {
+ if((value = System.getProperty(key))!=null) {
+ env.setProperty(key, value);
+ }
+ }
+
+ }
+
+ protected int count(String str, char c) {
+ int count=str==null||str.isEmpty()?0:1;
+ for(int i=str.indexOf(c);i>=0;i=str.indexOf(c,i+1)) {
+ ++count;
+ }
+ return count;
+ }
+
+ public final void close(AuthzTrans trans) {
+ _close(trans);
+ cluster.close();
+ }
+
+ public static void main(String[] args) {
+ Properties props = new Properties();
+ InputStream is=null;
+ String filename;
+ String propLoc;
+ try {
+ File f = new File("etc/authBatch.props");
+ try {
+ if(f.exists()) {
+ filename = f.getCanonicalPath();
+ is = new FileInputStream(f);
+ propLoc=f.getPath();
+ } else {
+ URL rsrc = ClassLoader.getSystemResource("authBatch.props");
+ filename = rsrc.toString();
+ is = rsrc.openStream();
+ propLoc=rsrc.getPath();
+ }
+ props.load(is);
+ } finally {
+ if(is==null) {
+ System.err.println("authBatch.props must exist in etc dir, or in Classpath");
+ System.exit(1);
+ }
+ is.close();
+ }
+
+ env = new AuthzEnv(props);
+
+ transferVMProps(env,CASS_ENV,"DRY_RUN","NS","Organization");
+
+ // Flow all Env Logs to Log4j, with ENV
+
+ LogFileNamer lfn;
+ if((batchEnv=env.getProperty(CASS_ENV))==null) {
+ lfn = new LogFileNamer("logs/").noPID();
+ } else {
+ lfn = new LogFileNamer("logs/" + batchEnv+'/').noPID();
+ }
+
+ lfn.setAppender("authz-batch");
+ lfn.setAppender("aspr|ASPR");
+ lfn.setAppender("sync");
+ lfn.setAppender("jobchange");
+ lfn.setAppender("validateuser");
+ aspr = Logger.getLogger("aspr");
+ Log4JLogTarget.setLog4JEnv("authz-batch", env);
+ if(filename!=null) {
+ env.init().log("Instantiated properties from",filename);
+ }
+
+
+ // Log where Config found
+ env.info().log("Configuring from",propLoc);
+ propLoc=null;
+
+ Batch batch = null;
+ // setup ATTUser and Organization Slots before starting this:
+ //TODO Property Driven Organization
+// env.slot(ATT.ATT_USERSLOT);
+// OrganizationFactory.setDefaultOrg(env, ATT.class.getName());
+ AuthzTrans trans = env.newTrans();
+
+ TimeTaken tt = trans.start("Total Run", Env.SUB);
+ try {
+ int len = args.length;
+ if(len>0) {
+ String toolName = args[0];
+ len-=1;
+ if(len<0)len=0;
+ String nargs[] = new String[len];
+ if(len>0) {
+ System.arraycopy(args, 1, nargs, 0, len);
+ }
+
+ env.put(ssargs=env.staticSlot("ARGS"), nargs);
+
+ /*
+ * Add New Batch Programs (inherit from Batch) here
+ */
+
+ if( JobChange.class.getSimpleName().equals(toolName)) {
+ aspr.info( "Begin jobchange processing" );
+ batch = new JobChange(trans);
+ }
+ //// else if( ValidateUsers.class.getSimpleName().equals(toolName)) {
+ //// aspr.info( "Begin ValidateUsers processing" );
+ //// batch = new ValidateUsers(trans);
+ // }
+ else if( UserRoleDataGeneration.class.getSimpleName().equals(toolName)) {
+ // This job duplicates User Role add/delete History items
+ // so that we can search them by Role. Intended as a one-time
+ // script! but written as batch job because Java has better
+ // UUID support. Multiple runs will generate multiple copies of
+ // these history elements!
+ aspr.info( "Begin User Role Data Generation Processing ");
+ batch = new UserRoleDataGeneration(trans);
+ } else { // Might be a Report, Update or Temp Batch
+ Class<?> cls;
+ String classifier = "";
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.update."+toolName);
+ classifier = "Update:";
+ } catch(ClassNotFoundException e) {
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.reports."+toolName);
+ classifier = "Report:";
+ } catch (ClassNotFoundException e2) {
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.temp."+toolName);
+ classifier = "Temp Utility:";
+ } catch (ClassNotFoundException e3) {
+ cls = null;
+ }
+ }
+ }
+ if(cls!=null) {
+ Constructor<?> cnst = cls.getConstructor(new Class[]{AuthzTrans.class});
+ batch = (Batch)cnst.newInstance(trans);
+ env.info().log("Begin",classifier,toolName);
+ }
+ }
+
+ if(batch==null) {
+ trans.error().log("No Batch named",toolName,"found");
+ }
+ /*
+ * End New Batch Programs (inherit from Batch) here
+ */
+
+ }
+ if(batch!=null) {
+ batch.run(trans);
+ }
+ } finally {
+ tt.done();
+ if(batch!=null) {
+ batch.close(trans);
+ }
+ StringBuilder sb = new StringBuilder("Task Times\n");
+ trans.auditTrail(4, sb, AuthzTrans.REMOTE);
+ trans.info().log(sb);
+ }
+ } catch (Exception e) {
+ e.printStackTrace(System.err);
+ // Exceptions thrown by DB aren't stopping the whole process.
+ System.exit(1);
+ }
+ }
+
+
+}
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+public class BatchException extends Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3877245367723491192L;
+
+ public BatchException() {
+ }
+
+ public BatchException(String message) {
+ super(message);
+ }
+
+ public BatchException(Throwable cause) {
+ super(cause);
+ }
+
+ public BatchException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public BatchException(String message, Throwable cause,
+ boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.impl.Log4JLogTarget;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.exceptions.InvalidQueryException;
+
+public abstract class CassBatch extends Batch {
+
+ protected CassBatch(AuthzTrans trans, String log4JName) throws APIException, IOException {
+ super(trans.env());
+ // Flow all Env Logs to Log4j
+ Log4JLogTarget.setLog4JEnv(log4JName, env);
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ trans.info().log("Closed Session");
+ }
+
+ public ResultSet executeQuery(String cql) {
+ return executeQuery(cql,"");
+ }
+
+ public ResultSet executeQuery(String cql, String extra) {
+ if(isDryRun() && !cql.startsWith("SELECT")) {
+ if(extra!=null)env.info().log("Would query" + extra + ": " + cql);
+ } else {
+ if(extra!=null)env.info().log("query" + extra + ": " + cql);
+ try {
+ return session.execute(cql);
+ } catch (InvalidQueryException e) {
+ if(extra==null) {
+ env.info().log("query: " + cql);
+ }
+ throw e;
+ }
+ }
+ return null;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.DirectoryIteratorException;
+import java.nio.file.DirectoryStream;
+import java.nio.file.FileSystem;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.PathMatcher;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+
+public abstract class FileCassBatch extends CassBatch {
+
+ public FileCassBatch(AuthzTrans trans, String log4jName) throws APIException, IOException {
+ super(trans, log4jName);
+ }
+
+ protected List<File> findAllFiles(String regex) {
+ List<File> files = new ArrayList<File>();
+ FileSystem fileSystem = FileSystems.getDefault();
+ PathMatcher pathMatcher = fileSystem.getPathMatcher("glob:" + regex);
+ Path path = Paths.get(System.getProperty("user.dir"), "data");
+
+ try {
+ DirectoryStream<Path> directoryStream = Files.newDirectoryStream(
+ path, regex);
+ for (Path file : directoryStream) {
+ if (pathMatcher.matches(file.getFileName())) {
+ files.add(file.toFile());
+ }
+ }
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ } catch (DirectoryIteratorException ex) {
+ ex.printStackTrace();
+ }
+
+ return files;
+ }
+
+
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+// test for case where I'm an admin
+
+package com.att.authz;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.Organization;
+import com.att.authz.org.OrganizationFactory;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class JobChange extends Batch
+{
+ private class UserRole
+ {
+ String user;
+ String role;
+ }
+ private class UserCred
+ {
+ String user;
+ String ns;
+ }
+
+ private class NamespaceOwner
+ {
+ String user;
+ String ns;
+ boolean responsible;
+ int ownerCount;
+ }
+
+
+ private AuthzTrans myTrans;
+
+ private Map<String, ArrayList<UserRole>> rolesMap = new HashMap<String, ArrayList<UserRole>>();
+ private Map<String, ArrayList<NamespaceOwner>> ownersMap = new HashMap<String, ArrayList<NamespaceOwner>>();
+ private Map<String, ArrayList<UserCred>> credsMap = new HashMap<String, ArrayList<UserCred>>();
+
+
+ public static void createDirectory( String dir )
+ {
+ File f = new File( dir );
+
+ if ( ! f.exists())
+ {
+ env.info().log( "creating directory: " + dir );
+ boolean result = false;
+
+ try
+ {
+ f.mkdir();
+ result = true;
+ } catch(SecurityException e){
+ e.printStackTrace();
+ }
+ if(result) {
+ System.out.println("DIR created");
+ }
+ }
+ }
+
+ public static String getJobChangeDataFile()
+ {
+ File outFile = null;
+ BufferedWriter writer = null;
+ BufferedReader reader = null;
+ String line;
+ boolean errorFlag = false;
+
+ try
+ {
+ createDirectory( "etc" );
+
+ outFile = new File("etc/jobchange." + getCurrentDate() );
+ if (!outFile.exists())
+ {
+ outFile.createNewFile();
+ }
+ else
+ {
+ return( "etc/jobchange." + getCurrentDate() );
+ }
+
+ env.info().log("Creating the local file with the webphone data");
+
+
+
+ writer = new BufferedWriter(new FileWriter(
+ outFile.getAbsoluteFile()));
+
+ URL u = new URL( "ftp://thprod37.sbc.com/jobchange_Delta.dat" );
+ reader = new BufferedReader(new InputStreamReader(
+ new BufferedInputStream(u.openStream())));
+ while ((line = reader.readLine()) != null) {
+ writer.write(line + "\n");
+ }
+
+ writer.close();
+ reader.close();
+
+ env.info().log("Finished fetching the data from the webphone ftp site.");
+ return( "etc/jobchange." + getCurrentDate() );
+
+ } catch (MalformedURLException e) {
+ env.error().log("Could not open the remote job change data file.", e);
+ errorFlag = true;
+
+ } catch (IOException e) {
+ env.error().log(
+ "Error while opening or writing to the local data file.", e);
+ errorFlag = true;
+
+ } catch (Exception e) {
+ env.error().log("Error while fetching the data file.", e);
+ errorFlag = true;
+
+ } finally {
+ if (errorFlag)
+ outFile.delete();
+ }
+ return null;
+ }
+
+ public static String getCurrentDate()
+ {
+ SimpleDateFormat sdfDate = new SimpleDateFormat("yyyy-MM-dd");
+ Date now = new Date();
+ String strDate = sdfDate.format(now);
+ return strDate;
+ }
+
+ public void loadUsersFromCred()
+ {
+ String query = "select id,ns from authz.cred" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ String user = row.getString( "id" );
+ String ns = row.getString( "ns" );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( credsMap.get( simpleUser ) == null )
+ {
+ credsMap.put( simpleUser, new ArrayList<UserCred>() );
+
+ UserCred newEntry = new UserCred();
+ newEntry.user = user;
+ newEntry.ns = ns;
+
+ credsMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ UserCred newEntry = new UserCred();
+ newEntry.user = user;
+ newEntry.ns = ns;
+
+ credsMap.get( simpleUser ).add( newEntry );
+ }
+
+ env.debug().log( String.format( "\tUser: %s NS: %s", user, ns ) );
+ }
+ }
+
+ public void loadUsersFromRoles()
+ {
+ String query = "select user,role from authz.user_role" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+ int total=0, flagged=0;
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ String user = row.getString( "user" );
+ String role = row.getString( "role" );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( rolesMap.get( simpleUser ) == null )
+ {
+ rolesMap.put( simpleUser, new ArrayList<UserRole>() );
+
+ UserRole newEntry = new UserRole();
+ newEntry.user = user;
+ newEntry.role = role;
+
+ rolesMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ UserRole newEntry = new UserRole();
+ newEntry.user = user;
+ newEntry.role = role;
+
+ rolesMap.get( simpleUser ).add( newEntry );
+ }
+
+ env.debug().log( String.format( "\tUser: %s Role: %s", user, role ) );
+
+ ++total;
+ }
+ env.info().log( String.format( "rows read: %d expiring: %d", total, flagged ) );
+ }
+
+ public void loadOwnersFromNS()
+ {
+ String query = "select name,admin,responsible from authz.ns" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ Set<String> responsibles = row.getSet( "responsible", String.class );
+
+ for ( String user : responsibles )
+ {
+ env.info().log( String.format( "Found responsible %s", user ) );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( ownersMap.get( simpleUser ) == null )
+ {
+ ownersMap.put( simpleUser, new ArrayList<NamespaceOwner>() );
+
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.ownerCount = responsibles.size();
+ newEntry.responsible = true;
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.ownerCount = responsibles.size();
+ newEntry.responsible = true;
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ }
+ Set<String> admins = row.getSet( "admin", String.class );
+
+ for ( String user : admins )
+ {
+ env.info().log( String.format( "Found admin %s", user ) );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( ownersMap.get( simpleUser ) == null )
+ {
+ ownersMap.put( simpleUser, new ArrayList<NamespaceOwner>() );
+
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.responsible = false;
+ newEntry.ownerCount = -1; //
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.responsible = false;
+ newEntry.ownerCount = -1; //
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ }
+
+ }
+ }
+
+ /**
+ * Processes the specified JobChange data file obtained from Webphone. Each line is
+ * read and processed and any fallout is written to the specified fallout file.
+ * If fallout file already exists it is deleted and a new one is created. A
+ * comparison of the supervisor id in the job data file is done against the one returned
+ * by the authz service and if the supervisor Id has changed then the record is updated
+ * using the authz service. An email is sent to the new supervisor to approve the roles
+ * assigned to the user.
+ *
+ * @param fileName - name of the file to process including its path
+ * @param falloutFileName - the file where the fallout entries have to be written
+ * @param validDate - the valid effective date when the user had moved to the new supervisor
+ * @throws Exception
+ */
+ public void processJobChangeDataFile(String fileName,
+ String falloutFileName, Date validDate) throws Exception
+ {
+
+ BufferedWriter writer = null;
+
+ try {
+
+ env.info().log("Reading file: " + fileName );
+
+ FileInputStream fstream = new FileInputStream(fileName);
+ BufferedReader br = new BufferedReader(new InputStreamReader(fstream));
+
+ String strLine;
+
+ while ((strLine = br.readLine()) != null) {
+ processLine( strLine, writer );
+ }
+
+ br.close();
+
+
+ } catch (IOException e) {
+ env.error().log( "Error while reading from the input data file: " + e );
+ throw e;
+ }
+ }
+
+ public void handleAdminChange( String user )
+ {
+ ArrayList<NamespaceOwner> val = ownersMap.get( user );
+
+ for ( NamespaceOwner r : val )
+ {
+ env.info().log( "handleAdminChange: " + user );
+ AuthzTrans trans = env.newTransNoAvg();
+
+
+ if ( r.responsible )
+ {
+ env.info().log( String.format( "delete from NS owner: %s, NS: %s, count: %s",
+ r.user, r.ns, r.ownerCount ) );
+
+ aspr.info( String.format( "action=DELETE_NS_OWNER, user=%s, ns=%s",
+ r.user, r.ns ) );
+ if ( r.ownerCount < 2 )
+ {
+ // send warning email to aaf-support, after this deletion, no owner for NS
+ ArrayList<String> toAddress = new ArrayList<String>();
+ toAddress.add( "XXX_EMAIL" );
+
+ env.warn().log( "removing last owner from namespace" );
+
+ Organization org = null;
+ org = getOrgFromID( myTrans, org, toAddress.get(0) );
+
+ env.info().log( "calling getOrgFromID with " + toAddress.get(0) );
+
+ if ( org != null )
+ {
+ try
+ {
+ aspr.info( String.format( "action=EMAIL_NO_OWNER_NS to=%s, user=%s, ns=%s",
+ toAddress.get(0), r.user, r.ns ) );
+ org.sendEmail( trans, toAddress,
+ new ArrayList<String>(),
+ String.format( "WARNING: no owners for AAF namespace '%s'", r.ns ), // subject:
+ String.format( "AAF recieved a jobchange notification for user %s who was the owner of the '%s' namespace. Please identify a new owner for this namespace and update AAF.", r.user, r.ns ), // body of msg
+ true );
+ } catch (Exception e) {
+ env.error().log("calling sendEmail()");
+
+ e.printStackTrace();
+ }
+ }
+ else
+ {
+ env.error().log( "Failed getOrgFromID" );
+ }
+ }
+ }
+ else
+ {
+ env.info().log( String.format( "delete from NS admin: %s, NS: %s",
+ r.user, r.ns ) );
+
+ aspr.info( String.format( "action=DELETE_NS_ADMIN, user=%s, ns=%s",
+ r.user, r.ns ) );
+ }
+
+ String field = (r.responsible == true) ? "responsible" : "admin";
+
+ String query = String.format( "update authz.ns set %s = %s - {'%s'} where name = '%s'",
+ field, field, r.user, r.ns ) ;
+ env.info().log( "query: " + query );
+ Statement stmt = new SimpleStatement( query );
+ /*Row row = */session.execute(stmt).one();
+
+ String attribQuery = String.format( "delete from authz.ns_attrib where ns = '%s' AND type='%s' AND name='%s'",
+ r.ns, field, r.user);
+ env.info().log( "ns_attrib query: " + attribQuery);
+ Statement attribStmt = new SimpleStatement( attribQuery );
+ /*Row attribRow = */session.execute(attribStmt).one();
+
+ }
+ }
+
+ public void handleRoleChange( String user )
+ {
+ ArrayList<UserRole> val = rolesMap.get( user );
+
+ for ( UserRole r : val )
+ {
+ env.info().log( "handleRoleChange: " + user );
+
+ env.info().log( String.format( "delete from %s from user_role: %s",
+ r.user, r.role ) );
+
+ aspr.info( String.format( "action=DELETE_FROM_ROLE, user=%s, role=%s",
+ r.user, r.role ) );
+
+
+ String query = String.format( "delete from authz.user_role where user = '%s' and role = '%s'",
+ r.user, r.role );
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ /* Row row = */ session.execute(stmt).one();
+
+ }
+ }
+
+ public void handleCredChange( String user )
+ {
+ ArrayList<UserCred> val = credsMap.get( user );
+
+ for ( UserCred r : val )
+ {
+ env.info().log( "handleCredChange: " + user );
+
+ env.info().log( String.format( "delete user %s cred from ns: %s",
+ r.user, r.ns ) );
+
+ aspr.info( String.format( "action=DELETE_FROM_CRED, user=%s, ns=%s",
+ r.user, r.ns ) );
+
+ String query = String.format( "delete from authz.cred where id = '%s'",
+ r.user );
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ /*Row row = */session.execute(stmt).one();
+
+ }
+
+ }
+
+ public boolean processLine(String line, BufferedWriter writer) throws IOException
+ {
+ SimpleDateFormat sdfDate = new SimpleDateFormat("yyyyMMdd");
+ boolean errorFlag = false;
+ String errorMsg = "";
+
+ try
+ {
+ String[] phoneInfo = line.split( "\\|" );
+
+ if ((phoneInfo != null) && (phoneInfo.length >= 8)
+ && (!phoneInfo[0].startsWith("#")))
+ {
+ String user = phoneInfo[0];
+ String newSupervisor = phoneInfo[7];
+ Date effectiveDate = sdfDate.parse(phoneInfo[8].trim());
+
+ env.debug().log( String.format( "checking user: %s, newSupervisor: %s, date: %s",
+ user, newSupervisor, effectiveDate ) );
+
+ // Most important case, user is owner of a namespace
+ //
+ if ( ownersMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s as a namespace admin/owner", user ) );
+ handleAdminChange( user );
+ }
+
+ if ( credsMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s in cred table", user ) );
+ handleCredChange( user );
+ }
+
+ if ( rolesMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s in a role ", user ) );
+ handleRoleChange( user );
+ }
+ }
+
+ else if (phoneInfo[0].startsWith("#"))
+ {
+ return true;
+ }
+ else
+ {
+ env.warn().log("Can't parse. Skipping the line." + line);
+ errorFlag = true;
+ }
+ } catch (Exception e) {
+ errorFlag = true;
+ errorMsg = e.getMessage();
+ env.error().log( "Error while processing line:" + line + e );
+ e.printStackTrace();
+ } finally {
+ if (errorFlag) {
+ env.info().log( "Fallout enrty being written for line:" + line );
+ writer.write(line + "|Failed to update supervisor for user:" + errorMsg + "\n");
+ }
+ }
+ return true;
+ }
+
+
+ public JobChange(AuthzTrans trans) throws APIException, IOException {
+ super( trans.env() );
+ myTrans = trans;
+ session = cluster.connect();
+ }
+
+ public Organization getOrgFromID( AuthzTrans trans, Organization _org, String user ) {
+ Organization org = _org;
+ if ( org == null || ! user.endsWith( org.getRealm() ) ) {
+ int idx = user.lastIndexOf('.');
+ if ( idx > 0 )
+ idx = user.lastIndexOf( '.', idx-1 );
+
+ org = null;
+ if ( idx > 0 ) {
+ try {
+ org = OrganizationFactory.obtain( trans.env(), user.substring( idx+1 ) );
+ } catch (Exception e) {
+ trans.error().log(e,"Failure Obtaining Organization");
+ }
+ }
+
+ if ( org == null ) {
+ PrintStream fallout = null;
+
+ try {
+ fallout= fallout(fallout, "Fallout");
+ fallout.print("INVALID_ID,");
+ fallout.println(user);
+ } catch (Exception e) {
+ env.error().log("Could not write to Fallout File",e);
+ }
+ return( null );
+ }
+ }
+ return( org );
+ }
+
+ public void dumpOwnersMap()
+ {
+ for ( Map.Entry<String, ArrayList<NamespaceOwner>> e : ownersMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<NamespaceOwner> values = e.getValue();
+
+ env.info().log( "ns user: " + key );
+
+ for ( NamespaceOwner r : values )
+ {
+ env.info().log( String.format( "\tNS-user: %s, NS-name: %s, ownerCount: %d",
+ r.user, r.ns, r.ownerCount ) );
+
+ }
+ }
+ }
+
+ public void dumpRolesMap()
+ {
+ for ( Map.Entry<String, ArrayList<UserRole>> e : rolesMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<UserRole> values = e.getValue();
+
+ env.info().log( "user: " + key );
+
+ for ( UserRole r : values )
+ {
+ env.info().log( String.format( "\trole-user: %s, role-name: %s",
+ r.user, r.role ) );
+ }
+ }
+ }
+ public void dumpCredMap()
+ {
+ for ( Map.Entry<String, ArrayList<UserCred>> e : credsMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<UserCred> values = e.getValue();
+
+ env.info().log( "user: " + key );
+
+ for ( UserCred r : values )
+ {
+ env.info().log( String.format( "\tcred-user: %s, ns: %s",
+ r.user, r.ns ) );
+ }
+
+ }
+ }
+
+ @Override
+ protected void run (AuthzTrans trans)
+ {
+ if ( acquireRunLock( this.getClass().getName() ) != 1 ) {
+ env.warn().log( "Cannot acquire run lock, exiting" );
+ System.exit( 1 );
+ }
+
+ try {
+// Map<String,EmailMsg> email = new HashMap<String,EmailMsg>();
+
+ try
+ {
+ String workingDir = System.getProperty("user.dir");
+ env.info().log( "Process jobchange file. PWD is " + workingDir );
+
+ loadUsersFromRoles();
+ loadOwnersFromNS();
+ loadUsersFromCred();
+
+ dumpRolesMap();
+ dumpOwnersMap();
+ dumpCredMap();
+
+ String fname = getJobChangeDataFile();
+
+ if ( fname == null )
+ {
+ env.warn().log("getJobChangedatafile returned null");
+ }
+ else
+ {
+ env.info().log("done with FTP");
+ }
+ processJobChangeDataFile( fname, "fallout", null );
+ }
+ catch (Exception e)
+ {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (SecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+/*
+ private class EmailMsg {
+ private boolean urgent = false;
+ public String url;
+ public Organization org;
+ public String summary;
+
+ public EmailMsg() {
+ org = null;
+ summary = "";
+ }
+
+ public boolean getUrgent() {
+ return( this.urgent );
+ }
+
+ public void setUrgent( boolean val ) {
+ this.urgent = val;
+ }
+ public void setOrg( Organization newOrg ) {
+ this.org = newOrg;
+ }
+ public Organization getOrg() {
+ return( this.org );
+ }
+ }
+*/
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ }
+}
+
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Random;
+import java.util.UUID;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class UserRoleDataGeneration extends Batch {
+
+ protected UserRoleDataGeneration(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ session = cluster.connect();
+
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+
+ String query = "select * from authz.history" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+ int total=0;
+
+ Iterator<Row> iter = results.iterator();
+
+ Random rand = new Random();
+
+ int min = 1;
+ int max = 32;
+
+ while( iter.hasNext() ) {
+ Row row = iter.next();
+ if (row.getString("target").equals("user_role")) {
+ int randomNum = rand.nextInt((max - min) + 1) + min;
+
+ String newId = modifiedTimeuid(row.getUUID("id").toString(), randomNum);
+ String subject = row.getString("subject");
+ String newSubject = subject.split("\\|")[1];
+
+ String newInsert = insertStmt(row, newId, "role", newSubject);
+ Statement statement = new SimpleStatement(newInsert);
+ session.executeAsync(statement);
+
+ total++;
+ }
+ }
+
+ env.info().log(total+ " history elements inserted for user roles");
+
+ }
+
+ private String insertStmt(Row row, String newId, String newTarget, String newSubject) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("INSERT INTO authz.history (id,action,memo,reconstruct,subject,target,user,yr_mon) VALUES (");
+ sb.append(newId+",");
+ sb.append("'"+row.getString("action")+"',");
+ sb.append("'"+row.getString("memo")+"',");
+ sb.append("null,");
+ sb.append("'"+newSubject+"',");
+ sb.append("'"+newTarget+"',");
+ sb.append("'"+row.getString("user")+"',");
+ sb.append(row.getInt("yr_mon"));
+ sb.append(")");
+
+ return sb.toString();
+ }
+
+ private String modifiedTimeuid(String origTimeuuid, int rand) {
+ UUID uuid = UUID.fromString(origTimeuuid);
+
+ long bottomBits = uuid.getLeastSignificantBits();
+ long newBottomBits = bottomBits + (1 << rand);
+ if (newBottomBits - bottomBits == 0)
+ env.info().log("Duplicate!\t"+uuid + " not duplicated for role history function.");
+
+ UUID newUuid = new UUID(uuid.getMostSignificantBits(),newBottomBits);
+ return newUuid.toString();
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info( "End UserRoleDataGeneration processing" );
+
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+
+public interface Action<T,RV> {
+ public Result<RV> exec(AuthzTrans trans, T ur);
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.dao.CassAccess;
+import com.att.dao.aaf.hl.Function;
+import com.att.dao.aaf.hl.Question;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.Cluster;
+import com.datastax.driver.core.Session;
+
+public abstract class ActionDAO<T,RV> implements Action<T,RV> {
+ protected final Question q;
+ protected final Function f;
+ private boolean clean;
+
+ public ActionDAO(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ q = new Question(trans, cluster, CassAccess.KEYSPACE, false);
+ f = new Function(trans,q);
+ clean = true;
+ }
+
+ public ActionDAO(AuthzTrans trans, ActionDAO<?,?> predecessor) {
+ q = predecessor.q;
+ f = new Function(trans,q);
+ clean = false;
+ }
+
+ public Session getSession(AuthzTrans trans) throws APIException, IOException {
+ return q.historyDAO.getSession(trans);
+ }
+
+ public void close(AuthzTrans trans) {
+ if(clean) {
+ q.close(trans);
+ }
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.Cluster;
+
+public abstract class ActionPuntDAO<T, RV> extends ActionDAO<T, RV> {
+ private static final SecureRandom random = new SecureRandom();
+ private int months, range;
+ protected static final Date now = new Date();
+
+ public ActionPuntDAO(AuthzTrans trans, Cluster cluster, int months, int range) throws APIException, IOException {
+ super(trans, cluster);
+ this.months = months;
+ this.range = range;
+ }
+
+ public ActionPuntDAO(AuthzTrans trans, ActionDAO<?, ?> predecessor, int months, int range) {
+ super(trans, predecessor);
+ this.months = months;
+ this.range = range;
+ }
+
+
+ protected Date puntDate() {
+ GregorianCalendar temp = new GregorianCalendar();
+ temp.setTime(now);
+ if(range>0) {
+ int forward = months+Math.abs(random.nextInt()%range);
+ temp.add(GregorianCalendar.MONTH, forward);
+ temp.add(GregorianCalendar.DAY_OF_MONTH, (random.nextInt()%30)-15);
+ }
+ return temp.getTime();
+
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class CredDelete extends ActionDAO<CredDAO.Data,Void> {
+
+ public CredDelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public CredDelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cred) {
+ Result<Void> rv = q.credDAO.delete(trans, cred, true); // need to read for undelete
+ trans.info().log("Deleted:",cred.id,CredPrint.type(cred.type),Chrono.dateOnlyStamp(cred.expires));
+ return rv;
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.util.Chrono;
+
+public class CredPrint implements Action<CredDAO.Data,Void> {
+ private String text;
+
+ public CredPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cred) {
+ trans.info().log(text,cred.id,type(cred.type),Chrono.dateOnlyStamp(cred.expires));
+ return Result.ok();
+ }
+
+
+ public static String type(int type) {
+ switch(type) {
+ case CredDAO.BASIC_AUTH: // 1
+ return "OLD";
+ case CredDAO.BASIC_AUTH_SHA256: // 2
+ return "U/P";
+ case CredDAO.CERT_SHA256_RSA: // 200
+ return "Cert";
+ default:
+ return "Unknown";
+ }
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class CredPunt extends ActionPuntDAO<CredDAO.Data,Void> {
+
+ public CredPunt(AuthzTrans trans, Cluster cluster, int months, int range) throws IOException, APIException {
+ super(trans,cluster,months,range);
+ }
+
+ public CredPunt(AuthzTrans trans, ActionDAO<?,?> adao, int months, int range) throws IOException {
+ super(trans, adao, months,range);
+ }
+
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cdd) {
+ Result<Void> rv = null;
+ Result<List<CredDAO.Data>> read = q.credDAO.read(trans, cdd);
+ if(read.isOKhasData()) {
+ for(CredDAO.Data data : read.value) {
+ Date from = data.expires;
+ data.expires = puntDate();
+ if(data.expires.before(from)) {
+ trans.error().printf("Error: %s is before %s", Chrono.dateOnlyStamp(data.expires), Chrono.dateOnlyStamp(from));
+ } else {
+ rv = q.credDAO.update(trans, data);
+ trans.info().log("Updated Cred",cdd.id, CredPrint.type(cdd.type), "from",Chrono.dateOnlyStamp(from),"to",Chrono.dateOnlyStamp(data.expires));
+ }
+ }
+ }
+ if(rv==null) {
+ rv=Result.err(read);
+ }
+ return rv;
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+
+public class Email implements Action<Organization,Void>{
+ protected final List<String> toList;
+ protected final List<String> ccList;
+ private final String[] defaultCC;
+ protected String subject;
+ private String preamble;
+ private Message msg;
+ private String sig;
+ protected String lineIndent=" ";
+
+
+ public Email(String ... defaultCC) {
+ toList = new ArrayList<String>();
+ this.defaultCC = defaultCC;
+ ccList = new ArrayList<String>();
+ clear();
+ }
+
+ public Email clear() {
+ toList.clear();
+ ccList.clear();
+ for(String s: defaultCC) {
+ ccList.add(s);
+ }
+ return this;
+ }
+
+
+ public void indent(String indent) {
+ lineIndent = indent;
+ }
+
+ public void preamble(String format, Object ... args) {
+ preamble = String.format(format, args);
+ }
+
+ public Email addTo(Collection<String> users) {
+ toList.addAll(users);
+ return this;
+ }
+
+ public Email addTo(String email) {
+ toList.add(email);
+ return this;
+ }
+
+
+ public Email subject(String format, Object ... args) {
+ subject = String.format(format, args);
+ return this;
+ }
+
+
+ public Email signature(String format, Object ... args) {
+ sig = String.format(format, args);
+ return this;
+ }
+
+ public void msg(Message msg) {
+ this.msg = msg;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Organization org) {
+ StringBuilder sb = new StringBuilder();
+ if(preamble!=null) {
+ sb.append(lineIndent);
+ sb.append(preamble);
+ sb.append("\n\n");
+ }
+
+ if(msg!=null) {
+ msg.msg(sb,lineIndent);
+ sb.append("\n");
+ }
+
+ if(sig!=null) {
+ sb.append(sig);
+ sb.append("\n");
+ }
+
+ return exec(trans,org,sb);
+ }
+
+ protected Result<Void> exec(AuthzTrans trans, Organization org, StringBuilder sb) {
+ try {
+ /* int status = */
+ org.sendEmail(trans,
+ toList,
+ ccList,
+ subject,
+ sb.toString(),
+ false);
+ } catch (Exception e) {
+ return Result.err(Result.ERR_ActionNotCompleted,e.getMessage());
+ }
+ return Result.ok();
+
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.PrintStream;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+
+public class EmailPrint extends Email {
+
+ public EmailPrint(String... defaultCC) {
+ super(defaultCC);
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.actions.Email#exec(com.att.authz.org.Organization, java.lang.StringBuilder)
+ */
+ @Override
+ protected Result<Void> exec(AuthzTrans trans, Organization org, StringBuilder msg) {
+ PrintStream out = System.out;
+ boolean first = true;
+ out.print("To: ");
+ for(String s: toList) {
+ if(first) {first = false;}
+ else {out.print(',');}
+ out.print(s);
+ }
+ out.println();
+
+ first = true;
+ out.print("CC: ");
+ for(String s: ccList) {
+ if(first) {first = false;}
+ else {out.print(',');}
+ out.print(s);
+ }
+ out.println();
+
+ out.print("Subject: ");
+ out.println(subject);
+ out.println();
+
+ out.println(msg);
+ return Result.ok();
+
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Future;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.ApprovalDAO;
+import com.att.dao.aaf.cass.FutureDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class FADelete extends ActionDAO<Future,Void> {
+ public FADelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public FADelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Future f) {
+ FutureDAO.Data fdd = new FutureDAO.Data();
+ fdd.id=f.id;
+ Result<Void> rv = q.futureDAO.delete(trans, fdd, true); // need to read for undelete
+ if(rv.isOK()) {
+ trans.info().log("Deleted:",f.id,f.memo,"expiring on",Chrono.dateOnlyStamp(f.expires));
+ } else {
+ trans.info().log("Failed to Delete Approval");
+ }
+
+ Result<List<ApprovalDAO.Data>> ral = q.approvalDAO.readByTicket(trans, f.id);
+ if(ral.isOKhasData()) {
+ for(ApprovalDAO.Data add : ral.value) {
+ rv = q.approvalDAO.delete(trans, add, false);
+ if(rv.isOK()) {
+ trans.info().log("Deleted: Approval",add.id,"on ticket",add.ticket,"for",add.approver);
+ } else {
+ trans.info().log("Failed to Delete Approval");
+ }
+ }
+ }
+ return rv;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Future;
+import com.att.authz.layer.Result;
+import com.att.inno.env.util.Chrono;
+
+public class FAPrint implements Action<Future,Void> {
+ private String text;
+
+ public FAPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Future f) {
+ trans.info().log(text,f.id,f.memo,"expiring on",Chrono.dateOnlyStamp(f.expires));
+ return Result.ok();
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+public interface Key<HELPER> {
+ public String key(HELPER H);
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class Message {
+ public final List<String> lines;
+
+ public Message() {
+ lines = new ArrayList<String>();
+ }
+
+ public void clear() {
+ lines.clear();
+ }
+
+ public void line(String format, Object ... args) {
+ lines.add(String.format(format, args));
+ }
+
+ public void msg(StringBuilder sb, String lineIndent) {
+ if(lines.size()>0) {
+ for(String line : lines) {
+ sb.append(lineIndent);
+ sb.append(line);
+ sb.append('\n');
+ }
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.dao.aaf.cass.UserRoleDAO.Data;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URAdd extends ActionDAO<UserRole,UserRoleDAO.Data> {
+ public URAdd(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public URAdd(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Data> exec(AuthzTrans trans, UserRole ur) {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = ur.user;
+ urd.role = ur.role;
+ urd.ns=ur.ns;
+ urd.rname = ur.rname;
+ urd.expires = ur.expires;
+ Result<Data> rv = q.userRoleDAO.create(trans, urd);
+ trans.info().log("Added:",ur.role,ur.user,"on",Chrono.dateOnlyStamp(ur.expires));
+ return rv;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URDelete extends ActionDAO<UserRole,Void> {
+ public URDelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public URDelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = ur.user;
+ urd.role = ur.role;
+ Result<Void> rv = q.userRoleDAO.delete(trans, urd, true); // need to read for undelete
+ trans.info().log("Deleted:",ur.role,ur.user,"on",Chrono.dateOnlyStamp(ur.expires));
+ return rv;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Expiration;
+import com.att.authz.org.Organization.Identity;
+import com.att.dao.aaf.cass.FutureDAO;
+import com.att.dao.aaf.cass.NsDAO;
+import com.att.dao.aaf.hl.Function;
+import com.att.dao.aaf.hl.Question;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URFutureApprove extends ActionDAO<UserRole, List<Identity>> implements Action<UserRole,List<Identity>>, Key<UserRole> {
+ private final Date start, expires;
+
+ public URFutureApprove(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans,cluster);
+ GregorianCalendar gc = new GregorianCalendar();
+ start = gc.getTime();
+ expires = trans.org().expiration(gc, Expiration.Future).getTime();
+ }
+
+ public URFutureApprove(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ GregorianCalendar gc = new GregorianCalendar();
+ start = gc.getTime();
+ expires = trans.org().expiration(gc, Expiration.Future).getTime();
+ }
+
+ @Override
+ public Result<List<Identity>> exec(AuthzTrans trans, UserRole ur) {
+ Result<NsDAO.Data> rns = q.deriveNs(trans, ur.ns);
+ if(rns.isOK()) {
+
+ FutureDAO.Data data = new FutureDAO.Data();
+ data.id=null; // let Create function assign UUID
+ data.target=Function.FOP_USER_ROLE;
+
+ data.memo = key(ur);
+ data.start = start;
+ data.expires = expires;
+ try {
+ data.construct = ur.to().bytify();
+ } catch (IOException e) {
+ return Result.err(e);
+ }
+ Result<List<Identity>> rapprovers = f.createFuture(trans, data, Function.FOP_USER_ROLE, ur.user, rns.value, "U");
+ return rapprovers;
+ } else {
+ return Result.err(rns);
+ }
+ }
+
+ @Override
+ public String key(UserRole ur) {
+ String expire;
+ if(expires.before(start)) {
+ expire = "' - EXPIRED ";
+ } else {
+ expire = "' - expiring ";
+ }
+
+ if(Question.OWNER.equals(ur.rname)) {
+ return "Re-Validate Ownership for AAF Namespace '" + ur.ns + expire + Chrono.dateOnlyStamp(ur.expires);
+ } else if(Question.ADMIN.equals(ur.rname)) {
+ return "Re-Validate as Administrator for AAF Namespace '" + ur.ns + expire + Chrono.dateOnlyStamp(ur.expires);
+ } else {
+ return "Re-Approval in Role '" + ur.role + expire + Chrono.dateOnlyStamp(ur.expires);
+ }
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Identity;
+import com.att.inno.env.util.Chrono;
+
+
+public class URFuturePrint implements Action<UserRole,List<Identity>> {
+ private String text;
+ private final static List<Identity> rv = new ArrayList<Identity>();
+
+ public URFuturePrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<List<Identity>> exec(AuthzTrans trans, UserRole ur) {
+ trans.info().log(text,ur.user,"to",ur.role,"on",Chrono.dateOnlyStamp(ur.expires));
+ return Result.ok(rv);
+ }}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.inno.env.util.Chrono;
+
+public class URPrint implements Action<UserRole,Void> {
+ private String text;
+
+ public URPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ trans.info().log(text,ur.user,"to",ur.role,"expiring on",Chrono.dateOnlyStamp(ur.expires));
+ return Result.ok();
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.dao.aaf.cass.UserRoleDAO.Data;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URPunt extends ActionPuntDAO<UserRole,Void> {
+ public URPunt(AuthzTrans trans, Cluster cluster, int months, int range) throws APIException, IOException {
+ super(trans,cluster, months, range);
+ }
+
+ public URPunt(AuthzTrans trans, ActionDAO<?,?> adao, int months, int range) {
+ super(trans, adao, months, range);
+ }
+
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ Result<List<Data>> read = q.userRoleDAO.read(trans, ur.user, ur.role);
+ if(read.isOK()) {
+ for(UserRoleDAO.Data data : read.value) {
+ Date from = data.expires;
+ data.expires = puntDate();
+ if(data.expires.before(from)) {
+ trans.error().printf("Error: %s is before %s", Chrono.dateOnlyStamp(data.expires), Chrono.dateOnlyStamp(from));
+ } else {
+ q.userRoleDAO.update(trans, data);
+ trans.info().log("Updated User",ur.user,"and Role", ur.role, "from",Chrono.dateOnlyStamp(from),"to",Chrono.dateOnlyStamp(data.expires));
+ }
+ }
+ return Result.ok();
+ } else {
+ return Result.err(read);
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.util.Set;
+
+public abstract class AafEntryConverter {
+
+ protected String formatSet(Set<String> set) {
+ if (set==null || set.isEmpty()) return "";
+ StringBuilder sb = new StringBuilder();
+ int curr = 0;
+ sb.append("{");
+ for (String s : set) {
+ sb.append("'");
+ sb.append(s);
+ sb.append("'");
+ if (set.size() != curr + 1) {
+ sb.append(",");
+ }
+ curr++;
+ }
+ sb.append("}");
+ return sb.toString();
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+
+import com.att.dao.aaf.cass.CredDAO;
+import com.datastax.driver.core.utils.Bytes;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class CredEntryConverter extends AafEntryConverter implements CSVEntryConverter<CredDAO.Data> {
+ private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ssZ";
+
+ @Override
+ public String[] convertEntry(CredDAO.Data cd) {
+ String[] columns = new String[5];
+
+ columns[0] = cd.id;
+ columns[1] = String.valueOf(cd.type);
+ DateFormat df = new SimpleDateFormat(DATE_FORMAT);
+ columns[2] = df.format(cd.expires);
+ columns[3] = Bytes.toHexString(cd.cred);
+ columns[4] = (cd.ns==null)?"":cd.ns;
+
+ return columns;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.NsDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class NsEntryConverter extends AafEntryConverter implements CSVEntryConverter<NsDAO.Data> {
+
+ @Override
+ public String[] convertEntry(NsDAO.Data nsd) {
+ String[] columns = new String[5];
+
+ columns[0] = nsd.name;
+ // JG changed from "scope" to "type"
+ columns[1] = String.valueOf(nsd.type);
+ //TODO Chris: need to look at this
+// columns[2] = formatSet(nsd.admin);
+// columns[3] = formatSet(nsd.responsible);
+// columns[4] = nsd.description==null?"":nsd.description;
+ columns[5] = nsd.description==null?"":nsd.description;
+
+ return columns;
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.PermDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class PermEntryConverter extends AafEntryConverter implements CSVEntryConverter<PermDAO.Data> {
+
+ @Override
+ public String[] convertEntry(PermDAO.Data pd) {
+ String[] columns = new String[6];
+
+ columns[0] = pd.ns;
+ columns[1] = pd.type;
+ columns[2] = pd.instance;
+ columns[3] = pd.action;
+ columns[4] = formatSet(pd.roles);
+ columns[5] = pd.description==null?"":pd.description;
+
+ return columns;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.RoleDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class RoleEntryConverter extends AafEntryConverter implements CSVEntryConverter<RoleDAO.Data> {
+
+ @Override
+ public String[] convertEntry(RoleDAO.Data rd) {
+ String[] columns = new String[4];
+
+ columns[0] = rd.ns;
+ columns[1] = rd.name;
+ columns[2] = formatSet(rd.perms);
+ columns[3] = rd.description==null?"":rd.description;
+
+ return columns;
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class UserRoleEntryConverter extends AafEntryConverter implements CSVEntryConverter<UserRoleDAO.Data> {
+ private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ssZ";
+
+ @Override
+ public String[] convertEntry(UserRoleDAO.Data urd) {
+ String[] columns = new String[3];
+
+ columns[0] = urd.user;
+ columns[1] = urd.role;
+ DateFormat df = new SimpleDateFormat(DATE_FORMAT);
+ columns[2] = df.format(urd.expires);
+
+ return columns;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import com.att.authz.actions.Message;
+import com.att.authz.org.Organization;
+
+public class Approver {
+ public String name;
+ public Organization org;
+ public Map<String, Integer> userRequests;
+
+ public Approver(String approver, Organization org) {
+ this.name = approver;
+ this.org = org;
+ userRequests = new HashMap<String, Integer>();
+ }
+
+ public void addRequest(String user) {
+ if (userRequests.get(user) == null) {
+ userRequests.put(user, 1);
+ } else {
+ Integer curCount = userRequests.remove(user);
+ userRequests.put(user, curCount+1);
+ }
+ }
+
+ /**
+ * @param sb
+ * @return
+ */
+ public void build(Message msg) {
+ msg.clear();
+ msg.line("You have %d total pending approvals from the following users:", userRequests.size());
+ for (Map.Entry<String, Integer> entry : userRequests.entrySet()) {
+ msg.line(" %s (%d)",entry.getKey(),entry.getValue());
+ }
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import com.datastax.driver.core.Row;
+
+public abstract class Creator<T> {
+ public abstract T create(Row row);
+ public abstract String select();
+
+ public String query(String where) {
+ StringBuilder sb = new StringBuilder(select());
+ if(where!=null) {
+ sb.append(" WHERE ");
+ sb.append(where);
+ }
+ sb.append(';');
+ return sb.toString();
+ }
+
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Cred {
+ public static final TreeMap<String,Cred> data = new TreeMap<String,Cred>();
+
+ public final String id;
+ public final List<Instance> instances;
+
+ public Cred(String id) {
+ this.id = id;
+ instances = new ArrayList<Instance>();
+ }
+
+ public static class Instance {
+ public final int type;
+ public final Date expires;
+ public final Integer other;
+
+ public Instance(int type, Date expires, Integer other) {
+ this.type = type;
+ this.expires = expires;
+ this.other = other;
+ }
+ }
+
+ public Date last(final int type) {
+ Date last = null;
+ for(Instance i : instances) {
+ if(i.type==type && (last==null || i.expires.after(last))) {
+ last = i.expires;
+ }
+ }
+ return last;
+ }
+
+
+ public Set<Integer> types() {
+ Set<Integer> types = new HashSet<Integer>();
+ for(Instance i : instances) {
+ types.add(i.type);
+ }
+ return types;
+ }
+
+ public static void load(Trans trans, Session session ) {
+ load(trans, session,"select id, type, expires, other from authz.cred;");
+
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns ) {
+ load(trans, session,"select id, type, expires, other from authz.cred WHERE ns='" + ns + "';");
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Creds", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Roles", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ ++count;
+ row = iter.next();
+ String id = row.getString(0);
+ Cred cred = data.get(id);
+ if(cred==null) {
+ cred = new Cred(id);
+ data.put(id, cred);
+ }
+ cred.instances.add(new Instance(row.getInt(1), row.getDate(2), row.getInt(3)));
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"creds");
+ }
+
+
+ }
+ public String toString() {
+ StringBuilder sb = new StringBuilder(id);
+ sb.append('[');
+ for(Instance i : instances) {
+ sb.append('{');
+ sb.append(i.type);
+ sb.append(",\"");
+ sb.append(i.expires);
+ sb.append("\"}");
+ }
+ sb.append(']');
+ return sb.toString();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return id.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return id.equals(obj);
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.TreeMap;
+import java.util.UUID;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Future {
+ public static final List<Future> data = new ArrayList<Future>();
+ public static final TreeMap<String,List<Future>> byMemo = new TreeMap<String,List<Future>>();
+
+ public final UUID id;
+ public final String memo, target;
+ public final Date start, expires;
+ public Future(UUID id, String memo, String target, Date start, Date expires) {
+ this.id = id;
+ this.memo = memo;
+ this.target = target;
+ this.start = start;
+ this.expires = expires;
+ }
+
+ public static void load(Trans trans, Session session, Creator<Future> creator) {
+ trans.info().log( "query: " + creator.select() );
+ ResultSet results;
+ TimeTaken tt = trans.start("Load Futures", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ int count = 0;
+ tt = trans.start("Process Futures", Env.SUB);
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ Future f = creator.create(row);
+ data.add(f);
+
+ List<Future> lf = byMemo.get(f.memo);
+ if(lf == null) {
+ lf = new ArrayList<Future>();
+ byMemo.put(f.memo, lf);
+ }
+ lf.add(f);
+
+ }
+ } finally {
+ trans.info().log("Found",count,"Futures");
+ }
+ }
+
+ public static Creator<Future> v2_0_15 = new Creator<Future>() {
+ @Override
+ public Future create(Row row) {
+ return new Future(row.getUUID(0),row.getString(1),row.getString(2),
+ row.getDate(3),row.getDate(4));
+ }
+
+ @Override
+ public String select() {
+ return "select id,memo,target,start,expires from authz.future";
+ }
+ };
+
+ public static void delete(List<Future> fl) {
+ if(fl==null || fl.isEmpty()) {
+ return;
+ }
+ for(Future f : fl) {
+ data.remove(f);
+ }
+ // Faster to start over, then look for entries.
+ byMemo.clear();
+ for(Future f : data) {
+ List<Future> lf = byMemo.get(f.memo);
+ if(lf == null) {
+ lf = new ArrayList<Future>();
+ byMemo.put(f.memo, lf);
+ }
+ lf.add(f);
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Iterator;
+
+public class InputIterator implements Iterable<String> {
+ private BufferedReader in;
+ private final PrintStream out;
+ private final String prompt, instructions;
+
+ public InputIterator(BufferedReader in, PrintStream out, String prompt, String instructions) {
+ this.in = in;
+ this.out = out;
+ this.prompt = prompt;
+ this.instructions = instructions;
+ }
+
+ @Override
+ public Iterator<String> iterator() {
+ out.println(instructions);
+ return new Iterator<String>() {
+ String input;
+ @Override
+ public boolean hasNext() {
+ out.append(prompt);
+ try {
+ input = in.readLine();
+ } catch (IOException e) {
+ input = null;
+ return false;
+ }
+ return input.length()>0;
+ }
+
+ @Override
+ public String next() {
+ return input;
+ }
+
+ @Override
+ public void remove() {
+ }
+ };
+ }
+}
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.authz.BatchException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class MiscID {
+ public static final TreeMap<String,MiscID> data = new TreeMap<String,MiscID>();
+ /*
+ Sample Record
+ aad890|mj9030|20040902|20120207
+
+ **** Field Definitions ****
+ MISCID - AT&T Miscellaneous ID - Non-User ID (Types: Internal Mechanized ID, External Mechanized ID, Datagate ID, Customer ID, Vendor ID, Exchange Mail ID, CLEC ID, Specialized ID, Training ID)
+ SPONSOR_ATTUID - ATTUID of MiscID Sponsor (Owner)
+ CREATE_DATE - Date when MiscID was created
+ LAST_RENEWAL_DATE - Date when MiscID Sponsorship was last renewed
+ */
+ public String id,sponsor,created,renewal;
+
+ private static final String fieldString = "id,created,sponsor,renewal";
+
+ /**
+ * Load a Row of Strings (from CSV file).
+ *
+ * Be CAREFUL that the Row lists match the Fields above!!! If this changes, change
+ * 1) This Object
+ * 2) DB "suits.cql"
+ * 3) Alter existing Tables
+ * @param row
+ * @throws BatchException
+ * @throws IllegalAccessException
+ * @throws IllegalArgumentException
+ */
+ public void set(String row []) throws BatchException {
+ if(row.length<4) {throw new BatchException("Row of MiscID_XRef is too short");}
+ id = row[0];
+ sponsor = row[1];
+ created = row[2];
+ renewal = row[3];
+ }
+
+ public void set(Row row) {
+ id = row.getString(0);
+ sponsor = row.getString(1);
+ created = row.getString(2);
+ renewal = row.getString(3);
+ }
+
+
+ public static void load(Trans trans, Session session ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid;",data);
+ }
+
+ public static void load(Trans trans, Session session, Map<String,MiscID> map ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid;",map);
+ }
+
+ public static void loadOne(Trans trans, Session session, String id ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid WHERE id ='" + id + "';", data);
+ }
+
+ public static void load(Trans trans, Session session, String query, Map<String,MiscID> map) {
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read MiscID", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ tt = trans.start("Load Map", Env.SUB);
+ try {
+ for( Row row : results.all()) {
+ MiscID miscID = new MiscID();
+ miscID.set(row);
+ data.put(miscID.id,miscID);
+ ++count;
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"miscID records");
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return id.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if(obj!=null && obj instanceof MiscID) {
+ return id.equals(((MiscID)obj).id);
+ }
+ return false;
+ }
+
+ public StringBuilder insertStmt() throws IllegalArgumentException, IllegalAccessException {
+ StringBuilder sb = new StringBuilder("INSERT INTO authz.miscid (");
+ sb.append(fieldString);
+ sb.append(") VALUES ('");
+ sb.append(id);
+ sb.append("','");
+ sb.append(sponsor);
+ sb.append("','");
+ sb.append(created);
+ sb.append("','");
+ sb.append(renewal);
+ sb.append("')");
+ return sb;
+ }
+
+ public StringBuilder updateStmt(MiscID source) {
+ StringBuilder sb = null;
+ if(id.equals(source.id)) {
+ sb = addField(sb,"sponser",sponsor,source.sponsor);
+ sb = addField(sb,"created",created,source.created);
+ sb = addField(sb,"renewal",renewal,source.renewal);
+ }
+ if(sb!=null) {
+ sb.append(" WHERE id='");
+ sb.append(id);
+ sb.append('\'');
+ }
+ return sb;
+ }
+
+ private StringBuilder addField(StringBuilder sb, String name, String a, String b) {
+ if(!a.equals(b)) {
+ if(sb==null) {
+ sb = new StringBuilder("UPDATE authz.miscid SET ");
+ } else {
+ sb.append(',');
+ }
+ sb.append(name);
+ sb.append("='");
+ sb.append(b);
+ sb.append('\'');
+ }
+ return sb;
+ }
+
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class NS implements Comparable<NS> {
+ public final static Map<String,NS> data = new TreeMap<String,NS>();
+
+ public final String name, description, parent;
+ public final int scope,type;
+
+ public NS(String name, String description, String parent, int type, int scope) {
+ this.name = name;
+ this.description = description;
+ this.parent = parent;
+ this.scope = scope;
+ this.type = type;
+ }
+
+ public static void load(Trans trans, Session session, Creator<NS> creator) {
+ load(trans,session,
+ "select name, description, parent, type, scope from authz.ns;"
+ ,creator);
+ }
+
+ public static void loadOne(Trans trans, Session session, Creator<NS> creator, String ns) {
+ load(trans,session,
+ ("select name, description, parent, type, scope from authz.ns WHERE name='"+ns+"';")
+ ,creator
+ );
+ }
+
+ private static void load(Trans trans, Session session, String query, Creator<NS> creator) {
+ trans.info().log( "query: " + query );
+ ResultSet results;
+ TimeTaken tt;
+
+ tt = trans.start("Read Namespaces", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Namespaces", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ NS ns = creator.create(row);
+ data.put(ns.name,ns);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"Namespaces");
+ }
+
+ }
+
+ public String toString() {
+ return name;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return name.equals(obj);
+ }
+
+ @Override
+ public int compareTo(NS o) {
+ return name.compareTo(o.name);
+ }
+
+ public static class NSSplit {
+ public String ns;
+ public String other;
+ public NSSplit(String s, int dot) {
+ ns = s.substring(0,dot);
+ other = s.substring(dot+1);
+ }
+ }
+ public static NSSplit deriveParent(String dotted) {
+ if(dotted==null)return null;
+ for(int idx = dotted.lastIndexOf('.');idx>=0; idx=dotted.lastIndexOf('.',idx-1)) {
+ if(data.get(dotted.substring(0, idx))!=null) {
+ return new NSSplit(dotted,idx);
+ }
+ }
+ return null;
+ }
+
+ public static Creator<NS> v2_0_11 = new Creator<NS> () {
+ @Override
+ public NS create(Row row) {
+ return new NS(row.getString(0),row.getString(1), row.getString(2),row.getInt(3),row.getInt(4));
+ }
+
+ @Override
+ public String select() {
+ return "SELECT name, description, parent, type, scope FROM authz.ns ";
+ }
+ };
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.authz.actions.Message;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.EmailWarnings;
+import com.att.authz.org.Organization;
+import com.att.authz.org.Organization.Notify;
+import com.att.authz.org.Organization.Identity;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Notification {
+
+ public static final TreeMap<String,List<Notification>> data = new TreeMap<String,List<Notification>>();
+ public static final long now = System.currentTimeMillis();
+
+ public final String user;
+ public final Notify type;
+ public final Date last;
+ public final int checksum;
+ public Message msg;
+ private int current;
+ public Organization org;
+ public int count;
+ private long graceEnds,lastdays;
+
+ private Notification(String user, int type, Date last, int checksum) {
+ this.user = user;
+ this.type = Notify.from(type);
+ this.last = last;
+ this.checksum = checksum;
+ current = 0;
+ count = 0;
+ }
+
+ private Notification(String user, Notify type, Date last, int checksum) {
+ this.user = user;
+ this.type = type;
+ this.last = last;
+ this.checksum = checksum;
+ current = 0;
+ count = 0;
+ }
+
+ public static void load(Trans trans, Session session, Creator<Notification> creator ) {
+ trans.info().log( "query: " + creator.select() );
+ TimeTaken tt = trans.start("Load Notify", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ tt = trans.start("Process Notify", Env.SUB);
+
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ try {
+ Notification not = creator.create(row);
+ List<Notification> ln = data.get(not.user);
+ if(ln==null) {
+ ln = new ArrayList<Notification>();
+ data.put(not.user, ln);
+ }
+ ln.add(not);
+ } finally {
+ tt.done();
+ }
+ }
+ } finally {
+ tt.done();
+ trans.info().log("Found",count,"Notify Records");
+ }
+ }
+
+ public static Notification get(String user, Notify type) {
+ List<Notification> ln = data.get(user);
+ if(ln!=null) {
+ for(Notification n : ln) {
+ if(type.equals(n.type)) {
+ return n;
+ }
+ }
+ }
+ return null;
+ }
+
+ private static Notification getOrCreate(String user, Notify type) {
+ List<Notification> ln = data.get(user);
+ Notification n = null;
+ if(ln==null) {
+ ln = new ArrayList<Notification>();
+ data.put(user, ln);
+ } else {
+ for(Notification n2 : ln) {
+ if(type.equals(n2.type)) {
+ n=n2;
+ break;
+ }
+ }
+ }
+ if(n==null) {
+ n = new Notification(user, type, new Date(), 0);
+ ln.add(n);
+ }
+ return n;
+ }
+
+ public static Notification add(AuthzTrans trans, UserRole ur) {
+ Notification n = getOrCreate(ur.user,Notify.RoleExpiration);
+ if(n.org==null) {
+ try {
+ n.org = OrganizationFactory.obtain(trans.env(), ur.ns);
+ } catch (OrganizationException e) {
+ trans.error().log(ur.ns, " does not have a Namespace");
+ }
+ }
+
+ if(n.count==0) {
+ EmailWarnings ew = n.org.emailWarningPolicy();
+ n.graceEnds = ew.roleEmailInterval();
+ n.lastdays = ew.emailUrgentWarning();
+ }
+ ++n.count;
+
+ /*
+ StringBuilder sb = new StringBuilder();
+ sb.append("ID: ");
+ sb.append(ur.user);
+ User ouser;
+ try {
+ ouser = n.org.getUser(trans, ur.user);
+ if(ouser!=null) {
+ sb.append(" (");
+ sb.append(ouser.fullName());
+ sb.append(')');
+ }
+ } catch (Exception e) {
+ }
+ sb.append(" Role: ");
+ sb.append(ur.role);
+ sb.append(" Expire");
+ if(now<ur.expires.getTime()) {
+ sb.append("s: ");
+ } else {
+ sb.append("d: ");
+ }
+ sb.append(Chrono.dateOnlyStamp(ur.expires));
+ sb.append("\n If you wish to extend, type\n");
+ sb.append("\trole user extend ");
+ sb.append(ur.role);
+ sb.append(' ');
+ sb.append(ur.user);
+ sb.append("\n If you wish to delete, type\n");
+ sb.append("\trole user del ");
+ sb.append(ur.role);
+ sb.append(' ');
+ sb.append(ur.user);
+ sb.append('\n');
+ n.msg.add(sb.toString());
+ n.current=0;
+ */
+ return n;
+ }
+
+ public static Notification addApproval(AuthzTrans trans, Identity ou) {
+ Notification n = getOrCreate(ou.id(),Notify.Approval);
+ if(n.org==null) {
+ n.org = ou.org();
+ }
+ if(n.count==0) { // first time.
+ EmailWarnings ew = n.org.emailWarningPolicy();
+ n.graceEnds = ew.apprEmailInterval();
+ n.lastdays = ew.emailUrgentWarning();
+ }
+ ++n.count;
+ return n;
+ }
+
+ public static Creator<Notification> v2_0_14 = new Creator<Notification>() {
+ @Override
+ public Notification create(Row row) {
+ return new Notification(row.getString(0), row.getInt(1), row.getDate(2),row.getInt(3));
+ }
+
+ @Override
+ public String select() {
+ return "select user,type,last,checksum from authz.notify";
+ }
+ };
+
+ public void set(Message msg) {
+ this.msg = msg;
+ }
+
+ public int checksum() {
+ if(current==0) {
+ for(String l : msg.lines) {
+ for(byte b : l.getBytes()) {
+ current+=b;
+ }
+ }
+ }
+ return current;
+ }
+
+ public boolean update(AuthzTrans trans, Session session, boolean dryRun) {
+ String update = update();
+ if(update!=null) {
+ if(dryRun) {
+ trans.info().log(update);
+ } else {
+ session.execute(update);
+ }
+ return true; // Updated info, expect to notify
+ }
+ return false;
+ }
+
+ /**
+ * Returns an Update String for CQL if there is data.
+ *
+ * Returns null if nothing to update
+ * @return
+ */
+ private String update() {
+ // If this has been done before, there is no change in checkSum and the last time notified is within GracePeriod
+ if(checksum!=0 && checksum()==checksum && now < last.getTime()+graceEnds && now > last.getTime()+lastdays) {
+ return null;
+ } else {
+ return "UPDATE authz.notify SET last = '" +
+ Chrono.dateOnlyStamp(last) +
+ "', checksum=" +
+ current +
+ " WHERE user='" +
+ user +
+ "' AND type=" +
+ type.getValue() +
+ ";";
+ }
+ }
+
+// public void text(Email email) {
+// for(String s : msg) {
+// email.line(s);
+// }
+// }
+//
+ public String toString() {
+ return "\"" + user + "\",\"" + type.name() + "\",\"" + Chrono.dateOnlyStamp(last);
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class NsAttrib {
+ public static final List<NsAttrib> data = new ArrayList<NsAttrib>();
+ public static final TreeMap<String,List<NsAttrib>> byKey = new TreeMap<String,List<NsAttrib>>();
+ public static final TreeMap<String,List<NsAttrib>> byNS = new TreeMap<String,List<NsAttrib>>();
+
+ public final String ns,key,value;
+
+ public NsAttrib(String ns, String key, String value) {
+ this.ns = ns;
+ this.key = key;
+ this.value = value;
+ }
+
+ public static void load(Trans trans, Session session, Creator<NsAttrib> creator ) {
+ trans.info().log( "query: " + creator.select() );
+ ResultSet results;
+ TimeTaken tt = trans.start("Load NsAttributes", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ tt = trans.start("Process NsAttributes", Env.SUB);
+
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ NsAttrib ur = creator.create(row);
+ data.add(ur);
+
+ List<NsAttrib> lna = byKey.get(ur.key);
+ if(lna==null) {
+ lna = new ArrayList<NsAttrib>();
+ byKey.put(ur.key, lna);
+ }
+ lna.add(ur);
+
+ lna = byNS.get(ur.ns);
+ if(lna==null) {
+ lna = new ArrayList<NsAttrib>();
+ byNS.put(ur.ns, lna);
+ }
+ lna.add(ur);
+ }
+ } finally {
+ tt.done();
+ trans.info().log("Found",count,"NS Attributes");
+ }
+ }
+
+ public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() {
+ @Override
+ public NsAttrib create(Row row) {
+ return new NsAttrib(row.getString(0), row.getString(1), row.getString(2));
+ }
+
+ @Override
+ public String select() {
+ return "select ns,key,value from authz.ns_attrib";
+ }
+ };
+
+
+ public String toString() {
+ return "\"" + ns + "\",\"" + key + "\",\"" + value;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Perm implements Comparable<Perm> {
+ public static final TreeMap<Perm,Set<String>> data = new TreeMap<Perm,Set<String>>();
+ public static final TreeMap<String,Perm> keys = new TreeMap<String,Perm>();
+
+ public final String ns, type, instance, action,description;
+ private String fullType = null, fullPerm = null, encode = null;
+ public final Set<String> roles;
+
+ public String encode() {
+ if(encode == null) {
+ encode = ns + '|' + type + '|' + instance + '|' + action;
+ }
+ return encode;
+ }
+
+ public String fullType() {
+ if(fullType==null) {
+ fullType = ns + '.' + type;
+ }
+ return fullType;
+ }
+
+ public String fullPerm() {
+ if(fullPerm==null) {
+ fullPerm = ns + '.' + type + '|' + instance + '|' + action;
+ }
+ return fullPerm;
+ }
+
+ public Perm(String ns, String type, String instance, String action, String description, Set<String> roles) {
+ this.ns = ns;
+ this.type = type;
+ this.instance = instance;
+ this.action = action;
+ this.description = description;
+ // 2.0.11
+// this.full = encode();//ns+'.'+type+'|'+instance+'|'+action;
+ this.roles = roles;
+ }
+
+ public static void load(Trans trans, Session session) {
+ load(trans, session, "select ns, type, instance, action, description, roles from authz.perm;");
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns) {
+ load(trans, session, "select ns, type, instance, action, description, roles from authz.perm WHERE ns='" + ns + "';");
+
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+ //
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Perms", Env.REMOTE);
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Perms", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ Perm pk = new Perm(row.getString(0),row.getString(1),row.getString(2),row.getString(3), row.getString(4), row.getSet(5,String.class));
+ keys.put(pk.encode(), pk);
+ data.put(pk,pk.roles);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"perms");
+ }
+ }
+
+ public String toString() {
+ return encode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return encode().hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return encode().equals(obj);
+ }
+
+ @Override
+ public int compareTo(Perm o) {
+ return encode().compareTo(o.encode());
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Role implements Comparable<Role> {
+ public static final TreeMap<Role,Set<String>> data = new TreeMap<Role,Set<String>>();
+ public static final TreeMap<String,Role> keys = new TreeMap<String,Role>();
+
+ public final String ns, name, description;
+ private String full, encode;
+ public final Set<String> perms;
+
+ public Role(String full) {
+ ns = name = description = "";
+ this.full = full;
+ perms = new HashSet<String>();
+ }
+
+ public Role(String ns, String name, String description,Set<String> perms) {
+ this.ns = ns;
+ this.name = name;
+ this.description = description;
+ this.full = null;
+ this.encode = null;
+ this.perms = perms;
+ }
+
+ public String encode() {
+ if(encode==null) {
+ encode = ns + '|' + name;
+ }
+ return encode;
+ }
+
+ public String fullName() {
+ if(full==null) {
+ full = ns + '.' + name;
+ }
+ return full;
+ }
+
+ public static void load(Trans trans, Session session ) {
+ load(trans,session,"select ns, name, description, perms from authz.role;");
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns ) {
+ load(trans,session,"select ns, name, description, perms from authz.role WHERE ns='" + ns + "';");
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Roles", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Roles", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ Role rk =new Role(row.getString(0),row.getString(1), row.getString(2),row.getSet(3,String.class));
+ keys.put(rk.encode(), rk);
+ data.put(rk,rk.perms);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"roles");
+ }
+
+
+ }
+ public String toString() {
+ return encode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return encode().hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return encode().equals(obj);
+ }
+
+ @Override
+ public int compareTo(Role o) {
+ return encode().compareTo(o.encode());
+ }
+
+ public static String fullName(String role) {
+ return role.replace('|', '.');
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class UserRole implements Cloneable {
+ public static final List<UserRole> data = new ArrayList<UserRole>();
+ public static final TreeMap<String,List<UserRole>> byUser = new TreeMap<String,List<UserRole>>();
+ public static final TreeMap<String,List<UserRole>> byRole = new TreeMap<String,List<UserRole>>();
+
+ public final String user, role, ns, rname;
+ public final Date expires;
+
+ public UserRole(String user, String ns, String rname, Date expires) {
+ this.user = user;
+ this.role = ns + '.' + rname;
+ this.ns = ns;
+ this.rname = rname;
+ this.expires = expires;
+ }
+
+ public UserRole(String user, String role, String ns, String rname, Date expires) {
+ this.user = user;
+ this.role = role;
+ this.ns = ns;
+ this.rname = rname;
+ this.expires = expires;
+ }
+
+ public static void load(Trans trans, Session session, Creator<UserRole> creator ) {
+ load(trans,session,creator,null);
+ }
+
+ public static void loadOneRole(Trans trans, Session session, Creator<UserRole> creator, String role) {
+ load(trans,session,creator,"role='" + role +"' ALLOW FILTERING;");
+ }
+
+ public static void loadOneUser(Trans trans, Session session, Creator<UserRole> creator, String user ) {
+ load(trans,session,creator,"role='"+ user +"';");
+ }
+
+ private static void load(Trans trans, Session session, Creator<UserRole> creator, String where) {
+ String query = creator.query(where);
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read UserRoles", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load UserRole", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ ++count;
+ row = iter.next();
+ UserRole ur = creator.create(row);
+ data.add(ur);
+
+ List<UserRole> lur = byUser.get(ur.user);
+ if(lur==null) {
+ lur = new ArrayList<UserRole>();
+ byUser.put(ur.user, lur);
+ }
+ lur.add(ur);
+
+ lur = byRole.get(ur.role);
+ if(lur==null) {
+ lur = new ArrayList<UserRole>();
+ byRole.put(ur.role, lur);
+ }
+ lur.add(ur);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"UserRoles");
+ }
+
+
+ }
+
+ public static Creator<UserRole> v2_0_11 = new Creator<UserRole>() {
+ @Override
+ public UserRole create(Row row) {
+ return new UserRole(row.getString(0), row.getString(1), row.getString(2),row.getString(3),row.getDate(4));
+ }
+
+ @Override
+ public String select() {
+ return "select user,role,ns,rname,expires from authz.user_role";
+ }
+ };
+
+ public UserRoleDAO.Data to() {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = user;
+ urd.role = role;
+ urd.ns = ns;
+ urd.rname = rname;
+ urd.expires = expires;
+ return urd;
+ }
+
+ public String toString() {
+ return "\"" + user + "\",\"" + role + "\",\"" + ns + "\",\"" + rname + "\",\""+ Chrono.dateOnlyStamp(expires);
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.authz.Batch;
+import com.att.authz.actions.Email;
+import com.att.authz.actions.Message;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Approver;
+import com.att.authz.helpers.Notification;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+import com.att.authz.org.Organization.Identity;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.dao.CassAccess;
+import com.att.dao.aaf.cass.ApprovalDAO;
+import com.att.dao.aaf.cass.ApprovalDAO.Data;
+import com.att.inno.env.APIException;
+
+public class ApprNotify extends Batch {
+ private final ApprovalDAO apprDAO;
+ private Result<List<Data>> rladd;
+ private Email email;
+
+ public ApprNotify(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ apprDAO = new ApprovalDAO(trans, cluster, CassAccess.KEYSPACE);
+ session = apprDAO.getSession(trans);
+ rladd = apprDAO.readByStatus(trans,"pending");
+ if(isDryRun()) {
+ email = new Email();//EmailPrint();
+ } else {
+ email = new Email();
+ }
+ email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
+ email.preamble("AAF is the AT&T System for Fine-Grained Authorizations. "
+ + "You are being asked to Approve in the %s environment before AAF Actions can be taken. \n\n"
+ + " Please follow this link:\n\n\t%s/approve"
+ ,batchEnv,env.getProperty(GUI_URL));
+
+ Notification.load(trans, session, Notification.v2_0_14);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ if(rladd.isOK()) {
+ if(rladd.isEmpty()) {
+ trans.warn().log("No Pending Approvals to Process");
+ } else {
+ Organization org=null;
+ //Map<String,Organization> users = new HashMap<String,Organization>();
+ Map<String,Approver> users = new TreeMap<String,Approver>();
+
+ for(Data data : rladd.value) {
+ // We've already seen this approver. Simply add the new request to him.
+ try {
+ Approver approver = users.get(data.approver);
+ if(approver==null) {
+ org = OrganizationFactory.obtain(trans.env(), data.approver);
+ approver = new Approver(data.approver, org);
+ users.put(data.approver, approver);
+ }
+ approver.addRequest(data.user);
+ } catch (OrganizationException e) {
+ trans.error().log(e);
+ }
+ }
+
+ // Notify
+ Message msg = new Message();
+ for(Approver approver : users.values()) {
+ try {
+ Notification n = Notification.addApproval(trans, org.getIdentity(trans, approver.name));
+ approver.build(msg);
+ n.set(msg);
+ if(n.update(trans, session, isDryRun())) {
+ Identity user = n.org.getIdentity(trans, approver.name);
+ email.clear();
+ email.addTo(user.email());
+ email.msg(msg);
+ email.exec(trans, n.org);
+ }
+ } catch (OrganizationException e) {
+ trans.error().log(e);
+ }
+ }
+ }
+ } else {
+ trans.error().log('[',rladd.status,']',rladd.details);
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ apprDAO.close(trans);
+ }
+
+
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.Cred.Instance;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+
+public class CheckCred extends Batch{
+
+ public CheckCred(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ Cred.load(trans, session);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ String query;
+ for(Cred cred : Cred.data.values()) {
+ for(Instance inst : cred.instances) {
+ if(inst.other==0) {
+ if(dryRun) {
+ trans.warn().log("Ensuring 'other' is numeric");
+ } else {
+ query = "UPDATE authz.cred SET other=0 WHERE "
+ + "id='" + cred.id
+ + "' AND type=" + inst.type
+ + " AND expires='" + Chrono.dateStamp(inst.expires)
+ + "';";
+ session.execute(query);
+ trans.warn().log("resetting 'other'",query);
+ }
+ }
+ }
+ }
+
+ }
+ /*
+ /// Evaluate
+ for(UserRole urKey : UserRole.data) {
+ NSSplit nss = NS.deriveParent(urKey.role);
+ if(nss==null && NS.data.size()>0 ) { // there is no Namespace for this UserRole
+ if(dryRun) {
+ trans.warn().printf("Would delete %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ } else {
+ query = "DELETE FROM authz.user_role WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().printf("Deleting %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ }
+ } else if(urKey.ns == null || urKey.rname == null || !urKey.role.equals(urKey.ns+'.'+urKey.rname)) {
+ if(dryRun) {
+ trans.warn().log(urKey,"needs to be split and added to Record (", urKey.ns, urKey.rname,")");
+ } else {
+ query = "UPDATE authz.user_role SET ns='" + nss.ns
+ + "', rname='" + nss.other
+ + "' WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().log("Setting ns and rname",query);
+ }
+ }
+ }
+ }
+ */
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.NsAttrib;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.dao.aaf.cass.NsType;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class CheckNS extends Batch{
+
+ public CheckNS(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans, session,NS.v2_0_11);
+ Role.load(trans, session);
+ Perm.load(trans, session);
+ NsAttrib.load(trans, session, NsAttrib.v2_0_11);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+
+ String msg;
+ String query;
+ trans.info().log(STARS, msg = "Checking for NS type mis-match", STARS);
+ TimeTaken tt = trans.start(msg, Env.SUB);
+ try {
+ for(NS ns : NS.data.values()) {
+ if(ns.description==null) {
+ trans.warn().log("Namepace description is null. Changing to empty string.");
+ if(dryRun) {
+ trans.warn().log("Namepace description is null. Changing to empty string");
+ } else {
+ query = "UPDATE authz.ns SET description='' WHERE name='" + ns.name +"';";
+ session.execute(query);
+ }
+ }
+ int scope = count(ns.name,'.');
+ NsType nt;
+ switch(scope) {
+ case 0:
+ nt = NsType.DOT;
+ break;
+ case 1:
+ nt = NsType.ROOT;
+ break;
+ case 2:
+ nt = NsType.COMPANY;
+ break;
+ default:
+ nt = NsType.APP;
+ break;
+ }
+ if(ns.type!=nt.type || ns.scope !=scope) {
+ if(dryRun) {
+ trans.warn().log("Namepace",ns.name,"has no type. Should change to ",nt.name());
+ } else {
+ query = "UPDATE authz.ns SET type=" + nt.type + ", scope=" + scope + " WHERE name='" + ns.name +"';";
+ trans.warn().log("Namepace",ns.name,"changing to",nt.name()+":",query);
+ session.execute(query);
+ }
+ }
+ }
+ } finally {
+ tt.done();
+ }
+
+
+ trans.info().log(STARS, msg = "Checking for NS admin/owner mis-match", STARS);
+ tt = trans.start(msg, Env.SUB);
+ try {
+ /// Evaluate
+ for(NS nk : NS.data.values()) {
+ //String name;
+ String roleAdmin = nk.name+"|admin";
+ String roleAdminPrev = nk.name+".admin";
+ String roleOwner = nk.name+"|owner";
+ String roleOwnerPrev = nk.name+".owner";
+ String permAll = nk.name+"|access|*|*";
+ String permAllPrev = nk.name+".access|*|*";
+ String permRead = nk.name+"|access|*|read";
+ String permReadPrev = nk.name+".access|*|read";
+ // Admins
+
+ Role rk = Role.keys.get(roleAdmin); // accomodate new role key
+ // Role Admin should exist
+ if(rk==null) {
+ if(dryRun) {
+ trans.warn().log(nk.name + " is missing role: " + roleAdmin);
+ } else {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES ('"
+ + nk.name
+ + "','admin','Automatic Administration',"
+ + "{'" + nk.name + "|access|*|*'});";
+ session.execute(query);
+ env.info().log(query);
+
+
+ if(Role.keys.get(roleAdminPrev)!=null) {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + roleAdminPrev + "'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ } else {
+ // Role Admin should be linked to Perm All
+ if(!rk.perms.contains(permAll)) {
+ if(dryRun) {
+ trans.warn().log(roleAdmin,"is not linked to",permAll);
+ } else {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(rk.perms.contains(permAllPrev)) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + ".access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+ // Role Admin should not be linked to Perm Read
+ if(rk.perms.contains(permRead)) {
+ if(dryRun) {
+ trans.warn().log(roleAdmin,"should not be linked to",permRead);
+ } else {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+
+ Perm pk = Perm.keys.get(permAll);
+ if(pk==null) {
+ trans.warn().log(nk.name + " is missing perm: " + permAll);
+ if(!dryRun) {
+ query = "INSERT INTO authz.perm(ns, type,instance,action,description, roles) VALUES ('"
+ + nk.name
+ + "','access','*','*','Namespace Write',"
+ + "{'" + nk.name + "|admin'});";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ } else {
+ // PermALL should be linked to Role Admin
+ if(!pk.roles.contains(roleAdmin)) {
+ trans.warn().log(permAll,"is not linked to",roleAdmin);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(pk.roles.contains(roleAdminPrev)) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + ".admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+
+ // PermALL should be not linked to Role Owner
+ if(pk.roles.contains(roleOwner)) {
+ trans.warn().log(permAll,"should not be linked to",roleOwner);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + "|owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ }
+
+
+
+ // Owner
+ rk = Role.keys.get(roleOwner);
+ if(rk==null) {
+ trans.warn().log(nk.name + " is missing role: " + roleOwner);
+ if(!dryRun) {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES('"
+ + nk.name
+ + "','owner','Automatic Owners',"
+ + "{'" + nk.name + "|access|*|read'});";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ } else {
+ // Role Owner should be linked to permRead
+ if(!rk.perms.contains(permRead)) {
+ trans.warn().log(roleOwner,"is not linked to",permRead);
+ if(!dryRun) {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='owner'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(rk.perms.contains(permReadPrev)) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + ".access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='owner'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+ // Role Owner should not be linked to PermAll
+ if(rk.perms.contains(permAll)) {
+ trans.warn().log(roleAdmin,"should not be linked to",permAll);
+ if(!dryRun) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + "|access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ }
+
+ pk = Perm.keys.get(permRead);
+ if(pk==null) {
+ trans.warn().log(nk.name + " is missing perm: " + permRead);
+ if(!dryRun) {
+ query = "INSERT INTO authz.perm(ns, type,instance,action,description, roles) VALUES ('"
+ + nk.name
+ + "','access','*','read','Namespace Read',"
+ + "{'" + nk.name + "|owner'});";
+ session.execute(query);
+ env.info().log(query);
+ }
+ } else {
+ // PermRead should be linked to roleOwner
+ if(!pk.roles.contains(roleOwner)) {
+ trans.warn().log(permRead, "is not linked to", roleOwner);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(pk.roles.contains(roleOwnerPrev)) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + ".owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+ // PermRead should be not linked to RoleAdmin
+ if(pk.roles.contains(roleAdmin)) {
+ if(dryRun) {
+ trans.warn().log(permRead,"should not be linked to",roleAdmin);
+ } else {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + "|admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+
+
+ int dot = nk.name.lastIndexOf('.');
+ String parent;
+ if(dot<0) {
+ parent = ".";
+ } else {
+ parent = nk.name.substring(0, dot);
+ }
+
+ if(!parent.equals(nk.parent)) {
+ if(dryRun) {
+ trans.warn().log(nk.name + " is missing namespace data");
+ } else {
+ query = "UPDATE authz.ns SET parent='"+parent+"'" +
+ " WHERE name='" + nk.name + "';";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ // During Migration:
+ List<NsAttrib> swm = NsAttrib.byNS.get(nk.name);
+ boolean hasSwmV1 = false;
+ if(swm!=null) {for(NsAttrib na : swm) {
+ if("swm".equals(na.key) && "v1".equals(na.value)) {
+ hasSwmV1=true;
+ break;
+ }
+ }}
+ String roleMem = nk.name+"|member";
+ Role rm = Role.keys.get(roleMem); // Accommodate new role key
+ if(rm==null && hasSwmV1) {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES ('"
+ + nk.name
+ + "','member','Member',"
+ + "{'" + nk.name + "|access|*|read'});";
+ session.execute(query);
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='member'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ if(rm!=null) {
+ if(!rm.perms.contains(permRead)) {
+ if(isDryRun()) {
+ env.info().log(nk.name+"|member needs " + nk.name + "|access|*|read");
+ } else {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|member'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'"
+ + (hasSwmV1?",'"+nk.name+"|swm.star|*|*'":"")
+ + "} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='member'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ if(hasSwmV1) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|member'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='swm.star' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+ }
+
+
+
+ // Best Guess Owner
+
+// owner = Role.keys.get(ns.)
+ }
+ } finally {
+ tt.done();
+ }
+
+ }
+
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.Set;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Split;
+
+public class CheckRolePerm extends Batch{
+
+ public CheckRolePerm(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans,session,NS.v2_0_11);
+ Role.load(trans, session);
+ Perm.load(trans, session);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ // Run for Roles
+ trans.info().log("Checking for Role/Perm mis-match");
+
+ String query;
+ /// Evaluate from Role side
+ for(Role roleKey : Role.data.keySet()) {
+ for(String perm : Role.data.get(roleKey)) {
+ Perm pk = Perm.keys.get(perm);
+ if(pk==null) {
+ NS ns=null;
+ String msg = perm + " in role " + roleKey.fullName() + " does not exist";
+ String newPerm;
+ String[] s = Split.split('|', perm);
+ if(s.length==3) {
+ int i;
+ String find = s[0];
+ for(i=find.lastIndexOf('.');ns==null && i>=0;i=find.lastIndexOf('.', i-1)) {
+ ns = NS.data.get(find.substring(0,i));
+ }
+ if(ns==null) {
+ newPerm = perm;
+ } else {
+ newPerm = ns.name + '|' + s[0].substring(i+1) + '|' + s[1] + '|' + s[2];
+ }
+ } else {
+ newPerm = perm;
+ }
+ if(dryRun) {
+ if(ns==null) {
+ trans.warn().log(msg, "- would remove role from perm;");
+ } else {
+ trans.warn().log(msg, "- would update role in perm;");
+ }
+ } else {
+ if(ns!=null) {
+ query = "UPDATE authz.role SET perms = perms + {'" +
+ newPerm + "'}"
+ + (roleKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + roleKey.ns
+ + "' AND name='" + roleKey.name + "';";
+ trans.warn().log("Fixing role in perm",query);
+ session.execute(query);
+ }
+
+ query = "UPDATE authz.role SET perms = perms - {'"
+ + perm.replace("'", "''") + "'}"
+ + (roleKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + roleKey.ns
+ + "' AND name='" + roleKey.name + "';";
+ session.execute(query);
+ trans.warn().log(msg, "- removing role from perm");
+// env.info().log( "query: " + query );
+ }
+ } else {
+ Set<String> p_roles = Perm.data.get(pk);
+ if(p_roles!=null && !p_roles.contains(roleKey.encode())) {
+ String msg = perm + " does not have role: " + roleKey;
+ if(dryRun) {
+ trans.warn().log(msg,"- should add this role to this perm;");
+ } else {
+ query = "update authz.perm set roles = roles + {'"
+ + roleKey.encode() + "'}"
+ + (pk.description==null?", description=''":"")
+ + " WHERE "
+ + "ns='" + pk.ns
+ + "' AND type='" + pk.type
+ + "' AND instance='" + pk.instance
+ + "' AND action='" + pk.action
+ + "';";
+ session.execute(query);
+ trans.warn().log(msg,"- adding perm to role");
+ }
+
+ }
+ }
+ }
+ }
+
+ for(Perm permKey : Perm.data.keySet()) {
+ for(String role : Perm.data.get(permKey)) {
+ Role rk = Role.keys.get(role);
+ if(rk==null) {
+ String s = role + " in perm " + permKey.encode() + " does not exist";
+ if(dryRun) {
+ trans.warn().log(s,"- would remove perm from role;");
+ } else {
+ query = "update authz.perm set roles = roles - {'"
+ + role.replace("'","''") + "'}"
+ + (permKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + permKey.ns
+ + "' AND type='" + permKey.type
+ + "' AND instance='" + permKey.instance
+ + "' AND action='" + permKey.action + "';";
+ session.execute(query);
+ trans.warn().log(s,"- removing role from perm");
+ }
+ } else {
+ Set<String> r_perms = Role.data.get(rk);
+ if(r_perms!=null && !r_perms.contains(permKey.encode())) {
+ String s ="Role '" + role + "' does not have perm: '" + permKey + '\'';
+ if(dryRun) {
+ trans.warn().log(s,"- should add this perm to this role;");
+ } else {
+ query = "update authz.role set perms = perms + {'"
+ + permKey.encode() + "'}"
+ + (rk.description==null?", description=''":"")
+ + " WHERE "
+ + "ns='" + rk.ns
+ + "' AND name='" + rk.name + "';";
+ session.execute(query);
+ trans.warn().log(s,"- adding role to perm");
+ }
+ }
+ }
+ }
+ }
+
+ }
+
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.NS.NSSplit;
+import com.att.authz.helpers.UserRole;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class CheckUR extends Batch{
+
+ public CheckUR(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans, session,NS.v2_0_11);
+ UserRole.load(trans, session,UserRole.v2_0_11);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ trans.info().log("Get All Namespaces");
+
+
+ String query;
+
+ /// Evaluate
+ for(UserRole urKey : UserRole.data) {
+ NSSplit nss = NS.deriveParent(urKey.role);
+ if(nss==null && NS.data.size()>0 ) { // there is no Namespace for this UserRole
+ if(dryRun) {
+ trans.warn().printf("Would delete %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ } else {
+ query = "DELETE FROM authz.user_role WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().printf("Deleting %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ }
+ } else if(urKey.ns == null || urKey.rname == null || !urKey.role.equals(urKey.ns+'.'+urKey.rname)) {
+ if(dryRun) {
+ trans.warn().log(urKey,"needs to be split and added to Record (", urKey.ns, urKey.rname,")");
+ } else {
+ query = "UPDATE authz.user_role SET ns='" + nss.ns
+ + "', rname='" + nss.other
+ + "' WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().log("Setting ns and rname",query);
+ }
+ }
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.actions.Action;
+import com.att.authz.actions.ActionDAO;
+import com.att.authz.actions.CredDelete;
+import com.att.authz.actions.CredPrint;
+import com.att.authz.actions.FADelete;
+import com.att.authz.actions.FAPrint;
+import com.att.authz.actions.Key;
+import com.att.authz.actions.URDelete;
+import com.att.authz.actions.URFutureApprove;
+import com.att.authz.actions.URFuturePrint;
+import com.att.authz.actions.URPrint;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.Cred.Instance;
+import com.att.authz.helpers.Future;
+import com.att.authz.helpers.Notification;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Identity;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class Expiring extends Batch {
+
+ private final Action<UserRole,Void> urDelete,urPrint;
+ private final Action<UserRole,List<Identity>> urFutureApprove;
+ private final Action<CredDAO.Data,Void> crDelete,crPrint;
+ private final Action<Future,Void> faDelete;
+// private final Email email;
+ private final Key<UserRole> memoKey;
+
+ public Expiring(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ trans.info().log("Starting Connection Process");
+ TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+ try {
+ urPrint = new URPrint("Expired:");
+ crPrint = new CredPrint("Expired:");
+
+ URFutureApprove ufr = new URFutureApprove(trans,cluster);
+ memoKey = ufr;
+
+ if(isDryRun()) {
+ urDelete = new URPrint("Would Delete:");
+ // While Testing
+// urFutureApprove = ufr;
+ urFutureApprove = new URFuturePrint("Would setup Future/Approvals");
+ crDelete = new CredPrint("Would Delete:");
+ faDelete = new FAPrint("Would Delete:");
+// email = new EmailPrint();
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ } else {
+ TimeTaken tt = trans.start("Connect to Cluster with DAOs", Env.REMOTE);
+ try {
+ ActionDAO<UserRole,Void> adao;
+ urDelete = adao = new URDelete(trans, cluster);
+ urFutureApprove = new URFutureApprove(trans,adao);
+ faDelete = new FADelete(trans, adao);
+
+ crDelete = new CredDelete(trans, adao);
+// email = new Email();
+ TimeTaken tt2 = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = adao.getSession(trans);
+ } finally {
+ tt2.done();
+ }
+ } finally {
+ tt.done();
+ }
+ }
+
+ UserRole.load(trans, session, UserRole.v2_0_11);
+ Cred.load(trans, session);
+ Notification.load(trans, session, Notification.v2_0_14);
+ Future.load(trans,session,Future.v2_0_15);
+ } finally {
+ tt0.done();
+ }
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ // Setup Date boundaries
+ Date now = new Date();
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.setTime(now);
+ gc.add(GregorianCalendar.MONTH, 1);
+ Date future = gc.getTime();
+ gc.setTime(now);
+ gc.add(GregorianCalendar.MONTH, -1);
+ Date tooLate = gc.getTime();
+ int count = 0, deleted=0;
+
+// List<Notification> ln = new ArrayList<Notification>();
+ TimeTaken tt;
+
+ // Run for Expired Futures
+ trans.info().log("Checking for Expired Futures");
+ tt = trans.start("Delete old Futures", Env.REMOTE);
+ try {
+ List<Future> delf = new ArrayList<Future>();
+ for(Future f : Future.data) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ if(f.expires.before(now)) {
+ faDelete.exec(localTrans, f);
+ delf.add(f);
+ }
+ }
+ Future.delete(delf);
+ } finally {
+ tt.done();
+ }
+
+ // Run for Roles
+ trans.info().log("Checking for Expired Roles");
+ try {
+ for(UserRole ur : UserRole.data) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ if(ur.expires.before(tooLate)) {
+ if("owner".equals(ur.rname)) { // don't delete Owners, even if Expired
+ urPrint.exec(localTrans,ur);
+ } else {
+ urDelete.exec(localTrans,ur);
+ ++deleted;
+ trans.logAuditTrail(trans.info());
+ }
+ ++count;
+ } else if(ur.expires.before(future)) {
+ List<Future> fbm = Future.byMemo.get(memoKey.key(ur));
+ if(fbm==null || fbm.isEmpty()) {
+ Result<List<Identity>> rapprovers = urFutureApprove.exec(localTrans, ur);
+ if(rapprovers.isOK()) {
+ for(Identity ou : rapprovers.value) {
+// Notification n = Notification.addApproval(localTrans,ou);
+// if(n.org==null) {
+// n.org = getOrgFromID(localTrans, ur.user);
+// }
+// ln.add(n);
+ urPrint.exec(localTrans,ur);
+ if(isDryRun()) {
+ trans.logAuditTrail(trans.info());
+ }
+ }
+ }
+ }
+ ++count;
+ }
+ }
+ } finally {
+ env.info().log("Found",count,"roles expiring before",future);
+ env.info().log("deleting",deleted,"roles expiring before",tooLate);
+ }
+
+// // Email Approval Notification
+// email.subject("AAF Role Expiration Warning (ENV: %s)", batchEnv);
+// email.indent("");
+// for(Notification n: ln) {
+// if(n.org==null) {
+// trans.error().log("No Organization for Notification");
+// } else if(n.update(trans, session, isDryRun())) {
+// email.clear();
+// email.addTo(n.user);
+// email.line(n.text(new StringBuilder()).toString());
+// email.exec(trans,n.org);
+// }
+// }
+ // Run for Creds
+ trans.info().log("Checking for Expired Credentials");
+ System.out.flush();
+ count = 0;
+ try {
+ CredDAO.Data crd = new CredDAO.Data();
+ Date last = null;
+ for( Cred creds : Cred.data.values()) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ crd.id = creds.id;
+ for(int type : creds.types()) {
+ crd.type = type;
+ for( Instance inst : creds.instances) {
+ if(inst.expires.before(tooLate)) {
+ crd.expires = inst.expires;
+ crDelete.exec(localTrans, crd);
+ } else if(last==null || inst.expires.after(last)) {
+ last = inst.expires;
+ }
+ }
+ if(last!=null) {
+ if(last.before(future)) {
+ crd.expires = last;
+ crPrint.exec(localTrans, crd);
+ ++count;
+ }
+ }
+ }
+ }
+ } finally {
+ env.info().log("Found",count,"current creds expiring before",future);
+ }
+
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ for(Action<?,?> action : new Action<?,?>[] {urDelete,crDelete}) {
+ if(action instanceof ActionDAO) {
+ ((ActionDAO<?,?>)action).close(trans);
+ }
+ }
+ session.close();
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.authz.helpers.UserRole;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class NSDump extends Batch{
+ private PrintStream out = System.out;
+ private final String ns, admin, owner;
+
+ public NSDump(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ if(args().length>0) {
+ ns = args()[0];
+ } else {
+ throw new APIException("NSDump requires \"NS\" parameter");
+ }
+ admin = ns + "|admin";
+ owner = ns + "|owner";
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ NS.loadOne(trans, session,NS.v2_0_11,ns);
+ Role.loadOneNS(trans, session, ns);
+ if(Role.data.keySet().size()>5) {
+ UserRole.load(trans, session,UserRole.v2_0_11);
+ } else {
+ for(Role r : Role.data.keySet()) {
+ UserRole.loadOneRole(trans, session, UserRole.v2_0_11, r.fullName());
+ }
+ }
+ Perm.loadOneNS(trans,session,ns);
+ Cred.loadOneNS(trans, session, ns);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ Date now = new Date();
+ for(NS ns : NS.data.values()) {
+ out.format("# Data for Namespace [%s] - %s\n",ns.name,ns.description);
+ out.format("ns create %s",ns);
+ boolean first = true;
+ List<UserRole> owners = UserRole.byRole.get(owner);
+ if(owners!=null)for(UserRole ur : owners) {
+ if(first) {
+ out.append(' ');
+ first = false;
+ } else {
+ out.append(',');
+ }
+ out.append(ur.user);
+ }
+ first = true;
+ List<UserRole> admins = UserRole.byRole.get(admin);
+ if(admins!=null)for(UserRole ur : admins) {
+ if(first) {
+ out.append(' ');
+ first = false;
+ } else {
+ out.append(',');
+ }
+ out.append(ur.user);
+ }
+ out.println();
+
+ // Load Creds
+ Date last;
+ for(Cred c : Cred.data.values()) {
+ for(int i : c.types()) {
+ last = c.last(i);
+ if(last!=null && now.before(last)) {
+ switch(i) {
+ case 1:
+ out.format(" user cred add %s %s\n", c.id,"new2you!");
+ break;
+ case 200:
+ out.format(" # CERT needs registering for %s\n", c.id);
+ break;
+ default:
+ out.format(" # Unknown Type for %s\n", c.id);
+ }
+ }
+ }
+ }
+
+ // Load Roles
+ for(Role r : Role.data.keySet()) {
+ if(!"admin".equals(r.name) && !"owner".equals(r.name)) {
+ out.format(" role create %s\n",r.fullName());
+ List<UserRole> lur = UserRole.byRole.get(r.fullName());
+ if(lur!=null)for(UserRole ur : lur) {
+ if(ur.expires.after(now)) {
+ out.format(" request role user add %s %s\n", ur.role,ur.user);
+ }
+ }
+ }
+ }
+
+ // Load Perms
+ for(Perm r : Perm.data.keySet()) {
+ out.format(" perm create %s.%s %s %s\n",r.ns,r.type,r.instance,r.action);
+ for(String role : r.roles) {
+ out.format(" request perm grant %s.%s %s %s %s\n", r.ns,r.type,r.instance,r.action,Role.fullName(role));
+ }
+ }
+
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+
+}
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+
+cd $ROOT_DIR
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="SyncV1V2"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+
+cd $ROOT_DIR
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="SyncV1V2 v1 v2"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+
+cd $ROOT_DIR
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="SyncV2V1"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+
+cd $ROOT_DIR
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="SyncV2V1 v2 v1"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+ENV_CONTEXT=_ENV_CONTEXT_
+
+cd $ROOT_DIR
+
+if [ ! -e "$ROOT_DIR/data/stage" ]; then
+ mkdir -p $ROOT_DIR/data/stage
+fi
+
+if [ ! -e "$ROOT_DIR/data/$ENV_CONTEXT/stage" ]; then
+ mkdir -p $ROOT_DIR/data/$ENV_CONTEXT
+ ln -s $ROOT_DIR/data/stage $ROOT_DIR/data/$ENV_CONTEXT/stage
+fi
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="V1DataFile all"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+
+cd $ROOT_DIR/data/stage
+LATEST=`ls -tr v1*.dat | tail -1`
+if [ "$LATEST" != "" ]; then
+ > ../v1.lock
+ cp -p $LATEST ../v1.dat
+ rm ../v1.lock
+fi
+
+LATEST=`ls -tr v1*.skip | tail -1`
+if [ "$LATEST" != "" ]; then
+ cp -p $LATEST ../v1.skip
+fi
+
+for FILE in `ls v1* | grep -v .gz`; do
+ gzip $FILE
+done
+
+
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+ENV_CONTEXT=_ENV_CONTEXT_
+
+cd $ROOT_DIR
+
+if [ ! -e "$ROOT_DIR/data/stage" ]; then
+ mkdir -p $ROOT_DIR/data/stage
+fi
+
+if [ ! -e "$ROOT_DIR/data/$ENV_CONTEXT/stage" ]; then
+ mkdir -p $ROOT_DIR/data/$ENV_CONTEXT
+ ln -s $ROOT_DIR/data/stage $ROOT_DIR/data/$ENV_CONTEXT/stage
+fi
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+CMD="V2DataFile all"
+echo $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP com.att.authz.Batch $CMD >> $ROOT_DIR/cronlog
+date >> $ROOT_DIR/cronlog
+
+cd $ROOT_DIR/data/stage
+LATEST=`ls -tr v2*.dat | tail -1`
+if [ "$LATEST" != "" ]; then
+ > ../v2.lock
+ cp -p $LATEST ../v2.dat
+ rm ../v2.lock
+fi
+
+LATEST=`ls -tr v2*.skip | tail -1`
+if [ "$LATEST" != "" ]; then
+ cp -p $LATEST ../v2.skip
+fi
+
+for FILE in `ls v2* | grep -v .gz`; do
+ gzip $FILE
+done
+
+
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+PATH=${PATH}:${JAVA_HOME}/bin
+ROOT_DIR=_ROOT_DIR_
+cd $ROOT_DIR
+
+if [ "$1" = "InnerConsistency" ]; then
+ CLS=com.att.authz.temp.InnerConsistency
+ shift
+else
+ CLS=com.att.authz.Batch
+fi
+
+CP=${ROOT_DIR}/etc
+for FILE in `ls $ROOT_DIR/lib/*.jar`; do
+ CP=$CP:$FILE
+done
+
+date
+$JAVA_HOME/bin/java -Xmx2048m -classpath $CP $CLS $*
+date
--- /dev/null
+#!/bin/env bash
+
+if [[ $# < 1 ]]; then
+ echo "USAGE: run_batch ExpiryNotification|ApprNotify|JobChange|RoleExpiration|ValidateUsers"
+ exit 1;
+fi
+
+JAVA_HOME=_JAVA_HOME_
+AAF_CP="_ROOT_DIR_/etc"
+for JAR in `find _ROOT_DIR_/lib -name *.jar` ; do
+ AAF_CP="$AAF_CP:$JAR"
+done
+
+$JAVA_HOME/bin/java -cp $AAF_CP com.att.authz.Batch $*
+
+
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-cass</artifactId>\r
+ <name>Authz Cass</name>\r
+ <description>Cassandra DAOs for Authz</description>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.datastax.cassandra</groupId>\r
+ <artifactId>cassandra-driver-core</artifactId>\r
+ </dependency> \r
+ \r
+ <!-- Cassandra prefers Snappy and LZ4 libs for performance -->\r
+ <dependency>\r
+ <groupId>org.xerial.snappy</groupId>\r
+ <artifactId>snappy-java</artifactId>\r
+ <version>1.1.1-M1</version>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>net.jpountz.lz4</groupId>\r
+ <artifactId>lz4</artifactId>\r
+ <version>1.2.0</version>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.googlecode.jcsv</groupId>\r
+ <artifactId>jcsv</artifactId>\r
+ <version>1.4.0</version>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>org.slf4j</groupId>\r
+ <artifactId>slf4j-log4j12</artifactId>\r
+ <scope>test</scope>\r
+ </dependency>\r
+ \r
+ \r
+ </dependencies>\r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-jarsigner-plugin</artifactId>\r
+ </plugin>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ </plugins>\r
+ </build>\r
+</project>\r
+\r
--- /dev/null
+//
+// Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+//
+USE authz;
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+// Create 'com' root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com',1,'Root Namespace',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','admin',{'com.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','owner',{'com.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
+
+// Create org root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org',1,'Root Namespace Org',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
+
+
+// Create com.att
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att',2,'AT&T Namespace','com',2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
+
+// Create com.att.aaf
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
+
+
+// Create org.openecomp
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
--- /dev/null
+//
+// Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+//
+// For Developer Machine single instance
+//
+ CREATE KEYSPACE authz
+ WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy. Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+ name varchar,
+ scope int, // deprecated 2.0.11
+ description varchar,
+ parent varchar,
+ type int,
+ PRIMARY KEY (name)
+);
+CREATE INDEX ns_parent on ns(parent);
+
+
+CREATE TABLE ns_attrib (
+ ns varchar,
+ key varchar,
+ value varchar,
+ PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+ ns varchar,
+ name varchar,
+ perms set<varchar>, // Use "Key" of "name|type|action"
+ description varchar,
+ PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name ON role(name);
+
+// Will be cached
+CREATE TABLE perm (
+ ns varchar,
+ type varchar,
+ instance varchar,
+ action varchar,
+ roles set<varchar>, // Need to find Roles given Permissions
+ description varchar,
+ PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+ user varchar,
+ role varchar, // deprecated: change to ns/rname after 2.0.11
+ ns varchar,
+ rname varchar,
+ expires timestamp,
+ PRIMARY KEY(user,role)
+ );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+ id varchar,
+ type int,
+ expires timestamp,
+ ns varchar,
+ other int,
+ notes varchar,
+ cred blob,
+ prev blob,
+ PRIMARY KEY (id,type,expires)
+ );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+// coordinated with CRED type 2
+CREATE TABLE cert (
+ fingerprint blob,
+ id varchar,
+ x500 varchar,
+ expires timestamp,
+ PRIMARY KEY (fingerprint)
+ );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
+ PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+ ca text,
+ serial blob,
+ id text,
+ x500 text,
+ x509 text,
+ PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+//
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+ mechid text,
+ machine text,
+ type Set<text>,
+ sponsor text,
+ ca text,
+ dir text,
+ appName text,
+ os_user text,
+ notify text,
+ expires timestamp,
+ renewDays int,
+ PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine);
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+ name varchar,
+ seg int, // cache Segment
+ touched timestamp,
+ PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+ id timeuuid,
+ yr_mon int,
+ user varchar,
+ action varchar,
+ target varchar, // user, user_role,
+ subject varchar, // field for searching main portion of target key
+ memo varchar, //description of the action
+ reconstruct blob, //serialized form of the target
+ // detail Map<varchar, varchar>, // additional information
+ PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user);
+CREATE INDEX history_subject ON history(subject);
+
+//
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+ id uuid, // uniquify
+ target varchar, // Target Table
+ memo varchar, // Description
+ start timestamp, // When it should take effect
+ expires timestamp, // When not longer valid
+ construct blob, // How to construct this object (like History)
+ PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+ id timeuuid, // unique Key
+ ticket uuid, // Link to Future Record
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE delegate (
+ user varchar,
+ delegate varchar,
+ expires timestamp,
+ PRIMARY KEY (user)
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+ class text,
+ host text,
+ start timestamp,
+ PRIMARY KEY ((class))
+);
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.Deque;\r
+import java.util.List;\r
+import java.util.concurrent.ConcurrentLinkedDeque;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.TransStore;\r
+import com.datastax.driver.core.BoundStatement;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ConsistencyLevel;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.ResultSetFuture;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.Session;\r
+import com.datastax.driver.core.exceptions.DriverException;\r
+\r
+public abstract class AbsCassDAO<TRANS extends TransStore,DATA> {\r
+ protected static final char DOT = '.';\r
+ protected static final char DOT_PLUS_ONE = '.'+1;\r
+ protected static final String FIRST_CHAR = Character.toString((char)0);\r
+ protected static final String LAST_CHAR = Character.toString((char)Character.MAX_VALUE);\r
+ protected static final int FIELD_COMMAS = 0;\r
+ protected static final int QUESTION_COMMAS = 1;\r
+ protected static final int ASSIGNMENT_COMMAS = 2;\r
+ protected static final int WHERE_ANDS = 3;\r
+ \r
+ private Cluster cluster; \r
+ private Session session;\r
+ private final String keyspace;\r
+ // If this is null, then we own session\r
+ private final AbsCassDAO<TRANS,?> owningDAO;\r
+ protected Class<DATA> dataClass;\r
+ private final String name;\r
+ private static Slot sessionSlot;\r
+ //private static final ArrayList<AbsCassDAO<? extends TransStore,?>.PSInfo> psinfos = new ArrayList<AbsCassDAO<TransStore,?>.PSInfo>();\r
+ private static final ArrayList<AbsCassDAO<? extends TransStore,?>.PSInfo> psinfos = new ArrayList<AbsCassDAO<? extends TransStore,?>.PSInfo>();\r
+ private static final List<Object> EMPTY = new ArrayList<Object>(0);\r
+ private static final Deque<ResetRequest> resetDeque = new ConcurrentLinkedDeque<ResetRequest>();\r
+ private static boolean resetTrigger = false;\r
+ private static long nextAvailableReset = 0;\r
+ \r
+\r
+ public AbsCassDAO(TRANS trans, String name, Cluster cluster, String keyspace, Class<DATA> dataClass) {\r
+ this.name = name;\r
+ this.cluster = cluster;\r
+ this.keyspace = keyspace;\r
+ owningDAO = null; // we own session\r
+ session = null;\r
+ this.dataClass = dataClass;\r
+ \r
+ }\r
+\r
+ public AbsCassDAO(TRANS trans, String name, AbsCassDAO<TRANS,?> aDao, Class<DATA> dataClass) { \r
+ this.name = name;\r
+ cluster = aDao.cluster;\r
+ keyspace = aDao.keyspace;\r
+ session = null;\r
+ owningDAO = aDao; // We do not own session\r
+ this.dataClass = dataClass;\r
+ }\r
+ \r
+ public static void setSessionSlot(Slot slot) {\r
+ sessionSlot = slot;\r
+ }\r
+\r
+ //Note: Lower case ON PURPOSE. These names used to create History Messages\r
+ public enum CRUD {\r
+ create,read,update,delete\r
+ ;\r
+\r
+}\r
+\r
+ public class PSInfo {\r
+ private BoundStatement ps;\r
+ private final int size;\r
+ private final Loader<DATA> loader;\r
+ private final CRUD crud; // Store CRUD, because it makes a difference in Object Order, see Loader\r
+ private final String cql;\r
+ private final ConsistencyLevel consistency;\r
+\r
+\r
+ /**\r
+ * Create a PSInfo and create Prepared Statement\r
+ * \r
+ * @param trans\r
+ * @param theCQL\r
+ * @param loader\r
+ */\r
+ public PSInfo(TRANS trans, String theCQL, Loader<DATA> loader, ConsistencyLevel consistency) {\r
+ this.loader = loader;\r
+ this.consistency=consistency;\r
+ psinfos.add(this);\r
+\r
+ cql = theCQL.trim().toUpperCase();\r
+ if(cql.startsWith("INSERT")) {\r
+ crud = CRUD.create;\r
+ } else if(cql.startsWith("UPDATE")) {\r
+ crud = CRUD.update;\r
+ } else if(cql.startsWith("DELETE")) {\r
+ crud = CRUD.delete;\r
+ } else {\r
+ crud = CRUD.read;\r
+ }\r
+ \r
+ int idx = 0, count=0;\r
+ while((idx=cql.indexOf('?',idx))>=0) {\r
+ ++idx;\r
+ ++count;\r
+ }\r
+ size=count;\r
+ }\r
+ \r
+ public synchronized void reset() {\r
+ ps = null;\r
+ }\r
+ \r
+ private BoundStatement ps(TransStore trans) throws APIException, IOException {\r
+ if(ps==null) {\r
+ synchronized(this) {\r
+ if(ps==null) {\r
+ TimeTaken tt = trans.start("Preparing PSInfo " + crud.toString().toUpperCase() + " on " + name,Env.SUB);\r
+ try {\r
+ ps = new BoundStatement(getSession(trans).prepare(cql));\r
+ ps.setConsistencyLevel(consistency);\r
+ } catch (DriverException e) {\r
+ reportPerhapsReset(trans,e);\r
+ throw e;\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return ps;\r
+ }\r
+\r
+ /**\r
+ * Execute a Prepared Statement by extracting from DATA object\r
+ * \r
+ * @param trans\r
+ * @param text\r
+ * @param data\r
+ * @return\r
+ */\r
+ public Result<ResultSetFuture> execAsync(TRANS trans, String text, DATA data) {\r
+ TimeTaken tt = trans.start(text, Env.REMOTE);\r
+ try {\r
+ return Result.ok(getSession(trans).executeAsync(\r
+ ps(trans).bind(loader.extract(data, size, crud))));\r
+ } catch (DriverException | APIException | IOException e) {\r
+ AbsCassDAO.this.reportPerhapsReset(trans,e);\r
+ return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Execute a Prepared Statement on Object[] key\r
+ * \r
+ * @param trans\r
+ * @param text\r
+ * @param objs\r
+ * @return\r
+ */\r
+ public Result<ResultSetFuture> execAsync(TRANS trans, String text, Object ... objs) {\r
+ TimeTaken tt = trans.start(text, Env.REMOTE);\r
+ try {\r
+ return Result.ok(getSession(trans).executeAsync(ps(trans).bind(objs)));\r
+ } catch (DriverException | APIException | IOException e) {\r
+ AbsCassDAO.this.reportPerhapsReset(trans,e);\r
+ return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ /* \r
+ * Note:\r
+ * \r
+ */\r
+\r
+ /**\r
+ * Execute a Prepared Statement by extracting from DATA object\r
+ * \r
+ * @param trans\r
+ * @param text\r
+ * @param data\r
+ * @return\r
+ */\r
+ public Result<ResultSet> exec(TRANS trans, String text, DATA data) {\r
+ TimeTaken tt = trans.start(text, Env.REMOTE);\r
+ try {\r
+ /*\r
+ * "execute" (and executeAsync)\r
+ * Executes the provided query.\r
+ This method blocks until at least some result has been received from the database. However, \r
+ for SELECT queries, it does not guarantee that the result has been received in full. But it \r
+ does guarantee that some response has been received from the database, and in particular \r
+ guarantee that if the request is invalid, an exception will be thrown by this method.\r
+\r
+ Parameters:\r
+ statement - the CQL query to execute (that can be any Statement).\r
+ Returns:\r
+ the result of the query. That result will never be null but can be empty (and will \r
+ be for any non SELECT query).\r
+ */\r
+ return Result.ok(getSession(trans).execute(\r
+ ps(trans).bind(loader.extract(data, size, crud))));\r
+ } catch (DriverException | APIException | IOException e) {\r
+ AbsCassDAO.this.reportPerhapsReset(trans,e);\r
+ return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Execute a Prepared Statement on Object[] key\r
+ * \r
+ * @param trans\r
+ * @param text\r
+ * @param objs\r
+ * @return\r
+ */\r
+ public Result<ResultSet> exec(TRANS trans, String text, Object ... objs) {\r
+ TimeTaken tt = trans.start(text, Env.REMOTE);\r
+ try {\r
+ return Result.ok(getSession(trans).execute(ps(trans).bind(objs)));\r
+ } catch (DriverException | APIException | IOException e) {\r
+ AbsCassDAO.this.reportPerhapsReset(trans,e);\r
+ return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Read the Data from Cassandra given a Prepared Statement (defined by the\r
+ * DAO Instance)\r
+ *\r
+ * This is common behavior among all DAOs.\r
+ * @throws DAOException\r
+ */\r
+ public Result<List<DATA>> read(TRANS trans, String text, Object[] key) {\r
+ TimeTaken tt = trans.start(text,Env.REMOTE);\r
+ \r
+ ResultSet rs;\r
+ try {\r
+ rs = getSession(trans).execute(key==null?ps(trans):ps(trans).bind(key));\r
+/// TEST CODE for Exception \r
+// boolean force = true; \r
+// if(force) {\r
+// Map<InetSocketAddress, Throwable> misa = new HashMap<InetSocketAddress,Throwable>();\r
+// //misa.put(new InetSocketAddress(444),new Exception("no host was tried"));\r
+// misa.put(new InetSocketAddress(444),new Exception("Connection has been closed"));\r
+// throw new com.datastax.driver.core.exceptions.NoHostAvailableException(misa);\r
+//// throw new com.datastax.driver.core.exceptions.AuthenticationException(new InetSocketAddress(9999),"no host was tried");\r
+// }\r
+//// END TEST CODE\r
+ } catch (DriverException | APIException | IOException e) {\r
+ AbsCassDAO.this.reportPerhapsReset(trans,e);\r
+ return Result.err(Status.ERR_Backend,"%s-%s executing %s",e.getClass().getName(),e.getMessage(), cql);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ return extract(loader,rs,null /*let Array be created if necessary*/,dflt);\r
+ }\r
+ \r
+ public Result<List<DATA>> read(TRANS trans, String text, DATA data) {\r
+ return read(trans,text, loader.extract(data, size, crud));\r
+ }\r
+ \r
+ public Object[] keyFrom(DATA data) {\r
+ return loader.extract(data, size, CRUD.delete); // Delete is key only\r
+ }\r
+\r
+ /*\r
+ * Note: in case PSInfos are deleted, we want to remove them from list. This is not expected, \r
+ * but we don't want a data leak if it does. Finalize doesn't have to happen quickly\r
+ */\r
+ @Override\r
+ protected void finalize() throws Throwable {\r
+ psinfos.remove(this);\r
+ }\r
+ }\r
+\r
+ protected final Accept<DATA> dflt = new Accept<DATA>() {\r
+ @Override\r
+ public boolean ok(DATA data) {\r
+ return true;\r
+ }\r
+ };\r
+\r
+\r
+ @SuppressWarnings("unchecked")\r
+ protected final Result<List<DATA>> extract(Loader<DATA> loader, ResultSet rs, List<DATA> indata, Accept<DATA> accept) {\r
+ List<Row> rows = rs.all();\r
+ if(rows.isEmpty()) {\r
+ return Result.ok((List<DATA>)EMPTY); // Result sets now .emptyList(true);\r
+ } else {\r
+ DATA d;\r
+ List<DATA> data = indata==null?new ArrayList<DATA>(rows.size()):indata;\r
+ \r
+ for(Row row : rows) {\r
+ try {\r
+ d = loader.load(dataClass.newInstance(),row);\r
+ if(accept.ok(d)) {\r
+ data.add(d);\r
+ }\r
+ } catch(Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ }\r
+ return Result.ok(data);\r
+ }\r
+ }\r
+ \r
+ private static final String NEW_CASSANDRA_SESSION_CREATED = "New Cassandra Session Created";\r
+ private static final String NEW_CASSANDRA_CLUSTER_OBJECT_CREATED = "New Cassandra Cluster Object Created";\r
+ private static final String NEW_CASSANDRA_SESSION = "New Cassandra Session";\r
+\r
+ private static class ResetRequest {\r
+ //package on purpose\r
+ Session session;\r
+ long timestamp;\r
+ \r
+ public ResetRequest(Session session) {\r
+ this.session = session;\r
+ timestamp = System.currentTimeMillis();\r
+ }\r
+ }\r
+\r
+ \r
+ public static final void primePSIs(TransStore trans) throws APIException, IOException {\r
+ for(AbsCassDAO<? extends TransStore, ?>.PSInfo psi : psinfos) {\r
+ if(psi.ps==null) {\r
+ psi.ps(trans);\r
+ }\r
+ }\r
+ }\r
+ \r
+ public final Session getSession(TransStore trans) throws APIException, IOException {\r
+ // Try to use Trans' session, if exists\r
+ if(sessionSlot!=null) { // try to get from Trans\r
+ Session sess = trans.get(sessionSlot, null);\r
+ if(sess!=null) {\r
+ return sess;\r
+ }\r
+ }\r
+ \r
+ // If there's an owning DAO, use it's session\r
+ if(owningDAO!=null) {\r
+ return owningDAO.getSession(trans);\r
+ }\r
+ \r
+ // OK, nothing else works... get our own.\r
+ if(session==null || resetTrigger) {\r
+ Cluster tempCluster = null;\r
+ Session tempSession = null;\r
+ try {\r
+ synchronized(NEW_CASSANDRA_SESSION_CREATED) {\r
+ boolean reset = false;\r
+ for(ResetRequest r : resetDeque) {\r
+ if(r.session == session) {\r
+ if(r.timestamp>nextAvailableReset) {\r
+ reset=true;\r
+ nextAvailableReset = System.currentTimeMillis() + 60000;\r
+ tempCluster = cluster;\r
+ tempSession = session;\r
+ break;\r
+ } else {\r
+ trans.warn().log("Cassandra Connection Reset Ignored: Recent Reset");\r
+ }\r
+ }\r
+ }\r
+ \r
+ if(reset || session == null) {\r
+ TimeTaken tt = trans.start(NEW_CASSANDRA_SESSION, Env.SUB);\r
+ try {\r
+ // Note: Maitrayee recommended not closing the cluster, just\r
+ // overwrite it. 9/30/2016 assuming same for Session\r
+ // This was a bad idea. Ran out of File Handles as I suspected..\r
+ if(reset) {\r
+ for(AbsCassDAO<? extends TransStore, ?>.PSInfo psi : psinfos) {\r
+ psi.reset();\r
+ }\r
+ }\r
+ if(reset || cluster==null) {\r
+ cluster = CassAccess.cluster(trans, keyspace);\r
+ trans.warn().log(NEW_CASSANDRA_CLUSTER_OBJECT_CREATED);\r
+ }\r
+ if(reset || session==null) {\r
+ session = cluster.connect(keyspace);\r
+ trans.warn().log(NEW_CASSANDRA_SESSION_CREATED);\r
+ }\r
+ } finally {\r
+ resetTrigger=false;\r
+ tt.done();\r
+ }\r
+ }\r
+ }\r
+ } finally {\r
+ TimeTaken tt = trans.start("Clear Reset Deque", Env.SUB);\r
+ try {\r
+ resetDeque.clear();\r
+ // Not clearing Session/Cluster appears to kill off FileHandles\r
+ if(tempSession!=null && !tempSession.isClosed()) {\r
+ tempSession.close();\r
+ }\r
+ if(tempCluster!=null && !tempCluster.isClosed()) {\r
+ tempCluster.close();\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ }\r
+ return session;\r
+ }\r
+ \r
+ public final boolean reportPerhapsReset(TransStore trans, Exception e) {\r
+ if(owningDAO!=null) {\r
+ return owningDAO.reportPerhapsReset(trans, e);\r
+ } else {\r
+ boolean rv = false;\r
+ if(CassAccess.isResetException(e)) {\r
+ trans.warn().printf("Session Reset called for %s by %s ",session==null?"":session,e==null?"Mgmt Command":e.getClass().getName());\r
+ resetDeque.addFirst(new ResetRequest(session));\r
+ rv = resetTrigger = true;\r
+ } \r
+ trans.error().log(e);\r
+ return rv;\r
+ }\r
+ }\r
+\r
+ public void close(TransStore trans) {\r
+ if(owningDAO==null) {\r
+ if(session!=null) {\r
+ TimeTaken tt = trans.start("Cassandra Session Close", Env.SUB);\r
+ try {\r
+ session.close();\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ session = null;\r
+ } else {\r
+ trans.debug().log("close called(), Session already closed");\r
+ }\r
+ } else {\r
+ owningDAO.close(trans);\r
+ }\r
+ }\r
+\r
+ protected void wasModified(TRANS trans, CRUD modified, DATA data, String ... override) {\r
+ }\r
+ \r
+ protected interface Accept<DATA> {\r
+ public boolean ok(DATA data);\r
+ }\r
+\r
+}\r
+\r
+\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+\r
+public interface Bytification {\r
+ public ByteBuffer bytify() throws IOException;\r
+ public void reconstitute(ByteBuffer bb) throws IOException;\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.util.Date;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.inno.env.Trans;\r
+\r
+public interface CIDAO<TRANS extends Trans> {\r
+\r
+ /**\r
+ * Touch the date field for given Table\r
+ * \r
+ * @param trans\r
+ * @param name\r
+ * @return\r
+ */\r
+ public abstract Result<Void> touch(TRANS trans, String name, int ... seg);\r
+\r
+ /**\r
+ * Read all Info entries, and set local Date objects\r
+ * \r
+ * This is to support regular data checks on the Database to speed up Caching behavior\r
+ * \r
+ */\r
+ public abstract Result<Void> check(TRANS trans);\r
+\r
+ public abstract Date get(TRANS trans, String table, int seg);\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+/**\r
+ * Interface to obtain Segment Integer from DAO Data\r
+ * for use in Caching mechanism\r
+ * \r
+ * This should typically be obtained by getting the Hash of the key, then using modulus on the size of segment.\r
+ * \r
+ *\r
+ */\r
+public interface Cacheable {\r
+ public int[] invalidate(Cached<?,?> cache);\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Timer;\r
+import java.util.TimerTask;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cache.Cache;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Trans;\r
+\r
+public class Cached<TRANS extends Trans, DATA extends Cacheable> extends Cache<TRANS,DATA> {\r
+ // Java does not allow creation of Arrays with Generics in them...\r
+ // private Map<String,Dated> cache[];\r
+ protected final CIDAO<TRANS> info;\r
+ \r
+ private static Timer infoTimer;\r
+ private Object cache[];\r
+ public final int segSize;\r
+\r
+ protected final String name;\r
+ \r
+\r
+\r
+ // Taken from String Hash, but coded, to ensure consistent across Java versions. Also covers negative case;\r
+ public int cacheIdx(String key) {\r
+ int h = 0;\r
+ for (int i = 0; i < key.length(); i++) {\r
+ h = 31*h + key.charAt(i);\r
+ }\r
+ if(h<0)h*=-1;\r
+ return h%segSize;\r
+ }\r
+ \r
+ public Cached(CIDAO<TRANS> info, String name, int segSize) {\r
+ this.name =name;\r
+ this.segSize = segSize;\r
+ this.info = info;\r
+ cache = new Object[segSize];\r
+ // Create a new Map for each Segment, and store locally\r
+ for(int i=0;i<segSize;++i) {\r
+ cache[i]=obtain(name+i);\r
+ }\r
+ }\r
+ \r
+ public void add(String key, List<DATA> data) {\r
+ @SuppressWarnings("unchecked")\r
+ Map<String,Dated> map = ((Map<String,Dated>)cache[cacheIdx(key)]);\r
+ map.put(key, new Dated(data));\r
+ }\r
+\r
+\r
+ public int invalidate(String key) {\r
+ int cacheIdx = cacheIdx(key);\r
+ @SuppressWarnings("unchecked")\r
+ Map<String,Dated> map = ((Map<String,Dated>)cache[cacheIdx]);\r
+// if(map.remove(key)!=null) // Not seeming to remove all the time\r
+ if(map!=null)map.clear();\r
+// System.err.println("Remove " + name + " " + key);\r
+ return cacheIdx;\r
+ }\r
+\r
+ public Result<Void> invalidate(int segment) {\r
+ if(segment<0 || segment>=cache.length) return Result.err(Status.ERR_BadData,"Cache Segment %s is out of range",Integer.toString(segment));\r
+ @SuppressWarnings("unchecked")\r
+ Map<String,Dated> map = ((Map<String,Dated>)cache[segment]);\r
+ if(map!=null) {\r
+ map.clear();\r
+ }\r
+ return Result.ok();\r
+ }\r
+\r
+ protected interface Getter<D> {\r
+ public abstract Result<List<D>> get();\r
+ };\r
+ \r
+ // TODO utilize Segmented Caches, and fold "get" into "reads"\r
+ @SuppressWarnings("unchecked")\r
+ public Result<List<DATA>> get(TRANS trans, String key, Getter<DATA> getter) {\r
+ List<DATA> ld = null;\r
+ Result<List<DATA>> rld = null;\r
+ \r
+ int cacheIdx = cacheIdx(key);\r
+ Map<String, Dated> map = ((Map<String,Dated>)cache[cacheIdx]);\r
+ \r
+ // Check for saved element in cache\r
+ Dated cached = map.get(key);\r
+ // Note: These Segment Timestamps are kept up to date with DB\r
+ Date dbStamp = info.get(trans, name,cacheIdx);\r
+ \r
+ // Check for cache Entry and whether it is still good (a good Cache Entry is same or after DBEntry, so we use "before" syntax)\r
+ if(cached!=null && dbStamp.before(cached.timestamp)) {\r
+ ld = (List<DATA>)cached.data;\r
+ rld = Result.ok(ld);\r
+ } else {\r
+ rld = getter.get();\r
+ if(rld.isOK()) { // only store valid lists\r
+ map.put(key, new Dated(rld.value)); // successful item found gets put in cache\r
+// } else if(rld.status == Result.ERR_Backend){\r
+// map.remove(key);\r
+ }\r
+ }\r
+ return rld;\r
+ }\r
+\r
+ /**\r
+ * Each Cached object has multiple Segments that need cleaning. Derive each, and add to Cleansing Thread\r
+ * @param env\r
+ * @param dao\r
+ */\r
+ public static void startCleansing(AuthzEnv env, CachedDAO<?,?,?> ... dao) {\r
+ for(CachedDAO<?,?,?> d : dao) { \r
+ for(int i=0;i<d.segSize;++i) {\r
+ startCleansing(env, d.table()+i);\r
+ }\r
+ }\r
+ }\r
+\r
+\r
+ public static<T extends Trans> void startRefresh(AuthzEnv env, CIDAO<AuthzTrans> cidao) {\r
+ if(infoTimer==null) {\r
+ infoTimer = new Timer("CachedDAO Info Refresh Timer");\r
+ int minRefresh = 10*1000*60; // 10 mins Integer.parseInt(env.getProperty(CACHE_MIN_REFRESH_INTERVAL,"2000")); // 2 second minimum refresh \r
+ infoTimer.schedule(new Refresh(env,cidao, minRefresh), 1000, minRefresh); // note: Refresh from DB immediately\r
+ }\r
+ }\r
+ \r
+ public static void stopTimer() {\r
+ Cache.stopTimer();\r
+ if(infoTimer!=null) {\r
+ infoTimer.cancel();\r
+ infoTimer = null;\r
+ }\r
+ }\r
+ \r
+ private final static class Refresh extends TimerTask {\r
+ private static final int maxRefresh = 2*60*10000; // 20 mins\r
+ private AuthzEnv env;\r
+ private CIDAO<AuthzTrans> cidao;\r
+ private int minRefresh;\r
+ private long lastRun;\r
+ \r
+ public Refresh(AuthzEnv env, CIDAO<AuthzTrans> cidao, int minRefresh) {\r
+ this.env = env;\r
+ this.cidao = cidao;\r
+ this.minRefresh = minRefresh;\r
+ lastRun = System.currentTimeMillis()-maxRefresh-1000;\r
+ }\r
+ \r
+ @Override\r
+ public void run() {\r
+ // Evaluate whether to refresh based on transaction rate\r
+ long now = System.currentTimeMillis();\r
+ long interval = now-lastRun;\r
+\r
+ if(interval < minRefresh || interval < Math.min(env.transRate(),maxRefresh)) return;\r
+ lastRun = now;\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ Result<Void> rv = cidao.check(trans);\r
+ if(rv.status!=Result.OK) {\r
+ env.error().log("Error in CacheInfo Refresh",rv.details);\r
+ }\r
+ if(env.debug().isLoggable()) {\r
+ StringBuilder sb = new StringBuilder("Cache Info Refresh: ");\r
+ trans.auditTrail(0, sb, Env.REMOTE);\r
+ env.debug().log(sb);\r
+ }\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * CachedDAO\r
+ * \r
+ * Cache the response of "get" of any DAO. \r
+ * \r
+ * For simplicity's sake, at this time, we only do this for single Object keys \r
+ * \r
+ *\r
+ * @param <DATA>\r
+ */\r
+public class CachedDAO<TRANS extends Trans,D extends DAO<TRANS,DATA>,DATA extends Cacheable> \r
+ extends Cached<TRANS,DATA> implements DAO_RO<TRANS,DATA>{\r
+// private final String dirty_str; \r
+ \r
+ private final D dao;\r
+\r
+ public CachedDAO(D dao, CIDAO<TRANS> info, int segsize) {\r
+ super(info, dao.table(), segsize);\r
+ \r
+ // Instantiate a new Cache per DAO name (so separate instances use the same cache) \r
+ this.dao = dao;\r
+ //read_str = "Cached READ for " + dao.table();\r
+// dirty_str = "Cache DIRTY on " + dao.table();\r
+ if(dao instanceof CassDAOImpl) {\r
+ ((CassDAOImpl<?,?>)dao).cache = this;\r
+ }\r
+ }\r
+ \r
+ public static<T extends Trans, DA extends DAO<T,DT>, DT extends Cacheable> \r
+ CachedDAO<T,DA,DT> create(DA dao, CIDAO<T> info, int segsize) {\r
+ return new CachedDAO<T,DA,DT>(dao,info, segsize);\r
+ }\r
+\r
+ public void add(DATA data) {\r
+ String key = keyFromObjs(dao.keyFrom(data));\r
+ List<DATA> list = new ArrayList<DATA>();\r
+ list.add(data);\r
+ super.add(key,list);\r
+ }\r
+ \r
+// public void invalidate(TRANS trans, Object ... objs) {\r
+// TimeTaken tt = trans.start(dirty_str, Env.SUB);\r
+// try {\r
+// super.invalidate(keyFromObjs(objs));\r
+// } finally {\r
+// tt.done();\r
+// }\r
+// }\r
+\r
+ public static String keyFromObjs(Object ... objs) {\r
+ String key;\r
+ if(objs.length==1 && objs[0] instanceof String) {\r
+ key = (String)objs[0];\r
+ } else {\r
+ StringBuilder sb = new StringBuilder();\r
+ boolean first = true;\r
+ for(Object o : objs) {\r
+ if(o!=null) {\r
+ if(first) {\r
+ first =false;\r
+ } else {\r
+ sb.append('|');\r
+ }\r
+ sb.append(o.toString());\r
+ }\r
+ }\r
+ key = sb.toString();\r
+ }\r
+ return key;\r
+ }\r
+\r
+ public Result<DATA> create(TRANS trans, DATA data) {\r
+ Result<DATA> d = dao.create(trans,data);\r
+ if(d.status==Status.OK) {\r
+ add(d.value);\r
+ } else {\r
+ trans.error().log(d.errorString());\r
+ }\r
+ invalidate(trans,data);\r
+ return d;\r
+ }\r
+\r
+ protected class DAOGetter implements Getter<DATA> {\r
+ protected TRANS trans;\r
+ protected Object objs[];\r
+ protected D dao;\r
+ public Result<List<DATA>> result;\r
+\r
+ public DAOGetter(TRANS trans, D dao, Object ... objs) {\r
+ this.trans = trans;\r
+ this.dao = dao;\r
+ this.objs = objs;\r
+ }\r
+ \r
+ /**\r
+ * Separated into single call for easy overloading\r
+ * @return\r
+ */\r
+ public Result<List<DATA>> call() {\r
+ return dao.read(trans, objs);\r
+ }\r
+ \r
+ @Override\r
+ public final Result<List<DATA>> get() {\r
+ return call();\r
+// if(result.isOKhasData()) { // Note, given above logic, could exist, but stale\r
+// return result.value;\r
+// } else {\r
+// return null;\r
+// }\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<List<DATA>> read(final TRANS trans, final Object ... objs) {\r
+ DAOGetter getter = new DAOGetter(trans,dao,objs); \r
+ return get(trans, keyFromObjs(objs),getter);\r
+// if(ld!=null) {\r
+// return Result.ok(ld);//.emptyList(ld.isEmpty());\r
+// }\r
+// // Result Result if exists\r
+// if(getter.result==null) {\r
+// return Result.err(Status.ERR_NotFound, "No Cache or Lookup found on [%s]",dao.table());\r
+// }\r
+// return getter.result;\r
+ }\r
+\r
+ // Slight Improved performance available when String and Obj versions are known. \r
+ public Result<List<DATA>> read(final String key, final TRANS trans, final Object ... objs) {\r
+ DAOGetter getter = new DAOGetter(trans,dao,objs); \r
+ return get(trans, key, getter);\r
+// if(ld!=null) {\r
+// return Result.ok(ld);//.emptyList(ld.isEmpty());\r
+// }\r
+// // Result Result if exists\r
+// if(getter.result==null) {\r
+// return Result.err(Status.ERR_NotFound, "No Cache or Lookup found on [%s]",dao.table());\r
+// }\r
+// return getter.result;\r
+ }\r
+ \r
+ @Override\r
+ public Result<List<DATA>> read(TRANS trans, DATA data) {\r
+ return read(trans,dao.keyFrom(data));\r
+ }\r
+ public Result<Void> update(TRANS trans, DATA data) {\r
+ Result<Void> d = dao.update(trans, data);\r
+ if(d.status==Status.OK) {\r
+ add(data);\r
+ } else {\r
+ trans.error().log(d.errorString());\r
+ }\r
+ return d;\r
+ }\r
+\r
+ public Result<Void> delete(TRANS trans, DATA data, boolean reread) {\r
+ if(reread) { // If reread, get from Cache, if possible, not DB exclusively\r
+ Result<List<DATA>> rd = read(trans,data);\r
+ if(rd.notOK()) {\r
+ return Result.err(rd);\r
+ } else {\r
+ trans.error().log(rd.errorString());\r
+ }\r
+ if(rd.isEmpty()) {\r
+ data.invalidate(this);\r
+ return Result.err(Status.ERR_NotFound,"Not Found");\r
+ }\r
+ data = rd.value.get(0);\r
+ }\r
+ Result<Void> rv=dao.delete(trans, data, false);\r
+ data.invalidate(this);\r
+ return rv;\r
+ }\r
+ \r
+ @Override\r
+ public void close(TRANS trans) {\r
+ if(dao!=null) {\r
+ dao.close(trans);\r
+ }\r
+ }\r
+ \r
+\r
+ @Override\r
+ public String table() {\r
+ return dao.table();\r
+ }\r
+ \r
+ public D dao() {\r
+ return dao;\r
+ }\r
+ \r
+ public void invalidate(TRANS trans, DATA data) {\r
+ if(info.touch(trans, dao.table(),data.invalidate(this)).notOK()) {\r
+ trans.error().log("Cannot touch CacheInfo for Role");\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.cadi.routing.GreatCircle;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.util.Split;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Cluster.Builder;\r
+import com.datastax.driver.core.policies.DCAwareRoundRobinPolicy;\r
+\r
+public class CassAccess {\r
+ public static final String KEYSPACE = "authz";\r
+ public static final String CASSANDRA_CLUSTERS = "cassandra.clusters";\r
+ public static final String CASSANDRA_CLUSTERS_PORT = "cassandra.clusters.port";\r
+ public static final String CASSANDRA_CLUSTERS_USER_NAME = "cassandra.clusters.user";\r
+ public static final String CASSANDRA_CLUSTERS_PASSWORD = "cassandra.clusters.password";\r
+ public static final String CASSANDRA_RESET_EXCEPTIONS = "cassandra.reset.exceptions";\r
+ public static final String LATITUDE = "LATITUDE";\r
+ public static final String LONGITUDE = "LONGITUDE";\r
+ private static final List<Resettable> resetExceptions = new ArrayList<Resettable>();\r
+ public static final String ERR_ACCESS_MSG = "Accessing Backend";\r
+ private static Builder cb = null;\r
+\r
+ /**\r
+ * To create DCAwareRoundRobing Policy:\r
+ * Need Properties\r
+ * LATITUDE (or AFT_LATITUDE)\r
+ * LONGITUDE (or AFT_LONGITUDE)\r
+ * CASSANDRA CLUSTERS with additional information:\r
+ * machine:DC:lat:long,machine:DC:lat:long\r
+ * @param env\r
+ * @param prefix\r
+ * @return\r
+ * @throws APIException\r
+ * @throws IOException\r
+ */\r
+\r
+ @SuppressWarnings("deprecation")\r
+ public static synchronized Cluster cluster(Env env, String prefix) throws APIException, IOException {\r
+ if(cb == null) {\r
+ String pre;\r
+ if(prefix==null) {\r
+ pre="";\r
+ } else {\r
+ env.info().log("Cassandra Connection for ",prefix);\r
+ pre = prefix+'.';\r
+ }\r
+ cb = Cluster.builder();\r
+ String str = env.getProperty(pre+CASSANDRA_CLUSTERS_PORT,"9042");\r
+ if(str!=null) {\r
+ env.init().log("Cass Port = ",str );\r
+ cb.withPort(Integer.parseInt(str));\r
+ }\r
+ str = env.getProperty(pre+CASSANDRA_CLUSTERS_USER_NAME,null);\r
+ if(str!=null) {\r
+ env.init().log("Cass User = ",str );\r
+ String epass = env.getProperty(pre + CASSANDRA_CLUSTERS_PASSWORD,null);\r
+ if(epass==null) {\r
+ throw new APIException("No Password configured for " + str);\r
+ }\r
+ //TODO Figure out way to ensure Decryptor setting in AuthzEnv\r
+ if(env instanceof AuthzEnv) {\r
+ cb.withCredentials(str,((AuthzEnv)env).decrypt(epass,true));\r
+ } else {\r
+ cb.withCredentials(str, env.decryptor().decrypt(epass));\r
+ }\r
+ }\r
+ \r
+ str = env.getProperty(pre+CASSANDRA_RESET_EXCEPTIONS,null);\r
+ if(str!=null) {\r
+ env.init().log("Cass ResetExceptions = ",str );\r
+ for(String ex : Split.split(',', str)) {\r
+ resetExceptions.add(new Resettable(env,ex));\r
+ }\r
+ }\r
+ \r
+ str = env.getProperty(LATITUDE,env.getProperty("AFT_LATITUDE",null));\r
+ Double lat = str!=null?Double.parseDouble(str):null;\r
+ str = env.getProperty(LONGITUDE,env.getProperty("AFT_LONGITUDE",null));\r
+ Double lon = str!=null?Double.parseDouble(str):null;\r
+ if(lat == null || lon == null) {\r
+ throw new APIException("LATITUDE(or AFT_LATITUDE) and/or LONGITUDE(or AFT_LATITUDE) are not set");\r
+ }\r
+ \r
+ env.init().printf("Service Latitude,Longitude = %f,%f",lat,lon);\r
+ \r
+ str = env.getProperty(pre+CASSANDRA_CLUSTERS,"localhost");\r
+ env.init().log("Cass Clusters = ",str );\r
+ String[] machs = Split.split(',', str);\r
+ String[] cpoints = new String[machs.length];\r
+ String bestDC = null;\r
+ int numInBestDC = 1;\r
+ double mlat, mlon,temp,distance = -1.0;\r
+ for(int i=0;i<machs.length;++i) {\r
+ String[] minfo = Split.split(':',machs[i]);\r
+ if(minfo.length>0) {\r
+ cpoints[i]=minfo[0];\r
+ }\r
+ \r
+ // Calc closest DC with Great Circle\r
+ if(minfo.length>3) {\r
+ mlat = Double.parseDouble(minfo[2]);\r
+ mlon = Double.parseDouble(minfo[3]);\r
+ if((temp=GreatCircle.calc(lat, lon, mlat, mlon)) > distance) {\r
+ distance = temp;\r
+ if(bestDC!=null && bestDC.equals(minfo[1])) {\r
+ ++numInBestDC;\r
+ } else {\r
+ bestDC = minfo[1];\r
+ numInBestDC = 1;\r
+ }\r
+ } else {\r
+ if(bestDC!=null && bestDC.equals(minfo[1])) {\r
+ ++numInBestDC;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ cb.addContactPoints(cpoints);\r
+ \r
+ if(bestDC!=null) {\r
+ // 8/26/2016 Management has determined that Accuracy is preferred over speed in bad situations\r
+ // Local DC Aware Load Balancing appears to have the highest normal performance, with the best\r
+ // Degraded Accuracy\r
+ cb.withLoadBalancingPolicy(new DCAwareRoundRobinPolicy(\r
+ bestDC, numInBestDC, true /*allow LocalDC to look at other DCs for LOCAL_QUORUM */));\r
+ env.init().printf("Cassandra configured for DCAwareRoundRobinPolicy at %s with emergency remote of up to %d node(s)"\r
+ ,bestDC, numInBestDC);\r
+ } else {\r
+ env.init().printf("Cassandra is using Default Policy, which is not DC aware");\r
+ }\r
+ }\r
+ return cb.build();\r
+ }\r
+ \r
+ private static class Resettable {\r
+ private Class<? extends Exception> cls;\r
+ private List<String> messages;\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ public Resettable(Env env, String propData) throws APIException {\r
+ if(propData!=null && propData.length()>1) {\r
+ String[] split = Split.split(':', propData);\r
+ if(split.length>0) {\r
+ try {\r
+ cls = (Class<? extends Exception>)Class.forName(split[0]);\r
+ } catch (ClassNotFoundException e) {\r
+ throw new APIException("Declared Cassandra Reset Exception, " + propData + ", cannot be ClassLoaded");\r
+ }\r
+ }\r
+ if(split.length>1) {\r
+ messages=new ArrayList<String>();\r
+ for(int i=1;i<split.length;++i) {\r
+ String str = split[i];\r
+ int start = str.startsWith("\"")?1:0;\r
+ int end = str.length()-(str.endsWith("\"")?1:0);\r
+ messages.add(split[i].substring(start, end));\r
+ }\r
+ } else {\r
+ messages = null;\r
+ }\r
+ }\r
+ }\r
+ \r
+ public boolean matches(Exception ex) {\r
+ if(ex.getClass().equals(cls)) {\r
+ if(messages!=null) {\r
+ String msg = ex.getMessage();\r
+ for(String m : messages) {\r
+ if(msg.contains(m)) {\r
+ return true;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+ }\r
+ \r
+ public static final boolean isResetException(Exception e) {\r
+ if(e==null) {\r
+ return true;\r
+ }\r
+ for(Resettable re : resetExceptions) {\r
+ if(re.matches(e)) {\r
+ return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.ByteArrayInputStream;\r
+import java.io.DataInputStream;\r
+import java.lang.reflect.Field;\r
+import java.nio.ByteBuffer;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.TransStore;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ConsistencyLevel;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.ResultSetFuture;\r
+\r
+/**\r
+ * AbsCassDAO\r
+ *\r
+ * Deal with the essentials of Interaction with Cassandra DataStore for all Cassandra DAOs\r
+ *\r
+ *\r
+ * @param <DATA>\r
+ */\r
+public class CassDAOImpl<TRANS extends TransStore,DATA> extends AbsCassDAO<TRANS, DATA> implements DAO<TRANS,DATA> {\r
+ public static final String USER_NAME = "__USER_NAME__";\r
+ protected static final String CREATE_SP = "CREATE ";\r
+ protected static final String UPDATE_SP = "UPDATE ";\r
+ protected static final String DELETE_SP = "DELETE ";\r
+ protected static final String SELECT_SP = "SELECT ";\r
+\r
+ protected final String C_TEXT = getClass().getSimpleName() + " CREATE";\r
+ protected final String R_TEXT = getClass().getSimpleName() + " READ";\r
+ protected final String U_TEXT = getClass().getSimpleName() + " UPDATE";\r
+ protected final String D_TEXT = getClass().getSimpleName() + " DELETE";\r
+ private String table;\r
+ \r
+ protected final ConsistencyLevel readConsistency,writeConsistency;\r
+ \r
+ // Setteable only by CachedDAO\r
+ protected Cached<?, ?> cache;\r
+\r
+ /**\r
+ * A Constructor from the originating Cluster. This DAO will open the Session at need,\r
+ * and shutdown the session when "close()" is called.\r
+ *\r
+ * @param cluster\r
+ * @param keyspace\r
+ * @param dataClass\r
+ */\r
+ public CassDAOImpl(TRANS trans, String name, Cluster cluster, String keyspace, Class<DATA> dataClass, String table, ConsistencyLevel read, ConsistencyLevel write) {\r
+ super(trans, name, cluster,keyspace,dataClass);\r
+ this.table = table;\r
+ readConsistency = read;\r
+ writeConsistency = write;\r
+ }\r
+ \r
+ /**\r
+ * A Constructor to share Session with other DAOs.\r
+ *\r
+ * This method get the Session and Cluster information from the calling DAO, and won't\r
+ * touch the Session on closure.\r
+ *\r
+ * @param aDao\r
+ * @param dataClass\r
+ */\r
+ public CassDAOImpl(TRANS trans, String name, AbsCassDAO<TRANS,?> aDao, Class<DATA> dataClass, String table, ConsistencyLevel read, ConsistencyLevel write) {\r
+ super(trans, name, aDao,dataClass);\r
+ this.table = table;\r
+ readConsistency = read;\r
+ writeConsistency = write;\r
+ }\r
+\r
+ protected PSInfo createPS;\r
+ protected PSInfo readPS;\r
+ protected PSInfo updatePS;\r
+ protected PSInfo deletePS;\r
+ private boolean async=false;\r
+\r
+ public void async(boolean bool) {\r
+ async = bool;\r
+ }\r
+\r
+ public final String[] setCRUD(TRANS trans, String table, Class<?> dc,Loader<DATA> loader) {\r
+ return setCRUD(trans, table, dc, loader, -1);\r
+ }\r
+ \r
+ public final String[] setCRUD(TRANS trans, String table, Class<?> dc,Loader<DATA> loader, int max) {\r
+ Field[] fields = dc.getDeclaredFields();\r
+ int end = max>=0 & max<fields.length?max:fields.length;\r
+ // get keylimit from a non-null Loader\r
+ int keylimit = loader.keylimit();\r
+ \r
+ StringBuilder sbfc = new StringBuilder();\r
+ StringBuilder sbq = new StringBuilder();\r
+ StringBuilder sbwc = new StringBuilder();\r
+ StringBuilder sbup = new StringBuilder();\r
+ \r
+ if(keylimit>0) {\r
+ for(int i=0;i<end;++i) {\r
+ if(i>0) {\r
+ sbfc.append(',');\r
+ sbq.append(',');\r
+ if(i<keylimit) {\r
+ sbwc.append(" AND ");\r
+ }\r
+ }\r
+ sbfc.append(fields[i].getName());\r
+ sbq.append('?');\r
+ if(i>=keylimit) {\r
+ if(i>keylimit) {\r
+ sbup.append(',');\r
+ }\r
+ sbup.append(fields[i].getName());\r
+ sbup.append("=?");\r
+ }\r
+ if(i<keylimit) {\r
+ sbwc.append(fields[i].getName());\r
+ sbwc.append("=?");\r
+ }\r
+ }\r
+ \r
+ createPS = new PSInfo(trans, "INSERT INTO " + table + " ("+ sbfc +") VALUES ("+ sbq +");",loader,writeConsistency);\r
+ \r
+ readPS = new PSInfo(trans, "SELECT " + sbfc + " FROM " + table + " WHERE " + sbwc + ';',loader,readConsistency);\r
+ \r
+ // Note: UPDATES can't compile if there are no fields besides keys... Use "Insert"\r
+ if(sbup.length()==0) {\r
+ updatePS = createPS; // the same as an insert\r
+ } else {\r
+ updatePS = new PSInfo(trans, "UPDATE " + table + " SET " + sbup + " WHERE " + sbwc + ';',loader,writeConsistency);\r
+ }\r
+ \r
+ deletePS = new PSInfo(trans, "DELETE FROM " + table + " WHERE " + sbwc + ';',loader,writeConsistency);\r
+ }\r
+ return new String[] {sbfc.toString(), sbq.toString(), sbup.toString(), sbwc.toString()};\r
+ }\r
+\r
+ public void replace(CRUD crud, PSInfo psInfo) {\r
+ switch(crud) {\r
+ case create: createPS = psInfo; break;\r
+ case read: readPS = psInfo; break;\r
+ case update: updatePS = psInfo; break;\r
+ case delete: deletePS = psInfo; break;\r
+ }\r
+ }\r
+\r
+ public void disable(CRUD crud) {\r
+ switch(crud) {\r
+ case create: createPS = null; break;\r
+ case read: readPS = null; break;\r
+ case update: updatePS = null; break;\r
+ case delete: deletePS = null; break;\r
+ }\r
+ }\r
+\r
+ \r
+ /**\r
+ * Given a DATA object, extract the individual elements from the Data into an Object Array for the\r
+ * execute element.\r
+ */\r
+ public Result<DATA> create(TRANS trans, DATA data) {\r
+ if(createPS==null) {\r
+ Result.err(Result.ERR_NotImplemented,"Create is disabled for %s",getClass().getSimpleName());\r
+ }\r
+ if(async) /*ResultSetFuture */ {\r
+ Result<ResultSetFuture> rs = createPS.execAsync(trans, C_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ } else {\r
+ Result<ResultSet> rs = createPS.exec(trans, C_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ }\r
+ wasModified(trans, CRUD.create, data);\r
+ return Result.ok(data);\r
+ }\r
+\r
+ /**\r
+ * Read the Unique Row associated with Full Keys\r
+ */\r
+ public Result<List<DATA>> read(TRANS trans, DATA data) {\r
+ if(readPS==null) {\r
+ Result.err(Result.ERR_NotImplemented,"Read is disabled for %s",getClass().getSimpleName());\r
+ }\r
+ return readPS.read(trans, R_TEXT, data);\r
+ }\r
+\r
+ public Result<List<DATA>> read(TRANS trans, Object ... key) {\r
+ if(readPS==null) {\r
+ Result.err(Result.ERR_NotImplemented,"Read is disabled for %s",getClass().getSimpleName());\r
+ }\r
+ return readPS.read(trans, R_TEXT, key);\r
+ }\r
+\r
+ public Result<Void> update(TRANS trans, DATA data) {\r
+ if(updatePS==null) {\r
+ Result.err(Result.ERR_NotImplemented,"Update is disabled for %s",getClass().getSimpleName());\r
+ }\r
+ if(async)/* ResultSet rs =*/ {\r
+ Result<ResultSetFuture> rs = updatePS.execAsync(trans, U_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ } else {\r
+ Result<ResultSet> rs = updatePS.exec(trans, U_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ }\r
+ \r
+ wasModified(trans, CRUD.update, data);\r
+ return Result.ok();\r
+ }\r
+\r
+ // This method Sig for Cached...\r
+ public Result<Void> delete(TRANS trans, DATA data, boolean reread) {\r
+ if(deletePS==null) {\r
+ Result.err(Result.ERR_NotImplemented,"Delete is disabled for %s",getClass().getSimpleName());\r
+ }\r
+ // Since Deleting will be stored off, for possible re-constitution, need the whole thing\r
+ if(reread) {\r
+ Result<List<DATA>> rd = read(trans,data);\r
+ if(rd.notOK()) {\r
+ return Result.err(rd);\r
+ }\r
+ if(rd.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound,"Not Found");\r
+ }\r
+ for(DATA d : rd.value) { \r
+ if(async) {\r
+ Result<ResultSetFuture> rs = deletePS.execAsync(trans, D_TEXT, d);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ } else {\r
+ Result<ResultSet> rs = deletePS.exec(trans, D_TEXT, d);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ }\r
+ wasModified(trans, CRUD.delete, d);\r
+ }\r
+ } else {\r
+ if(async)/* ResultSet rs =*/ {\r
+ Result<ResultSetFuture> rs = deletePS.execAsync(trans, D_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ } else {\r
+ Result<ResultSet> rs = deletePS.exec(trans, D_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ }\r
+ wasModified(trans, CRUD.delete, data);\r
+ }\r
+ return Result.ok();\r
+ }\r
+ \r
+ public final Object[] keyFrom(DATA data) {\r
+ return createPS.keyFrom(data);\r
+ }\r
+\r
+ @Override\r
+ public String table() {\r
+ return table;\r
+ }\r
+ \r
+ public static final String CASS_READ_CONSISTENCY="cassandra.readConsistency";\r
+ public static final String CASS_WRITE_CONSISTENCY="cassandra.writeConsistency";\r
+ protected static ConsistencyLevel readConsistency(AuthzTrans trans, String table) {\r
+ String prop = trans.getProperty(CASS_READ_CONSISTENCY+'.'+table);\r
+ if(prop==null) {\r
+ prop = trans.getProperty(CASS_READ_CONSISTENCY);\r
+ if(prop==null) {\r
+ return ConsistencyLevel.ONE; // this is Cassandra Default\r
+ }\r
+ }\r
+ return ConsistencyLevel.valueOf(prop);\r
+ }\r
+\r
+ protected static ConsistencyLevel writeConsistency(AuthzTrans trans, String table) {\r
+ String prop = trans.getProperty(CASS_WRITE_CONSISTENCY+'.'+table);\r
+ if(prop==null) {\r
+ prop = trans.getProperty(CASS_WRITE_CONSISTENCY);\r
+ if(prop==null) {\r
+ return ConsistencyLevel.ONE; // this is Cassandra Default\\r
+ }\r
+ }\r
+ return ConsistencyLevel.valueOf(prop);\r
+ }\r
+\r
+ public static DataInputStream toDIS(ByteBuffer bb) {\r
+ byte[] b = bb.array();\r
+ return new DataInputStream(\r
+ new ByteArrayInputStream(b,bb.position(),bb.limit())\r
+ );\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+/**\r
+ * DataAccessObject Interface\r
+ *\r
+ * Extend the ReadOnly form (for Get), and add manipulation methods\r
+ *\r
+ * @param <DATA>\r
+ */\r
+public interface DAO<TRANS extends Trans,DATA> extends DAO_RO<TRANS,DATA> {\r
+ public Result<DATA> create(TRANS trans, DATA data);\r
+ public Result<Void> update(TRANS trans, DATA data);\r
+ // In many cases, the data has been correctly read first, so we shouldn't read again\r
+ // Use reread=true if you are using DATA with only a Key\r
+ public Result<Void> delete(TRANS trans, DATA data, boolean reread);\r
+ public Object[] keyFrom(DATA data);\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+public class DAOException extends Exception {\r
+\r
+ /**\r
+ * \r
+ */\r
+ private static final long serialVersionUID = 1527904125585539823L;\r
+\r
+// // TODO - enum in result class == is our intended design, currently the DAO layer does not use Result<RV> so we still use these for now\r
+// public final static DAOException RoleNotFoundDAOException = new DAOException("RoleNotFound");\r
+// public final static DAOException PermissionNotFoundDAOException = new DAOException("PermissionNotFound");\r
+// public final static DAOException UserNotFoundDAOException = new DAOException("UserNotFound");\r
+\r
+ public DAOException() {\r
+ }\r
+\r
+ public DAOException(String message) {\r
+ super(message);\r
+ }\r
+\r
+ public DAOException(Throwable cause) {\r
+ super(cause);\r
+ }\r
+\r
+ public DAOException(String message, Throwable cause) {\r
+ super(message, cause);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * DataAccessObject - ReadOnly\r
+ * \r
+ * It is useful to have a ReadOnly part of the interface for CachedDAO\r
+ * \r
+ * Normal DAOs will implement full DAO\r
+ * \r
+ *\r
+ * @param <DATA>\r
+ */\r
+public interface DAO_RO<TRANS extends Trans,DATA> {\r
+ /**\r
+ * Get a List of Data given Key of Object Array\r
+ * @param objs\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<List<DATA>> read(TRANS trans, Object ... key);\r
+\r
+ /**\r
+ * Get a List of Data given Key of DATA Object\r
+ * @param trans\r
+ * @param key\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<List<DATA>> read(TRANS trans, DATA key);\r
+\r
+ /**\r
+ * close DAO\r
+ */\r
+ public void close(TRANS trans);\r
+\r
+ /**\r
+ * Return name of referenced Data\r
+ * @return\r
+ */\r
+ public String table();\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.Collection;\r
+import java.util.HashMap;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Map.Entry;\r
+import java.util.Set;\r
+\r
+import com.datastax.driver.core.Row;\r
+\r
+public abstract class Loader<DATA> {\r
+ private int keylimit;\r
+ public Loader(int keylimit) {\r
+ this.keylimit = keylimit;\r
+ }\r
+ \r
+ public int keylimit() {\r
+ return keylimit;\r
+ }\r
+ \r
+ protected abstract DATA load(DATA data, Row row);\r
+ protected abstract void key(DATA data, int idx, Object[] obj);\r
+ protected abstract void body(DATA data, int idx, Object[] obj);\r
+\r
+ public final Object[] extract(DATA data, int size, CassDAOImpl.CRUD type) {\r
+ Object[] rv=null;\r
+ switch(type) {\r
+ case delete:\r
+ rv = new Object[keylimit()];\r
+ key(data,0,rv);\r
+ break;\r
+ case update:\r
+ rv = new Object[size];\r
+ body(data,0,rv);\r
+ int body = size-keylimit();\r
+ if(body>0) {\r
+ key(data,body,rv);\r
+ }\r
+ break;\r
+ default:\r
+ rv = new Object[size];\r
+ key(data,0,rv);\r
+ if(size>keylimit()) {\r
+ body(data,keylimit(),rv);\r
+ }\r
+ break;\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ public static void writeString(DataOutputStream os, String s) throws IOException {\r
+ if(s==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ switch(s.length()) {\r
+ case 0:\r
+ os.writeInt(0);\r
+ break;\r
+ default:\r
+ byte[] bytes = s.getBytes();\r
+ os.writeInt(bytes.length);\r
+ os.write(bytes);\r
+ }\r
+ }\r
+ }\r
+ \r
+ /**\r
+ * We use bytes here to set a Maximum\r
+ * \r
+ * @param is\r
+ * @param MAX\r
+ * @return\r
+ * @throws IOException\r
+ */\r
+ public static String readString(DataInputStream is, byte[] _buff) throws IOException {\r
+ int l = is.readInt();\r
+ byte[] buff = _buff;\r
+ switch(l) {\r
+ case -1: return null;\r
+ case 0: return "";\r
+ default:\r
+ // Cover case where there is a large string, without always allocating a large buffer.\r
+ if(l>buff.length) {\r
+ buff = new byte[l];\r
+ }\r
+ is.read(buff,0,l);\r
+ return new String(buff,0,l);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Write a set with proper sizing\r
+ * \r
+ * Note: at the moment, this is just String. Probably can develop system where types\r
+ * are supported too... but not now.\r
+ * \r
+ * @param os\r
+ * @param set\r
+ * @throws IOException\r
+ */\r
+ public static void writeStringSet(DataOutputStream os, Collection<String> set) throws IOException {\r
+ if(set==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ os.writeInt(set.size());\r
+ for(String s : set) {\r
+ writeString(os, s);\r
+ }\r
+ }\r
+\r
+ }\r
+ \r
+ public static Set<String> readStringSet(DataInputStream is, byte[] buff) throws IOException {\r
+ int l = is.readInt();\r
+ if(l<0) {\r
+ return null;\r
+ }\r
+ Set<String> set = new HashSet<String>(l);\r
+ for(int i=0;i<l;++i) {\r
+ set.add(readString(is,buff));\r
+ }\r
+ return set;\r
+ }\r
+ \r
+ public static List<String> readStringList(DataInputStream is, byte[] buff) throws IOException {\r
+ int l = is.readInt();\r
+ if(l<0) {\r
+ return null;\r
+ }\r
+ List<String> list = new ArrayList<String>(l);\r
+ for(int i=0;i<l;++i) {\r
+ list.add(Loader.readString(is,buff));\r
+ }\r
+ return list;\r
+ }\r
+\r
+ /** \r
+ * Write a map\r
+ * @param os\r
+ * @param map\r
+ * @throws IOException\r
+ */\r
+ public static void writeStringMap(DataOutputStream os, Map<String,String> map) throws IOException {\r
+ if(map==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ Set<Entry<String, String>> es = map.entrySet();\r
+ os.writeInt(es.size());\r
+ for(Entry<String,String> e : es) {\r
+ writeString(os, e.getKey());\r
+ writeString(os, e.getValue());\r
+ }\r
+ }\r
+\r
+ }\r
+\r
+ public static Map<String,String> readStringMap(DataInputStream is, byte[] buff) throws IOException {\r
+ int l = is.readInt();\r
+ if(l<0) {\r
+ return null;\r
+ }\r
+ Map<String,String> map = new HashMap<String,String>(l);\r
+ for(int i=0;i<l;++i) {\r
+ String key = readString(is,buff);\r
+ map.put(key,readString(is,buff));\r
+ }\r
+ return map;\r
+ }\r
+ public static void writeHeader(DataOutputStream os, int magic, int version) throws IOException {\r
+ os.writeInt(magic);\r
+ os.writeInt(version);\r
+ }\r
+ \r
+ public static int readHeader(DataInputStream is, final int magic, final int version) throws IOException {\r
+ if(is.readInt()!=magic) {\r
+ throw new IOException("Corrupted Data Stream");\r
+ }\r
+ int v = is.readInt();\r
+ if(version<0 || v>version) {\r
+ throw new IOException("Unsupported Data Version: " + v);\r
+ }\r
+ return v;\r
+ }\r
+\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+\r
+public interface Streamer<DATA> {\r
+ public abstract void marshal(DATA data, DataOutputStream os) throws IOException;\r
+ public abstract void unmarshal(DATA data, DataInputStream is) throws IOException;\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+public interface Touchable {\r
+ // Or make all DAOs accept list of CIDAOs...\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+\r
+public class CachedCertDAO extends CachedDAO<AuthzTrans, CertDAO, CertDAO.Data> {\r
+ public CachedCertDAO(CertDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, CertDAO.CACHE_SEG);\r
+ }\r
+ \r
+ /**\r
+ * Pass through Cert ID Lookup\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ \r
+ public Result<List<CertDAO.Data>> readID(AuthzTrans trans, final String id) {\r
+ return dao().readID(trans, id);\r
+ }\r
+ \r
+ public Result<List<CertDAO.Data>> readX500(AuthzTrans trans, final String x500) {\r
+ return dao().readX500(trans, x500);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+public class CachedCredDAO extends CachedDAO<AuthzTrans, CredDAO, CredDAO.Data> {\r
+ public CachedCredDAO(CredDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, CredDAO.CACHE_SEG);\r
+ }\r
+ \r
+ /**\r
+ * Pass through Cred Lookup\r
+ * \r
+ * Unlike Role and Perm, we don't need or want to cache these elements... Only used for NS Delete.\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<List<CredDAO.Data>> readNS(AuthzTrans trans, final String ns) {\r
+ \r
+ return dao().readNS(trans, ns);\r
+ }\r
+ \r
+ public Result<List<CredDAO.Data>> readID(AuthzTrans trans, final String id) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<CredDAO.Data>> call() {\r
+ return dao().readID(trans, id);\r
+ }\r
+ };\r
+ \r
+ Result<List<CredDAO.Data>> lurd = get(trans, id, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_UserNotFound,"No User Cred found");\r
+ }\r
+ return lurd;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+\r
+public class CachedNSDAO extends CachedDAO<AuthzTrans, NsDAO, NsDAO.Data> {\r
+ public CachedNSDAO(NsDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, NsDAO.CACHE_SEG);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.PermDAO.Data;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+public class CachedPermDAO extends CachedDAO<AuthzTrans,PermDAO, PermDAO.Data> {\r
+\r
+ public CachedPermDAO(PermDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, PermDAO.CACHE_SEG);\r
+ }\r
+\r
+ public Result<List<Data>> readNS(AuthzTrans trans, final String ns) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ return dao.readNS(trans, ns);\r
+ }\r
+ };\r
+ \r
+ Result<List<Data>> lurd = get(trans, ns, getter);\r
+ if(lurd.isOKhasData()) {\r
+ return lurd;\r
+ } else {\r
+ \r
+ }\r
+// if(getter.result==null) {\r
+// if(lurd==null) {\r
+ return Result.err(Status.ERR_PermissionNotFound,"No Permission found - " + lurd.details);\r
+// } else {\r
+// return Result.ok(lurd);\r
+// }\r
+// }\r
+// return getter.result;\r
+ }\r
+\r
+ public Result<List<Data>> readChildren(AuthzTrans trans, final String ns, final String type) {\r
+ return dao().readChildren(trans,ns,type);\r
+ }\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param type\r
+ * @return\r
+ */\r
+ public Result<List<Data>> readByType(AuthzTrans trans, final String ns, final String type) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ return dao.readByType(trans, ns, type);\r
+ }\r
+ };\r
+ \r
+ // Note: Can reuse index1 here, because there is no name collision versus response\r
+ Result<List<Data>> lurd = get(trans, ns+'|'+type, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound,"No Permission found");\r
+ }\r
+ return lurd;\r
+ }\r
+ \r
+ /**\r
+ * Add desciption to this permission\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @param description\r
+ * @return\r
+ */\r
+ public Result<Void> addDescription(AuthzTrans trans, String ns, String type, \r
+ String instance, String action, String description) {\r
+ //TODO Invalidate?\r
+ return dao().addDescription(trans, ns, type, instance, action, description);\r
+ }\r
+ \r
+ public Result<Void> addRole(AuthzTrans trans, PermDAO.Data perm, RoleDAO.Data role) {\r
+ Result<Void> rv = dao().addRole(trans,perm,role.encode());\r
+ if(trans.debug().isLoggable())\r
+ trans.debug().log("Adding",role.encode(),"to", perm, "with CachedPermDAO.addRole");\r
+ invalidate(trans,perm);\r
+ return rv;\r
+ }\r
+\r
+ public Result<Void> delRole(AuthzTrans trans, Data perm, RoleDAO.Data role) {\r
+ Result<Void> rv = dao().delRole(trans,perm,role.encode());\r
+ if(trans.debug().isLoggable())\r
+ trans.debug().log("Removing",role.encode(),"from", perm, "with CachedPermDAO.delRole");\r
+ invalidate(trans,perm);\r
+ return rv;\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.RoleDAO.Data;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+public class CachedRoleDAO extends CachedDAO<AuthzTrans,RoleDAO, RoleDAO.Data> {\r
+ public CachedRoleDAO(RoleDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, RoleDAO.CACHE_SEG);\r
+ }\r
+\r
+ public Result<List<Data>> readNS(AuthzTrans trans, final String ns) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ return dao.readNS(trans, ns);\r
+ }\r
+ };\r
+ \r
+ Result<List<Data>> lurd = get(trans, ns, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound,"No Role found");\r
+ }\r
+ return lurd;\r
+ }\r
+\r
+ public Result<List<Data>> readName(AuthzTrans trans, final String name) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ return dao().readName(trans, name);\r
+ }\r
+ };\r
+ \r
+ Result<List<Data>> lurd = get(trans, name, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound,"No Role found");\r
+ }\r
+ return lurd;\r
+ }\r
+\r
+ public Result<List<Data>> readChildren(AuthzTrans trans, final String ns, final String name) {\r
+ // At this point, I'm thinking it's better not to try to cache "*" results\r
+ // Data probably won't be accurate, and adding it makes every update invalidate most of the cache\r
+ // 2/4/2014\r
+ return dao().readChildren(trans,ns,name);\r
+ }\r
+\r
+ public Result<Void> addPerm(AuthzTrans trans, RoleDAO.Data rd, PermDAO.Data perm) {\r
+ Result<Void> rv = dao().addPerm(trans,rd,perm);\r
+ if(trans.debug().isLoggable())\r
+ trans.debug().log("Adding",perm,"to", rd, "with CachedRoleDAO.addPerm");\r
+ invalidate(trans, rd);\r
+ return rv;\r
+ }\r
+\r
+ public Result<Void> delPerm(AuthzTrans trans, RoleDAO.Data rd, PermDAO.Data perm) {\r
+ Result<Void> rv = dao().delPerm(trans,rd,perm);\r
+ if(trans.debug().isLoggable())\r
+ trans.debug().log("Removing",perm,"from", rd, "with CachedRoleDAO.addPerm");\r
+ invalidate(trans, rd);\r
+ return rv;\r
+ }\r
+ \r
+ /**\r
+ * Add description to this role\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param name\r
+ * @param description\r
+ * @return\r
+ */\r
+ public Result<Void> addDescription(AuthzTrans trans, String ns, String name, String description) {\r
+ //TODO Invalidate?\r
+ return dao().addDescription(trans, ns, name, description);\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cached;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO.Data;\r
+import com.att.inno.env.Slot;\r
+\r
+public class CachedUserRoleDAO extends CachedDAO<AuthzTrans,UserRoleDAO, UserRoleDAO.Data> {\r
+ private Slot transURSlot;\r
+\r
+ public CachedUserRoleDAO(UserRoleDAO dao, CIDAO<AuthzTrans> info) {\r
+ super(dao, info, UserRoleDAO.CACHE_SEG);\r
+ transURSlot = dao.transURSlot;\r
+ }\r
+\r
+ /**\r
+ * Special Case. \r
+ * User Roles by User are very likely to be called many times in a Transaction, to validate "May User do..."\r
+ * Pull result, and make accessible by the Trans, which is always keyed by User.\r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<List<Data>> readByUser(AuthzTrans trans, final String user) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ // If the call is for THIS user, and it exists, get from TRANS, add to TRANS if not.\r
+ if(user!=null && user.equals(trans.user())) {\r
+ Result<List<Data>> transLD = trans.get(transURSlot,null);\r
+ if(transLD==null ) {\r
+ transLD = dao.readByUser(trans, user);\r
+ }\r
+ return transLD;\r
+ } else {\r
+ return dao.readByUser(trans, user);\r
+ }\r
+ }\r
+ };\r
+ Result<List<Data>> lurd = get(trans, user, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for [%s]",user);\r
+ }\r
+ return lurd;\r
+ }\r
+\r
+ \r
+ public Result<List<Data>> readByRole(AuthzTrans trans, final String role) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ return dao.readByRole(trans, role);\r
+ }\r
+ };\r
+ Result<List<Data>> lurd = get(trans, role, getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for [%s]",role);\r
+ }\r
+ return lurd;\r
+ }\r
+\r
+ public Result<List<UserRoleDAO.Data>> readUserInRole(final AuthzTrans trans, final String user, final String role) {\r
+ DAOGetter getter = new DAOGetter(trans,dao()) {\r
+ public Result<List<Data>> call() {\r
+ if(user.equals(trans.user())) {\r
+ Result<List<Data>> rrbu = readByUser(trans, user);\r
+ if(rrbu.isOK()) {\r
+ List<Data> ld = new ArrayList<Data>(1);\r
+ for(Data d : rrbu.value) {\r
+ if(d.role.equals(role)) {\r
+ ld.add(d);\r
+ break;\r
+ }\r
+ }\r
+ return Result.ok(ld).emptyList(ld.isEmpty());\r
+ } else {\r
+ return rrbu;\r
+ }\r
+ }\r
+ return dao.readByUserRole(trans, user, role);\r
+ }\r
+ };\r
+ Result<List<Data>> lurd = get(trans, keyFromObjs(user,role), getter);\r
+ if(lurd.isOK() && lurd.isEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound,"UserRole not found for role [%s] and user [%s]",role,user);\r
+ }\r
+ return lurd;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.UUID;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+\r
+public class ApprovalDAO extends CassDAOImpl<AuthzTrans,ApprovalDAO.Data> {\r
+ public static final String PENDING = "pending";\r
+ public static final String DENIED = "denied";\r
+ public static final String APPROVED = "approved";\r
+ \r
+ private static final String TABLE = "approval";\r
+ private HistoryDAO historyDAO;\r
+ private PSInfo psByUser, psByApprover, psByTicket, psByStatus;\r
+\r
+ \r
+ public ApprovalDAO(AuthzTrans trans, Cluster cluster, String keyspace) {\r
+ super(trans, ApprovalDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ init(trans);\r
+ }\r
+\r
+\r
+ public ApprovalDAO(AuthzTrans trans, HistoryDAO hDAO) {\r
+ super(trans, ApprovalDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO=hDAO;\r
+ init(trans);\r
+ }\r
+\r
+ private static final int KEYLIMIT = 1;\r
+ public static class Data {\r
+ public UUID id;\r
+ public UUID ticket;\r
+ public String user;\r
+ public String approver;\r
+ public String type;\r
+ public String status;\r
+ public String memo;\r
+ public String operation;\r
+ public Date updated;\r
+ }\r
+ \r
+ private static class ApprovalLoader extends Loader<Data> {\r
+ public static final ApprovalLoader deflt = new ApprovalLoader(KEYLIMIT);\r
+ \r
+ public ApprovalLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+ \r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.id = row.getUUID(0);\r
+ data.ticket = row.getUUID(1);\r
+ data.user = row.getString(2);\r
+ data.approver = row.getString(3);\r
+ data.type = row.getString(4);\r
+ data.status = row.getString(5);\r
+ data.memo = row.getString(6);\r
+ data.operation = row.getString(7);\r
+ if(row.getColumnDefinitions().size()>8) {\r
+ // Rows reported in MicroSeconds\r
+ data.updated = new Date(row.getLong(8)/1000);\r
+ }\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.id;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.ticket;\r
+ obj[++idx]=data.user;\r
+ obj[++idx]=data.approver;\r
+ obj[++idx]=data.type;\r
+ obj[++idx]=data.status;\r
+ obj[++idx]=data.memo;\r
+ obj[++idx]=data.operation;\r
+ }\r
+ } \r
+ \r
+ private void init(AuthzTrans trans) {\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, ApprovalLoader.deflt,8);\r
+ // Need a specialty Creator to handle the "now()"\r
+ replace(CRUD.create, new PSInfo(trans, "INSERT INTO " + TABLE + " (" + helpers[FIELD_COMMAS] +\r
+ ") VALUES(now(),?,?,?,?,?,?,?)",new ApprovalLoader(0) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ // Overridden because key is the "now()"\r
+ }\r
+ },writeConsistency)\r
+ );\r
+\r
+ psByUser = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + \r
+ " WHERE user = ?", new ApprovalLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.user;\r
+ }\r
+ }, readConsistency);\r
+ \r
+ psByApprover = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + \r
+ " WHERE approver = ?", new ApprovalLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.approver;\r
+ }\r
+ }, readConsistency);\r
+\r
+ psByTicket = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + \r
+ " WHERE ticket = ?", new ApprovalLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.ticket;\r
+ }\r
+ }, readConsistency);\r
+\r
+ psByStatus = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + ", WRITETIME(status) FROM " + TABLE + \r
+ " WHERE status = ?", new ApprovalLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.status;\r
+ }\r
+ }, readConsistency);\r
+\r
+\r
+ }\r
+ \r
+ public Result<List<ApprovalDAO.Data>> readByUser(AuthzTrans trans, String user) {\r
+ return psByUser.read(trans, R_TEXT, new Object[]{user});\r
+ }\r
+\r
+ public Result<List<ApprovalDAO.Data>> readByApprover(AuthzTrans trans, String approver) {\r
+ return psByApprover.read(trans, R_TEXT, new Object[]{approver});\r
+ }\r
+\r
+ public Result<List<ApprovalDAO.Data>> readByTicket(AuthzTrans trans, UUID ticket) {\r
+ return psByTicket.read(trans, R_TEXT, new Object[]{ticket});\r
+ }\r
+\r
+ public Result<List<ApprovalDAO.Data>> readByStatus(AuthzTrans trans, String status) {\r
+ return psByStatus.read(trans, R_TEXT, new Object[]{status});\r
+ } \r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ *\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject?override[1]:data.user + "|" + data.approver;\r
+ hd.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : (modified.name() + "d approval for " + data.user);\r
+ // Detail?\r
+ // Reconstruct?\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.inno.env.util.Chrono;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+/**\r
+ * CredDAO manages credentials. \r
+ * Date: 7/19/13\r
+ */\r
+public class ArtiDAO extends CassDAOImpl<AuthzTrans,ArtiDAO.Data> {\r
+ public static final String TABLE = "artifact";\r
+ \r
+ private HistoryDAO historyDAO;\r
+ private PSInfo psByMechID,psByMachine;\r
+ \r
+ public ArtiDAO(AuthzTrans trans, Cluster cluster, String keyspace) {\r
+ super(trans, ArtiDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+\r
+ public ArtiDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) {\r
+ super(trans, ArtiDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = hDao;\r
+ init(trans);\r
+ }\r
+\r
+ public static final int KEYLIMIT = 2;\r
+ public static class Data implements Bytification {\r
+ public String mechid;\r
+ public String machine;\r
+ private Set<String> type;\r
+ public String sponsor;\r
+ public String ca;\r
+ public String dir;\r
+ public String appName;\r
+ public String os_user;\r
+ public String notify;\r
+ public Date expires;\r
+ public int renewDays;\r
+ \r
+// // Getters\r
+ public Set<String> type(boolean mutable) {\r
+ if (type == null) {\r
+ type = new HashSet<String>();\r
+ } else if (mutable && !(type instanceof HashSet)) {\r
+ type = new HashSet<String>(type);\r
+ }\r
+ return type;\r
+ }\r
+\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ ArtifactLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ ArtifactLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+\r
+ public String toString() {\r
+ return mechid + ' ' + machine + ' ' + Chrono.dateTime(expires);\r
+ }\r
+ }\r
+\r
+ private static class ArtifactLoader extends Loader<Data> implements Streamer<Data>{\r
+ public static final int MAGIC=95829343;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48; // Note: \r
+\r
+ public static final ArtifactLoader deflt = new ArtifactLoader(KEYLIMIT);\r
+ public ArtifactLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.mechid = row.getString(0);\r
+ data.machine = row.getString(1);\r
+ data.type = row.getSet(2, String.class);\r
+ data.sponsor = row.getString(3);\r
+ data.ca = row.getString(4);\r
+ data.dir = row.getString(5);\r
+ data.appName = row.getString(6);\r
+ data.os_user = row.getString(7);\r
+ data.notify = row.getString(8);\r
+ data.expires = row.getDate(9);\r
+ data.renewDays = row.getInt(10);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(final Data data, final int idx, Object[] obj) {\r
+ int i;\r
+ obj[i=idx] = data.mechid;\r
+ obj[++i] = data.machine;\r
+ }\r
+\r
+ @Override\r
+ protected void body(final Data data, final int idx, Object[] obj) {\r
+ int i;\r
+ obj[i=idx] = data.type;\r
+ obj[++i] = data.sponsor;\r
+ obj[++i] = data.ca;\r
+ obj[++i] = data.dir;\r
+ obj[++i] = data.appName;\r
+ obj[++i] = data.os_user;\r
+ obj[++i] = data.notify;\r
+ obj[++i] = data.expires;\r
+ obj[++i] = data.renewDays;\r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.mechid);\r
+ writeString(os, data.machine);\r
+ os.writeInt(data.type.size());\r
+ for(String s : data.type) {\r
+ writeString(os, s);\r
+ }\r
+ writeString(os, data.sponsor);\r
+ writeString(os, data.ca);\r
+ writeString(os, data.dir);\r
+ writeString(os, data.appName);\r
+ writeString(os, data.os_user);\r
+ writeString(os, data.notify);\r
+ os.writeLong(data.expires==null?-1:data.expires.getTime());\r
+ os.writeInt(data.renewDays);\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.mechid = readString(is,buff);\r
+ data.machine = readString(is,buff);\r
+ int size = is.readInt();\r
+ data.type = new HashSet<String>(size);\r
+ for(int i=0;i<size;++i) {\r
+ data.type.add(readString(is,buff));\r
+ }\r
+ data.sponsor = readString(is,buff);\r
+ data.ca = readString(is,buff);\r
+ data.dir = readString(is,buff);\r
+ data.appName = readString(is,buff);\r
+ data.os_user = readString(is,buff);\r
+ data.notify = readString(is,buff);\r
+ long l = is.readLong();\r
+ data.expires = l<0?null:new Date(l);\r
+ data.renewDays = is.readInt();\r
+ }\r
+ }\r
+\r
+ private void init(AuthzTrans trans) {\r
+ // Set up sub-DAOs\r
+ if(historyDAO==null) {\r
+ historyDAO = new HistoryDAO(trans,this);\r
+ }\r
+ \r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, ArtifactLoader.deflt);\r
+\r
+ psByMechID = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
+ " WHERE mechid = ?", new ArtifactLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.type;\r
+ }\r
+ },readConsistency);\r
+\r
+ psByMachine = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
+ " WHERE machine = ?", new ArtifactLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.type;\r
+ }\r
+ },readConsistency);\r
+\r
+ }\r
+ \r
+ \r
+ public Result<List<Data>> readByMechID(AuthzTrans trans, String mechid) {\r
+ return psByMechID.read(trans, R_TEXT, new Object[]{mechid});\r
+ }\r
+\r
+ public Result<List<ArtiDAO.Data>> readByMachine(AuthzTrans trans, String machine) {\r
+ return psByMachine.read(trans, R_TEXT, new Object[]{machine});\r
+ }\r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ *\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject?override[1]: data.mechid;\r
+ hd.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : String.format("%sd %s for %s",modified.name(),data.mechid,data.machine);\r
+ // Detail?\r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize CredDAO.Data");\r
+ }\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.IOException;\r
+import java.net.HttpURLConnection;\r
+import java.net.URI;\r
+import java.util.Date;\r
+import java.util.HashMap;\r
+import java.util.HashSet;\r
+import java.util.Map;\r
+import java.util.Map.Entry;\r
+import java.util.concurrent.BlockingQueue;\r
+import java.util.concurrent.ConcurrentHashMap;\r
+import java.util.concurrent.LinkedBlockingQueue;\r
+import java.util.concurrent.TimeUnit;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.SecuritySetter;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.http.HMangr;\r
+import com.att.dao.AbsCassDAO;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+import com.datastax.driver.core.BoundStatement;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.exceptions.DriverException;\r
+\r
+public class CacheInfoDAO extends CassDAOImpl<AuthzTrans,CacheInfoDAO.Data> implements CIDAO<AuthzTrans> {\r
+\r
+ private static final String TABLE = "cache";\r
+ public static final Map<String,Date[]> info = new ConcurrentHashMap<String,Date[]>();\r
+\r
+ private static CacheUpdate cacheUpdate;\r
+ \r
+ \r
+ private BoundStatement check;\r
+ // Hold current time stamps from Tables\r
+ private final Date startTime;\r
+ \r
+ public CacheInfoDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, CacheInfoDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE,readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ startTime = new Date();\r
+ init(trans);\r
+ }\r
+\r
+ public CacheInfoDAO(AuthzTrans trans, AbsCassDAO<AuthzTrans,?> aDao) throws APIException, IOException {\r
+ super(trans, CacheInfoDAO.class.getSimpleName(),aDao,Data.class,TABLE,readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ startTime = new Date();\r
+ init(trans);\r
+ }\r
+\r
+\r
+ //////////////////////////////////////////\r
+ // Data Definition, matches Cassandra DM\r
+ //////////////////////////////////////////\r
+ private static final int KEYLIMIT = 2;\r
+ /**\r
+ */\r
+ public static class Data {\r
+ public Data() {\r
+ name = null;\r
+ touched = null;\r
+ }\r
+ public Data(String name, int seg) {\r
+ this.name = name;\r
+ this.seg = seg;\r
+ touched = null;\r
+ }\r
+ \r
+ public String name;\r
+ public int seg;\r
+ public Date touched;\r
+ }\r
+\r
+ private static class InfoLoader extends Loader<Data> {\r
+ public static final InfoLoader dflt = new InfoLoader(KEYLIMIT);\r
+ \r
+ public InfoLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+ \r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ // Int more efficient\r
+ data.name = row.getString(0);\r
+ data.seg = row.getInt(1);\r
+ data.touched = row.getDate(2);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx]=data.name;\r
+ obj[++idx]=data.seg;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.touched;\r
+ }\r
+ }\r
+ \r
+ public static<T extends Trans> void startUpdate(AuthzEnv env, HMangr hman, SecuritySetter<HttpURLConnection> ss, String ip, int port) {\r
+ if(cacheUpdate==null) {\r
+ Thread t= new Thread(cacheUpdate = new CacheUpdate(env,hman,ss, ip,port),"CacheInfo Update Thread");\r
+ t.setDaemon(true);\r
+ t.start();\r
+ }\r
+ }\r
+\r
+ public static<T extends Trans> void stopUpdate() {\r
+ if(cacheUpdate!=null) {\r
+ cacheUpdate.go=false;\r
+ }\r
+ }\r
+\r
+ private final static class CacheUpdate extends Thread {\r
+ public static BlockingQueue<Transfer> notifyDQ = new LinkedBlockingQueue<Transfer>(2000);\r
+\r
+ private static final String VOID_CT="application/Void+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0";\r
+ private AuthzEnv env;\r
+ private HMangr hman;\r
+ private SecuritySetter<HttpURLConnection> ss;\r
+ private final String authority;\r
+ public boolean go = true;\r
+ \r
+ public CacheUpdate(AuthzEnv env, HMangr hman, SecuritySetter<HttpURLConnection> ss, String ip, int port) {\r
+ this.env = env;\r
+ this.hman = hman;\r
+ this.ss = ss;\r
+ \r
+ this.authority = ip+':'+port;\r
+ }\r
+ \r
+ private static class Transfer {\r
+ public String table;\r
+ public int segs[];\r
+ public Transfer(String table, int[] segs) {\r
+ this.table = table;\r
+ this.segs = segs;\r
+ }\r
+ }\r
+ private class CacheClear extends Retryable<Integer> {\r
+ public int total=0;\r
+ private AuthzTrans trans;\r
+ private String type;\r
+ private String segs;\r
+ \r
+ public CacheClear(AuthzTrans trans) {\r
+ this.trans = trans;\r
+ }\r
+\r
+ public void set(Entry<String, IntHolder> es) {\r
+ type = es.getKey();\r
+ segs = es.getValue().toString();\r
+ }\r
+ \r
+ @Override\r
+ public Integer code(Rcli<?> client) throws APIException, CadiException {\r
+ URI to = client.getURI();\r
+ if(!to.getAuthority().equals(authority)) {\r
+ Future<Void> f = client.delete("/mgmt/cache/"+type+'/'+segs,VOID_CT);\r
+ if(f.get(hman.readTimeout())) {\r
+ ++total;\r
+ } else {\r
+ trans.error().log("Error During AAF Peer Notify",f.code(),f.body());\r
+ }\r
+ }\r
+ return total;\r
+ }\r
+ }\r
+ \r
+ private class IntHolder {\r
+ private int[] raw;\r
+ HashSet<Integer> set;\r
+ \r
+ public IntHolder(int ints[]) {\r
+ raw = ints;\r
+ set = null;\r
+ }\r
+ public void add(int[] ints) {\r
+ if(set==null) {\r
+ set = new HashSet<Integer>();\r
+ \r
+ for(int i=0;i<raw.length;++i) {\r
+ set.add(raw[i]);\r
+ }\r
+ }\r
+ for(int i=0;i<ints.length;++i) {\r
+ set.add(ints[i]);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ StringBuilder sb = new StringBuilder();\r
+ boolean first = true;\r
+ if(set==null) {\r
+ for(int i : raw) {\r
+ if(first) {\r
+ first=false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ } else {\r
+ for(Integer i : set) {\r
+ if(first) {\r
+ first=false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ }\r
+ return sb.toString();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public void run() {\r
+ do {\r
+ try {\r
+ Transfer data = notifyDQ.poll(4,TimeUnit.SECONDS);\r
+ if(data==null) {\r
+ continue;\r
+ }\r
+ \r
+ int count = 0;\r
+ CacheClear cc = null;\r
+ Map<String,IntHolder> gather = null;\r
+ AuthzTrans trans = null;\r
+ long start=0;\r
+ // Do a block poll first\r
+ do {\r
+ if(gather==null) {\r
+ start = System.nanoTime();\r
+ trans = env.newTransNoAvg();\r
+ cc = new CacheClear(trans);\r
+ gather = new HashMap<String,IntHolder>();\r
+ }\r
+ IntHolder prev = gather.get(data.table);\r
+ if(prev==null) {\r
+ gather.put(data.table,new IntHolder(data.segs));\r
+ } else {\r
+ prev.add(data.segs);\r
+ }\r
+ // continue while there is data\r
+ } while((data = notifyDQ.poll())!=null);\r
+ if(gather!=null) {\r
+ for(Entry<String, IntHolder> es : gather.entrySet()) {\r
+ cc.set(es);\r
+ try {\r
+ if(hman.all(ss, cc, false)!=null) {\r
+ ++count;\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e, "Error on Cache Update");\r
+ }\r
+ }\r
+ if(env.debug().isLoggable()) {\r
+ float millis = (System.nanoTime()-start)/1000000f;\r
+ StringBuilder sb = new StringBuilder("Direct Cache Refresh: ");\r
+ sb.append("Updated ");\r
+ sb.append(count);\r
+ if(count==1) {\r
+ sb.append(" entry for ");\r
+ } else { \r
+ sb.append(" entries for ");\r
+ }\r
+ int peers = count<=0?0:cc.total/count;\r
+ sb.append(peers);\r
+ sb.append(" client");\r
+ if(peers!=1) {\r
+ sb.append('s');\r
+ }\r
+ sb.append(" in ");\r
+ sb.append(millis);\r
+ sb.append("ms");\r
+ trans.auditTrail(0, sb, Env.REMOTE);\r
+ env.debug().log(sb);\r
+ }\r
+ }\r
+ } catch (InterruptedException e1) {\r
+ go = false;\r
+ }\r
+ } while(go);\r
+ }\r
+ }\r
+\r
+ private void init(AuthzTrans trans) throws APIException, IOException {\r
+ \r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, InfoLoader.dflt);\r
+ check = getSession(trans).prepare(SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE).bind();\r
+\r
+ disable(CRUD.create);\r
+ disable(CRUD.delete);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.dao.aaf.cass.CIDAO#touch(com.att.authz.env.AuthzTrans, java.lang.String, int)\r
+ */\r
+ \r
+ @Override\r
+ public Result<Void> touch(AuthzTrans trans, String name, int ... seg) {\r
+ /////////////\r
+ // Direct Service Cache Invalidation\r
+ /////////////\r
+ // ConcurrentQueues are open-ended. We don't want any Memory leaks \r
+ // Note: we keep a separate counter, because "size()" on a Linked Queue is expensive\r
+ if(cacheUpdate!=null) {\r
+ try {\r
+ if(!CacheUpdate.notifyDQ.offer(new CacheUpdate.Transfer(name, seg),2,TimeUnit.SECONDS)) {\r
+ trans.error().log("Cache Notify Queue is not accepting messages, bouncing may be appropriate" );\r
+ }\r
+ } catch (InterruptedException e) {\r
+ trans.error().log("Cache Notify Queue posting was interrupted" );\r
+ }\r
+ }\r
+\r
+ /////////////\r
+ // Table Based Cache Invalidation (original)\r
+ /////////////\r
+ // Note: Save time with multiple Sequence Touches, but PreparedStmt doesn't support IN\r
+ StringBuilder start = new StringBuilder("CacheInfoDAO Touch segments ");\r
+ start.append(name);\r
+ start.append(": ");\r
+ StringBuilder sb = new StringBuilder("BEGIN BATCH\n");\r
+ boolean first = true;\r
+ for(int s : seg) {\r
+ sb.append(UPDATE_SP);\r
+ sb.append(TABLE);\r
+ sb.append(" SET touched=dateof(now()) WHERE name = '");\r
+ sb.append(name);\r
+ sb.append("' AND seg = ");\r
+ sb.append(s);\r
+ sb.append(";\n"); \r
+ if(first) {\r
+ first =false;\r
+ } else {\r
+ start.append(',');\r
+ }\r
+ start.append(s);\r
+ }\r
+ sb.append("APPLY BATCH;");\r
+ TimeTaken tt = trans.start(start.toString(),Env.REMOTE);\r
+ try {\r
+ getSession(trans).executeAsync(sb.toString());\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return Result.ok();\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.dao.aaf.cass.CIDAO#check(com.att.authz.env.AuthzTrans)\r
+ */\r
+ @Override\r
+ public Result<Void> check(AuthzTrans trans) {\r
+ ResultSet rs;\r
+ TimeTaken tt = trans.start("Check Table Timestamps",Env.REMOTE);\r
+ try {\r
+ rs = getSession(trans).execute(check);\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ String lastName = null;\r
+ Date[] dates = null;\r
+ for(Row row : rs.all()) {\r
+ String name = row.getString(0);\r
+ int seg = row.getInt(1);\r
+ if(!name.equals(lastName)) {\r
+ dates = info.get(name);\r
+ lastName=name;\r
+ }\r
+ if(dates==null) {\r
+ dates=new Date[seg+1];\r
+ info.put(name,dates);\r
+ } else if(dates.length<=seg) {\r
+ Date[] temp = new Date[seg+1];\r
+ System.arraycopy(dates, 0, temp, 0, dates.length);\r
+ dates = temp;\r
+ info.put(name, dates);\r
+ }\r
+ Date temp = row.getDate(2);\r
+ if(dates[seg]==null || dates[seg].before(temp)) {\r
+ dates[seg]=temp;\r
+ }\r
+ }\r
+ return Result.ok();\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.dao.aaf.cass.CIDAO#get(java.lang.String, int)\r
+ */\r
+ @Override\r
+ public Date get(AuthzTrans trans, String table, int seg) {\r
+ Date[] dates = info.get(table);\r
+ if(dates==null) {\r
+ dates = new Date[seg+1];\r
+ touch(trans,table, seg);\r
+ } else if(dates.length<=seg) {\r
+ Date[] temp = new Date[seg+1];\r
+ System.arraycopy(dates, 0, temp, 0, dates.length);\r
+ dates = temp;\r
+ }\r
+ Date rv = dates[seg];\r
+ if(rv==null) {\r
+ rv=dates[seg]=startTime;\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ // Do nothing\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import com.att.dao.Cacheable;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CachedDAO;\r
+\r
+public abstract class CacheableData implements Cacheable {\r
+ // WARNING: DON'T attempt to add any members here, as it will \r
+ // be treated by system as fields expected in Tables\r
+ protected int seg(Cached<?,?> cache, Object ... fields) {\r
+ return cache==null?0:cache.invalidate(CachedDAO.keyFromObjs(fields));\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.nio.ByteBuffer;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.inno.env.APIException;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+/**\r
+ * CredDAO manages credentials. \r
+ * Date: 7/19/13\r
+ */\r
+public class CertDAO extends CassDAOImpl<AuthzTrans,CertDAO.Data> {\r
+ public static final String TABLE = "x509";\r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+ \r
+ private HistoryDAO historyDAO;\r
+ private CIDAO<AuthzTrans> infoDAO;\r
+ private PSInfo psX500,psID;\r
+ \r
+ public CertDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, CertDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+\r
+ public CertDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) throws APIException, IOException {\r
+ super(trans, CertDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = hDao;\r
+ infoDAO = ciDao;\r
+ init(trans);\r
+ }\r
+ \r
+ public static final int KEYLIMIT = 2;\r
+ public static class Data extends CacheableData implements Bytification {\r
+ \r
+ public String ca;\r
+ public BigInteger serial;\r
+ public String id;\r
+ public String x500;\r
+ public String x509;\r
+\r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ return new int[] {\r
+ seg(cache,ca,serial)\r
+ };\r
+ }\r
+ \r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ CertLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ CertLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+ }\r
+\r
+ private static class CertLoader extends Loader<Data> implements Streamer<Data>{\r
+ public static final int MAGIC=85102934;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48; // Note: \r
+\r
+ public static final CertLoader deflt = new CertLoader(KEYLIMIT);\r
+ public CertLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.ca = row.getString(0);\r
+ ByteBuffer bb = row.getBytesUnsafe(1);\r
+ byte[] bytes = new byte[bb.remaining()];\r
+ bb.get(bytes);\r
+ data.serial = new BigInteger(bytes);\r
+ data.id = row.getString(2);\r
+ data.x500 = row.getString(3);\r
+ data.x509 = row.getString(4);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx] = data.ca;\r
+ obj[++idx] = ByteBuffer.wrap(data.serial.toByteArray());\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx] = data.id;\r
+ obj[++idx] = data.x500;\r
+ obj[++idx] = data.x509;\r
+\r
+ \r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.id);\r
+ writeString(os, data.x500);\r
+ writeString(os, data.x509);\r
+ writeString(os, data.ca);\r
+ if(data.serial==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ byte[] dsba = data.serial.toByteArray();\r
+ int l = dsba.length;\r
+ os.writeInt(l);\r
+ os.write(dsba,0,l);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.id = readString(is,buff);\r
+ data.x500 = readString(is,buff);\r
+ data.x509 = readString(is,buff);\r
+ data.ca = readString(is,buff);\r
+ int i = is.readInt();\r
+ if(i<0) {\r
+ data.serial=null;\r
+ } else {\r
+ byte[] bytes = new byte[i]; // a bit dangerous, but lessened because of all the previous sized data reads\r
+ is.read(bytes);\r
+ data.serial = new BigInteger(bytes);\r
+ }\r
+ }\r
+ }\r
+ \r
+ public Result<List<CertDAO.Data>> read(AuthzTrans trans, Object ... key) {\r
+ // Translate BigInteger to Byte array for lookup\r
+ return super.read(trans, key[0],ByteBuffer.wrap(((BigInteger)key[1]).toByteArray()));\r
+ }\r
+\r
+ private void init(AuthzTrans trans) throws APIException, IOException {\r
+ // Set up sub-DAOs\r
+ if(historyDAO==null) {\r
+ historyDAO = new HistoryDAO(trans,this);\r
+ }\r
+ if(infoDAO==null) {\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ }\r
+\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, CertLoader.deflt);\r
+\r
+ psID = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE id = ?", CertLoader.deflt,readConsistency);\r
+\r
+ psX500 = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE x500 = ?", CertLoader.deflt,readConsistency);\r
+ \r
+ }\r
+ \r
+ public Result<List<Data>> readX500(AuthzTrans trans, String x500) {\r
+ return psX500.read(trans, R_TEXT, new Object[]{x500});\r
+ }\r
+\r
+ public Result<List<Data>> readID(AuthzTrans trans, String id) {\r
+ return psID.read(trans, R_TEXT, new Object[]{id});\r
+ }\r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ *\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject?override[1]: data.id;\r
+ hd.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : (modified.name() + "d certificate info for " + data.id);\r
+ // Detail?\r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize CertDAO.Data");\r
+ }\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).status!=Status.OK) {\r
+ trans.error().log("Cannot touch Cert");\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Chrono;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+/**\r
+ * CredDAO manages credentials. \r
+ * Date: 7/19/13\r
+ */\r
+public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {\r
+ public static final String TABLE = "cred";\r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+ public static final int RAW = -1;\r
+ public static final int BASIC_AUTH = 1;\r
+ public static final int BASIC_AUTH_SHA256 = 2;\r
+ public static final int CERT_SHA256_RSA =200;\r
+ \r
+ private HistoryDAO historyDAO;\r
+ private CIDAO<AuthzTrans> infoDAO;\r
+ private PSInfo psNS;\r
+ private PSInfo psID;\r
+ \r
+ public CredDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, CredDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+\r
+ public CredDAO(AuthzTrans trans, HistoryDAO hDao, CacheInfoDAO ciDao) throws APIException, IOException {\r
+ super(trans, CredDAO.class.getSimpleName(),hDao, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = hDao;\r
+ infoDAO = ciDao;\r
+ init(trans);\r
+ }\r
+\r
+ public static final int KEYLIMIT = 3;\r
+ public static class Data extends CacheableData implements Bytification {\r
+ \r
+ public String id;\r
+ public Integer type;\r
+ public Date expires;\r
+ public Integer other;\r
+ public String ns;\r
+ public String notes;\r
+ public ByteBuffer cred; // this is a blob in cassandra\r
+\r
+\r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ return new int[] {\r
+ seg(cache,id) // cache is for all entities\r
+ };\r
+ }\r
+ \r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ CredLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ CredLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+\r
+ public String toString() {\r
+ return id + ' ' + type + ' ' + Chrono.dateTime(expires);\r
+ }\r
+ }\r
+\r
+ private static class CredLoader extends Loader<Data> implements Streamer<Data>{\r
+ public static final int MAGIC=153323443;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48; // Note: \r
+\r
+ public static final CredLoader deflt = new CredLoader(KEYLIMIT);\r
+ public CredLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.id = row.getString(0);\r
+ data.type = row.getInt(1); // NOTE: in datastax driver, If the int value is NULL, 0 is returned!\r
+ data.expires = row.getDate(2);\r
+ data.other = row.getInt(3);\r
+ data.ns = row.getString(4); \r
+ data.notes = row.getString(5);\r
+ data.cred = row.getBytesUnsafe(6); \r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx] = data.id;\r
+ obj[++idx] = data.type;\r
+ obj[++idx] = data.expires;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int idx, Object[] obj) {\r
+ int i;\r
+ obj[i=idx] = data.other;\r
+ obj[++i] = data.ns;\r
+ obj[++i] = data.notes;\r
+ obj[++i] = data.cred;\r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.id);\r
+ os.writeInt(data.type); \r
+ os.writeLong(data.expires==null?-1:data.expires.getTime());\r
+ os.writeInt(data.other==null?0:data.other);\r
+ writeString(os, data.ns);\r
+ writeString(os, data.notes);\r
+ if(data.cred==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ int l = data.cred.limit()-data.cred.position();\r
+ os.writeInt(l);\r
+ os.write(data.cred.array(),data.cred.position(),l);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.id = readString(is,buff);\r
+ data.type = is.readInt();\r
+ \r
+ long l = is.readLong();\r
+ data.expires = l<0?null:new Date(l);\r
+ data.other = is.readInt();\r
+ data.ns = readString(is,buff);\r
+ data.notes = readString(is,buff);\r
+ \r
+ int i = is.readInt();\r
+ if(i<0) {\r
+ data.cred=null;\r
+ } else {\r
+ byte[] bytes = new byte[i]; // a bit dangerous, but lessened because of all the previous sized data reads\r
+ is.read(bytes);\r
+ data.cred = ByteBuffer.wrap(bytes);\r
+ }\r
+ }\r
+ }\r
+\r
+ private void init(AuthzTrans trans) throws APIException, IOException {\r
+ // Set up sub-DAOs\r
+ if(historyDAO==null) {\r
+ historyDAO = new HistoryDAO(trans,this);\r
+ }\r
+ if(infoDAO==null) {\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ }\r
+ \r
+\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, CredLoader.deflt);\r
+ \r
+ psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE ns = ?", CredLoader.deflt,readConsistency);\r
+ \r
+ psID = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE id = ?", CredLoader.deflt,readConsistency);\r
+ }\r
+ \r
+ public Result<List<Data>> readNS(AuthzTrans trans, String ns) {\r
+ return psNS.read(trans, R_TEXT, new Object[]{ns});\r
+ }\r
+ \r
+ public Result<List<Data>> readID(AuthzTrans trans, String id) {\r
+ return psID.read(trans, R_TEXT, new Object[]{id});\r
+ }\r
+ \r
+ /**\r
+ * Log Modification statements to History\r
+ *\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject?override[1]: data.id;\r
+ hd.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : (modified.name() + "d credential for " + data.id);\r
+ // Detail?\r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize CredDAO.Data");\r
+ }\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).status!=Status.OK) {\r
+ trans.error().log("Cannot touch Cred");\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.AbsCassDAO;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+public class DelegateDAO extends CassDAOImpl<AuthzTrans, DelegateDAO.Data> {\r
+\r
+ public static final String TABLE = "delegate";\r
+ private PSInfo psByDelegate;\r
+ \r
+ public DelegateDAO(AuthzTrans trans, Cluster cluster, String keyspace) {\r
+ super(trans, DelegateDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+\r
+ public DelegateDAO(AuthzTrans trans, AbsCassDAO<AuthzTrans,?> aDao) {\r
+ super(trans, DelegateDAO.class.getSimpleName(),aDao,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+ \r
+ private static final int KEYLIMIT = 1;\r
+ public static class Data implements Bytification {\r
+ public String user;\r
+ public String delegate;\r
+ public Date expires;\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ DelegateLoader.dflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ DelegateLoader.dflt.unmarshal(this, toDIS(bb));\r
+ }\r
+ }\r
+ \r
+ private static class DelegateLoader extends Loader<Data> implements Streamer<Data>{\r
+ public static final int MAGIC=0xD823ACF2;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48;\r
+\r
+ public static final DelegateLoader dflt = new DelegateLoader(KEYLIMIT);\r
+\r
+ public DelegateLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+ \r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.user = row.getString(0);\r
+ data.delegate = row.getString(1);\r
+ data.expires = row.getDate(2);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.user;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx]=data.delegate;\r
+ obj[++idx]=data.expires;\r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.user);\r
+ writeString(os, data.delegate);\r
+ os.writeLong(data.expires.getTime());\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.user = readString(is, buff);\r
+ data.delegate = readString(is,buff);\r
+ data.expires = new Date(is.readLong());\r
+ }\r
+ } \r
+ \r
+ private void init(AuthzTrans trans) {\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, DelegateLoader.dflt);\r
+ psByDelegate = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE delegate = ?", new DelegateLoader(1),readConsistency);\r
+\r
+ }\r
+\r
+ public Result<List<DelegateDAO.Data>> readByDelegate(AuthzTrans trans, String delegate) {\r
+ return psByDelegate.read(trans, R_TEXT, new Object[]{delegate});\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.UUID;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.Loader;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.Row;\r
+\r
+/**\r
+ * FutureDAO stores Construction information to create \r
+ * elements at another time.\r
+ * \r
+ * 8/20/2013\r
+ */\r
+public class FutureDAO extends CassDAOImpl<AuthzTrans,FutureDAO.Data> {\r
+ private static final String TABLE = "future";\r
+ private final HistoryDAO historyDAO;\r
+// private static String createString;\r
+ private PSInfo psByStartAndTarget;\r
+ \r
+ public FutureDAO(AuthzTrans trans, Cluster cluster, String keyspace) {\r
+ super(trans, FutureDAO.class.getSimpleName(),cluster, keyspace, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ init(trans);\r
+ }\r
+\r
+ public FutureDAO(AuthzTrans trans, HistoryDAO hDAO) {\r
+ super(trans, FutureDAO.class.getSimpleName(),hDAO, Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO=hDAO;\r
+ init(trans);\r
+ }\r
+\r
+ public static final int KEYLIMIT = 1;\r
+ public static class Data {\r
+ public UUID id;\r
+ public String target;\r
+ public String memo;\r
+ public Date start;\r
+ public Date expires;\r
+ public ByteBuffer construct; // this is a blob in cassandra\r
+ }\r
+\r
+ private static class FLoader extends Loader<Data> {\r
+ public FLoader() {\r
+ super(KEYLIMIT);\r
+ }\r
+\r
+ public FLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.id = row.getUUID(0);\r
+ data.target = row.getString(1);\r
+ data.memo = row.getString(2);\r
+ data.start = row.getDate(3);\r
+ data.expires = row.getDate(4);\r
+ data.construct = row.getBytes(5);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx] = data.id;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx] = data.target;\r
+ obj[++idx] = data.memo;\r
+ obj[++idx] = data.start;\r
+ obj[++idx] = data.expires;\r
+ obj[++idx] = data.construct;\r
+ }\r
+ }\r
+\r
+ private void init(AuthzTrans trans) {\r
+ // Set up sub-DAOs\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, new FLoader(KEYLIMIT));\r
+\r
+ // Uh, oh. Can't use "now()" in Prepared Statements (at least at this level)\r
+// createString = "INSERT INTO " + TABLE + " ("+helpers[FIELD_COMMAS] +") VALUES (now(),";\r
+//\r
+// // Need a specialty Creator to handle the "now()"\r
+// replace(CRUD.Create, new PSInfo(trans, "INSERT INTO future (" + helpers[FIELD_COMMAS] +\r
+// ") VALUES(now(),?,?,?,?,?)",new FLoader(0)));\r
+ \r
+ // Other SELECT style statements... match with a local Method\r
+ psByStartAndTarget = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] +\r
+ " FROM future WHERE start <= ? and target = ? ALLOW FILTERING", new FLoader(2) {\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx]=data.start;\r
+ obj[++idx]=data.target;\r
+ }\r
+ },readConsistency);\r
+ \r
+\r
+ }\r
+\r
+ public Result<List<Data>> readByStartAndTarget(AuthzTrans trans, Date start, String target) throws DAOException {\r
+ return psByStartAndTarget.read(trans, R_TEXT, new Object[]{start, target});\r
+ }\r
+\r
+ /**\r
+ * Override create to add secondary ID to Subject in History, and create Data.ID, if it is null\r
+ */\r
+ public Result<FutureDAO.Data> create(AuthzTrans trans, FutureDAO.Data data, String id) {\r
+ // If ID is not set (typical), create one.\r
+ if(data.id==null) {\r
+ StringBuilder sb = new StringBuilder(trans.user());\r
+ sb.append(data.target);\r
+ sb.append(System.currentTimeMillis());\r
+ data.id = UUID.nameUUIDFromBytes(sb.toString().getBytes());\r
+ }\r
+ Result<ResultSet> rs = createPS.exec(trans, C_TEXT, data);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ wasModified(trans, CRUD.create, data, null, id);\r
+ return Result.ok(data); \r
+ }\r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ *\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject?override[1]:"";\r
+ hd.memo = memo?String.format("%s by %s", override[0], hd.user):data.memo;\r
+ \r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.text.SimpleDateFormat;\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.UUID;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.AbsCassDAO;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ConsistencyLevel;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.Row;\r
+\r
+/**\r
+ * History\r
+ * \r
+ * \r
+ * History is a special case, because we don't want Updates or Deletes... Too likely to mess up history.\r
+ * \r
+ * 9-9-2013 - Found a problem with using "Prepare". You cannot prepare anything with a "now()" in it, as\r
+ * it is evaluated once during the prepare, and kept. That renders any use of "now()" pointless. Therefore\r
+ * the Create function needs to be run fresh everytime.\r
+ * \r
+ * Fixed in Cassandra 1.2.6 https://issues.apache.org/jira/browse/CASSANDRA-5616\r
+ *\r
+ */\r
+public class HistoryDAO extends CassDAOImpl<AuthzTrans, HistoryDAO.Data> {\r
+ private static final String TABLE = "history";\r
+\r
+ public static final SimpleDateFormat monthFormat = new SimpleDateFormat("yyyyMM");\r
+// private static final SimpleDateFormat dayTimeFormat = new SimpleDateFormat("ddHHmmss");\r
+\r
+ private String[] helpers;\r
+\r
+ private HistLoader defLoader;\r
+\r
+ private AbsCassDAO<AuthzTrans, Data>.PSInfo readByUser, readBySubject, readByYRMN;\r
+\r
+ public HistoryDAO(AuthzTrans trans, Cluster cluster, String keyspace) {\r
+ super(trans, HistoryDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE,ConsistencyLevel.LOCAL_ONE,ConsistencyLevel.ANY);\r
+ init(trans);\r
+ }\r
+\r
+ public HistoryDAO(AuthzTrans trans, AbsCassDAO<AuthzTrans,?> aDao) {\r
+ super(trans, HistoryDAO.class.getSimpleName(),aDao,Data.class,TABLE,ConsistencyLevel.LOCAL_ONE,ConsistencyLevel.ANY);\r
+ init(trans);\r
+ }\r
+\r
+\r
+ private static final int KEYLIMIT = 1;\r
+ public static class Data {\r
+ public UUID id;\r
+ public int yr_mon;\r
+ public String user;\r
+ public String action;\r
+ public String target;\r
+ public String subject;\r
+ public String memo;\r
+// Map<String, String> detail = null;\r
+// public Map<String, String> detail() {\r
+// if(detail == null) {\r
+// detail = new HashMap<String, String>();\r
+// }\r
+// return detail;\r
+// }\r
+ public ByteBuffer reconstruct;\r
+ }\r
+ \r
+ private static class HistLoader extends Loader<Data> {\r
+ public HistLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.id = row.getUUID(0);\r
+ data.yr_mon = row.getInt(1);\r
+ data.user = row.getString(2);\r
+ data.action = row.getString(3);\r
+ data.target = row.getString(4);\r
+ data.subject = row.getString(5);\r
+ data.memo = row.getString(6);\r
+// data.detail = row.getMap(6, String.class, String.class);\r
+ data.reconstruct = row.getBytes(7);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.id;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.yr_mon;\r
+ obj[++idx]=data.user;\r
+ obj[++idx]=data.action;\r
+ obj[++idx]=data.target;\r
+ obj[++idx]=data.subject;\r
+ obj[++idx]=data.memo;\r
+// obj[++idx]=data.detail;\r
+ obj[++idx]=data.reconstruct; \r
+ }\r
+ };\r
+ \r
+ private void init(AuthzTrans trans) {\r
+ // Loader must match fields order\r
+ defLoader = new HistLoader(KEYLIMIT);\r
+ helpers = setCRUD(trans, TABLE, Data.class, defLoader);\r
+\r
+ // Need a specialty Creator to handle the "now()"\r
+ // 9/9/2013 - jg - Just great... now() is evaluated once on Client side, invalidating usage (what point is a now() from a long time in the past?\r
+ // Unless this is fixed, we're putting in non-prepared statement\r
+ // Solved in Cassandra. Make sure you are running 1.2.6 Cassandra or later. https://issues.apache.org/jira/browse/CASSANDRA-5616 \r
+ replace(CRUD.create, new PSInfo(trans, "INSERT INTO history (" + helpers[FIELD_COMMAS] +\r
+ ") VALUES(now(),?,?,?,?,?,?,?)", \r
+ new HistLoader(0) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ }\r
+ },writeConsistency)\r
+ );\r
+// disable(CRUD.Create);\r
+ \r
+ replace(CRUD.read, new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] +\r
+ " FROM history WHERE id = ?", defLoader,readConsistency) \r
+// new HistLoader(2) {\r
+// @Override\r
+// protected void key(Data data, int idx, Object[] obj) {\r
+// obj[idx]=data.yr_mon;\r
+// obj[++idx]=data.id;\r
+// }\r
+// })\r
+ );\r
+ disable(CRUD.update);\r
+ disable(CRUD.delete);\r
+ \r
+ readByUser = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + \r
+ " FROM history WHERE user = ?", defLoader,readConsistency);\r
+ readBySubject = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + \r
+ " FROM history WHERE subject = ? and target = ? ALLOW FILTERING", defLoader,readConsistency);\r
+ readByYRMN = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + \r
+ " FROM history WHERE yr_mon = ?", defLoader,readConsistency);\r
+ async(true); //TODO dropping messages with Async\r
+ }\r
+\r
+ public static Data newInitedData() {\r
+ Data data = new Data();\r
+ Date now = new Date();\r
+ data.yr_mon = Integer.parseInt(monthFormat.format(now));\r
+ // data.day_time = Integer.parseInt(dayTimeFormat.format(now));\r
+ return data; \r
+ }\r
+\r
+ public Result<List<Data>> readByYYYYMM(AuthzTrans trans, int yyyymm) {\r
+ Result<ResultSet> rs = readByYRMN.exec(trans, "yr_mon", yyyymm);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ return extract(defLoader,rs.value,null,dflt);\r
+ }\r
+\r
+ /**\r
+ * Gets the history for a user in the specified year and month\r
+ * year - the year in yyyy format\r
+ * month - the month in a year ...values 1 - 12\r
+ **/\r
+ public Result<List<Data>> readByUser(AuthzTrans trans, String user, int ... yyyymm) {\r
+ if(yyyymm.length==0) {\r
+ return Result.err(Status.ERR_BadData, "No or invalid yyyymm specified");\r
+ }\r
+ Result<ResultSet> rs = readByUser.exec(trans, "user", user);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ return extract(defLoader,rs.value,null,yyyymm.length>0?new YYYYMM(yyyymm):dflt);\r
+ }\r
+ \r
+ public Result<List<Data>> readBySubject(AuthzTrans trans, String subject, String target, int ... yyyymm) {\r
+ if(yyyymm.length==0) {\r
+ return Result.err(Status.ERR_BadData, "No or invalid yyyymm specified");\r
+ }\r
+ Result<ResultSet> rs = readBySubject.exec(trans, "subject", subject, target);\r
+ if(rs.notOK()) {\r
+ return Result.err(rs);\r
+ }\r
+ return extract(defLoader,rs.value,null,yyyymm.length>0?new YYYYMM(yyyymm):dflt);\r
+ }\r
+ \r
+ private class YYYYMM implements Accept<Data> {\r
+ private int[] yyyymm;\r
+ public YYYYMM(int yyyymm[]) {\r
+ this.yyyymm = yyyymm;\r
+ }\r
+ @Override\r
+ public boolean ok(Data data) {\r
+ int dym = data.yr_mon;\r
+ for(int ym:yyyymm) {\r
+ if(dym==ym) {\r
+ return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+ \r
+ };\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import java.util.Map.Entry;\r
+\r
+import com.att.cssa.rserv.Pair;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+\r
+\r
+public class Namespace implements Bytification {\r
+ public static final int MAGIC=250935515;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48;\r
+\r
+ public String name;\r
+ public List<String> owner;\r
+ public List<String> admin;\r
+ public List<Pair<String,String>> attrib;\r
+ public String description;\r
+ public Integer type;\r
+ public String parent;\r
+ public Namespace() {}\r
+ \r
+ public Namespace(NsDAO.Data ndd) {\r
+ name = ndd.name;\r
+ description = ndd.description;\r
+ type = ndd.type;\r
+ parent = ndd.parent;\r
+ if(ndd.attrib!=null && !ndd.attrib.isEmpty()) {\r
+ attrib = new ArrayList<Pair<String,String>>();\r
+ for( Entry<String, String> entry : ndd.attrib.entrySet()) {\r
+ attrib.add(new Pair<String,String>(entry.getKey(),entry.getValue()));\r
+ }\r
+ }\r
+ }\r
+ \r
+ public Namespace(NsDAO.Data ndd,List<String> owner, List<String> admin) {\r
+ name = ndd.name;\r
+ this.owner = owner;\r
+ this.admin = admin;\r
+ description = ndd.description;\r
+ type = ndd.type;\r
+ parent = ndd.parent;\r
+ if(ndd.attrib!=null && !ndd.attrib.isEmpty()) {\r
+ attrib = new ArrayList<Pair<String,String>>();\r
+ for( Entry<String, String> entry : ndd.attrib.entrySet()) {\r
+ attrib.add(new Pair<String,String>(entry.getKey(),entry.getValue()));\r
+ }\r
+ }\r
+ }\r
+\r
+ public NsDAO.Data data() {\r
+ NsDAO.Data ndd = new NsDAO.Data();\r
+ ndd.name = name;\r
+ ndd.description = description;\r
+ ndd.parent = parent;\r
+ ndd.type = type;\r
+ return ndd;\r
+ }\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ DataOutputStream os = new DataOutputStream(baos);\r
+\r
+ Loader.writeHeader(os,MAGIC,VERSION);\r
+ Loader.writeString(os, name);\r
+ os.writeInt(type);\r
+ Loader.writeStringSet(os,admin);\r
+ Loader.writeStringSet(os,owner);\r
+ Loader.writeString(os,description);\r
+ Loader.writeString(os,parent);\r
+\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+\r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ DataInputStream is = CassDAOImpl.toDIS(bb);\r
+ /*int version = */Loader.readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ \r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ name = Loader.readString(is, buff);\r
+ type = is.readInt();\r
+ admin = Loader.readStringList(is,buff);\r
+ owner = Loader.readStringList(is,buff);\r
+ description = Loader.readString(is,buff);\r
+ parent = Loader.readString(is,buff);\r
+ \r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#hashCode()\r
+ */\r
+ @Override\r
+ public int hashCode() {\r
+ return name.hashCode();\r
+ }\r
+ \r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#toString()\r
+ */\r
+ @Override\r
+ public String toString() {\r
+ return name.toString();\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#equals(java.lang.Object)\r
+ */\r
+ @Override\r
+ public boolean equals(Object arg0) {\r
+ if(arg0==null || !(arg0 instanceof Namespace)) {\r
+ return false;\r
+ }\r
+ return name.equals(((Namespace)arg0).name);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.HashMap;\r
+import java.util.HashSet;\r
+import java.util.Iterator;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Map.Entry;\r
+import java.util.Set;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.exceptions.DriverException;\r
+\r
+/**\r
+ * NsDAO\r
+ * \r
+ * Data Access Object for Namespace Data\r
+ *\r
+ */\r
+public class NsDAO extends CassDAOImpl<AuthzTrans,NsDAO.Data> {\r
+ public static final String TABLE = "ns";\r
+ public static final String TABLE_ATTRIB = "ns_attrib";\r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+ public static final int ROOT = 1;\r
+ public static final int COMPANY=2;\r
+ public static final int APP = 3;\r
+\r
+ private static final String BEGIN_BATCH = "BEGIN BATCH\n";\r
+ private static final String APPLY_BATCH = "APPLY BATCH;\n";\r
+ private static final String SQSCCR = "';\n";\r
+ private static final String SQCSQ = "','";\r
+ \r
+ private HistoryDAO historyDAO;\r
+ private CacheInfoDAO infoDAO;\r
+ private PSInfo psNS;\r
+\r
+ public NsDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, NsDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ }\r
+\r
+ public NsDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO iDAO) throws APIException, IOException {\r
+ super(trans, NsDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO=hDAO;\r
+ infoDAO = iDAO;\r
+ init(trans);\r
+ }\r
+\r
+\r
+ //////////////////////////////////////////\r
+ // Data Definition, matches Cassandra DM\r
+ //////////////////////////////////////////\r
+ private static final int KEYLIMIT = 1;\r
+ /**\r
+ * Data class that matches the Cassandra Table "role"\r
+ * \r
+ */\r
+ public static class Data extends CacheableData implements Bytification {\r
+ public String name;\r
+ public int type;\r
+ public String description;\r
+ public String parent;\r
+ public Map<String,String> attrib;\r
+\r
+// ////////////////////////////////////////\r
+// // Getters\r
+ public Map<String,String> attrib(boolean mutable) {\r
+ if (attrib == null) {\r
+ attrib = new HashMap<String,String>();\r
+ } else if (mutable && !(attrib instanceof HashMap)) {\r
+ attrib = new HashMap<String,String>(attrib);\r
+ }\r
+ return attrib;\r
+ }\r
+\r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ return new int[] {\r
+ seg(cache,name)\r
+ };\r
+ }\r
+\r
+ public NsSplit split(String name) {\r
+ return new NsSplit(this,name);\r
+ }\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ NSLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ NSLoader.deflt.unmarshal(this,toDIS(bb));\r
+ }\r
+ \r
+ @Override\r
+ public String toString() {\r
+ return name;\r
+ }\r
+ \r
+ }\r
+ \r
+ private void init(AuthzTrans trans) throws APIException, IOException {\r
+ // Set up sub-DAOs\r
+ if(historyDAO==null) {\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ }\r
+ if(infoDAO==null) {\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ }\r
+\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, NSLoader.deflt,4/*need to skip attrib */);\r
+ \r
+ psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE parent = ?", new NSLoader(1),readConsistency);\r
+\r
+ }\r
+ \r
+ private static final class NSLoader extends Loader<Data> implements Streamer<Data> {\r
+ public static final int MAGIC=250935515;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48;\r
+\r
+ public static final NSLoader deflt = new NSLoader(KEYLIMIT);\r
+ \r
+ public NSLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ // Int more efficient\r
+ data.name = row.getString(0);\r
+ data.type = row.getInt(1);\r
+ data.description = row.getString(2);\r
+ data.parent = row.getString(3);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.name;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+\r
+ obj[idx]=data.type;\r
+ obj[++idx]=data.description;\r
+ obj[++idx]=data.parent;\r
+ }\r
+ \r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.name);\r
+ os.writeInt(data.type);\r
+ writeString(os,data.description);\r
+ writeString(os,data.parent);\r
+ if(data.attrib==null) {\r
+ os.writeInt(-1);\r
+ } else {\r
+ os.writeInt(data.attrib.size());\r
+ for(Entry<String, String> es : data.attrib(false).entrySet()) {\r
+ writeString(os,es.getKey());\r
+ writeString(os,es.getValue());\r
+ }\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ \r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.name = readString(is, buff);\r
+ data.type = is.readInt();\r
+ data.description = readString(is,buff);\r
+ data.parent = readString(is,buff);\r
+ int count = is.readInt();\r
+ if(count>0) {\r
+ Map<String, String> da = data.attrib(true);\r
+ for(int i=0;i<count;++i) {\r
+ da.put(readString(is,buff), readString(is,buff));\r
+ }\r
+ }\r
+ }\r
+\r
+ }\r
+ \r
+ @Override\r
+ public Result<Data> create(AuthzTrans trans, Data data) {\r
+ String ns = data.name;\r
+ // Ensure Parent is set\r
+ int ldot = ns.lastIndexOf('.');\r
+ data.parent=ldot<0?".":ns.substring(0,ldot);\r
+\r
+ // insert Attributes\r
+ StringBuilder stmt = new StringBuilder();\r
+ stmt.append(BEGIN_BATCH);\r
+ attribInsertStmts(stmt, data);\r
+ stmt.append(APPLY_BATCH);\r
+ try {\r
+ getSession(trans).execute(stmt.toString());\r
+//// TEST CODE for Exception \r
+// boolean force = true; \r
+// if(force) {\r
+// throw new com.datastax.driver.core.exceptions.NoHostAvailableException(new HashMap<InetSocketAddress,Throwable>());\r
+//// throw new com.datastax.driver.core.exceptions.AuthenticationException(new InetSocketAddress(9999),"Sample Message");\r
+// }\r
+////END TEST CODE\r
+\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ trans.info().log(stmt);\r
+ return Result.err(Result.ERR_Backend, "Backend Access");\r
+ }\r
+ return super.create(trans, data);\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> update(AuthzTrans trans, Data data) {\r
+ String ns = data.name;\r
+ // Ensure Parent is set\r
+ int ldot = ns.lastIndexOf('.');\r
+ data.parent=ldot<0?".":ns.substring(0,ldot);\r
+\r
+ StringBuilder stmt = new StringBuilder();\r
+ stmt.append(BEGIN_BATCH);\r
+ try {\r
+ Map<String, String> localAttr = data.attrib;\r
+ Result<Map<String, String>> rremoteAttr = readAttribByNS(trans,ns);\r
+ if(rremoteAttr.notOK()) {\r
+ return Result.err(rremoteAttr);\r
+ }\r
+ // update Attributes\r
+ String str;\r
+ for(Entry<String, String> es : localAttr.entrySet()) {\r
+ str = rremoteAttr.value.get(es.getKey());\r
+ if(str==null || !str.equals(es.getValue())) {\r
+ attribInsertStmt(stmt, ns, es.getKey(),es.getValue());\r
+ }\r
+ }\r
+ \r
+ // No point in deleting... insert overwrites...\r
+// for(Entry<String, String> es : remoteAttr.entrySet()) {\r
+// str = localAttr.get(es.getKey());\r
+// if(str==null || !str.equals(es.getValue())) {\r
+// attribDeleteStmt(stmt, ns, es.getKey());\r
+// }\r
+// }\r
+ if(stmt.length()>BEGIN_BATCH.length()) {\r
+ stmt.append(APPLY_BATCH);\r
+ getSession(trans).execute(stmt.toString());\r
+ }\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ trans.info().log(stmt);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ return super.update(trans,data);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.dao.CassDAOImpl#read(com.att.inno.env.TransStore, java.lang.Object)\r
+ */\r
+ @Override\r
+ public Result<List<Data>> read(AuthzTrans trans, Data data) {\r
+ Result<List<Data>> rld = super.read(trans, data);\r
+ \r
+ if(rld.isOKhasData()) {\r
+ for(Data d : rld.value) {\r
+ // Note: Map is null at this point, save time/mem by assignment\r
+ Result<Map<String, String>> rabn = readAttribByNS(trans,d.name);\r
+ if(rabn.isOK()) {\r
+ d.attrib = rabn.value;\r
+ } else {\r
+ return Result.err(rabn);\r
+ }\r
+ }\r
+ }\r
+ return rld;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.dao.CassDAOImpl#read(com.att.inno.env.TransStore, java.lang.Object[])\r
+ */\r
+ @Override\r
+ public Result<List<Data>> read(AuthzTrans trans, Object... key) {\r
+ Result<List<Data>> rld = super.read(trans, key);\r
+\r
+ if(rld.isOKhasData()) {\r
+ for(Data d : rld.value) {\r
+ // Note: Map is null at this point, save time/mem by assignment\r
+ Result<Map<String, String>> rabn = readAttribByNS(trans,d.name);\r
+ if(rabn.isOK()) {\r
+ d.attrib = rabn.value;\r
+ } else {\r
+ return Result.err(rabn);\r
+ }\r
+ }\r
+ }\r
+ return rld;\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> delete(AuthzTrans trans, Data data, boolean reread) {\r
+ TimeTaken tt = trans.start("Delete NS Attributes " + data.name, Env.REMOTE);\r
+ try {\r
+ StringBuilder stmt = new StringBuilder();\r
+ attribDeleteAllStmt(stmt, data);\r
+ try {\r
+ getSession(trans).execute(stmt.toString());\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ trans.info().log(stmt);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return super.delete(trans, data, reread);\r
+\r
+ }\r
+ \r
+ public Result<Map<String,String>> readAttribByNS(AuthzTrans trans, String ns) {\r
+ Map<String,String> map = new HashMap<String,String>();\r
+ TimeTaken tt = trans.start("readAttribByNS " + ns, Env.REMOTE);\r
+ try {\r
+ ResultSet rs = getSession(trans).execute("SELECT key,value FROM " \r
+ + TABLE_ATTRIB \r
+ + " WHERE ns='"\r
+ + ns\r
+ + "';");\r
+ \r
+ for(Iterator<Row> iter = rs.iterator();iter.hasNext(); ) {\r
+ Row r = iter.next();\r
+ map.put(r.getString(0), r.getString(1));\r
+ }\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return Result.ok(map);\r
+ }\r
+\r
+ public Result<Set<String>> readNsByAttrib(AuthzTrans trans, String key) {\r
+ Set<String> set = new HashSet<String>();\r
+ TimeTaken tt = trans.start("readNsBykey " + key, Env.REMOTE);\r
+ try {\r
+ ResultSet rs = getSession(trans).execute("SELECT ns FROM " \r
+ + TABLE_ATTRIB \r
+ + " WHERE key='"\r
+ + key\r
+ + "';");\r
+ \r
+ for(Iterator<Row> iter = rs.iterator();iter.hasNext(); ) {\r
+ Row r = iter.next();\r
+ set.add(r.getString(0));\r
+ }\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return Result.ok(set);\r
+ }\r
+\r
+ public Result<Void> attribAdd(AuthzTrans trans, String ns, String key, String value) {\r
+ try {\r
+ getSession(trans).execute(attribInsertStmt(new StringBuilder(),ns,key,value).toString());\r
+ return Result.ok();\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+ }\r
+ \r
+ private StringBuilder attribInsertStmt(StringBuilder sb, String ns, String key, String value) {\r
+ sb.append("INSERT INTO ");\r
+ sb.append(TABLE_ATTRIB);\r
+ sb.append(" (ns,key,value) VALUES ('");\r
+ sb.append(ns);\r
+ sb.append(SQCSQ);\r
+ sb.append(key);\r
+ sb.append(SQCSQ);\r
+ sb.append(value);\r
+ sb.append("');");\r
+ return sb;\r
+ }\r
+ \r
+ public Result<Void> attribRemove(AuthzTrans trans, String ns, String key) {\r
+ try {\r
+ getSession(trans).execute(attribDeleteStmt(new StringBuilder(),ns,key).toString());\r
+ return Result.ok();\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+ }\r
+ \r
+ private StringBuilder attribDeleteStmt(StringBuilder stmt, String ns, String key) {\r
+ stmt.append("DELETE FROM ");\r
+ stmt.append(TABLE_ATTRIB);\r
+ stmt.append(" WHERE ns='");\r
+ stmt.append(ns);\r
+ stmt.append("' AND key='");\r
+ stmt.append(key);\r
+ stmt.append("';");\r
+ return stmt;\r
+ }\r
+ \r
+ private void attribDeleteAllStmt(StringBuilder stmt, Data data) {\r
+ stmt.append(" DELETE FROM ");\r
+ stmt.append(TABLE_ATTRIB);\r
+ stmt.append(" WHERE ns='");\r
+ stmt.append(data.name);\r
+ stmt.append(SQSCCR);\r
+ }\r
+\r
+ private void attribInsertStmts(StringBuilder stmt, Data data) {\r
+ // INSERT new Attrib\r
+ for(Entry<String,String> es : data.attrib(false).entrySet() ) {\r
+ stmt.append(" ");\r
+ attribInsertStmt(stmt,data.name,es.getKey(),es.getValue());\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Add description to Namespace\r
+ * @param trans\r
+ * @param ns\r
+ * @param description\r
+ * @return\r
+ */\r
+ public Result<Void> addDescription(AuthzTrans trans, String ns, String description) {\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" \r
+ + description + "' WHERE name = '" + ns + "';");\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ Data data = new Data();\r
+ data.name=ns;\r
+ wasModified(trans, CRUD.update, data, "Added description " + description + " to namespace " + ns, null );\r
+ return Result.ok();\r
+ }\r
+\r
+ public Result<List<Data>> getChildren(AuthzTrans trans, String parent) {\r
+ return psNS.read(trans, R_TEXT, new Object[]{parent});\r
+ }\r
+ \r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ * \r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ //TODO Must log history\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject ? override[1] : data.name;\r
+ hd.memo = memo ? override[0] : (data.name + " was " + modified.name() + 'd' );\r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize NsDAO.Data");\r
+ }\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
+ trans.error().log("Cannot touch CacheInfo");\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+public class NsSplit {\r
+ public final String ns;\r
+ public final String name;\r
+ public final NsDAO.Data nsd;\r
+ \r
+ public NsSplit(NsDAO.Data nsd, String child) {\r
+ this.nsd = nsd;\r
+ if(child.startsWith(nsd.name)) {\r
+ ns = nsd.name;\r
+ int dot = ns.length();\r
+ if(dot<child.length() && child.charAt(dot)=='.') {\r
+ name = child.substring(dot+1);\r
+ } else {\r
+ name="";\r
+ }\r
+ } else {\r
+ name=null;\r
+ ns = null;\r
+ }\r
+ }\r
+ \r
+ public NsSplit(String ns, String name) {\r
+ this.ns = ns;\r
+ this.name = name;\r
+ this.nsd = new NsDAO.Data();\r
+ nsd.name = ns;\r
+ int dot = ns.lastIndexOf('.');\r
+ if(dot>=0) {\r
+ nsd.parent = ns.substring(0, dot);\r
+ } else {\r
+ nsd.parent = ".";\r
+ }\r
+ }\r
+\r
+ public boolean isOK() {\r
+ return ns!=null && name !=null;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+/**\r
+ * Defines the Type Codes in the NS Table.\r
+ *\r
+ */\r
+public enum NsType {\r
+ UNKNOWN (-1),\r
+ DOT (0),\r
+ ROOT (1), \r
+ COMPANY (2), \r
+ APP (3), \r
+ STACKED_APP (10), \r
+ STACK (11);\r
+ \r
+ public final int type;\r
+ private NsType(int t) {\r
+ type = t;\r
+ }\r
+ /**\r
+ * This is not the Ordinal, but the Type that is stored in NS Tables\r
+ * \r
+ * @param t\r
+ * @return\r
+ */\r
+ public static NsType fromType(int t) {\r
+ for(NsType nst : values()) {\r
+ if(t==nst.type) {\r
+ return nst;\r
+ }\r
+ }\r
+ return UNKNOWN;\r
+ }\r
+ \r
+ /**\r
+ * Use this one rather than "valueOf" to avoid Exception\r
+ * @param s\r
+ * @return\r
+ */\r
+ public static NsType fromString(String s) {\r
+ if(s!=null) {\r
+ for(NsType nst : values()) {\r
+ if(nst.name().equals(s)) {\r
+ return nst;\r
+ }\r
+ }\r
+ }\r
+ return UNKNOWN;\r
+ }\r
+\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Split;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.exceptions.DriverException;\r
+\r
+public class PermDAO extends CassDAOImpl<AuthzTrans,PermDAO.Data> {\r
+\r
+ public static final String TABLE = "perm";\r
+\r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+ private static final String STAR = "*";\r
+ \r
+ private final HistoryDAO historyDAO;\r
+ private final CacheInfoDAO infoDAO;\r
+ \r
+ private PSInfo psNS, psChildren, psByType;\r
+\r
+ public PermDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, PermDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ init(trans);\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ }\r
+\r
+ public PermDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {\r
+ super(trans, PermDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = hDAO;\r
+ infoDAO=ciDAO;\r
+ init(trans);\r
+ }\r
+\r
+\r
+ private static final int KEYLIMIT = 4;\r
+ public static class Data extends CacheableData implements Bytification {\r
+ public String ns;\r
+ public String type;\r
+ public String instance;\r
+ public String action;\r
+ public Set<String> roles; \r
+ public String description;\r
+\r
+ public Data() {}\r
+ \r
+ public Data(NsSplit nss, String instance, String action) {\r
+ ns = nss.ns;\r
+ type = nss.name;\r
+ this.instance = instance;\r
+ this.action = action;\r
+ }\r
+\r
+ public String fullType() {\r
+ return ns + '.' + type;\r
+ }\r
+ \r
+ public String fullPerm() {\r
+ return ns + '.' + type + '|' + instance + '|' + action;\r
+ }\r
+\r
+ public String encode() {\r
+ return ns + '|' + type + '|' + instance + '|' + action;\r
+ }\r
+ \r
+ /**\r
+ * Decode Perm String, including breaking into appropriate Namespace\r
+ * \r
+ * @param trans\r
+ * @param q\r
+ * @param p\r
+ * @return\r
+ */\r
+ public static Result<Data> decode(AuthzTrans trans, Question q, String p) {\r
+ String[] ss = Split.splitTrim('|', p,4);\r
+ if(ss[2]==null) {\r
+ return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'");\r
+ }\r
+ Data data = new Data();\r
+ if(ss[3]==null) { // older 3 part encoding must be evaluated for NS\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
+ if(nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ data.ns=nss.value.ns;\r
+ data.type=nss.value.name;\r
+ data.instance=ss[1];\r
+ data.action=ss[2];\r
+ } else { // new 4 part encoding\r
+ data.ns=ss[0];\r
+ data.type=ss[1];\r
+ data.instance=ss[2];\r
+ data.action=ss[3];\r
+ }\r
+ return Result.ok(data);\r
+ }\r
+\r
+ /**\r
+ * Decode Perm String, including breaking into appropriate Namespace\r
+ * \r
+ * @param trans\r
+ * @param q\r
+ * @param p\r
+ * @return\r
+ */\r
+ public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {\r
+ String[] ss = Split.splitTrim('|', p,4);\r
+ if(ss[2]==null) {\r
+ return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'");\r
+ }\r
+ \r
+ if(ss[3]==null) { // older 3 part encoding must be evaluated for NS\r
+ ss[3] = ss[2];\r
+ ss[2] = ss[1];\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
+ if(nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ ss[1] = nss.value.name;\r
+ ss[0] = nss.value.ns;\r
+ }\r
+ return Result.ok(ss);\r
+ }\r
+\r
+ public static Data create(NsDAO.Data ns, String name) {\r
+ NsSplit nss = new NsSplit(ns,name);\r
+ Data rv = new Data();\r
+ rv.ns = nss.ns;\r
+ String[] s = nss.name.split("\\|");\r
+ switch(s.length) {\r
+ case 3:\r
+ rv.type=s[0];\r
+ rv.instance=s[1];\r
+ rv.action=s[2];\r
+ break;\r
+ case 2:\r
+ rv.type=s[0];\r
+ rv.instance=s[1];\r
+ rv.action=STAR;\r
+ break;\r
+ default:\r
+ rv.type=s[0];\r
+ rv.instance = STAR;\r
+ rv.action = STAR;\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ public static Data create(AuthzTrans trans, Question q, String name) {\r
+ String[] s = name.split("\\|");\r
+ Result<NsSplit> rdns = q.deriveNsSplit(trans, s[0]);\r
+ Data rv = new PermDAO.Data();\r
+ if(rdns.isOKhasData()) {\r
+ switch(s.length) {\r
+ case 3:\r
+ rv.type=s[1];\r
+ rv.instance=s[2];\r
+ rv.action=s[3];\r
+ break;\r
+ case 2:\r
+ rv.type=s[1];\r
+ rv.instance=s[2];\r
+ rv.action=STAR;\r
+ break;\r
+ default:\r
+ rv.type=s[1];\r
+ rv.instance = STAR;\r
+ rv.action = STAR;\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ ////////////////////////////////////////\r
+ // Getters\r
+ public Set<String> roles(boolean mutable) {\r
+ if (roles == null) {\r
+ roles = new HashSet<String>();\r
+ } else if (mutable && !(roles instanceof HashSet)) {\r
+ roles = new HashSet<String>(roles);\r
+ }\r
+ return roles;\r
+ }\r
+\r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ return new int[] {\r
+ seg(cache,ns),\r
+ seg(cache,ns,type),\r
+ seg(cache,ns,type,STAR),\r
+ seg(cache,ns,type,instance,action)\r
+ };\r
+ }\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ PermLoader.deflt.marshal(this, new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ PermLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ return encode();\r
+ }\r
+ }\r
+ \r
+ private static class PermLoader extends Loader<Data> implements Streamer<Data> {\r
+ public static final int MAGIC=283939453;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=96;\r
+\r
+ public static final PermLoader deflt = new PermLoader(KEYLIMIT);\r
+ \r
+ public PermLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+ \r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ // Int more efficient Match "fields" string\r
+ data.ns = row.getString(0);\r
+ data.type = row.getString(1);\r
+ data.instance = row.getString(2);\r
+ data.action = row.getString(3);\r
+ data.roles = row.getSet(4,String.class);\r
+ data.description = row.getString(5);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.ns;\r
+ obj[++idx]=data.type;\r
+ obj[++idx]=data.instance;\r
+ obj[++idx]=data.action;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.roles;\r
+ obj[++idx]=data.description;\r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.ns);\r
+ writeString(os, data.type);\r
+ writeString(os, data.instance);\r
+ writeString(os, data.action);\r
+ writeStringSet(os, data.roles);\r
+ writeString(os, data.description);\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.ns = readString(is, buff);\r
+ data.type = readString(is,buff);\r
+ data.instance = readString(is,buff);\r
+ data.action = readString(is,buff);\r
+ data.roles = readStringSet(is,buff);\r
+ data.description = readString(is,buff);\r
+ }\r
+ }\r
+ \r
+ private void init(AuthzTrans trans) {\r
+ // the 3 is the number of key fields\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, PermLoader.deflt);\r
+ \r
+ // Other SELECT style statements... match with a local Method\r
+ psByType = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
+ " WHERE ns = ? AND type = ?", new PermLoader(2) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.type;\r
+ }\r
+ },readConsistency);\r
+ \r
+ psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE ns = ?", new PermLoader(1),readConsistency);\r
+ \r
+ psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
+ " WHERE ns=? AND type > ? AND type < ?", \r
+ new PermLoader(3) {\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx] = data.ns;\r
+ obj[++idx]=data.type + DOT;\r
+ obj[++idx]=data.type + DOT_PLUS_ONE;\r
+ }\r
+ },readConsistency);\r
+\r
+ }\r
+\r
+\r
+ /**\r
+ * Add a single Permission to the Role's Permission Collection\r
+ * \r
+ * @param trans\r
+ * @param roleFullName\r
+ * @param perm\r
+ * @param type\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<Void> addRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) {\r
+ // Note: Prepared Statements for Collection updates aren't supported\r
+ //ResultSet rv =\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles + {'" + roleFullName + "'} " +\r
+ "WHERE " +\r
+ "ns = '" + perm.ns + "' AND " +\r
+ "type = '" + perm.type + "' AND " +\r
+ "instance = '" + perm.instance + "' AND " +\r
+ "action = '" + perm.action + "';"\r
+ );\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ wasModified(trans, CRUD.update, perm, "Added role " + roleFullName + " to perm " +\r
+ perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action);\r
+ return Result.ok();\r
+ }\r
+\r
+ /**\r
+ * Remove a single Permission from the Role's Permission Collection\r
+ * @param trans\r
+ * @param roleFullName\r
+ * @param perm\r
+ * @param type\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<Void> delRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) {\r
+ // Note: Prepared Statements for Collection updates aren't supported\r
+ //ResultSet rv =\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles - {'" + roleFullName + "'} " +\r
+ "WHERE " +\r
+ "ns = '" + perm.ns + "' AND " +\r
+ "type = '" + perm.type + "' AND " +\r
+ "instance = '" + perm.instance + "' AND " +\r
+ "action = '" + perm.action + "';"\r
+ );\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ //TODO how can we tell when it doesn't?\r
+ wasModified(trans, CRUD.update, perm, "Removed role " + roleFullName + " from perm " +\r
+ perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action);\r
+ return Result.ok();\r
+ }\r
+\r
+\r
+ \r
+ /**\r
+ * Additional method: \r
+ * Select all Permissions by Name\r
+ * \r
+ * @param name\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<List<Data>> readByType(AuthzTrans trans, String ns, String type) {\r
+ return psByType.read(trans, R_TEXT, new Object[]{ns, type});\r
+ }\r
+ \r
+ public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String type) {\r
+ return psChildren.read(trans, R_TEXT, new Object[]{ns, type+DOT, type + DOT_PLUS_ONE});\r
+ }\r
+\r
+ public Result<List<Data>> readNS(AuthzTrans trans, String ns) {\r
+ return psNS.read(trans, R_TEXT, new Object[]{ns});\r
+ }\r
+\r
+ /**\r
+ * Add description to this permission\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @param description\r
+ * @return\r
+ */\r
+ public Result<Void> addDescription(AuthzTrans trans, String ns, String type,\r
+ String instance, String action, String description) {\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" \r
+ + description + "' WHERE ns = '" + ns + "' AND type = '" + type + "'"\r
+ + "AND instance = '" + instance + "' AND action = '" + action + "';");\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ Data data = new Data();\r
+ data.ns=ns;\r
+ data.type=type;\r
+ data.instance=instance;\r
+ data.action=action;\r
+ wasModified(trans, CRUD.update, data, "Added description " + description + " to permission " \r
+ + data.encode(), null );\r
+ return Result.ok();\r
+ }\r
+ \r
+ /**\r
+ * Log Modification statements to History\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ // Need to update history\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject ? override[1] : data.fullType();\r
+ if (memo) {\r
+ hd.memo = String.format("%s", override[0]);\r
+ } else {\r
+ hd.memo = String.format("%sd %s|%s|%s", modified.name(),data.fullType(),data.instance,data.action);\r
+ }\r
+ \r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize PermDAO.Data");\r
+ }\r
+ }\r
+ \r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
+ trans.error().log("Cannot touch CacheInfo");\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Split;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.exceptions.DriverException;\r
+\r
+public class RoleDAO extends CassDAOImpl<AuthzTrans,RoleDAO.Data> {\r
+\r
+ public static final String TABLE = "role";\r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+ \r
+ private final HistoryDAO historyDAO;\r
+ private final CacheInfoDAO infoDAO;\r
+\r
+ private PSInfo psChildren, psNS, psName;\r
+\r
+ public RoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, RoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ // Set up sub-DAOs\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ init(trans);\r
+ }\r
+\r
+ public RoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {\r
+ super(trans, RoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ historyDAO = hDAO;\r
+ infoDAO = ciDAO;\r
+ init(trans);\r
+ }\r
+\r
+\r
+ //////////////////////////////////////////\r
+ // Data Definition, matches Cassandra DM\r
+ //////////////////////////////////////////\r
+ private static final int KEYLIMIT = 2;\r
+ /**\r
+ * Data class that matches the Cassandra Table "role"\r
+ */\r
+ public static class Data extends CacheableData implements Bytification {\r
+ public String ns;\r
+ public String name;\r
+ public Set<String> perms;\r
+ public String description;\r
+\r
+ ////////////////////////////////////////\r
+ // Getters\r
+ public Set<String> perms(boolean mutable) {\r
+ if (perms == null) {\r
+ perms = new HashSet<String>();\r
+ } else if (mutable && !(perms instanceof HashSet)) {\r
+ perms = new HashSet<String>(perms);\r
+ }\r
+ return perms;\r
+ }\r
+ \r
+ public static Data create(NsDAO.Data ns, String name) {\r
+ NsSplit nss = new NsSplit(ns,name); \r
+ RoleDAO.Data rv = new Data();\r
+ rv.ns = nss.ns;\r
+ rv.name=nss.name;\r
+ return rv;\r
+ }\r
+ \r
+ public String fullName() {\r
+ return ns + '.' + name;\r
+ }\r
+ \r
+ public String encode() {\r
+ return ns + '|' + name;\r
+ }\r
+ \r
+ /**\r
+ * Decode Perm String, including breaking into appropriate Namespace\r
+ * \r
+ * @param trans\r
+ * @param q\r
+ * @param r\r
+ * @return\r
+ */\r
+ public static Result<Data> decode(AuthzTrans trans, Question q, String r) {\r
+ String[] ss = Split.splitTrim('|', r,2);\r
+ Data data = new Data();\r
+ if(ss[1]==null) { // older 1 part encoding must be evaluated for NS\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
+ if(nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ data.ns=nss.value.ns;\r
+ data.name=nss.value.name;\r
+ } else { // new 4 part encoding\r
+ data.ns=ss[0];\r
+ data.name=ss[1];\r
+ }\r
+ return Result.ok(data);\r
+ }\r
+\r
+ /**\r
+ * Decode from UserRole Data\r
+ * @param urdd\r
+ * @return\r
+ */\r
+ public static RoleDAO.Data decode(UserRoleDAO.Data urdd) {\r
+ RoleDAO.Data rd = new RoleDAO.Data();\r
+ rd.ns = urdd.ns;\r
+ rd.name = urdd.rname;\r
+ return rd;\r
+ }\r
+\r
+\r
+ /**\r
+ * Decode Perm String, including breaking into appropriate Namespace\r
+ * \r
+ * @param trans\r
+ * @param q\r
+ * @param p\r
+ * @return\r
+ */\r
+ public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {\r
+ String[] ss = Split.splitTrim('|', p,2);\r
+ if(ss[1]==null) { // older 1 part encoding must be evaluated for NS\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
+ if(nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ ss[0] = nss.value.ns;\r
+ ss[1] = nss.value.name;\r
+ }\r
+ return Result.ok(ss);\r
+ }\r
+ \r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ return new int[] {\r
+ seg(cache,ns,name),\r
+ seg(cache,ns),\r
+ seg(cache,name),\r
+ };\r
+ }\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ RoleLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ RoleLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ return ns + '.' + name;\r
+ }\r
+ }\r
+\r
+ private static class RoleLoader extends Loader<Data> implements Streamer<Data> {\r
+ public static final int MAGIC=923577343;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=96;\r
+\r
+ public static final RoleLoader deflt = new RoleLoader(KEYLIMIT);\r
+ \r
+ public RoleLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+ \r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ // Int more efficient\r
+ data.ns = row.getString(0);\r
+ data.name = row.getString(1);\r
+ data.perms = row.getSet(2,String.class);\r
+ data.description = row.getString(3);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.ns;\r
+ obj[++idx]=data.name;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.perms;\r
+ obj[++idx]=data.description;\r
+ }\r
+\r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+ writeString(os, data.ns);\r
+ writeString(os, data.name);\r
+ writeStringSet(os,data.perms);\r
+ writeString(os, data.description);\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.ns = readString(is, buff);\r
+ data.name = readString(is,buff);\r
+ data.perms = readStringSet(is,buff);\r
+ data.description = readString(is,buff);\r
+ }\r
+ };\r
+\r
+ private void init(AuthzTrans trans) {\r
+ String[] helpers = setCRUD(trans, TABLE, Data.class, RoleLoader.deflt);\r
+ \r
+ psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE ns = ?", new RoleLoader(1),readConsistency);\r
+\r
+ psName = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
+ " WHERE name = ?", new RoleLoader(1),readConsistency);\r
+\r
+ psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
+ " WHERE ns=? AND name > ? AND name < ?", \r
+ new RoleLoader(3) {\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx] = data.ns;\r
+ obj[++idx]=data.name + DOT;\r
+ obj[++idx]=data.name + DOT_PLUS_ONE;\r
+ }\r
+ },readConsistency);\r
+ \r
+ }\r
+\r
+ public Result<List<Data>> readNS(AuthzTrans trans, String ns) {\r
+ return psNS.read(trans, R_TEXT + " NS " + ns, new Object[]{ns});\r
+ }\r
+\r
+ public Result<List<Data>> readName(AuthzTrans trans, String name) {\r
+ return psName.read(trans, R_TEXT + name, new Object[]{name});\r
+ }\r
+\r
+ public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String role) {\r
+ if(role.length()==0 || "*".equals(role)) {\r
+ return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR}); \r
+ } else {\r
+ return psChildren.read(trans, R_TEXT, new Object[]{ns, role+DOT, role+DOT_PLUS_ONE});\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Add a single Permission to the Role's Permission Collection\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @param perm\r
+ * @param type\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<Void> addPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {\r
+ // Note: Prepared Statements for Collection updates aren't supported\r
+ String pencode = perm.encode();\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" + \r
+ pencode + "'} WHERE " +\r
+ "ns = '" + role.ns + "' AND name = '" + role.name + "';");\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ wasModified(trans, CRUD.update, role, "Added permission " + pencode + " to role " + role.fullName());\r
+ return Result.ok();\r
+ }\r
+\r
+ /**\r
+ * Remove a single Permission from the Role's Permission Collection\r
+ * @param trans\r
+ * @param role\r
+ * @param perm\r
+ * @param type\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<Void> delPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {\r
+ // Note: Prepared Statements for Collection updates aren't supported\r
+\r
+ String pencode = perm.encode();\r
+ \r
+ //ResultSet rv =\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" + \r
+ pencode + "'} WHERE " +\r
+ "ns = '" + role.ns + "' AND name = '" + role.name + "';");\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ //TODO how can we tell when it doesn't?\r
+ wasModified(trans, CRUD.update, role, "Removed permission " + pencode + " from role " + role.fullName() );\r
+ return Result.ok();\r
+ }\r
+ \r
+ /**\r
+ * Add description to role\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param name\r
+ * @param description\r
+ * @return\r
+ */\r
+ public Result<Void> addDescription(AuthzTrans trans, String ns, String name, String description) {\r
+ try {\r
+ getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" \r
+ + description + "' WHERE ns = '" + ns + "' AND name = '" + name + "';");\r
+ } catch (DriverException | APIException | IOException e) {\r
+ reportPerhapsReset(trans,e);\r
+ return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
+ }\r
+\r
+ Data data = new Data();\r
+ data.ns=ns;\r
+ data.name=name;\r
+ wasModified(trans, CRUD.update, data, "Added description " + description + " to role " + data.fullName(), null );\r
+ return Result.ok();\r
+ }\r
+ \r
+ \r
+ /**\r
+ * Log Modification statements to History\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ hd.user = trans.user();\r
+ hd.action = modified.name();\r
+ hd.target = TABLE;\r
+ hd.subject = subject ? override[1] : data.fullName();\r
+ hd.memo = memo ? override[0] : (data.fullName() + " was " + modified.name() + 'd' );\r
+ if(modified==CRUD.delete) {\r
+ try {\r
+ hd.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e,"Could not serialize RoleDAO.Data");\r
+ }\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
+ trans.error().log("Cannot touch CacheInfo for Role");\r
+ }\r
+ }\r
+\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import com.att.authz.layer.Result;\r
+\r
+\r
+\r
+\r
+/**\r
+ * Add additional Behavior for Specific Applications for Results\r
+ * \r
+ * In this case, we add additional BitField information accessible by\r
+ * method (\r
+ *\r
+ * @param <RV>\r
+ */\r
+public class Status<RV> extends Result<RV> {\r
+ \r
+ // 10/1/2013: Initially, I used enum, but it's not extensible.\r
+ public final static int ERR_NsNotFound = Result.ERR_General+1,\r
+ ERR_RoleNotFound = Result.ERR_General+2,\r
+ ERR_PermissionNotFound = Result.ERR_General+3, \r
+ ERR_UserNotFound = Result.ERR_General+4,\r
+ ERR_UserRoleNotFound = Result.ERR_General+5,\r
+ ERR_DelegateNotFound = Result.ERR_General+6,\r
+ ERR_InvalidDelegate = Result.ERR_General+7,\r
+ ERR_DependencyExists = Result.ERR_General+8,\r
+ ERR_NoApprovals = Result.ERR_General+9,\r
+ ACC_Now = Result.ERR_General+10,\r
+ ACC_Future = Result.ERR_General+11,\r
+ ERR_ChoiceNeeded = Result.ERR_General+12,\r
+ ERR_FutureNotRequested = Result.ERR_General+13;\r
+ \r
+ /**\r
+ * Constructor for Result set. \r
+ * @param data\r
+ * @param status\r
+ */\r
+ private Status(RV value, int status, String details, String[] variables ) {\r
+ super(value,status,details,variables);\r
+ }\r
+\r
+ public static String name(int status) {\r
+ switch(status) {\r
+ case OK: return "OK";\r
+ case ERR_NsNotFound: return "ERR_NsNotFound";\r
+ case ERR_RoleNotFound: return "ERR_RoleNotFound";\r
+ case ERR_PermissionNotFound: return "ERR_PermissionNotFound"; \r
+ case ERR_UserNotFound: return "ERR_UserNotFound";\r
+ case ERR_UserRoleNotFound: return "ERR_UserRoleNotFound";\r
+ case ERR_DelegateNotFound: return "ERR_DelegateNotFound";\r
+ case ERR_InvalidDelegate: return "ERR_InvalidDelegate";\r
+ case ERR_ConflictAlreadyExists: return "ERR_ConflictAlreadyExists";\r
+ case ERR_DependencyExists: return "ERR_DependencyExists";\r
+ case ERR_ActionNotCompleted: return "ERR_ActionNotCompleted";\r
+ case ERR_Denied: return "ERR_Denied";\r
+ case ERR_Policy: return "ERR_Policy";\r
+ case ERR_BadData: return "ERR_BadData";\r
+ case ERR_NotImplemented: return "ERR_NotImplemented";\r
+ case ERR_NotFound: return "ERR_NotFound";\r
+ case ERR_ChoiceNeeded: return "ERR_ChoiceNeeded";\r
+ }\r
+ //case ERR_General: or unknown... \r
+ return "ERR_General";\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.cass;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.DataInputStream;\r
+import java.io.DataOutputStream;\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.Cached;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.Loader;\r
+import com.att.dao.Streamer;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.util.Chrono;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Row;\r
+\r
+public class UserRoleDAO extends CassDAOImpl<AuthzTrans,UserRoleDAO.Data> {\r
+ public static final String TABLE = "user_role";\r
+ \r
+ public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
+\r
+ private static final String TRANS_UR_SLOT = "_TRANS_UR_SLOT_";\r
+ public Slot transURSlot;\r
+ \r
+ private final HistoryDAO historyDAO;\r
+ private final CacheInfoDAO infoDAO;\r
+ \r
+ private PSInfo psByUser, psByRole, psUserInRole;\r
+\r
+\r
+\r
+ public UserRoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
+ super(trans, UserRoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ transURSlot = trans.slot(TRANS_UR_SLOT);\r
+ init(trans);\r
+\r
+ // Set up sub-DAOs\r
+ historyDAO = new HistoryDAO(trans, this);\r
+ infoDAO = new CacheInfoDAO(trans,this);\r
+ }\r
+\r
+ public UserRoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {\r
+ super(trans, UserRoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
+ transURSlot = trans.slot(TRANS_UR_SLOT);\r
+ historyDAO = hDAO;\r
+ infoDAO = ciDAO;\r
+ init(trans);\r
+ }\r
+\r
+ private static final int KEYLIMIT = 2;\r
+ public static class Data extends CacheableData implements Bytification {\r
+ public String user;\r
+ public String role;\r
+ public String ns; \r
+ public String rname; \r
+ public Date expires;\r
+ \r
+ @Override\r
+ public int[] invalidate(Cached<?,?> cache) {\r
+ // Note: I'm not worried about Name collisions, because the formats are different:\r
+ // myName ... etc versus\r
+ // com. ...\r
+ // The "dot" makes the difference.\r
+ return new int[] {\r
+ seg(cache,user,role),\r
+ seg(cache,user),\r
+ seg(cache,role)\r
+ };\r
+ }\r
+\r
+ @Override\r
+ public ByteBuffer bytify() throws IOException {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ URLoader.deflt.marshal(this,new DataOutputStream(baos));\r
+ return ByteBuffer.wrap(baos.toByteArray());\r
+ }\r
+ \r
+ @Override\r
+ public void reconstitute(ByteBuffer bb) throws IOException {\r
+ URLoader.deflt.unmarshal(this, toDIS(bb));\r
+ }\r
+\r
+ public void role(String ns, String rname) {\r
+ this.ns = ns;\r
+ this.rname = rname;\r
+ this.role = ns + '.' + rname;\r
+ }\r
+ \r
+ public void role(RoleDAO.Data rdd) {\r
+ ns = rdd.ns;\r
+ rname = rdd.name;\r
+ role = rdd.fullName();\r
+ }\r
+\r
+ \r
+ public boolean role(AuthzTrans trans, Question ques, String role) {\r
+ this.role = role;\r
+ Result<NsSplit> rnss = ques.deriveNsSplit(trans, role);\r
+ if(rnss.isOKhasData()) {\r
+ ns = rnss.value.ns;\r
+ rname = rnss.value.name;\r
+ return true;\r
+ } else {\r
+ return false;\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ return user + '|' + ns + '|' + rname + '|' + Chrono.dateStamp(expires);\r
+ }\r
+\r
+\r
+ }\r
+ \r
+ private static class URLoader extends Loader<Data> implements Streamer<Data> {\r
+ public static final int MAGIC=738469903;\r
+ public static final int VERSION=1;\r
+ public static final int BUFF_SIZE=48;\r
+ \r
+ public static final URLoader deflt = new URLoader(KEYLIMIT);\r
+\r
+ public URLoader(int keylimit) {\r
+ super(keylimit);\r
+ }\r
+\r
+ @Override\r
+ public Data load(Data data, Row row) {\r
+ data.user = row.getString(0);\r
+ data.role = row.getString(1);\r
+ data.ns = row.getString(2);\r
+ data.rname = row.getString(3);\r
+ data.expires = row.getDate(4);\r
+ return data;\r
+ }\r
+\r
+ @Override\r
+ protected void key(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.user;\r
+ obj[++idx]=data.role;\r
+ }\r
+\r
+ @Override\r
+ protected void body(Data data, int _idx, Object[] obj) {\r
+ int idx = _idx;\r
+ obj[idx]=data.ns;\r
+ obj[++idx]=data.rname;\r
+ obj[++idx]=data.expires;\r
+ }\r
+ \r
+ @Override\r
+ public void marshal(Data data, DataOutputStream os) throws IOException {\r
+ writeHeader(os,MAGIC,VERSION);\r
+\r
+ writeString(os, data.user);\r
+ writeString(os, data.role);\r
+ writeString(os, data.ns);\r
+ writeString(os, data.rname);\r
+ os.writeLong(data.expires==null?-1:data.expires.getTime());\r
+ }\r
+\r
+ @Override\r
+ public void unmarshal(Data data, DataInputStream is) throws IOException {\r
+ /*int version = */readHeader(is,MAGIC,VERSION);\r
+ // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
+ \r
+ byte[] buff = new byte[BUFF_SIZE];\r
+ data.user = readString(is,buff);\r
+ data.role = readString(is,buff);\r
+ data.ns = readString(is,buff);\r
+ data.rname = readString(is,buff);\r
+ long l = is.readLong();\r
+ data.expires = l<0?null:new Date(l);\r
+ }\r
+\r
+ };\r
+ \r
+ private void init(AuthzTrans trans) {\r
+ String[] helper = setCRUD(trans, TABLE, Data.class, URLoader.deflt);\r
+ \r
+ psByUser = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ?", \r
+ new URLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.user;\r
+ }\r
+ },readConsistency);\r
+ \r
+ // Note: We understand this call may have poor performance, so only should be used in Management (Delete) func\r
+ psByRole = new PSInfo(trans, SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE role = ? ALLOW FILTERING", \r
+ new URLoader(1) {\r
+ @Override\r
+ protected void key(Data data, int idx, Object[] obj) {\r
+ obj[idx]=data.role;\r
+ }\r
+ },readConsistency);\r
+ \r
+ psUserInRole = new PSInfo(trans,SELECT_SP + helper[FIELD_COMMAS] + " FROM user_role WHERE user = ? AND role = ?",\r
+ URLoader.deflt,readConsistency);\r
+ }\r
+\r
+ public Result<List<Data>> readByUser(AuthzTrans trans, String user) {\r
+ return psByUser.read(trans, R_TEXT + " by User " + user, new Object[]{user});\r
+ }\r
+\r
+ /**\r
+ * Note: Use Sparingly. Cassandra's forced key structure means this will perform fairly poorly\r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<List<Data>> readByRole(AuthzTrans trans, String role) {\r
+ return psByRole.read(trans, R_TEXT + " by Role " + role, new Object[]{role});\r
+ }\r
+ \r
+ /**\r
+ * Direct Lookup of User Role\r
+ * Don't forget to check for Expiration\r
+ */\r
+ public Result<List<Data>> readByUserRole(AuthzTrans trans, String user, String role) {\r
+ return psUserInRole.read(trans, R_TEXT + " by User " + user + " and Role " + role, new Object[]{user,role});\r
+ }\r
+\r
+\r
+ /**\r
+ * Log Modification statements to History\r
+ * @param modified which CRUD action was done\r
+ * @param data entity data that needs a log entry\r
+ * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
+ */\r
+ @Override\r
+ protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
+ boolean memo = override.length>0 && override[0]!=null;\r
+ boolean subject = override.length>1 && override[1]!=null;\r
+\r
+ HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
+ HistoryDAO.Data hdRole = HistoryDAO.newInitedData();\r
+ \r
+ hd.user = hdRole.user = trans.user();\r
+ hd.action = modified.name();\r
+ // Modifying User/Role is an Update to Role, not a Create. JG, 07-14-2015\r
+ hdRole.action = CRUD.update.name();\r
+ hd.target = TABLE;\r
+ hdRole.target = RoleDAO.TABLE;\r
+ hd.subject = subject?override[1] : (data.user + '|'+data.role);\r
+ hdRole.subject = data.role;\r
+ switch(modified) {\r
+ case create: \r
+ hd.memo = hdRole.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : String.format("%s added to %s",data.user,data.role); \r
+ break;\r
+ case update: \r
+ hd.memo = hdRole.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : String.format("%s - %s was updated",data.user,data.role);\r
+ break;\r
+ case delete: \r
+ hd.memo = hdRole.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : String.format("%s removed from %s",data.user,data.role);\r
+ try {\r
+ hd.reconstruct = hdRole.reconstruct = data.bytify();\r
+ } catch (IOException e) {\r
+ trans.warn().log(e,"Deleted UserRole could not be serialized");\r
+ }\r
+ break;\r
+ default:\r
+ hd.memo = hdRole.memo = memo\r
+ ? String.format("%s by %s", override[0], hd.user)\r
+ : "n/a";\r
+ }\r
+\r
+ if(historyDAO.create(trans, hd).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ \r
+ if(historyDAO.create(trans, hdRole).status!=Status.OK) {\r
+ trans.error().log("Cannot log to History");\r
+ }\r
+ // uses User as Segment\r
+ if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
+ trans.error().log("Cannot touch CacheInfo");\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.hl;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Executor;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.NsSplit;\r
+\r
+public class CassExecutor implements Executor {\r
+\r
+ private Question q;\r
+ private Function f;\r
+ private AuthzTrans trans;\r
+\r
+ public CassExecutor(AuthzTrans trans, Function f) {\r
+ this.trans = trans;\r
+ this.f = f;\r
+ this.q = this.f.q;\r
+ }\r
+\r
+ @Override\r
+ public boolean hasPermission(String user, String ns, String type, String instance, String action) {\r
+ return isGranted(user, ns, type, instance, action);\r
+ }\r
+\r
+ @Override\r
+ public boolean inRole(String name) {\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, name);\r
+ if(nss.notOK())return false;\r
+ return q.roleDAO.read(trans, nss.value.ns,nss.value.name).isOKhasData();\r
+ }\r
+\r
+ public boolean isGranted(String user, String ns, String type, String instance, String action) {\r
+ return q.isGranted(trans, user, ns, type, instance,action);\r
+ }\r
+\r
+ @Override\r
+ public String namespace() throws Exception {\r
+ Result<Data> res = q.validNSOfDomain(trans,trans.user());\r
+ if(res.isOK()) {\r
+ String user[] = trans.user().split("\\.");\r
+ return user[user.length-1] + '.' + user[user.length-2];\r
+ }\r
+ throw new Exception(res.status + ' ' + res.details);\r
+ }\r
+\r
+ @Override\r
+ public String id() {\r
+ return trans.user();\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.hl;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+import java.util.UUID;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Executor;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Expiration;\r
+import com.att.authz.org.Organization.Policy;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.FutureDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.NsSplit;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.dao.aaf.hl.Question.Access;\r
+\r
+public class Function {\r
+\r
+ public static final String FOP_CRED = "cred";\r
+ public static final String FOP_DELEGATE = "delegate";\r
+ public static final String FOP_NS = "ns";\r
+ public static final String FOP_PERM = "perm";\r
+ public static final String FOP_ROLE = "role";\r
+ public static final String FOP_USER_ROLE = "user_role";\r
+ // First Action should ALWAYS be "write", see "CreateRole"\r
+ public final Question q;\r
+\r
+ public Function(AuthzTrans trans, Question question) {\r
+ q = question;\r
+ }\r
+\r
+ private class ErrBuilder {\r
+ private StringBuilder sb;\r
+ private List<String> ao;\r
+\r
+ public void log(Result<?> result) {\r
+ if (result.notOK()) {\r
+ if (sb == null) {\r
+ sb = new StringBuilder();\r
+ ao = new ArrayList<String>();\r
+ }\r
+ sb.append(result.details);\r
+ sb.append('\n');\r
+ for (String s : result.variables) {\r
+ ao.add(s);\r
+ }\r
+ }\r
+ }\r
+\r
+ public String[] vars() {\r
+ String[] rv = new String[ao.size()];\r
+ ao.toArray(rv);\r
+ return rv;\r
+ }\r
+\r
+ public boolean hasErr() {\r
+ return sb != null;\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ return sb == null ? "" : String.format(sb.toString(), ao);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * createNS\r
+ * \r
+ * Create Namespace\r
+ * \r
+ * @param trans\r
+ * @param org\r
+ * @param ns\r
+ * @param user\r
+ * @return\r
+ * @throws DAOException\r
+ * \r
+ * To create an NS, you need to: 1) validate permission to\r
+ * modify parent NS 2) Does NS exist already? 3) Create NS with\r
+ * a) "user" as owner. NOTE: Per 10-15 request for AAF 1.0 4)\r
+ * Loop through Roles with Parent NS, and map any that start\r
+ * with this NS into this one 5) Loop through Perms with Parent\r
+ * NS, and map any that start with this NS into this one\r
+ */\r
+ public Result<Void> createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) {\r
+ Result<?> rq;\r
+\r
+ if (namespace.name.endsWith(Question.DOT_ADMIN)\r
+ || namespace.name.endsWith(Question.DOT_OWNER)) {\r
+ return Result.err(Status.ERR_BadData,\r
+ "'admin' and 'owner' are reserved names in AAF");\r
+ }\r
+\r
+ try {\r
+ for (String u : namespace.owner) {\r
+ Organization org = trans.org();\r
+ Identity orgUser = org.getIdentity(trans, u);\r
+ if (orgUser == null || !orgUser.isResponsible()) {\r
+ // check if user has explicit permission\r
+ String reason;\r
+ if (org.isTestEnv() && (reason=org.validate(trans, Policy.AS_EMPLOYEE,\r
+ new CassExecutor(trans, this), u))!=null) {\r
+ return Result.err(Status.ERR_Policy,reason);\r
+ }\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,\r
+ "Could not contact Organization for User Validation");\r
+ }\r
+\r
+ String user = trans.user();\r
+ // 1) May Change Parent?\r
+ int idx = namespace.name.lastIndexOf('.');\r
+ String parent;\r
+ if (idx < 0) {\r
+ if (!q.isGranted(trans, user, Define.ROOT_NS,Question.NS, ".", "create")) {\r
+ return Result.err(Result.ERR_Security,\r
+ "%s may not create Root Namespaces", user);\r
+ }\r
+ parent = null;\r
+ fromApproval = true;\r
+ } else {\r
+ parent = namespace.name.substring(0, idx);\r
+ }\r
+\r
+ if (!fromApproval) {\r
+ Result<NsDAO.Data> rparent = q.deriveNs(trans, parent);\r
+ if (rparent.notOK()) {\r
+ return Result.err(rparent);\r
+ }\r
+ rparent = q.mayUser(trans, user, rparent.value, Access.write);\r
+ if (rparent.notOK()) {\r
+ return Result.err(rparent);\r
+ }\r
+ }\r
+\r
+ // 2) Does requested NS exist\r
+ if (q.nsDAO.read(trans, namespace.name).isOKhasData()) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists,\r
+ "Target Namespace already exists");\r
+ }\r
+\r
+ // Someone must be responsible.\r
+ if (namespace.owner == null || namespace.owner.isEmpty()) {\r
+ return Result\r
+ .err(Status.ERR_Policy,\r
+ "Namespaces must be assigned at least one responsible party");\r
+ }\r
+\r
+ // 3) Create NS\r
+ Date now = new Date();\r
+\r
+ Result<Void> r;\r
+ // 3a) Admin\r
+\r
+ try {\r
+ // Originally, added the enterer as Admin, but that's not necessary,\r
+ // or helpful for Operations folks..\r
+ // Admins can be empty, because they can be changed by lower level\r
+ // NSs\r
+ // if(ns.admin(false).isEmpty()) {\r
+ // ns.admin(true).add(user);\r
+ // }\r
+ if (namespace.admin != null) {\r
+ for (String u : namespace.admin) {\r
+ if ((r = checkValidID(trans, now, u)).notOK()) {\r
+ return r;\r
+ }\r
+ }\r
+ }\r
+\r
+ // 3b) Responsible\r
+ Organization org = trans.org();\r
+ for (String u : namespace.owner) {\r
+ Identity orgUser = org.getIdentity(trans, u);\r
+ if (orgUser == null) {\r
+ return Result\r
+ .err(Status.ERR_BadData,\r
+ "NS must be created with an %s approved Responsible Party",\r
+ org.getName());\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(Status.ERR_UserNotFound, e.getMessage());\r
+ }\r
+\r
+ // VALIDATIONS done... Add NS\r
+ if ((rq = q.nsDAO.create(trans, namespace.data())).notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ // Since Namespace is now created, we need to grab all subsequent errors\r
+ ErrBuilder eb = new ErrBuilder();\r
+\r
+ // Add UserRole(s)\r
+ UserRoleDAO.Data urdd = new UserRoleDAO.Data();\r
+ urdd.expires = trans.org().expiration(null, Expiration.UserInRole).getTime();\r
+ urdd.role(namespace.name, Question.ADMIN);\r
+ for (String admin : namespace.admin) {\r
+ urdd.user = admin;\r
+ eb.log(q.userRoleDAO.create(trans, urdd));\r
+ }\r
+ urdd.role(namespace.name,Question.OWNER);\r
+ for (String owner : namespace.owner) {\r
+ urdd.user = owner;\r
+ eb.log(q.userRoleDAO.create(trans, urdd));\r
+ }\r
+\r
+ addNSAdminRolesPerms(trans, eb, namespace.name);\r
+\r
+ addNSOwnerRolesPerms(trans, eb, namespace.name);\r
+\r
+ if (parent != null) {\r
+ // Build up with any errors\r
+\r
+ Result<NsDAO.Data> parentNS = q.deriveNs(trans, parent);\r
+ String targetNs = parentNS.value.name; // Get the Parent Namespace,\r
+ // not target\r
+ String targetName = namespace.name.substring(parentNS.value.name.length() + 1); // Remove the Parent Namespace from the\r
+ // Target + a dot, and you'll get the name\r
+ int targetNameDot = targetName.length() + 1;\r
+\r
+ // 4) Change any roles with children matching this NS, and\r
+ Result<List<RoleDAO.Data>> rrdc = q.roleDAO.readChildren(trans, targetNs, targetName);\r
+ if (rrdc.isOKhasData()) {\r
+ for (RoleDAO.Data rdd : rrdc.value) {\r
+ // Remove old Role from Perms, save them off\r
+ List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
+ for(String p : rdd.perms(false)) {\r
+ Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans,q,p);\r
+ if(rpdd.isOKhasData()) {\r
+ PermDAO.Data pdd = rpdd.value;\r
+ lpdd.add(pdd);\r
+ q.permDAO.delRole(trans, pdd, rdd);\r
+ } else{\r
+ trans.error().log(rpdd.errorString());\r
+ }\r
+ }\r
+ \r
+ // Save off Old keys\r
+ String delP1 = rdd.ns;\r
+ String delP2 = rdd.name;\r
+\r
+ // Write in new key\r
+ rdd.ns = namespace.name;\r
+ rdd.name = (delP2.length() > targetNameDot) ? delP2\r
+ .substring(targetNameDot) : "";\r
+ \r
+ // Need to use non-cached, because switching namespaces, not\r
+ // "create" per se\r
+ if ((rq = q.roleDAO.create(trans, rdd)).isOK()) {\r
+ // Put Role back into Perm, with correct info\r
+ for(PermDAO.Data pdd : lpdd) {\r
+ q.permDAO.addRole(trans, pdd, rdd);\r
+ }\r
+ // Change data for User Roles \r
+ Result<List<UserRoleDAO.Data>> rurd = q.userRoleDAO.readByRole(trans, rdd.fullName());\r
+ if(rurd.isOKhasData()) {\r
+ for(UserRoleDAO.Data urd : rurd.value) {\r
+ urd.ns = rdd.ns;\r
+ urd.rname = rdd.name;\r
+ q.userRoleDAO.update(trans, urd);\r
+ }\r
+ }\r
+ // Now delete old one\r
+ rdd.ns = delP1;\r
+ rdd.name = delP2;\r
+ if ((rq = q.roleDAO.delete(trans, rdd, false)).notOK()) {\r
+ eb.log(rq);\r
+ }\r
+ } else {\r
+ eb.log(rq);\r
+ }\r
+ }\r
+ }\r
+\r
+ // 4) Change any Permissions with children matching this NS, and\r
+ Result<List<PermDAO.Data>> rpdc = q.permDAO.readChildren(trans,targetNs, targetName);\r
+ if (rpdc.isOKhasData()) {\r
+ for (PermDAO.Data pdd : rpdc.value) {\r
+ // Remove old Perm from Roles, save them off\r
+ List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
+ \r
+ for(String rl : pdd.roles(false)) {\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,q,rl);\r
+ if(rrdd.isOKhasData()) {\r
+ RoleDAO.Data rdd = rrdd.value;\r
+ lrdd.add(rdd);\r
+ q.roleDAO.delPerm(trans, rdd, pdd);\r
+ } else{\r
+ trans.error().log(rrdd.errorString());\r
+ }\r
+ }\r
+ \r
+ // Save off Old keys\r
+ String delP1 = pdd.ns;\r
+ String delP2 = pdd.type;\r
+ pdd.ns = namespace.name;\r
+ pdd.type = (delP2.length() > targetNameDot) ? delP2\r
+ .substring(targetNameDot) : "";\r
+ if ((rq = q.permDAO.create(trans, pdd)).isOK()) {\r
+ // Put Role back into Perm, with correct info\r
+ for(RoleDAO.Data rdd : lrdd) {\r
+ q.roleDAO.addPerm(trans, rdd, pdd);\r
+ }\r
+\r
+ pdd.ns = delP1;\r
+ pdd.type = delP2;\r
+ if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) {\r
+ eb.log(rq);\r
+ // } else {\r
+ // Need to invalidate directly, because we're\r
+ // switching places in NS, not normal cache behavior\r
+ // q.permDAO.invalidate(trans,pdd);\r
+ }\r
+ } else {\r
+ eb.log(rq);\r
+ }\r
+ }\r
+ }\r
+ if (eb.hasErr()) {\r
+ return Result.err(Status.ERR_ActionNotCompleted,eb.sb.toString(), eb.vars());\r
+ }\r
+ }\r
+ return Result.ok();\r
+ }\r
+\r
+ private void addNSAdminRolesPerms(AuthzTrans trans, ErrBuilder eb, String ns) {\r
+ // Admin Role/Perm\r
+ RoleDAO.Data rd = new RoleDAO.Data();\r
+ rd.ns = ns;\r
+ rd.name = "admin";\r
+ rd.description = "AAF Namespace Administrators";\r
+\r
+ PermDAO.Data pd = new PermDAO.Data();\r
+ pd.ns = ns;\r
+ pd.type = "access";\r
+ pd.instance = Question.ASTERIX;\r
+ pd.action = Question.ASTERIX;\r
+ pd.description = "AAF Namespace Write Access";\r
+\r
+ rd.perms = new HashSet<String>();\r
+ rd.perms.add(pd.encode());\r
+ eb.log(q.roleDAO.create(trans, rd));\r
+\r
+ pd.roles = new HashSet<String>();\r
+ pd.roles.add(rd.encode());\r
+ eb.log(q.permDAO.create(trans, pd));\r
+ }\r
+\r
+ private void addNSOwnerRolesPerms(AuthzTrans trans, ErrBuilder eb, String ns) {\r
+ RoleDAO.Data rd = new RoleDAO.Data();\r
+ rd.ns = ns;\r
+ rd.name = "owner";\r
+ rd.description = "AAF Namespace Owners";\r
+\r
+ PermDAO.Data pd = new PermDAO.Data();\r
+ pd.ns = ns;\r
+ pd.type = "access";\r
+ pd.instance = Question.ASTERIX;\r
+ pd.action = Question.READ;\r
+ pd.description = "AAF Namespace Read Access";\r
+\r
+ rd.perms = new HashSet<String>();\r
+ rd.perms.add(pd.encode());\r
+ eb.log(q.roleDAO.create(trans, rd));\r
+\r
+ pd.roles = new HashSet<String>();\r
+ pd.roles.add(rd.encode());\r
+ eb.log(q.permDAO.create(trans, pd));\r
+ }\r
+\r
+ /**\r
+ * deleteNS\r
+ * \r
+ * Delete Namespace\r
+ * \r
+ * @param trans\r
+ * @param org\r
+ * @param ns\r
+ * @param force\r
+ * @param user\r
+ * @return\r
+ * @throws DAOException\r
+ * \r
+ * \r
+ * To delete an NS, you need to: 1) validate permission to\r
+ * modify this NS 2) Find all Roles with this NS, and 2a) if\r
+ * Force, delete them, else modify to Parent NS 3) Find all\r
+ * Perms with this NS, and modify to Parent NS 3a) if Force,\r
+ * delete them, else modify to Parent NS 4) Find all IDs\r
+ * associated to this NS, and deny if exists. 5) Remove NS\r
+ */\r
+ public Result<Void> deleteNS(AuthzTrans trans, String ns) {\r
+ boolean force = trans.forceRequested();\r
+ boolean move = trans.moveRequested();\r
+ // 1) Validate\r
+ Result<List<NsDAO.Data>> nsl;\r
+ if ((nsl = q.nsDAO.read(trans, ns)).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_NsNotFound, "%s does not exist", ns);\r
+ }\r
+ NsDAO.Data nsd = nsl.value.get(0);\r
+ NsType nt;\r
+ if (move && !q.canMove(nt = NsType.fromType(nsd.type))) {\r
+ return Result.err(Status.ERR_Denied, "Namespace Force=move not permitted for Type %s",nt.name());\r
+ }\r
+\r
+ Result<NsDAO.Data> dnr = q.mayUser(trans, trans.user(), nsd, Access.write);\r
+ if (dnr.status != Status.OK) {\r
+ return Result.err(dnr);\r
+ }\r
+\r
+ // 2) Find Parent\r
+ String user = trans.user();\r
+ int idx = ns.lastIndexOf('.');\r
+ NsDAO.Data parent;\r
+ if (idx < 0) {\r
+ if (!q.isGranted(trans, user, Define.ROOT_NS,Question.NS, ".", "delete")) {\r
+ return Result.err(Result.ERR_Security,\r
+ "%s may not delete Root Namespaces", user);\r
+ }\r
+ parent = null;\r
+ } else {\r
+ Result<NsDAO.Data> rlparent = q.deriveNs(trans, ns.substring(0, idx));\r
+ if (rlparent.notOKorIsEmpty()) {\r
+ return Result.err(rlparent);\r
+ }\r
+ parent = rlparent.value;\r
+ }\r
+\r
+ // Build up with any errors\r
+ // If sb != null below is an indication of error\r
+ StringBuilder sb = null;\r
+ ErrBuilder er = new ErrBuilder();\r
+\r
+ // 2a) Deny if any IDs on Namespace\r
+ Result<List<CredDAO.Data>> creds = q.credDAO.readNS(trans, ns);\r
+ if (creds.isOKhasData()) {\r
+ if (force || move) {\r
+ for (CredDAO.Data cd : creds.value) {\r
+ er.log(q.credDAO.delete(trans, cd, false));\r
+ // Since we're deleting all the creds, we should delete all\r
+ // the user Roles for that Cred\r
+ Result<List<UserRoleDAO.Data>> rlurd = q.userRoleDAO\r
+ .readByUser(trans, cd.id);\r
+ if (rlurd.isOK()) {\r
+ for (UserRoleDAO.Data data : rlurd.value) {\r
+ q.userRoleDAO.delete(trans, data, false);\r
+ }\r
+ }\r
+\r
+ }\r
+ } else {\r
+ // first possible StringBuilder Create.\r
+ sb = new StringBuilder();\r
+ sb.append('[');\r
+ sb.append(ns);\r
+ sb.append("] contains users");\r
+ }\r
+ }\r
+\r
+ // 2b) Find (or delete if forced flag is set) dependencies\r
+ // First, find if NS Perms are the only ones\r
+ Result<List<PermDAO.Data>> rpdc = q.permDAO.readNS(trans, ns);\r
+ if (rpdc.isOKhasData()) {\r
+ // Since there are now NS perms, we have to count NON-NS perms.\r
+ // FYI, if we delete them now, and the NS is not deleted, it is in\r
+ // an inconsistent state.\r
+ boolean nonaccess = false;\r
+ for (PermDAO.Data pdd : rpdc.value) {\r
+ if (!"access".equals(pdd.type)) {\r
+ nonaccess = true;\r
+ break;\r
+ }\r
+ }\r
+ if (nonaccess && !force && !move) {\r
+ if (sb == null) {\r
+ sb = new StringBuilder();\r
+ sb.append('[');\r
+ sb.append(ns);\r
+ sb.append("] contains ");\r
+ } else {\r
+ sb.append(", ");\r
+ }\r
+ sb.append("permissions");\r
+ }\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rrdc = q.roleDAO.readNS(trans, ns);\r
+ if (rrdc.isOKhasData()) {\r
+ // Since there are now NS roles, we have to count NON-NS roles.\r
+ // FYI, if we delete th)em now, and the NS is not deleted, it is in\r
+ // an inconsistent state.\r
+ int count = rrdc.value.size();\r
+ for (RoleDAO.Data rdd : rrdc.value) {\r
+ if ("admin".equals(rdd.name) || "owner".equals(rdd.name)) {\r
+ --count;\r
+ }\r
+ }\r
+ if (count > 0 && !force && !move) {\r
+ if (sb == null) {\r
+ sb = new StringBuilder();\r
+ sb.append('[');\r
+ sb.append(ns);\r
+ sb.append("] contains ");\r
+ } else {\r
+ sb.append(", ");\r
+ }\r
+ sb.append("roles");\r
+ }\r
+ }\r
+\r
+ // 2c) Deny if dependencies exist that would be moved to root level\r
+ // parent is root level parent here. Need to find closest parent ns that\r
+ // exists\r
+ if (sb != null) {\r
+ if (!force && !move) {\r
+ sb.append(".\n Delete dependencies and try again. Note: using \"force=true\" will delete all. \"force=move\" will delete Creds, but move Roles and Perms to parent.");\r
+ return Result.err(Status.ERR_DependencyExists, sb.toString());\r
+ }\r
+\r
+ if (move && (parent == null || parent.type == NsType.COMPANY.type)) {\r
+ return Result\r
+ .err(Status.ERR_DependencyExists,\r
+ "Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again",\r
+ parent.name);\r
+ }\r
+ } else if (move && parent != null) {\r
+ sb = new StringBuilder();\r
+ // 3) Change any roles with children matching this NS, and\r
+ moveRoles(trans, parent, sb, rrdc);\r
+ // 4) Change any Perms with children matching this NS, and\r
+ movePerms(trans, parent, sb, rpdc);\r
+ }\r
+\r
+ if (sb != null && sb.length() > 0) {\r
+ return Result.err(Status.ERR_DependencyExists, sb.toString());\r
+ }\r
+\r
+ if (er.hasErr()) {\r
+ if (trans.debug().isLoggable()) {\r
+ trans.debug().log(er.toString());\r
+ }\r
+ return Result.err(Status.ERR_DependencyExists,\r
+ "Namespace members cannot be deleted for %s", ns);\r
+ }\r
+\r
+ // 5) OK... good to go for NS Deletion...\r
+ if (!rpdc.isEmpty()) {\r
+ for (PermDAO.Data perm : rpdc.value) {\r
+ deletePerm(trans, perm, true, true);\r
+ }\r
+ }\r
+ if (!rrdc.isEmpty()) {\r
+ for (RoleDAO.Data role : rrdc.value) {\r
+ deleteRole(trans, role, true, true);\r
+ }\r
+ }\r
+\r
+ return q.nsDAO.delete(trans, nsd, false);\r
+ }\r
+\r
+ public Result<List<String>> getOwners(AuthzTrans trans, String ns,\r
+ boolean includeExpired) {\r
+ return getUsersByRole(trans, ns + Question.DOT_OWNER, includeExpired);\r
+ }\r
+\r
+ private Result<Void> mayAddOwner(AuthzTrans trans, String ns, String id) {\r
+ Result<NsDAO.Data> rq = q.deriveNs(trans, ns);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ rq = q.mayUser(trans, trans.user(), rq.value, Access.write);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ Identity user;\r
+ Organization org = trans.org();\r
+ try {\r
+ if ((user = org.getIdentity(trans, id)) == null) {\r
+ return Result.err(Status.ERR_Policy,\r
+ "%s reports that this is not a valid credential",\r
+ org.getName());\r
+ }\r
+ if (user.isResponsible()) {\r
+ return Result.ok();\r
+ } else {\r
+ String reason="This is not a Test Environment";\r
+ if (org.isTestEnv() && (reason = org.validate(trans, Policy.AS_EMPLOYEE, \r
+ new CassExecutor(trans, this), id))==null) {\r
+ return Result.ok();\r
+ }\r
+ return Result.err(Status.ERR_Policy,reason);\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ }\r
+\r
+ private Result<Void> mayAddAdmin(AuthzTrans trans, String ns, String id) {\r
+ // Does NS Exist?\r
+ Result<Void> r = checkValidID(trans, new Date(), id);\r
+ if (r.notOK()) {\r
+ return r;\r
+ }\r
+ // Is id able to be an Admin\r
+ Result<NsDAO.Data> rq = q.deriveNs(trans, ns);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+ \r
+ rq = q.mayUser(trans, trans.user(), rq.value, Access.write);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+ return r;\r
+ }\r
+\r
+ private Result<Void> checkValidID(AuthzTrans trans, Date now, String user) {\r
+ Organization org = trans.org();\r
+ if (user.endsWith(org.getRealm())) {\r
+ try {\r
+ if (org.getIdentity(trans, user) == null) {\r
+ return Result.err(Status.ERR_Denied,\r
+ "%s reports that %s is a faulty ID", org.getName(),\r
+ user);\r
+ }\r
+ return Result.ok();\r
+ } catch (Exception e) {\r
+ return Result.err(Result.ERR_Security,\r
+ "%s is not a valid %s Credential", user, org.getName());\r
+ }\r
+ } else {\r
+ Result<List<CredDAO.Data>> cdr = q.credDAO.readID(trans, user);\r
+ if (cdr.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_Security,\r
+ "%s is not a valid AAF Credential", user);\r
+ }\r
+ \r
+ for (CredDAO.Data cd : cdr.value) {\r
+ if (cd.expires.after(now)) {\r
+ return Result.ok();\r
+ }\r
+ }\r
+ }\r
+ return Result.err(Result.ERR_Security, "%s has expired", user);\r
+ }\r
+\r
+ public Result<Void> delOwner(AuthzTrans trans, String ns, String id) {\r
+ Result<NsDAO.Data> rq = q.deriveNs(trans, ns);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ rq = q.mayUser(trans, trans.user(), rq.value, Access.write);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ return delUserRole(trans, id, ns,Question.OWNER);\r
+ }\r
+\r
+ public Result<List<String>> getAdmins(AuthzTrans trans, String ns, boolean includeExpired) {\r
+ return getUsersByRole(trans, ns + Question.DOT_ADMIN, includeExpired);\r
+ }\r
+\r
+ public Result<Void> delAdmin(AuthzTrans trans, String ns, String id) {\r
+ Result<NsDAO.Data> rq = q.deriveNs(trans, ns);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ rq = q.mayUser(trans, trans.user(), rq.value, Access.write);\r
+ if (rq.notOK()) {\r
+ return Result.err(rq);\r
+ }\r
+\r
+ return delUserRole(trans, id, ns, Question.ADMIN);\r
+ }\r
+\r
+ /**\r
+ * Helper function that moves permissions from a namespace being deleted to\r
+ * its parent namespace\r
+ * \r
+ * @param trans\r
+ * @param parent\r
+ * @param sb\r
+ * @param rpdc\r
+ * - list of permissions in namespace being deleted\r
+ */\r
+ private void movePerms(AuthzTrans trans, NsDAO.Data parent,\r
+ StringBuilder sb, Result<List<PermDAO.Data>> rpdc) {\r
+\r
+ Result<Void> rv;\r
+ Result<PermDAO.Data> pd;\r
+\r
+ if (rpdc.isOKhasData()) {\r
+ for (PermDAO.Data pdd : rpdc.value) {\r
+ String delP2 = pdd.type;\r
+ if ("access".equals(delP2)) {\r
+ continue;\r
+ }\r
+ // Remove old Perm from Roles, save them off\r
+ List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
+ \r
+ for(String rl : pdd.roles(false)) {\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,q,rl);\r
+ if(rrdd.isOKhasData()) {\r
+ RoleDAO.Data rdd = rrdd.value;\r
+ lrdd.add(rdd);\r
+ q.roleDAO.delPerm(trans, rdd, pdd);\r
+ } else{\r
+ trans.error().log(rrdd.errorString());\r
+ }\r
+ }\r
+ \r
+ // Save off Old keys\r
+ String delP1 = pdd.ns;\r
+ NsSplit nss = new NsSplit(parent, pdd.fullType());\r
+ pdd.ns = nss.ns;\r
+ pdd.type = nss.name;\r
+ // Use direct Create/Delete, because switching namespaces\r
+ if ((pd = q.permDAO.create(trans, pdd)).isOK()) {\r
+ // Put Role back into Perm, with correct info\r
+ for(RoleDAO.Data rdd : lrdd) {\r
+ q.roleDAO.addPerm(trans, rdd, pdd);\r
+ }\r
+\r
+ pdd.ns = delP1;\r
+ pdd.type = delP2;\r
+ if ((rv = q.permDAO.delete(trans, pdd, false)).notOK()) {\r
+ sb.append(rv.details);\r
+ sb.append('\n');\r
+ // } else {\r
+ // Need to invalidate directly, because we're switching\r
+ // places in NS, not normal cache behavior\r
+ // q.permDAO.invalidate(trans,pdd);\r
+ }\r
+ } else {\r
+ sb.append(pd.details);\r
+ sb.append('\n');\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Helper function that moves roles from a namespace being deleted to its\r
+ * parent namespace\r
+ * \r
+ * @param trans\r
+ * @param parent\r
+ * @param sb\r
+ * @param rrdc\r
+ * - list of roles in namespace being deleted\r
+ */\r
+ private void moveRoles(AuthzTrans trans, NsDAO.Data parent,\r
+ StringBuilder sb, Result<List<RoleDAO.Data>> rrdc) {\r
+\r
+ Result<Void> rv;\r
+ Result<RoleDAO.Data> rd;\r
+\r
+ if (rrdc.isOKhasData()) {\r
+ for (RoleDAO.Data rdd : rrdc.value) {\r
+ String delP2 = rdd.name;\r
+ if ("admin".equals(delP2) || "owner".equals(delP2)) {\r
+ continue;\r
+ }\r
+ // Remove old Role from Perms, save them off\r
+ List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
+ for(String p : rdd.perms(false)) {\r
+ Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans,q,p);\r
+ if(rpdd.isOKhasData()) {\r
+ PermDAO.Data pdd = rpdd.value;\r
+ lpdd.add(pdd);\r
+ q.permDAO.delRole(trans, pdd, rdd);\r
+ } else{\r
+ trans.error().log(rpdd.errorString());\r
+ }\r
+ }\r
+ \r
+ // Save off Old keys\r
+ String delP1 = rdd.ns;\r
+\r
+ NsSplit nss = new NsSplit(parent, rdd.fullName());\r
+ rdd.ns = nss.ns;\r
+ rdd.name = nss.name;\r
+ // Use direct Create/Delete, because switching namespaces\r
+ if ((rd = q.roleDAO.create(trans, rdd)).isOK()) {\r
+ // Put Role back into Perm, with correct info\r
+ for(PermDAO.Data pdd : lpdd) {\r
+ q.permDAO.addRole(trans, pdd, rdd);\r
+ }\r
+\r
+ rdd.ns = delP1;\r
+ rdd.name = delP2;\r
+ if ((rv = q.roleDAO.delete(trans, rdd, true)).notOK()) {\r
+ sb.append(rv.details);\r
+ sb.append('\n');\r
+ // } else {\r
+ // Need to invalidate directly, because we're switching\r
+ // places in NS, not normal cache behavior\r
+ // q.roleDAO.invalidate(trans,rdd);\r
+ }\r
+ } else {\r
+ sb.append(rd.details);\r
+ sb.append('\n');\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Create Permission (and any missing Permission between this and Parent) if\r
+ * we have permission\r
+ * \r
+ * Pass in the desired Management Permission for this Permission\r
+ * \r
+ * If Force is set, then Roles listed will be created, if allowed,\r
+ * pre-granted.\r
+ */\r
+ public Result<Void> createPerm(AuthzTrans trans, PermDAO.Data perm, boolean fromApproval) {\r
+ String user = trans.user();\r
+ // Next, see if User is allowed to Manage Parent Permission\r
+\r
+ Result<NsDAO.Data> rnsd;\r
+ if (!fromApproval) {\r
+ rnsd = q.mayUser(trans, user, perm, Access.write);\r
+ if (rnsd.notOK()) {\r
+ return Result.err(rnsd);\r
+ }\r
+ } else {\r
+ rnsd = q.deriveNs(trans, perm.ns);\r
+ }\r
+\r
+ // Does Child exist?\r
+ if (!trans.forceRequested()) {\r
+ if (q.permDAO.read(trans, perm).isOKhasData()) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists,\r
+ "Permission [%s.%s|%s|%s] already exists.", perm.ns,\r
+ perm.type, perm.instance, perm.action);\r
+ }\r
+ }\r
+\r
+ // Attempt to add perms to roles, creating as possible\r
+ Set<String> roles;\r
+ String pstring = perm.encode();\r
+\r
+ // For each Role\r
+ for (String role : roles = perm.roles(true)) {\r
+ Result<RoleDAO.Data> rdd = RoleDAO.Data.decode(trans,q,role);\r
+ if(rdd.isOKhasData()) {\r
+ RoleDAO.Data rd = rdd.value;\r
+ if (!fromApproval) {\r
+ // May User write to the Role in question.\r
+ Result<NsDAO.Data> rns = q.mayUser(trans, user, rd,\r
+ Access.write);\r
+ if (rns.notOK()) {\r
+ // Remove the role from Add, because\r
+ roles.remove(role); // Don't allow adding\r
+ trans.warn()\r
+ .log("User [%s] does not have permission to relate Permissions to Role [%s]",\r
+ user, role);\r
+ }\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rlrd;\r
+ if ((rlrd = q.roleDAO.read(trans, rd)).notOKorIsEmpty()) {\r
+ rd.perms(true).add(pstring);\r
+ if (q.roleDAO.create(trans, rd).notOK()) {\r
+ roles.remove(role); // Role doesn't exist, and can't be\r
+ // created\r
+ }\r
+ } else {\r
+ rd = rlrd.value.get(0);\r
+ if (!rd.perms.contains(pstring)) {\r
+ q.roleDAO.addPerm(trans, rd, perm);\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ Result<PermDAO.Data> pdr = q.permDAO.create(trans, perm);\r
+ if (pdr.isOK()) {\r
+ return Result.ok();\r
+ } else { \r
+ return Result.err(pdr);\r
+ }\r
+ }\r
+\r
+ public Result<Void> deletePerm(final AuthzTrans trans, final PermDAO.Data perm, boolean force, boolean fromApproval) {\r
+ String user = trans.user();\r
+\r
+ // Next, see if User is allowed to Manage Permission\r
+ Result<NsDAO.Data> rnsd;\r
+ if (!fromApproval) {\r
+ rnsd = q.mayUser(trans, user, perm, Access.write);\r
+ if (rnsd.notOK()) {\r
+ return Result.err(rnsd);\r
+ }\r
+ }\r
+ // Does Perm exist?\r
+ Result<List<PermDAO.Data>> pdr = q.permDAO.read(trans, perm);\r
+ if (pdr.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist.",\r
+ perm.ns,perm.type, perm.instance, perm.action);\r
+ }\r
+ // Get perm, but with rest of data.\r
+ PermDAO.Data fullperm = pdr.value.get(0);\r
+\r
+ // Attached to any Roles?\r
+ if (fullperm.roles != null) {\r
+ if (force) {\r
+ for (String role : fullperm.roles) {\r
+ Result<Void> rv = null;\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, q, role);\r
+ if(rrdd.isOKhasData()) {\r
+ trans.debug().log("Removing", role, "from", fullperm, "on Perm Delete");\r
+ if ((rv = q.roleDAO.delPerm(trans, rrdd.value, fullperm)).notOK()) {\r
+ if (rv.notOK()) {\r
+ trans.error().log("Error removing Role during delFromPermRole: ",\r
+ trans.getUserPrincipal(),\r
+ rv.errorString());\r
+ }\r
+ }\r
+ } else {\r
+ return Result.err(rrdd);\r
+ }\r
+ }\r
+ } else if (!fullperm.roles.isEmpty()) {\r
+ return Result\r
+ .err(Status.ERR_DependencyExists,\r
+ "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.",\r
+ fullperm.ns, fullperm.type, fullperm.instance, fullperm.action);\r
+ }\r
+ }\r
+\r
+ return q.permDAO.delete(trans, fullperm, false);\r
+ }\r
+\r
+ public Result<Void> deleteRole(final AuthzTrans trans, final RoleDAO.Data role, boolean force, boolean fromApproval) {\r
+ String user = trans.user();\r
+\r
+ // Next, see if User is allowed to Manage Role\r
+ Result<NsDAO.Data> rnsd;\r
+ if (!fromApproval) {\r
+ rnsd = q.mayUser(trans, user, role, Access.write);\r
+ if (rnsd.notOK()) {\r
+ return Result.err(rnsd);\r
+ }\r
+ }\r
+\r
+ // Are there any Users Attached to Role?\r
+ Result<List<UserRoleDAO.Data>> urdr = q.userRoleDAO.readByRole(trans,role.fullName());\r
+ if (force) {\r
+ if (urdr.isOKhasData()) {\r
+ for (UserRoleDAO.Data urd : urdr.value) {\r
+ q.userRoleDAO.delete(trans, urd, false);\r
+ }\r
+ }\r
+ } else if (urdr.isOKhasData()) {\r
+ return Result.err(Status.ERR_DependencyExists,\r
+ "Role [%s.%s] cannot be deleted as it is used by 1 or more Users.",\r
+ role.ns, role.name);\r
+ }\r
+\r
+ // Does Role exist?\r
+ Result<List<RoleDAO.Data>> rdr = q.roleDAO.read(trans, role);\r
+ if (rdr.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound,\r
+ "Role [%s.%s] does not exist", role.ns, role.name);\r
+ }\r
+ RoleDAO.Data fullrole = rdr.value.get(0); // full key search\r
+\r
+ // Remove Self from Permissions... always, force or not. Force only applies to Dependencies (Users)\r
+ if (fullrole.perms != null) {\r
+ for (String perm : fullrole.perms(false)) {\r
+ Result<PermDAO.Data> rpd = PermDAO.Data.decode(trans,q,perm);\r
+ if (rpd.isOK()) {\r
+ trans.debug().log("Removing", perm, "from", fullrole,"on Role Delete");\r
+\r
+ Result<?> r = q.permDAO.delRole(trans, rpd.value, fullrole);\r
+ if (r.notOK()) {\r
+ trans.error().log("ERR_FDR1 unable to remove",fullrole,"from",perm,':',r.status,'-',r.details);\r
+ }\r
+ } else {\r
+ trans.error().log("ERR_FDR2 Could not remove",perm,"from",fullrole);\r
+ }\r
+ }\r
+ }\r
+ return q.roleDAO.delete(trans, fullrole, false);\r
+ }\r
+\r
+ /**\r
+ * Only owner of Permission may add to Role\r
+ * \r
+ * If force set, however, Role will be created before Grant, if User is\r
+ * allowed to create.\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @param pd\r
+ * @return\r
+ */\r
+ public Result<Void> addPermToRole(AuthzTrans trans, RoleDAO.Data role,PermDAO.Data pd, boolean fromApproval) {\r
+ String user = trans.user();\r
+ \r
+ if (!fromApproval) {\r
+ Result<NsDAO.Data> rRoleCo = q.deriveFirstNsForType(trans, role.ns, NsType.COMPANY);\r
+ if(rRoleCo.notOK()) {\r
+ return Result.err(rRoleCo);\r
+ }\r
+ Result<NsDAO.Data> rPermCo = q.deriveFirstNsForType(trans, pd.ns, NsType.COMPANY);\r
+ if(rPermCo.notOK()) {\r
+ return Result.err(rPermCo);\r
+ }\r
+\r
+ // Not from same company\r
+ if(!rRoleCo.value.name.equals(rPermCo.value.name)) {\r
+ Result<Data> r;\r
+ // Only grant if User ALSO has Write ability in Other Company\r
+ if((r = q.mayUser(trans, user, role, Access.write)).notOK()) {\r
+ return Result.err(r);\r
+ }\r
+ }\r
+ \r
+\r
+ // Must be Perm Admin, or Granted Special Permission\r
+ Result<NsDAO.Data> ucp = q.mayUser(trans, user, pd, Access.write);\r
+ if (ucp.notOK()) {\r
+ // Don't allow CLI potential Grantees to change their own AAF\r
+ // Perms,\r
+ if ((Define.ROOT_NS.equals(pd.ns) && Question.NS.equals(pd.type)) \r
+ || !q.isGranted(trans, trans.user(),Define.ROOT_NS,Question.PERM, rPermCo.value.name, "grant")) {\r
+ // Not otherwise granted\r
+ // TODO Needed?\r
+ return Result.err(ucp);\r
+ }\r
+ // Final Check... Don't allow Grantees to add to Roles they are\r
+ // part of\r
+ Result<List<UserRoleDAO.Data>> rlurd = q.userRoleDAO\r
+ .readByUser(trans, trans.user());\r
+ if (rlurd.isOK()) {\r
+ for (UserRoleDAO.Data ur : rlurd.value) {\r
+ if (role.ns.equals(ur.ns) && role.name.equals(ur.rname)) {\r
+ return Result.err(ucp);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ Result<List<PermDAO.Data>> rlpd = q.permDAO.read(trans, pd);\r
+ if (rlpd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound,\r
+ "Permission must exist to add to Role");\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(trans, role); // Already\r
+ // Checked\r
+ // for\r
+ // can\r
+ // change\r
+ // Role\r
+ Result<Void> rv;\r
+\r
+ if (rlrd.notOKorIsEmpty()) {\r
+ if (trans.forceRequested()) {\r
+ Result<NsDAO.Data> ucr = q.mayUser(trans, user, role,\r
+ Access.write);\r
+ if (ucr.notOK()) {\r
+ return Result\r
+ .err(Status.ERR_Denied,\r
+ "Role [%s.%s] does not exist. User [%s] cannot create.",\r
+ role.ns, role.name, user);\r
+ }\r
+\r
+ role.perms(true).add(pd.encode());\r
+ Result<RoleDAO.Data> rdd = q.roleDAO.create(trans, role);\r
+ if (rdd.isOK()) {\r
+ rv = Result.ok();\r
+ } else {\r
+ rv = Result.err(rdd);\r
+ }\r
+ } else {\r
+ return Result.err(Status.ERR_RoleNotFound,\r
+ "Role [%s.%s] does not exist.", role.ns, role.name);\r
+ }\r
+ } else {\r
+ role = rlrd.value.get(0);\r
+ if (role.perms(false).contains(pd.encode())) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists,\r
+ "Permission [%s.%s] is already a member of role [%s,%s]",\r
+ pd.ns, pd.type, role.ns, role.name);\r
+ }\r
+ role.perms(true).add(pd.encode()); // this is added for Caching\r
+ // access purposes... doesn't\r
+ // affect addPerm\r
+ rv = q.roleDAO.addPerm(trans, role, pd);\r
+ }\r
+ if (rv.status == Status.OK) {\r
+ return q.permDAO.addRole(trans, pd, role);\r
+ // exploring how to add information message to successful http\r
+ // request\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ /**\r
+ * Either Owner of Role or Permission may delete from Role\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @param pd\r
+ * @return\r
+ */\r
+ public Result<Void> delPermFromRole(AuthzTrans trans, RoleDAO.Data role,PermDAO.Data pd, boolean fromApproval) {\r
+ String user = trans.user();\r
+ if (!fromApproval) {\r
+ Result<NsDAO.Data> ucr = q.mayUser(trans, user, role, Access.write);\r
+ Result<NsDAO.Data> ucp = q.mayUser(trans, user, pd, Access.write);\r
+\r
+ // If Can't change either Role or Perm, then deny\r
+ if (ucr.notOK() && ucp.notOK()) {\r
+ return Result.err(Status.ERR_Denied,\r
+ "User [" + trans.user()\r
+ + "] does not have permission to delete ["\r
+ + pd.encode() + "] from Role ["\r
+ + role.fullName() + ']');\r
+ }\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rlr = q.roleDAO.read(trans, role);\r
+ if (rlr.notOKorIsEmpty()) {\r
+ // If Bad Data, clean out\r
+ Result<List<PermDAO.Data>> rlp = q.permDAO.read(trans, pd);\r
+ if (rlp.isOKhasData()) {\r
+ for (PermDAO.Data pv : rlp.value) {\r
+ q.permDAO.delRole(trans, pv, role);\r
+ }\r
+ }\r
+ return Result.err(rlr);\r
+ }\r
+ String perm1 = pd.encode();\r
+ boolean notFound;\r
+ if (trans.forceRequested()) {\r
+ notFound = false;\r
+ } else { // only check if force not set.\r
+ notFound = true;\r
+ for (RoleDAO.Data r : rlr.value) {\r
+ if (r.perms != null) {\r
+ for (String perm : r.perms) {\r
+ if (perm1.equals(perm)) {\r
+ notFound = false;\r
+ break;\r
+ }\r
+ }\r
+ if(!notFound) {\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ if (notFound) { // Need to check both, in case of corruption\r
+ return Result.err(Status.ERR_PermissionNotFound,\r
+ "Permission [%s.%s|%s|%s] not associated with any Role",\r
+ pd.ns,pd.type,pd.instance,pd.action);\r
+ }\r
+\r
+ // Read Perm for full data\r
+ Result<List<PermDAO.Data>> rlp = q.permDAO.read(trans, pd);\r
+ Result<Void> rv = null;\r
+ if (rlp.isOKhasData()) {\r
+ for (PermDAO.Data pv : rlp.value) {\r
+ if ((rv = q.permDAO.delRole(trans, pv, role)).isOK()) {\r
+ if ((rv = q.roleDAO.delPerm(trans, role, pv)).notOK()) {\r
+ trans.error().log(\r
+ "Error removing Perm during delFromPermRole:",\r
+ trans.getUserPrincipal(), rv.errorString());\r
+ }\r
+ } else {\r
+ trans.error().log(\r
+ "Error removing Role during delFromPermRole:",\r
+ trans.getUserPrincipal(), rv.errorString());\r
+ }\r
+ }\r
+ } else {\r
+ rv = q.roleDAO.delPerm(trans, role, pd);\r
+ if (rv.notOK()) {\r
+ trans.error().log("Error removing Role during delFromPermRole",\r
+ rv.errorString());\r
+ }\r
+ }\r
+ return rv == null ? Result.ok() : rv;\r
+ }\r
+\r
+ public Result<Void> delPermFromRole(AuthzTrans trans, String role,PermDAO.Data pd) {\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, role);\r
+ if (nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ RoleDAO.Data rd = new RoleDAO.Data();\r
+ rd.ns = nss.value.ns;\r
+ rd.name = nss.value.name;\r
+ return delPermFromRole(trans, rd, pd, false);\r
+ }\r
+\r
+ /**\r
+ * Add a User to Role\r
+ * \r
+ * 1) Role must exist 2) User must be a known Credential (i.e. mechID ok if\r
+ * Credential) or known Organizational User\r
+ * \r
+ * @param trans\r
+ * @param org\r
+ * @param urData\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<Void> addUserRole(AuthzTrans trans,UserRoleDAO.Data urData) {\r
+ Result<Void> rv;\r
+ if(Question.ADMIN.equals(urData.rname)) {\r
+ rv = mayAddAdmin(trans, urData.ns, urData.user);\r
+ } else if(Question.OWNER.equals(urData.rname)) {\r
+ rv = mayAddOwner(trans, urData.ns, urData.user);\r
+ } else {\r
+ rv = checkValidID(trans, new Date(), urData.user);\r
+ }\r
+ if(rv.notOK()) {\r
+ return rv; \r
+ }\r
+ \r
+ // Check if record exists\r
+ if (q.userRoleDAO.read(trans, urData).isOKhasData()) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists,\r
+ "User Role exists");\r
+ }\r
+ if (q.roleDAO.read(trans, urData.ns, urData.rname).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound,\r
+ "Role [%s.%s] does not exist", urData.ns, urData.rname);\r
+ }\r
+\r
+ urData.expires = trans.org().expiration(null, Expiration.UserInRole, urData.user).getTime();\r
+ \r
+ \r
+ Result<UserRoleDAO.Data> udr = q.userRoleDAO.create(trans, urData);\r
+ switch (udr.status) {\r
+ case OK:\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(udr);\r
+ }\r
+ }\r
+\r
+ public Result<Void> addUserRole(AuthzTrans trans, String user, String ns, String rname) {\r
+ UserRoleDAO.Data urdd = new UserRoleDAO.Data();\r
+ urdd.ns = ns;\r
+ urdd.role(ns, rname);\r
+ urdd.user = user;\r
+ return addUserRole(trans,urdd);\r
+ }\r
+\r
+ /**\r
+ * Extend User Role.\r
+ * \r
+ * extend the Expiration data, according to Organization rules.\r
+ * \r
+ * @param trans\r
+ * @param org\r
+ * @param urData\r
+ * @return\r
+ */\r
+ public Result<Void> extendUserRole(AuthzTrans trans, UserRoleDAO.Data urData, boolean checkForExist) {\r
+ // Check if record still exists\r
+ if (checkForExist && q.userRoleDAO.read(trans, urData).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound,\r
+ "User Role does not exist");\r
+ }\r
+ if (q.roleDAO.read(trans, urData.ns, urData.rname).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound,\r
+ "Role [%s.%s] does not exist", urData.ns,urData.rname);\r
+ }\r
+ // Special case for "Admin" roles. Issue brought forward with Prod\r
+ // problem 9/26\r
+\r
+ urData.expires = trans.org().expiration(null, Expiration.UserInRole).getTime(); // get\r
+ // Full\r
+ // time\r
+ // starting\r
+ // today\r
+ return q.userRoleDAO.update(trans, urData);\r
+ }\r
+\r
+ // ////////////////////////////////////////////////////\r
+ // Special User Role Functions\r
+ // These exist, because User Roles have Expiration dates, which must be\r
+ // accounted for\r
+ // Also, as of July, 2015, Namespace Owners and Admins are now regular User\r
+ // Roles\r
+ // ////////////////////////////////////////////////////\r
+ public Result<List<String>> getUsersByRole(AuthzTrans trans, String role, boolean includeExpired) {\r
+ Result<List<UserRoleDAO.Data>> rurdd = q.userRoleDAO.readByRole(trans,role);\r
+ if (rurdd.notOK()) {\r
+ return Result.err(rurdd);\r
+ }\r
+ Date now = new Date();\r
+ List<UserRoleDAO.Data> list = rurdd.value;\r
+ List<String> rv = new ArrayList<String>(list.size()); // presize\r
+ for (UserRoleDAO.Data urdd : rurdd.value) {\r
+ if (includeExpired || urdd.expires.after(now)) {\r
+ rv.add(urdd.user);\r
+ }\r
+ }\r
+ return Result.ok(rv);\r
+ }\r
+\r
+ public Result<Void> delUserRole(AuthzTrans trans, String user, String ns, String rname) {\r
+ UserRoleDAO.Data urdd = new UserRoleDAO.Data();\r
+ urdd.user = user;\r
+ urdd.role(ns,rname);\r
+ Result<List<UserRoleDAO.Data>> r = q.userRoleDAO.read(trans, urdd);\r
+ if (r.status == 404 || r.isEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound,\r
+ "UserRole [%s] [%s.%s]", user, ns, rname);\r
+ }\r
+ if (r.notOK()) {\r
+ return Result.err(r);\r
+ }\r
+\r
+ return q.userRoleDAO.delete(trans, urdd, false);\r
+ }\r
+\r
+ public Result<List<Identity>> createFuture(AuthzTrans trans, FutureDAO.Data data, String id, String user,\r
+ NsDAO.Data nsd, String op) {\r
+ // Create Future Object\r
+ List<Identity> approvers=null;\r
+ Result<FutureDAO.Data> fr = q.futureDAO.create(trans, data, id);\r
+ if (fr.isOK()) {\r
+ // User Future ID as ticket for Approvals\r
+ final UUID ticket = fr.value.id;\r
+ ApprovalDAO.Data ad;\r
+ try {\r
+ Organization org = trans.org();\r
+ approvers = org.getApprovers(trans, user);\r
+ for (Identity u : approvers) {\r
+ ad = new ApprovalDAO.Data();\r
+ // Note ad.id is set by ApprovalDAO Create\r
+ ad.ticket = ticket;\r
+ ad.user = user;\r
+ ad.approver = u.id();\r
+ ad.status = ApprovalDAO.PENDING;\r
+ ad.memo = data.memo;\r
+ ad.type = org.getApproverType();\r
+ ad.operation = op;\r
+ // Note ad.updated is created in System\r
+ Result<ApprovalDAO.Data> ar = q.approvalDAO.create(trans,ad);\r
+ if (ar.notOK()) {\r
+ return Result.err(Status.ERR_ActionNotCompleted,\r
+ "Approval for %s, %s could not be created: %s",\r
+ ad.user, ad.approver, ar.details);\r
+ }\r
+ }\r
+ if (nsd != null) {\r
+ Result<List<UserRoleDAO.Data>> rrbr = q.userRoleDAO\r
+ .readByRole(trans, nsd.name + Question.DOT_OWNER);\r
+ if (rrbr.isOK()) {\r
+ for (UserRoleDAO.Data urd : rrbr.value) {\r
+ ad = new ApprovalDAO.Data();\r
+ // Note ad.id is set by ApprovalDAO Create\r
+ ad.ticket = ticket;\r
+ ad.user = user;\r
+ ad.approver = urd.user;\r
+ ad.status = ApprovalDAO.PENDING;\r
+ ad.memo = data.memo;\r
+ ad.type = "owner";\r
+ ad.operation = op;\r
+ // Note ad.updated is created in System\r
+ Result<ApprovalDAO.Data> ar = q.approvalDAO.create(trans, ad);\r
+ if (ar.notOK()) {\r
+ return Result.err(Status.ERR_ActionNotCompleted,\r
+ "Approval for %s, %s could not be created: %s",\r
+ ad.user, ad.approver,\r
+ ar.details);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ }\r
+ \r
+ return Result.ok(approvers);\r
+ }\r
+\r
+ public Result<Void> performFutureOp(AuthzTrans trans, ApprovalDAO.Data cd) {\r
+ Result<List<FutureDAO.Data>> fd = q.futureDAO.read(trans, cd.ticket);\r
+ Result<List<ApprovalDAO.Data>> allApprovalsForTicket = q.approvalDAO\r
+ .readByTicket(trans, cd.ticket);\r
+ Result<Void> rv = Result.ok();\r
+ for (FutureDAO.Data curr : fd.value) {\r
+ if ("approved".equalsIgnoreCase(cd.status)) {\r
+ if (allApprovalsForTicket.value.size() <= 1) {\r
+ // should check if any other pendings before performing\r
+ // actions\r
+ try {\r
+ if (FOP_ROLE.equalsIgnoreCase(curr.target)) {\r
+ RoleDAO.Data data = new RoleDAO.Data();\r
+ data.reconstitute(curr.construct);\r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ Result<RoleDAO.Data> rd;\r
+ if ((rd = q.roleDAO.dao().create(trans, data)).notOK()) {\r
+ rv = Result.err(rd);\r
+ }\r
+ } else if ("D".equalsIgnoreCase(cd.operation)) {\r
+ rv = deleteRole(trans, data, true, true);\r
+ }\r
+ \r
+ } else if (FOP_PERM.equalsIgnoreCase(curr.target)) {\r
+ PermDAO.Data pdd = new PermDAO.Data();\r
+ pdd.reconstitute(curr.construct);\r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ rv = createPerm(trans, pdd, true);\r
+ } else if ("D".equalsIgnoreCase(cd.operation)) {\r
+ rv = deletePerm(trans, pdd, true, true);\r
+ } else if ("G".equalsIgnoreCase(cd.operation)) {\r
+ Set<String> roles = pdd.roles(true);\r
+ Result<RoleDAO.Data> rrdd = null;\r
+ for (String roleStr : roles) {\r
+ rrdd = RoleDAO.Data.decode(trans, q, roleStr);\r
+ if (rrdd.isOKhasData()) {\r
+ rv = addPermToRole(trans, rrdd.value, pdd, true);\r
+ } else {\r
+ trans.error().log(rrdd.errorString());\r
+ }\r
+ }\r
+ } else if ("UG".equalsIgnoreCase(cd.operation)) {\r
+ Set<String> roles = pdd.roles(true);\r
+ Result<RoleDAO.Data> rrdd;\r
+ for (String roleStr : roles) {\r
+ rrdd = RoleDAO.Data.decode(trans, q, roleStr);\r
+ if (rrdd.isOKhasData()) {\r
+ rv = delPermFromRole(trans, rrdd.value, pdd, true);\r
+ } else {\r
+ trans.error().log(rrdd.errorString());\r
+ }\r
+ }\r
+ }\r
+ \r
+ } else if (FOP_USER_ROLE.equalsIgnoreCase(curr.target)) {\r
+ UserRoleDAO.Data data = new UserRoleDAO.Data();\r
+ data.reconstitute(curr.construct);\r
+ // if I am the last to approve, create user role\r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ rv = addUserRole(trans, data);\r
+ } else if ("U".equals(cd.operation)) {\r
+ rv = extendUserRole(trans, data, true);\r
+ }\r
+ \r
+ } else if (FOP_NS.equalsIgnoreCase(curr.target)) {\r
+ Namespace namespace = new Namespace();\r
+ namespace.reconstitute(curr.construct);\r
+ \r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ rv = createNS(trans, namespace, true);\r
+ }\r
+ \r
+ } else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) {\r
+ DelegateDAO.Data data = new DelegateDAO.Data();\r
+ data.reconstitute(curr.construct);\r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ Result<DelegateDAO.Data> dd;\r
+ if ((dd = q.delegateDAO.create(trans, data)).notOK()) {\r
+ rv = Result.err(dd);\r
+ }\r
+ } else if ("U".equalsIgnoreCase(cd.operation)) {\r
+ rv = q.delegateDAO.update(trans, data);\r
+ }\r
+ } else if (FOP_CRED.equalsIgnoreCase(curr.target)) {\r
+ CredDAO.Data data = new CredDAO.Data();\r
+ data.reconstitute(curr.construct);\r
+ if ("C".equalsIgnoreCase(cd.operation)) {\r
+ Result<CredDAO.Data> rd;\r
+ if ((rd = q.credDAO.dao().create(trans, data)).notOK()) {\r
+ rv = Result.err(rd);\r
+ }\r
+ }\r
+ }\r
+ } catch (IOException e) {\r
+ trans.error().log("IOException: ", e.getMessage(),\r
+ " \n occurred while performing", cd.memo,\r
+ " from approval ", cd.id.toString());\r
+ }\r
+ }\r
+ } else if ("denied".equalsIgnoreCase(cd.status)) {\r
+ for (ApprovalDAO.Data ad : allApprovalsForTicket.value) {\r
+ q.approvalDAO.delete(trans, ad, false);\r
+ }\r
+ q.futureDAO.delete(trans, curr, false);\r
+ if (FOP_USER_ROLE.equalsIgnoreCase(curr.target)) {\r
+ // if I am the last to approve, create user role\r
+ if ("U".equals(cd.operation)) {\r
+ UserRoleDAO.Data data = new UserRoleDAO.Data();\r
+ try {\r
+ data.reconstitute(curr.construct);\r
+ } catch (IOException e) {\r
+ trans.error().log("Cannot reconstitue",curr.memo);\r
+ }\r
+ rv = delUserRole(trans, data.user, data.ns, data.rname);\r
+ }\r
+ }\r
+\r
+ }\r
+ \r
+ // if I am the last to approve, delete the future object\r
+ if (rv.isOK() && allApprovalsForTicket.value.size() <= 1) {\r
+ q.futureDAO.delete(trans, curr, false);\r
+ }\r
+ \r
+ } // end for each\r
+ return rv;\r
+ \r
+ }\r
+\r
+ public Executor newExecutor(AuthzTrans trans) {\r
+ return new CassExecutor(trans, this);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.hl;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Set;\r
+import java.util.TreeSet;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+\r
+/**\r
+ * PermLookup is a Storage class for the various pieces of looking up Permission \r
+ * during Transactions to avoid duplicate processing\r
+ * \r
+ *\r
+ */\r
+// Package on purpose\r
+class PermLookup {\r
+ private AuthzTrans trans;\r
+ private String user;\r
+ private Question q;\r
+ private Result<List<UserRoleDAO.Data>> userRoles = null;\r
+ private Result<List<RoleDAO.Data>> roles = null;\r
+ private Result<Set<String>> permNames = null;\r
+ private Result<List<PermDAO.Data>> perms = null;\r
+ \r
+ private PermLookup() {}\r
+ \r
+ static PermLookup get(AuthzTrans trans, Question q, String user) {\r
+ PermLookup lp=null;\r
+ Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);\r
+ if (permMap == null) {\r
+ trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());\r
+ } else {\r
+ lp = permMap.get(user);\r
+ }\r
+\r
+ if (lp == null) {\r
+ lp = new PermLookup();\r
+ lp.trans = trans;\r
+ lp.user = user;\r
+ lp.q = q;\r
+ permMap.put(user, lp);\r
+ }\r
+ return lp;\r
+ }\r
+ \r
+ public Result<List<UserRoleDAO.Data>> getUserRoles() {\r
+ if(userRoles==null) {\r
+ userRoles = q.userRoleDAO.readByUser(trans,user);\r
+ if(userRoles.isOKhasData()) {\r
+ List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();\r
+ Date now = new Date();\r
+ for(UserRoleDAO.Data urdd : userRoles.value) {\r
+ if(urdd.expires.after(now)) { // Remove Expired\r
+ lurdd.add(urdd);\r
+ }\r
+ }\r
+ if(lurdd.size()==0) {\r
+ return userRoles = Result.err(Status.ERR_UserNotFound,\r
+ "%s not found or not associated with any Roles: ",\r
+ user);\r
+ } else {\r
+ return userRoles = Result.ok(lurdd);\r
+ }\r
+ } else {\r
+ return userRoles;\r
+ }\r
+ } else {\r
+ return userRoles;\r
+ }\r
+ }\r
+\r
+ public Result<List<RoleDAO.Data>> getRoles() {\r
+ if(roles==null) {\r
+ Result<List<UserRoleDAO.Data>> rur = getUserRoles();\r
+ if(rur.isOK()) {\r
+ List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
+ for (UserRoleDAO.Data urdata : rur.value) {\r
+ // Gather all permissions from all Roles\r
+ if(urdata.ns==null || urdata.rname==null) {\r
+ trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);\r
+ } else {\r
+ Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(\r
+ trans, urdata.ns, urdata.rname);\r
+ if(rlrd.isOK()) {\r
+ lrdd.addAll(rlrd.value);\r
+ }\r
+ }\r
+ }\r
+ return roles = Result.ok(lrdd);\r
+ } else {\r
+ return roles = Result.err(rur);\r
+ }\r
+ } else {\r
+ return roles;\r
+ }\r
+ }\r
+\r
+ public Result<Set<String>> getPermNames() {\r
+ if(permNames==null) {\r
+ Result<List<RoleDAO.Data>> rlrd = getRoles();\r
+ if (rlrd.isOK()) {\r
+ Set<String> pns = new TreeSet<String>();\r
+ for (RoleDAO.Data rdata : rlrd.value) {\r
+ pns.addAll(rdata.perms(false));\r
+ }\r
+ return permNames = Result.ok(pns);\r
+ } else {\r
+ return permNames = Result.err(rlrd);\r
+ }\r
+ } else {\r
+ return permNames;\r
+ }\r
+ }\r
+ \r
+ public Result<List<PermDAO.Data>> getPerms(boolean lookup) {\r
+ if(perms==null) {\r
+ // Note: It should be ok for a Valid user to have no permissions -\r
+ // 8/12/2013\r
+ Result<Set<String>> rss = getPermNames();\r
+ if(rss.isOK()) {\r
+ List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
+ for (String perm : rss.value) {\r
+ if(lookup) {\r
+ Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);\r
+ if(ap.isOK()) {\r
+ Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);\r
+ if (rlpd.isOKhasData()) {\r
+ for (PermDAO.Data pData : rlpd.value) {\r
+ lpdd.add(pData);\r
+ }\r
+ }\r
+ } else {\r
+ trans.error().log("In getPermsByUser, for", user, perm);\r
+ }\r
+ } else {\r
+ Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);\r
+ if (pr.notOK()) {\r
+ trans.error().log("In getPermsByUser, for", user, pr.errorString());\r
+ } else {\r
+ lpdd.add(pr.value);\r
+ }\r
+ }\r
+\r
+ }\r
+ return perms = Result.ok(lpdd);\r
+ } else {\r
+ return perms = Result.err(rss);\r
+ }\r
+ } else {\r
+ return perms;\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.hl;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.security.SecureRandom;\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+import java.util.Date;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+import java.util.TreeSet;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.env.AuthzTransFilter;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.cadi.Hash;\r
+import com.att.cadi.aaf.PermEval;\r
+import com.att.dao.AbsCassDAO;\r
+import com.att.dao.CachedDAO;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.cached.CachedCertDAO;\r
+import com.att.dao.aaf.cached.CachedCredDAO;\r
+import com.att.dao.aaf.cached.CachedNSDAO;\r
+import com.att.dao.aaf.cached.CachedPermDAO;\r
+import com.att.dao.aaf.cached.CachedRoleDAO;\r
+import com.att.dao.aaf.cached.CachedUserRoleDAO;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.CacheInfoDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.FutureDAO;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.NsSplit;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.util.Chrono;\r
+import com.datastax.driver.core.Cluster;\r
+\r
+/**\r
+ * Question HL DAO\r
+ * \r
+ * A Data Access Combination Object which asks Security and other Questions\r
+ * \r
+ *\r
+ */\r
+public class Question {\r
+ // DON'T CHANGE FROM lower Case!!!\r
+ public static enum Type {\r
+ ns, role, perm, cred\r
+ };\r
+\r
+ public static final String OWNER="owner";\r
+ public static final String ADMIN="admin";\r
+ public static final String DOT_OWNER=".owner";\r
+ public static final String DOT_ADMIN=".admin";\r
+ static final String ASTERIX = "*";\r
+\r
+ public static enum Access {\r
+ read, write, create\r
+ };\r
+\r
+ public static final String READ = Access.read.name();\r
+ public static final String WRITE = Access.write.name();\r
+ public static final String CREATE = Access.create.name();\r
+\r
+ public static final String ROLE = Type.role.name();\r
+ public static final String PERM = Type.perm.name();\r
+ public static final String NS = Type.ns.name();\r
+ public static final String CRED = Type.cred.name();\r
+ private static final String DELG = "delg";\r
+ public static final String ATTRIB = "attrib";\r
+\r
+\r
+ public static final int MAX_SCOPE = 10;\r
+ public static final int APP_SCOPE = 3;\r
+ public static final int COMPANY_SCOPE = 2;\r
+ static Slot PERMS;\r
+\r
+ private static Set<String> specialLog = null;\r
+ public static final SecureRandom random = new SecureRandom();\r
+ private static long traceID = random.nextLong();\r
+ private static final String SPECIAL_LOG_SLOT = "SPECIAL_LOG_SLOT";\r
+ private static Slot specialLogSlot = null;\r
+ private static Slot transIDSlot = null;\r
+\r
+\r
+ public final HistoryDAO historyDAO;\r
+ public final CachedNSDAO nsDAO;\r
+ public final CachedRoleDAO roleDAO;\r
+ public final CachedPermDAO permDAO;\r
+ public final CachedUserRoleDAO userRoleDAO;\r
+ public final CachedCredDAO credDAO;\r
+ public final CachedCertDAO certDAO;\r
+ public final DelegateDAO delegateDAO;\r
+ public final FutureDAO futureDAO;\r
+ public final ApprovalDAO approvalDAO;\r
+ private final CacheInfoDAO cacheInfoDAO;\r
+\r
+ // final ContactDAO contDAO;\r
+ // private static final String DOMAIN = "@aaf.att.com";\r
+ // private static final int DOMAIN_LENGTH = 0;\r
+\r
+ public Question(AuthzTrans trans, Cluster cluster, String keyspace, boolean startClean) throws APIException, IOException {\r
+ PERMS = trans.slot("USER_PERMS");\r
+ trans.init().log("Instantiating DAOs");\r
+ historyDAO = new HistoryDAO(trans, cluster, keyspace);\r
+\r
+ // Deal with Cached Entries\r
+ cacheInfoDAO = new CacheInfoDAO(trans, historyDAO);\r
+\r
+ nsDAO = new CachedNSDAO(new NsDAO(trans, historyDAO, cacheInfoDAO),\r
+ cacheInfoDAO);\r
+ permDAO = new CachedPermDAO(\r
+ new PermDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO);\r
+ roleDAO = new CachedRoleDAO(\r
+ new RoleDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO);\r
+ userRoleDAO = new CachedUserRoleDAO(new UserRoleDAO(trans, historyDAO,\r
+ cacheInfoDAO), cacheInfoDAO);\r
+ credDAO = new CachedCredDAO(\r
+ new CredDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO);\r
+ certDAO = new CachedCertDAO(\r
+ new CertDAO(trans, historyDAO, cacheInfoDAO), cacheInfoDAO);\r
+\r
+ futureDAO = new FutureDAO(trans, historyDAO);\r
+ delegateDAO = new DelegateDAO(trans, historyDAO);\r
+ approvalDAO = new ApprovalDAO(trans, historyDAO);\r
+\r
+ // Only want to aggressively cleanse User related Caches... The others,\r
+ // just normal refresh\r
+ if(startClean) {\r
+ CachedDAO.startCleansing(trans.env(), credDAO, userRoleDAO);\r
+ CachedDAO.startRefresh(trans.env(), cacheInfoDAO);\r
+ }\r
+ // Set a Timer to Check Caches to send messages for Caching changes\r
+ \r
+ if(specialLogSlot==null) {\r
+ specialLogSlot = trans.slot(SPECIAL_LOG_SLOT);\r
+ transIDSlot = trans.slot(AuthzTransFilter.TRANS_ID_SLOT);\r
+ }\r
+ \r
+ AbsCassDAO.primePSIs(trans);\r
+ }\r
+\r
+\r
+ public void close(AuthzTrans trans) {\r
+ historyDAO.close(trans);\r
+ cacheInfoDAO.close(trans);\r
+ nsDAO.close(trans);\r
+ permDAO.close(trans);\r
+ roleDAO.close(trans);\r
+ userRoleDAO.close(trans);\r
+ credDAO.close(trans);\r
+ certDAO.close(trans);\r
+ delegateDAO.close(trans);\r
+ futureDAO.close(trans);\r
+ approvalDAO.close(trans);\r
+ }\r
+\r
+ public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,\r
+ String instance, String action) {\r
+ Result<NsDAO.Data> rnd = deriveNs(trans, type);\r
+ if (rnd.isOK()) {\r
+ return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),\r
+ instance, action));\r
+ } else {\r
+ return Result.err(rnd);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * getPermsByUser\r
+ * \r
+ * Because this call is frequently called internally, AND because we already\r
+ * look for it in the initial Call, we cache within the Transaction\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<List<PermDAO.Data>> getPermsByUser(AuthzTrans trans, String user, boolean lookup) {\r
+ return PermLookup.get(trans, this, user).getPerms(lookup);\r
+ }\r
+ \r
+ public Result<List<PermDAO.Data>> getPermsByUserFromRolesFilter(AuthzTrans trans, String user, String forUser) {\r
+ PermLookup plUser = PermLookup.get(trans, this, user);\r
+ Result<Set<String>> plPermNames = plUser.getPermNames();\r
+ if(plPermNames.notOK()) {\r
+ return Result.err(plPermNames);\r
+ }\r
+ \r
+ Set<String> nss;\r
+ if(forUser.equals(user)) {\r
+ nss = null;\r
+ } else {\r
+ // Setup a TreeSet to check on Namespaces to \r
+ nss = new TreeSet<String>();\r
+ PermLookup fUser = PermLookup.get(trans, this, forUser);\r
+ Result<Set<String>> forUpn = fUser.getPermNames();\r
+ if(forUpn.notOK()) {\r
+ return Result.err(forUpn);\r
+ }\r
+ \r
+ for(String pn : forUpn.value) {\r
+ Result<String[]> decoded = PermDAO.Data.decodeToArray(trans, this, pn);\r
+ if(decoded.isOKhasData()) {\r
+ nss.add(decoded.value[0]);\r
+ } else {\r
+ trans.error().log(pn,", derived from a Role, is invalid:",decoded.errorString());\r
+ }\r
+ }\r
+ }\r
+\r
+ List<PermDAO.Data> rlpUser = new ArrayList<PermDAO.Data>();\r
+ Result<PermDAO.Data> rpdd;\r
+ PermDAO.Data pdd;\r
+ for(String pn : plPermNames.value) {\r
+ rpdd = PermDAO.Data.decode(trans, this, pn);\r
+ if(rpdd.isOKhasData()) {\r
+ pdd=rpdd.value;\r
+ if(nss==null || nss.contains(pdd.ns)) {\r
+ rlpUser.add(pdd);\r
+ }\r
+ } else {\r
+ trans.error().log(pn,", derived from a Role, is invalid. Run Data Cleanup:",rpdd.errorString());\r
+ }\r
+ }\r
+ return Result.ok(rlpUser); \r
+ }\r
+\r
+ public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {\r
+ Result<NsSplit> nss = deriveNsSplit(trans, perm);\r
+ if (nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ return permDAO.readByType(trans, nss.value.ns, nss.value.name);\r
+ }\r
+\r
+ public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans,\r
+ String type, String instance, String action) {\r
+ Result<NsSplit> nss = deriveNsSplit(trans, type);\r
+ if (nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);\r
+ }\r
+\r
+ public Result<List<PermDAO.Data>> getPermsByRole(AuthzTrans trans, String role, boolean lookup) {\r
+ Result<NsSplit> nss = deriveNsSplit(trans, role);\r
+ if (nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rlrd = roleDAO.read(trans, nss.value.ns,\r
+ nss.value.name);\r
+ if (rlrd.notOKorIsEmpty()) {\r
+ return Result.err(rlrd);\r
+ }\r
+ // Using Set to avoid duplicates\r
+ Set<String> permNames = new HashSet<String>();\r
+ if (rlrd.isOKhasData()) {\r
+ for (RoleDAO.Data drr : rlrd.value) {\r
+ permNames.addAll(drr.perms(false));\r
+ }\r
+ }\r
+\r
+ // Note: It should be ok for a Valid user to have no permissions -\r
+ // 8/12/2013\r
+ List<PermDAO.Data> perms = new ArrayList<PermDAO.Data>();\r
+ for (String perm : permNames) {\r
+ Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, this, perm);\r
+ if (pr.notOK()) {\r
+ return Result.err(pr);\r
+ }\r
+\r
+ if(lookup) {\r
+ Result<List<PermDAO.Data>> rlpd = permDAO.read(trans, pr.value);\r
+ if (rlpd.isOKhasData()) {\r
+ for (PermDAO.Data pData : rlpd.value) {\r
+ perms.add(pData);\r
+ }\r
+ }\r
+ } else {\r
+ perms.add(pr.value);\r
+ }\r
+ }\r
+\r
+ return Result.ok(perms);\r
+ }\r
+\r
+ public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans,\r
+ String role) {\r
+ Result<NsSplit> nss = deriveNsSplit(trans, role);\r
+ if (nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ String r = nss.value.name;\r
+ if (r.endsWith(".*")) { // do children Search\r
+ return roleDAO.readChildren(trans, nss.value.ns,\r
+ r.substring(0, r.length() - 2));\r
+ } else if (ASTERIX.equals(r)) {\r
+ return roleDAO.readChildren(trans, nss.value.ns, ASTERIX);\r
+ } else {\r
+ return roleDAO.read(trans, nss.value.ns, r);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Derive NS\r
+ * \r
+ * Given a Child Namespace, figure out what the best Namespace parent is.\r
+ * \r
+ * For instance, if in the NS table, the parent "com.att" exists, but not\r
+ * "com.att.child" or "com.att.a.b.c", then passing in either\r
+ * "com.att.child" or "com.att.a.b.c" will return "com.att"\r
+ * \r
+ * Uses recursive search on Cached DAO data\r
+ * \r
+ * @param trans\r
+ * @param child\r
+ * @return\r
+ */\r
+ public Result<NsDAO.Data> deriveNs(AuthzTrans trans, String child) {\r
+ Result<List<NsDAO.Data>> r = nsDAO.read(trans, child);\r
+ \r
+ if (r.isOKhasData()) {\r
+ return Result.ok(r.value.get(0));\r
+ } else {\r
+ int dot = child == null ? -1 : child.lastIndexOf('.');\r
+ if (dot < 0) {\r
+ return Result.err(Status.ERR_NsNotFound,\r
+ "No Namespace for [%s]", child);\r
+ } else {\r
+ return deriveNs(trans, child.substring(0, dot));\r
+ }\r
+ }\r
+ }\r
+\r
+ public Result<NsDAO.Data> deriveFirstNsForType(AuthzTrans trans, String str, NsType type) {\r
+ NsDAO.Data nsd;\r
+\r
+ System.out.println("value of str before for loop ---------0---++++++++++++++++++" +str);\r
+ for(int idx = str.indexOf('.');idx>=0;idx=str.indexOf('.',idx+1)) {\r
+ // System.out.println("printing value of str-----------------1------------++++++++++++++++++++++" +str);\r
+ Result<List<Data>> rld = nsDAO.read(trans, str.substring(0,idx));\r
+ System.out.println("value of idx is -----------------++++++++++++++++++++++++++" +idx);\r
+ System.out.println("printing value of str.substring-----------------1------------++++++++++++++++++++++" + (str.substring(0,idx)));\r
+ System.out.println("value of ResultListData ------------------2------------+++++++++++++++++++++++++++" +rld);\r
+ if(rld.isOKhasData()) {\r
+ System.out.println("In if loop -----------------3-------------- ++++++++++++++++");\r
+ System.out.println("value of nsd=rld.value.get(0).type -----------4------++++++++++++++++++++++++++++++++++++" +(nsd=rld.value.get(0)).type);\r
+ System.out.println("value of rld.value.get(0).name.toString()+++++++++++++++++++++++++++++++ " +rld.value.get(0).name);\r
+ if(type.type == (nsd=rld.value.get(0)).type) {\r
+ return Result.ok(nsd);\r
+ }\r
+ } else {\r
+ System.out.println("In else loop ----------------4------------+++++++++++++++++++++++");\r
+ return Result.err(Status.ERR_NsNotFound,"There is no valid Company Namespace for %s",str.substring(0,idx));\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_NotFound, str + " does not contain type " + type.name());\r
+ }\r
+\r
+ public Result<NsSplit> deriveNsSplit(AuthzTrans trans, String child) {\r
+ Result<NsDAO.Data> ndd = deriveNs(trans, child);\r
+ if (ndd.isOK()) {\r
+ NsSplit nss = new NsSplit(ndd.value, child);\r
+ if (nss.isOK()) {\r
+ return Result.ok(nss);\r
+ } else {\r
+ return Result.err(Status.ERR_NsNotFound,\r
+ "Cannot split [%s] into valid namespace elements",\r
+ child);\r
+ }\r
+ }\r
+ return Result.err(ndd);\r
+ }\r
+\r
+ /**\r
+ * Translate an ID into it's domain\r
+ * \r
+ * i.e. myid1234@myapp.att.com results in domain of com.att.myapp\r
+ * \r
+ * @param id\r
+ * @return\r
+ */\r
+ public static String domain2ns(String id) {\r
+ int at = id.indexOf('@');\r
+ if (at >= 0) {\r
+ String[] domain = id.substring(at + 1).split("\\.");\r
+ StringBuilder ns = new StringBuilder(id.length());\r
+ boolean first = true;\r
+ for (int i = domain.length - 1; i >= 0; --i) {\r
+ if (first) {\r
+ first = false;\r
+ } else {\r
+ ns.append('.');\r
+ }\r
+ ns.append(domain[i]);\r
+ }\r
+ return ns.toString();\r
+ } else {\r
+ return "";\r
+ }\r
+\r
+ }\r
+\r
+ /**\r
+ * Validate Namespace of ID@Domain\r
+ * \r
+ * Namespace is reverse order of Domain.\r
+ * \r
+ * i.e. myid1234@myapp.att.com results in domain of com.att.myapp\r
+ * \r
+ * @param trans\r
+ * @param id\r
+ * @return\r
+ */\r
+ public Result<NsDAO.Data> validNSOfDomain(AuthzTrans trans, String id) {\r
+ // Take domain, reverse order, and check on NS\r
+ String ns;\r
+ if(id.indexOf('@')<0) { // it's already an ns, not an ID\r
+ ns = id;\r
+ } else {\r
+ ns = domain2ns(id);\r
+ }\r
+ if (ns.length() > 0) {\r
+ if(!trans.org().getDomain().equals(ns)) { \r
+ Result<List<NsDAO.Data>> rlnsd = nsDAO.read(trans, ns);\r
+ if (rlnsd.isOKhasData()) {\r
+ return Result.ok(rlnsd.value.get(0));\r
+ }\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_NsNotFound,\r
+ "A Namespace is not available for %s", id);\r
+ }\r
+\r
+ public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,NsDAO.Data ndd, Access access) {\r
+ // <ns>.access|:role:<role name>|<read|write>\r
+ String ns = ndd.name;\r
+ int last;\r
+ do {\r
+ if (isGranted(trans, user, ns, "access", ":ns", access.name())) {\r
+ return Result.ok(ndd);\r
+ }\r
+ if ((last = ns.lastIndexOf('.')) >= 0) {\r
+ ns = ns.substring(0, last);\r
+ }\r
+ } while (last >= 0);\r
+ // <root ns>.ns|:<client ns>:ns|<access>\r
+ // AAF-724 - Make consistent response for May User", and not take the\r
+ // last check... too confusing.\r
+ Result<NsDAO.Data> rv = mayUserVirtueOfNS(trans, user, ndd, ":" + ndd.name + ":ns", access.name());\r
+ if (rv.isOK()) {\r
+ return rv;\r
+ } else if(rv.status==Result.ERR_Backend) {\r
+ return Result.err(rv);\r
+ } else {\r
+ return Result.err(Status.ERR_Denied, "[%s] may not %s in NS [%s]",\r
+ user, access.name(), ndd.name);\r
+ }\r
+ }\r
+\r
+ public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user, RoleDAO.Data rdd, Access access) {\r
+ Result<NsDAO.Data> rnsd = deriveNs(trans, rdd.ns);\r
+ if (rnsd.isOK()) {\r
+ return mayUser(trans, user, rnsd.value, rdd, access);\r
+ }\r
+ return rnsd;\r
+ }\r
+\r
+ public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user, NsDAO.Data ndd, RoleDAO.Data rdd, Access access) {\r
+ // 1) Is User in the Role?\r
+ Result<List<UserRoleDAO.Data>> rurd = userRoleDAO.readUserInRole(trans, user, rdd.fullName());\r
+ if (rurd.isOKhasData()) {\r
+ return Result.ok(ndd);\r
+ }\r
+\r
+ String roleInst = ":role:" + rdd.name;\r
+ // <ns>.access|:role:<role name>|<read|write>\r
+ String ns = rdd.ns;\r
+ int last;\r
+ do {\r
+ if (isGranted(trans, user, ns,"access", roleInst, access.name())) {\r
+ return Result.ok(ndd);\r
+ }\r
+ if ((last = ns.lastIndexOf('.')) >= 0) {\r
+ ns = ns.substring(0, last);\r
+ }\r
+ } while (last >= 0);\r
+\r
+ // Check if Access by Global Role perm\r
+ // <root ns>.ns|:<client ns>:role:name|<access>\r
+ Result<NsDAO.Data> rnsd = mayUserVirtueOfNS(trans, user, ndd, ":"\r
+ + rdd.ns + roleInst, access.name());\r
+ if (rnsd.isOK()) {\r
+ return rnsd;\r
+ } else if(rnsd.status==Result.ERR_Backend) {\r
+ return Result.err(rnsd);\r
+ }\r
+\r
+ // Check if Access to Whole NS\r
+ // AAF-724 - Make consistent response for May User", and not take the\r
+ // last check... too confusing.\r
+ Result<com.att.dao.aaf.cass.NsDAO.Data> rv = mayUserVirtueOfNS(trans, user, ndd, \r
+ ":" + rdd.ns + ":ns", access.name());\r
+ if (rv.isOK()) {\r
+ return rv;\r
+ } else if(rnsd.status==Result.ERR_Backend) {\r
+ return Result.err(rnsd);\r
+ } else {\r
+ return Result.err(Status.ERR_Denied, "[%s] may not %s Role [%s]",\r
+ user, access.name(), rdd.fullName());\r
+ }\r
+\r
+ }\r
+\r
+ public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) {\r
+ Result<NsDAO.Data> rnsd = deriveNs(trans, pdd.ns);\r
+ if (rnsd.isOK()) {\r
+ return mayUser(trans, user, rnsd.value, pdd, access);\r
+ }\r
+ return rnsd;\r
+ }\r
+\r
+ public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,NsDAO.Data ndd, PermDAO.Data pdd, Access access) {\r
+ if (isGranted(trans, user, pdd.ns, pdd.type, pdd.instance, pdd.action)) {\r
+ return Result.ok(ndd);\r
+ }\r
+ String permInst = ":perm:" + pdd.type + ':' + pdd.instance + ':' + pdd.action;\r
+ // <ns>.access|:role:<role name>|<read|write>\r
+ String ns = ndd.name;\r
+ int last;\r
+ do {\r
+ if (isGranted(trans, user, ns, "access", permInst, access.name())) {\r
+ return Result.ok(ndd);\r
+ }\r
+ if ((last = ns.lastIndexOf('.')) >= 0) {\r
+ ns = ns.substring(0, last);\r
+ }\r
+ } while (last >= 0);\r
+\r
+ // Check if Access by NS perm\r
+ // <root ns>.ns|:<client ns>:role:name|<access>\r
+ Result<NsDAO.Data> rnsd = mayUserVirtueOfNS(trans, user, ndd, ":" + pdd.ns + permInst, access.name());\r
+ if (rnsd.isOK()) {\r
+ return rnsd;\r
+ } else if(rnsd.status==Result.ERR_Backend) {\r
+ return Result.err(rnsd);\r
+ }\r
+\r
+ // Check if Access to Whole NS\r
+ // AAF-724 - Make consistent response for May User", and not take the\r
+ // last check... too confusing.\r
+ Result<NsDAO.Data> rv = mayUserVirtueOfNS(trans, user, ndd, ":" + pdd.ns + ":ns", access.name());\r
+ if (rv.isOK()) {\r
+ return rv;\r
+ } else {\r
+ return Result.err(Status.ERR_Denied,\r
+ "[%s] may not %s Perm [%s|%s|%s]", user, access.name(),\r
+ pdd.fullType(), pdd.instance, pdd.action);\r
+ }\r
+\r
+ }\r
+\r
+ public Result<Void> mayUser(AuthzTrans trans, DelegateDAO.Data dd, Access access) {\r
+ try {\r
+ boolean isUser = trans.user().equals(dd.user);\r
+ boolean isDelegate = dd.delegate != null\r
+ && (dd.user.equals(dd.delegate) || trans.user().equals(\r
+ dd.delegate));\r
+ Organization org = trans.org();\r
+ switch (access) {\r
+ case create:\r
+ if (org.getIdentity(trans, dd.user) == null) {\r
+ return Result.err(Status.ERR_UserNotFound,\r
+ "[%s] is not a user in the company database.",\r
+ dd.user);\r
+ }\r
+ if (!dd.user.equals(dd.delegate) && org.getIdentity(trans, dd.delegate) == null) {\r
+ return Result.err(Status.ERR_UserNotFound,\r
+ "[%s] is not a user in the company database.",\r
+ dd.delegate);\r
+ }\r
+ if (!trans.forceRequested() && dd.user != null && dd.user.equals(dd.delegate)) {\r
+ return Result.err(Status.ERR_BadData,\r
+ "[%s] cannot be a delegate for self", dd.user);\r
+ }\r
+ if (!isUser && !isGranted(trans, trans.user(), Define.ROOT_NS,DELG,\r
+ org.getDomain(), Question.CREATE)) {\r
+ return Result.err(Status.ERR_Denied,\r
+ "[%s] may not create a delegate for [%s]",\r
+ trans.user(), dd.user);\r
+ }\r
+ break;\r
+ case read:\r
+ case write:\r
+ if (!isUser && !isDelegate && \r
+ !isGranted(trans, trans.user(), Define.ROOT_NS,DELG,org.getDomain(), access.name())) {\r
+ return Result.err(Status.ERR_Denied,\r
+ "[%s] may not %s delegates for [%s]", trans.user(),\r
+ access.name(), dd.user);\r
+ }\r
+ break;\r
+ default:\r
+ return Result.err(Status.ERR_BadData,"Unknown Access type [%s]", access.name());\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ return Result.ok();\r
+ }\r
+\r
+ /*\r
+ * Check (recursively, if necessary), if able to do something based on NS\r
+ */\r
+ private Result<NsDAO.Data> mayUserVirtueOfNS(AuthzTrans trans, String user, NsDAO.Data nsd, String ns_and_type, String access) {\r
+ String ns = nsd.name;\r
+\r
+ // If an ADMIN of the Namespace, then allow\r
+ \r
+ Result<List<UserRoleDAO.Data>> rurd;\r
+ if ((rurd = userRoleDAO.readUserInRole(trans, user, nsd.name+ADMIN)).isOKhasData()) {\r
+ return Result.ok(nsd);\r
+ } else if(rurd.status==Result.ERR_Backend) {\r
+ return Result.err(rurd);\r
+ }\r
+ \r
+ // If Specially granted Global Permission\r
+ if (isGranted(trans, user, Define.ROOT_NS,NS, ns_and_type, access)) {\r
+ return Result.ok(nsd);\r
+ }\r
+\r
+ // Check recur\r
+\r
+ int dot = ns.length();\r
+ if ((dot = ns.lastIndexOf('.', dot - 1)) >= 0) {\r
+ Result<NsDAO.Data> rnsd = deriveNs(trans, ns.substring(0, dot));\r
+ if (rnsd.isOK()) {\r
+ rnsd = mayUserVirtueOfNS(trans, user, rnsd.value, ns_and_type,access);\r
+ } else if(rnsd.status==Result.ERR_Backend) {\r
+ return Result.err(rnsd);\r
+ }\r
+ if (rnsd.isOK()) {\r
+ return Result.ok(nsd);\r
+ } else if(rnsd.status==Result.ERR_Backend) {\r
+ return Result.err(rnsd);\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_Denied, "%s may not %s %s", user, access,\r
+ ns_and_type);\r
+ }\r
+\r
+ \r
+ /**\r
+ * isGranted\r
+ * \r
+ * Important function - Check internal Permission Schemes for Permission to\r
+ * do things\r
+ * \r
+ * @param trans\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @return\r
+ */\r
+ public boolean isGranted(AuthzTrans trans, String user, String ns, String type,String instance, String action) {\r
+ Result<List<PermDAO.Data>> perms = getPermsByUser(trans, user, false);\r
+ if (perms.isOK()) {\r
+ for (PermDAO.Data pd : perms.value) {\r
+ if (ns.equals(pd.ns)) {\r
+ if (type.equals(pd.type)) {\r
+ if (PermEval.evalInstance(pd.instance, instance)) {\r
+ if(PermEval.evalAction(pd.action, action)) { // don't return action here, might miss other action \r
+ return true;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+\r
+ public Result<Date> doesUserCredMatch(AuthzTrans trans, String user, byte[] cred) throws DAOException {\r
+ Result<List<CredDAO.Data>> result;\r
+ TimeTaken tt = trans.start("Read DB Cred", Env.REMOTE);\r
+ try {\r
+ result = credDAO.readID(trans, user);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ Result<Date> rv = null;\r
+ if(result.isOK()) {\r
+ if (result.isEmpty()) {\r
+ rv = Result.err(Status.ERR_UserNotFound, user);\r
+ if (willSpecialLog(trans,user)) {\r
+ trans.audit().log("Special DEBUG:", user, " does not exist in DB");\r
+ }\r
+ } else {\r
+ Date now = new Date();//long now = System.currentTimeMillis();\r
+ ByteBuffer md5=null;\r
+ \r
+ // Bug noticed 6/22. Sorting on the result can cause Concurrency Issues. \r
+ List<CredDAO.Data> cddl;\r
+ if(result.value.size() > 1) {\r
+ cddl = new ArrayList<CredDAO.Data>(result.value.size());\r
+ for(CredDAO.Data old : result.value) {\r
+ if(old.type==CredDAO.BASIC_AUTH || old.type==CredDAO.BASIC_AUTH_SHA256) {\r
+ cddl.add(old);\r
+ }\r
+ }\r
+ if(cddl.size()>1) {\r
+ Collections.sort(cddl,new Comparator<CredDAO.Data>() {\r
+ @Override\r
+ public int compare(com.att.dao.aaf.cass.CredDAO.Data a,\r
+ com.att.dao.aaf.cass.CredDAO.Data b) {\r
+ return b.expires.compareTo(a.expires);\r
+ }\r
+ });\r
+ }\r
+ } else {\r
+ cddl = result.value;\r
+ }\r
+ \r
+ for (CredDAO.Data cdd : cddl) {\r
+ if (cdd.expires.after(now)) {\r
+ try {\r
+ switch(cdd.type) {\r
+ case CredDAO.BASIC_AUTH:\r
+ if(md5==null) {\r
+ md5=ByteBuffer.wrap(Hash.encryptMD5(cred));\r
+ }\r
+ if(md5.compareTo(cdd.cred)==0) {\r
+ return Result.ok(cdd.expires);\r
+ } else if (willSpecialLog(trans,user)) {\r
+ trans.audit().log("Special DEBUG:", user, "Client sent: ", trans.encryptor().encrypt(new String(cred)) ,cdd.expires);\r
+ }\r
+ break;\r
+ case CredDAO.BASIC_AUTH_SHA256:\r
+ ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + cred.length);\r
+ bb.putInt(cdd.other);\r
+ bb.put(cred);\r
+ byte[] hash = Hash.hashSHA256(bb.array());\r
+ \r
+ ByteBuffer sha256 = ByteBuffer.wrap(hash);\r
+ if(sha256.compareTo(cdd.cred)==0) {\r
+ return Result.ok(cdd.expires);\r
+ } else if (willSpecialLog(trans,user)) {\r
+ trans.audit().log("Special DEBUG:", user, "Client sent: ", trans.encryptor().encrypt(new String(cred)) ,cdd.expires);\r
+ }\r
+ break;\r
+ default:\r
+ trans.error().log("Unknown Credential Type %s for %s, %s",Integer.toString(cdd.type),cdd.id, Chrono.dateTime(cdd.expires));\r
+ }\r
+ } catch (NoSuchAlgorithmException e) {\r
+ trans.error().log(e);\r
+ }\r
+ } else {\r
+ rv = Result.err(Status.ERR_Security,\r
+ "Credentials expired " + cdd.expires.toString());\r
+ }\r
+ } // end for each\r
+ }\r
+ } else {\r
+ return Result.err(result);\r
+ }\r
+ return rv == null ? Result.create((Date) null, Status.ERR_Security,\r
+ "Wrong credential") : rv;\r
+ }\r
+\r
+\r
+ public Result<CredDAO.Data> userCredSetup(AuthzTrans trans, CredDAO.Data cred) {\r
+ if(cred.type==CredDAO.RAW) {\r
+ TimeTaken tt = trans.start("Hash Cred", Env.SUB);\r
+ try {\r
+ cred.type = CredDAO.BASIC_AUTH_SHA256;\r
+ cred.other = random.nextInt();\r
+ ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + cred.cred.capacity());\r
+ bb.putInt(cred.other);\r
+ bb.put(cred.cred);\r
+ byte[] hash = Hash.hashSHA256(bb.array());\r
+ cred.cred = ByteBuffer.wrap(hash);\r
+ return Result.ok(cred);\r
+ } catch (NoSuchAlgorithmException e) {\r
+ return Result.err(Status.ERR_General,e.getLocalizedMessage());\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+ return Result.err(Status.ERR_Security,"invalid/unreadable credential");\r
+ }\r
+\r
+\r
+ public static final String APPROVED = "APPROVE";\r
+ public static final String REJECT = "REJECT";\r
+ public static final String PENDING = "PENDING";\r
+\r
+ public Result<Void> canAddUser(AuthzTrans trans, UserRoleDAO.Data data,\r
+ List<ApprovalDAO.Data> approvals) {\r
+ // get the approval policy for the organization\r
+\r
+ // get the list of approvals with an accept status\r
+\r
+ // validate the approvals against the policy\r
+\r
+ // for now check if all approvals are received and return\r
+ // SUCCESS/FAILURE/SKIP\r
+ boolean bReject = false;\r
+ boolean bPending = false;\r
+\r
+ for (ApprovalDAO.Data approval : approvals) {\r
+ if (approval.status.equals(REJECT)) {\r
+ bReject = true;\r
+ } else if (approval.status.equals(PENDING)) {\r
+ bPending = true;\r
+ }\r
+ }\r
+ if (bReject) {\r
+ return Result.err(Status.ERR_Policy,\r
+ "Approval Polocy not conformed");\r
+ }\r
+ if (bPending) {\r
+ return Result.err(Status.ERR_ActionNotCompleted,\r
+ "Required Approvals not received");\r
+ }\r
+\r
+ return Result.ok();\r
+ }\r
+\r
+ private static final String NO_CACHE_NAME = "No Cache Data named %s";\r
+\r
+ public Result<Void> clearCache(AuthzTrans trans, String cname) {\r
+ boolean all = "all".equals(cname);\r
+ Result<Void> rv = null;\r
+\r
+ if (all || NsDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, NsDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, NsDAO.TABLE, seg);\r
+ }\r
+ if (all || PermDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, PermDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, PermDAO.TABLE,seg);\r
+ }\r
+ if (all || RoleDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, RoleDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, RoleDAO.TABLE,seg);\r
+ }\r
+ if (all || UserRoleDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, UserRoleDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, UserRoleDAO.TABLE,seg);\r
+ }\r
+ if (all || CredDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, CredDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, CredDAO.TABLE,seg);\r
+ }\r
+ if (all || CertDAO.TABLE.equals(cname)) {\r
+ int seg[] = series(NsDAO.CACHE_SEG);\r
+ for(int i: seg) {cacheClear(trans, CertDAO.TABLE,i);}\r
+ rv = cacheInfoDAO.touch(trans, CertDAO.TABLE,seg);\r
+ }\r
+\r
+ if (rv == null) {\r
+ rv = Result.err(Status.ERR_BadData, NO_CACHE_NAME, cname);\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname,Integer segment) {\r
+ Result<Void> rv;\r
+ if (NsDAO.TABLE.equals(cname)) {\r
+ rv = nsDAO.invalidate(segment);\r
+ } else if (PermDAO.TABLE.equals(cname)) {\r
+ rv = permDAO.invalidate(segment);\r
+ } else if (RoleDAO.TABLE.equals(cname)) {\r
+ rv = roleDAO.invalidate(segment);\r
+ } else if (UserRoleDAO.TABLE.equals(cname)) {\r
+ rv = userRoleDAO.invalidate(segment);\r
+ } else if (CredDAO.TABLE.equals(cname)) {\r
+ rv = credDAO.invalidate(segment);\r
+ } else if (CertDAO.TABLE.equals(cname)) {\r
+ rv = certDAO.invalidate(segment);\r
+ } else {\r
+ rv = Result.err(Status.ERR_BadData, NO_CACHE_NAME, cname);\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ private int[] series(int max) {\r
+ int[] series = new int[max];\r
+ for (int i = 0; i < max; ++i)\r
+ series[i] = i;\r
+ return series;\r
+ }\r
+\r
+ public boolean isDelegated(AuthzTrans trans, String user, String approver) {\r
+ Result<List<DelegateDAO.Data>> userDelegatedFor = delegateDAO\r
+ .readByDelegate(trans, user);\r
+ for (DelegateDAO.Data curr : userDelegatedFor.value) {\r
+ if (curr.user.equals(approver) && curr.delegate.equals(user)\r
+ && curr.expires.after(new Date())) {\r
+ return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+\r
+ public static boolean willSpecialLog(AuthzTrans trans, String user) {\r
+ Boolean b = trans.get(specialLogSlot, null);\r
+ if(b==null) {\r
+ if(specialLog==null) {\r
+ return false;\r
+ } else {\r
+ b = specialLog.contains(user);\r
+ trans.put(specialLogSlot, b);\r
+ }\r
+ }\r
+ return b;\r
+ }\r
+ \r
+ public static void logEncryptTrace(AuthzTrans trans, String data) {\r
+ long ti;\r
+ trans.put(transIDSlot, ti=nextTraceID());\r
+ trans.trace().log("id="+Long.toHexString(ti)+",data=\""+trans.env().encryptor().encrypt(data)+'"');\r
+ }\r
+\r
+ private synchronized static long nextTraceID() {\r
+ return ++traceID;\r
+ }\r
+\r
+ public static synchronized boolean specialLogOn(AuthzTrans trans, String id) {\r
+ if (specialLog == null) {\r
+ specialLog = new HashSet<String>();\r
+ }\r
+ boolean rc = specialLog.add(id);\r
+ if(rc) {\r
+ trans.trace().log("Trace on for",id); \r
+ }\r
+ return rc;\r
+ }\r
+\r
+ public static synchronized boolean specialLogOff(AuthzTrans trans, String id) {\r
+ if(specialLog==null) {\r
+ return false;\r
+ }\r
+ boolean rv = specialLog.remove(id);\r
+ if (specialLog.isEmpty()) {\r
+ specialLog = null;\r
+ }\r
+ if(rv) {\r
+ trans.trace().log("Trace off for",id);\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ /** \r
+ * canMove\r
+ * Which Types can be moved\r
+ * @param nsType\r
+ * @return\r
+ */\r
+ public boolean canMove(NsType nsType) {\r
+ boolean rv;\r
+ switch(nsType) {\r
+ case DOT:\r
+ case ROOT:\r
+ case COMPANY:\r
+ case UNKNOWN:\r
+ rv = false;\r
+ break;\r
+ default:\r
+ rv = true;\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ public Result<String> isOwnerSponsor(AuthzTrans trans, String user, String ns, Identity mechID) {\r
+ \r
+ Identity caller;\r
+ Organization org = trans.org();\r
+ try {\r
+ caller = org.getIdentity(trans, user);\r
+ if(caller==null || !caller.isFound()) {\r
+ return Result.err(Status.ERR_NotFound,"%s is not a registered %s entity",user,org.getName());\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ String sponsor = mechID.responsibleTo();\r
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);\r
+ boolean isOwner = false;\r
+ if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){\r
+ if(urdd.expires.after(new Date())) {\r
+ isOwner = true;\r
+ }\r
+ }};\r
+ if(!isOwner) {\r
+ return Result.err(Status.ERR_Policy,"%s is not a current owner of %s",user,ns);\r
+ }\r
+ \r
+ if(!caller.id().equals(sponsor)) {\r
+ return Result.err(Status.ERR_Denied,"%s is not the sponsor of %s",user,mechID.id());\r
+ }\r
+ return Result.ok(sponsor);\r
+ }\r
+ \r
+ public boolean isAdmin(AuthzTrans trans, String user, String ns) {\r
+ Date now = new Date();\r
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+ADMIN);\r
+ if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){\r
+ if(urdd.expires.after(now)) {\r
+ return true;\r
+ }\r
+ }};\r
+ return false;\r
+ }\r
+ \r
+ public boolean isOwner(AuthzTrans trans, String user, String ns) {\r
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);\r
+ Date now = new Date();\r
+ if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){\r
+ if(urdd.expires.after(now)) {\r
+ return true;\r
+ }\r
+ }};\r
+ return false;\r
+ }\r
+\r
+ public int countOwner(AuthzTrans trans, String user, String ns) {\r
+ Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);\r
+ Date now = new Date();\r
+ int count = 0;\r
+ if(rur.isOKhasData()) {for(UserRoleDAO.Data urdd : rur.value){\r
+ if(urdd.expires.after(now)) {\r
+ ++count;\r
+ }\r
+ }};\r
+ return count;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.session;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.Filter;\r
+import javax.servlet.FilterChain;\r
+import javax.servlet.FilterConfig;\r
+import javax.servlet.ServletException;\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.ServletResponse;\r
+\r
+import com.att.cssa.rserv.TransFilter;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.EnvStore;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TransStore;\r
+import com.att.inno.env.util.Pool;\r
+import com.att.inno.env.util.Pool.Creator;\r
+import com.att.inno.env.util.Pool.Pooled;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.Session;\r
+\r
+public class SessionFilter<TRANS extends TransStore> implements Filter {\r
+ public static final String SESSION_SLOT = "__SESSION__";\r
+ private static Slot sessionSlot;\r
+ private static Pool<Session> pool;\r
+\r
+ public SessionFilter(EnvStore<?> env, Cluster cluster, String keyspace) {\r
+ synchronized(env) {\r
+ if(sessionSlot==null) {\r
+ sessionSlot = env.slot(SESSION_SLOT);\r
+ }\r
+ if(pool==null) {\r
+ pool = new Pool<Session>(new SessionCreator(env,cluster,keyspace));\r
+ }\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void init(FilterConfig fc) throws ServletException {\r
+ // Session does not need any sort of configuration from Filter\r
+ }\r
+\r
+ @Override\r
+ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {\r
+ @SuppressWarnings("unchecked")\r
+ TRANS trans = (TRANS)req.getAttribute(TransFilter.TRANS_TAG);\r
+ try {\r
+ Pooled<Session> psess = pool.get();\r
+ try {\r
+ trans.put(sessionSlot, psess.content);\r
+ chain.doFilter(req, resp);\r
+ } finally {\r
+ psess.done();\r
+ }\r
+ } catch (APIException e) {\r
+ throw new ServletException(e);\r
+ }\r
+ }\r
+\r
+ public Pooled<Session> load(TRANS trans) throws APIException {\r
+ Pooled<Session> psess = pool.get();\r
+ trans.put(sessionSlot, psess.content);\r
+ return psess;\r
+ }\r
+ \r
+ \r
+ /**\r
+ * Clear will drain the pool, so that new Sessions will be constructed.\r
+ * \r
+ * Suitable for Management calls. \r
+ */\r
+ public static void clear() {\r
+ if(pool!=null) {\r
+ pool.drain();\r
+ } \r
+ }\r
+ \r
+ @Override\r
+ public void destroy() {\r
+ pool.drain();\r
+ }\r
+\r
+ private class SessionCreator implements Creator<Session> {\r
+ private Cluster cluster;\r
+ private String keyspace;\r
+ private Env env;\r
+ \r
+ public SessionCreator(Env env, Cluster cluster, String keyspace) {\r
+ this.cluster = cluster;\r
+ this.keyspace = keyspace;\r
+ this.env = env;\r
+ }\r
+ \r
+ @Override\r
+ public Session create() throws APIException {\r
+ env.info().log("Creating a Cassandra Session");\r
+ return cluster.connect(keyspace);\r
+ }\r
+\r
+ @Override\r
+ public void destroy(Session t) {\r
+ env.info().log("Shutting down a Cassandra Session");\r
+ t.close();\r
+ }\r
+\r
+ @Override\r
+ public boolean isValid(Session t) {\r
+ return true;\r
+ }\r
+\r
+ @Override\r
+ public void reuse(Session t) {\r
+ // Nothing is needed to reuse this Session\r
+ }\r
+ \r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cass.hl;\r
+\r
+import static junit.framework.Assert.assertEquals;\r
+import static junit.framework.Assert.assertFalse;\r
+import static junit.framework.Assert.assertTrue;\r
+\r
+import java.security.Principal;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.AfterClass;\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.dao.aaf.hl.Question.Access;\r
+import com.att.dao.aaf.test.AbsJUCass;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+\r
+public class JU_Question extends AbsJUCass {\r
+\r
+ private static final int EXPIRES_IN = 60000000;\r
+ private static final String COM_TEST_JU = "com.test.ju_question";\r
+ private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";\r
+ private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";\r
+ private static final String READ = "read";\r
+ private static final int NFR_1 = 80;\r
+ private static final int NFR_2 = 4000;\r
+ private static final int ROLE_LEVEL1 = 1000;\r
+ private static final int PERM_LEVEL1 = 1000;\r
+// private static final int PERM_LEVEL2 = 20;\r
+ private static Question q;\r
+ private static NsDAO.Data ndd;\r
+\r
+ @BeforeClass\r
+ public static void startupBeforeClass() throws Exception {\r
+ details=false;\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ q = new Question(trans,cluster,AUTHZ, false);\r
+ ndd = new NsDAO.Data();\r
+ ndd.name=COM_TEST_JU;\r
+ ndd.type=3; // app\r
+ ndd.parent="com.test";\r
+ ndd.description="Temporary Namespace for JU_Question";\r
+ q.nsDAO.create(trans, ndd);\r
+ }\r
+ \r
+ @AfterClass\r
+ public static void endAfterClass() throws Exception {\r
+ q.nsDAO.delete(trans, ndd,false);\r
+ }\r
+// @Test\r
+ public void mayUserRead_EmptyPerm() {\r
+ PermDAO.Data pdd = new PermDAO.Data();\r
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);\r
+ assertFalse(result.isOK());\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermNotExist() {\r
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);\r
+ assertFalse(result.isOK());\r
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
+ }\r
+ \r
+// @Test\r
+ public void mayUserRead_OnePermExistDenied() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ q.permDAO.create(trans,perm);\r
+ try {\r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertFalse(result.isOK());\r
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermOneRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ RoleDAO.Data role = newRole(0,perm);\r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ q.roleDAO.create(trans,role);\r
+ q.userRoleDAO.create(trans,ur);\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void filter_OnePermOneRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ RoleDAO.Data role = newRole(0,perm);\r
+ UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);\r
+ UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ q.roleDAO.create(trans,role);\r
+ q.userRoleDAO.create(trans,ur1);\r
+ q.userRoleDAO.create(trans,ur2);\r
+ \r
+ Result<List<PermDAO.Data>> pres;\r
+ TimeTaken tt = trans.start("q.getPerms...", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ trans.info().log("filter_OnePermOneRleExistOK",tt);\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertTrue(pres.isOK());\r
+ \r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ trans.info().log("filter_OnePermOneRleExistOK No Value",tt);\r
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);\r
+ }\r
+ assertFalse(pres.isOKhasData());\r
+\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur1, false);\r
+ q.userRoleDAO.delete(trans, ur2, false);\r
+ }\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_OnePermMultiRoleExistOK() {\r
+ PermDAO.Data perm = newPerm(0,0,READ);\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ try {\r
+ q.permDAO.create(trans,perm);\r
+ for(int i=0;i<ROLE_LEVEL1;++i) {\r
+ RoleDAO.Data role = newRole(i,perm);\r
+ lrole.add(role);\r
+ q.roleDAO.create(trans,role);\r
+ \r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);\r
+ lur.add(ur);\r
+ q.userRoleDAO.create(trans,ur);\r
+ }\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,ROLE_LEVEL1,"iterations");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ q.permDAO.delete(trans, perm, false);\r
+ for(RoleDAO.Data role : lrole) {\r
+ q.roleDAO.delete(trans, role, false);\r
+ }\r
+ for(UserRoleDAO.Data ur : lur) {\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void mayUserRead_MultiPermOneRoleExistOK() {\r
+ RoleDAO.Data role = newRole(0);\r
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ try {\r
+ for(int i=0;i<PERM_LEVEL1;++i) {\r
+ lperm.add(newPerm(i,i,READ,role));\r
+ }\r
+ q.roleDAO.create(trans, role);\r
+ q.userRoleDAO.create(trans, ur);\r
+ \r
+ Result<NsDAO.Data> result;\r
+ TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);\r
+ try {\r
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,PERM_LEVEL1,"iterations");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ assertTrue(result.isOK());\r
+ } finally {\r
+ for(PermDAO.Data perm : lperm) {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ q.roleDAO.delete(trans, role, false);\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+ }\r
+\r
+//// @Test\r
+// public void mayUserRead_MultiPermMultiRoleExistOK() {\r
+// List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+// List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+// List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+//\r
+// try {\r
+// RoleDAO.Data role;\r
+// UserRoleDAO.Data ur;\r
+// for(int i=0;i<ROLE_LEVEL1;++i) {\r
+// lrole.add(role=newRole(i));\r
+// q.roleDAO.create(trans, role);\r
+// lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+// q.userRoleDAO.create(trans, ur);\r
+// for(int j=0;j<PERM_LEVEL2;++j) {\r
+// lperm.add(newPerm(i,j,READ,role));\r
+// }\r
+// }\r
+// \r
+// Result<NsDAO.Data> result;\r
+// TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);\r
+// try {\r
+// result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);\r
+// } finally {\r
+// tt.done();\r
+// env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");\r
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+// }\r
+// assertTrue(result.isOK());\r
+// } finally {\r
+// for(PermDAO.Data perm : lperm) {\r
+// q.permDAO.delete(trans, perm, false);\r
+// }\r
+// for(RoleDAO.Data role : lrole) {\r
+// q.roleDAO.delete(trans, role, false);\r
+// }\r
+// for(UserRoleDAO.Data ur : lur) {\r
+// q.userRoleDAO.delete(trans, ur, false);\r
+// }\r
+// }\r
+// }\r
+\r
+ @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_10x10() {\r
+ env.info().log("Original Filter Method 10x10");\r
+ mayUserRead_MultiPermMultiRoleExist(10,10);\r
+ env.info().log("New Filter Method 10x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_20x10() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_100x10() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_100x20() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);\r
+ }\r
+\r
+// @Test\r
+ public void mayUserRead_MultiPermMultiRoleExist_1000x20() {\r
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");\r
+ mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);\r
+ }\r
+\r
+ private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ load(roleLevel, permLevel, lperm,lrole,lur);\r
+\r
+\r
+ Result<List<PermDAO.Data>> pres;\r
+ trans.setUser(new Principal() {\r
+ @Override\r
+ public String getName() {\r
+ return JU9999_JU_TEST_COM;\r
+ }\r
+ });\r
+\r
+ try {\r
+ TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);\r
+ try {\r
+ TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);\r
+ }\r
+ assertTrue(pres.isOK());\r
+ tt = trans.start(" q.mayUser", Env.SUB);\r
+ List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();\r
+ \r
+ try {\r
+ for(PermDAO.Data p : pres.value) {\r
+ Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);\r
+ if(r.isOK()) {\r
+ reduced.add(p);\r
+ }\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());\r
+ // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+ // assertFalse(result.isOK());\r
+ } finally {\r
+ group.done();\r
+ env.info().log(group," Original Validation Method (1st pass)");\r
+ }\r
+ \r
+\r
+ } finally {\r
+ unload(lperm, lrole, lur);\r
+ }\r
+ }\r
+\r
+ private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {\r
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();\r
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();\r
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();\r
+ load(roleLevel, permLevel, lperm,lrole,lur);\r
+\r
+ try {\r
+\r
+ Result<List<PermDAO.Data>> pres;\r
+ TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+// assertTrue(pres.isOKhasData());\r
+\r
+ tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);\r
+ try {\r
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);\r
+ } finally {\r
+ tt.done();\r
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");\r
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);\r
+ }\r
+// assertTrue(pres.isOKhasData());\r
+\r
+ } finally {\r
+ unload(lperm, lrole, lur);\r
+ }\r
+ }\r
+\r
+\r
+ private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
+ RoleDAO.Data role;\r
+ UserRoleDAO.Data ur;\r
+ PermDAO.Data perm;\r
+ \r
+ int onethirdR=roleLevel/3;\r
+ int twothirdR=onethirdR*2;\r
+ int onethirdP=permLevel/3;\r
+ int twothirdP=onethirdP*2;\r
+\r
+ for(int i=0;i<roleLevel;++i) {\r
+ lrole.add(role=newRole(i));\r
+ if(i<onethirdR) { // one has\r
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=0;j<onethirdP;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ } else if(i<twothirdR) { // both have\r
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=onethirdP;j<twothirdP;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ } else { // other has\r
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));\r
+ q.userRoleDAO.create(trans, ur);\r
+ for(int j=twothirdP;j<permLevel;++j) {\r
+ lperm.add(perm=newPerm(i,j,READ,role));\r
+ q.permDAO.create(trans, perm);\r
+ }\r
+ }\r
+ q.roleDAO.create(trans, role);\r
+ }\r
+\r
+ }\r
+ \r
+ private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {\r
+ for(PermDAO.Data perm : lperm) {\r
+ q.permDAO.delete(trans, perm, false);\r
+ }\r
+ for(RoleDAO.Data role : lrole) {\r
+ q.roleDAO.delete(trans, role, false);\r
+ }\r
+ for(UserRoleDAO.Data ur : lur) {\r
+ q.userRoleDAO.delete(trans, ur, false);\r
+ }\r
+\r
+ }\r
+ private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {\r
+ PermDAO.Data pdd = new PermDAO.Data();\r
+ pdd.ns=COM_TEST_JU;\r
+ pdd.type="myPerm"+permNum;\r
+ pdd.instance="myInstance"+instNum;\r
+ pdd.action=action;\r
+ for(RoleDAO.Data r : grant) {\r
+ pdd.roles(true).add(r.fullName());\r
+ r.perms(true).add(pdd.encode());\r
+ }\r
+ return pdd;\r
+ }\r
+\r
+ private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {\r
+ RoleDAO.Data rdd = new RoleDAO.Data();\r
+ rdd.ns = COM_TEST_JU+roleNum;\r
+ rdd.name = "myRole"+roleNum;\r
+ for(PermDAO.Data p : grant) {\r
+ rdd.perms(true).add(p.encode());\r
+ p.roles(true).add(rdd.fullName());\r
+ }\r
+ return rdd;\r
+ }\r
+\r
+ private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {\r
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();\r
+ urd.user=user;\r
+ urd.role(role);\r
+ urd.expires=new Date(System.currentTimeMillis()+offset);\r
+ return urd;\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Timer;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cache.Cache;\r
+import com.att.cache.Cache.Dated;\r
+import com.att.dao.Cached.Getter;\r
+//import com.att.dao.Cached.Refresh;\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_Cached {\r
+ Cached cached;\r
+ @Mock\r
+ CIDAO<Trans> ciDaoMock;\r
+ @Mock\r
+ AuthzEnv authzEnvMock;\r
+ @Mock\r
+ CIDAO<AuthzTrans> cidaoATMock;\r
+ \r
+ String name = "nameString";\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ cached = new Cached(ciDaoMock, name, 0);\r
+ }\r
+ \r
+ @Test(expected=ArithmeticException.class)\r
+ public void testCachedIdx(){\r
+ int Result = cached.cacheIdx("1234567890"); \r
+ }\r
+ \r
+ @Test(expected=ArithmeticException.class)\r
+ public void testInvalidate(){\r
+ int Res = cached.invalidate(name);\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testStopTimer(){\r
+ cached.stopTimer();\r
+ assertTrue(true);\r
+ }\r
+\r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testStartRefresh(){\r
+ cached.startRefresh(authzEnvMock, cidaoATMock);\r
+ assertTrue(true);\r
+ }\r
+// @Mock\r
+// Trans transMock;\r
+// @Mock\r
+// Getter<DAO> getterMock;\r
+// \r
+// @Test\r
+// public void testGet(){\r
+// cached.get(transMock, name, getterMock);\r
+// fail("not implemented");\r
+// }\r
+// \r
+// @SuppressWarnings("unchecked")\r
+// public Result<List<DATA>> get(TRANS trans, String key, Getter<DATA> getter) {\r
+// List<DATA> ld = null;\r
+// Result<List<DATA>> rld = null;\r
+// \r
+// int cacheIdx = cacheIdx(key);\r
+// Map<String, Dated> map = ((Map<String,Dated>)cache[cacheIdx]);\r
+// \r
+// // Check for saved element in cache\r
+// Dated cached = map.get(key);\r
+// // Note: These Segment Timestamps are kept up to date with DB\r
+// Date dbStamp = info.get(trans, name,cacheIdx);\r
+// \r
+// // Check for cache Entry and whether it is still good (a good Cache Entry is same or after DBEntry, so we use "before" syntax)\r
+// if(cached!=null && dbStamp.before(cached.timestamp)) {\r
+// ld = (List<DATA>)cached.data;\r
+// rld = Result.ok(ld);\r
+// } else {\r
+// rld = getter.get();\r
+// if(rld.isOK()) { // only store valid lists\r
+// map.put(key, new Dated(rld.value)); // successful item found gets put in cache\r
+//// } else if(rld.status == Result.ERR_Backend){\r
+//// map.remove(key);\r
+// }\r
+// }\r
+// return rld;\r
+// }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import org.junit.Assert;\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_CachedDAO {\r
+ CachedDAO cachedDAO;\r
+ @Mock\r
+ DAO daoMock;\r
+ @Mock\r
+ CIDAO<Trans> ciDAOMock; \r
+ int segsize=1;\r
+ Object[ ] objs = new Object[2];\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ objs[0] = "helo";\r
+ objs[1] = "polo";\r
+ cachedDAO = new CachedDAO(daoMock, ciDAOMock, segsize);\r
+ }\r
+ \r
+ @Test\r
+ public void testKeyFromObjs(){\r
+ String result = cachedDAO.keyFromObjs(objs);\r
+ System.out.println("value of resut " +result);\r
+ assertTrue(true);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+//import com.att.dao.CassAccess.Resettable;\r
+import com.datastax.driver.core.Cluster.Builder;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_CassAccess {\r
+ CassAccess cassAccess;\r
+ \r
+ public static final String KEYSPACE = "authz";\r
+ public static final String CASSANDRA_CLUSTERS = "cassandra.clusters";\r
+ public static final String CASSANDRA_CLUSTERS_PORT = "cassandra.clusters.port";\r
+ public static final String CASSANDRA_CLUSTERS_USER_NAME = "cassandra.clusters.user";\r
+ public static final String CASSANDRA_CLUSTERS_PASSWORD = "cassandra.clusters.password";\r
+ public static final String CASSANDRA_RESET_EXCEPTIONS = "cassandra.reset.exceptions";\r
+ public static final String LATITUDE = "LATITUDE";\r
+ public static final String LONGITUDE = "LONGITUDE";\r
+ //private static final List<Resettable> resetExceptions = new ArrayList<Resettable>();\r
+ public static final String ERR_ACCESS_MSG = "Accessing Backend";\r
+ private static Builder cb = null;\r
+ @Mock\r
+ Env envMock;\r
+ String prefix=null;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ cassAccess = new CassAccess();\r
+ }\r
+\r
+\r
+ @Test(expected=APIException.class)\r
+ public void testCluster() throws APIException, IOException {\r
+ cassAccess.cluster(envMock, prefix);\r
+ \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Trans;\r
+import com.att.inno.env.TransStore;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ConsistencyLevel;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_CassDAOImpl {\r
+\r
+public static final String CASS_READ_CONSISTENCY="cassandra.readConsistency";\r
+public static final String CASS_WRITE_CONSISTENCY="cassandra.writeConsistency";\r
+\r
+CassDAOImpl cassDAOImpl;\r
+\r
+\r
+@Mock\r
+TransStore transStoreMock;\r
+@SuppressWarnings("rawtypes")\r
+Class dcMock;\r
+@SuppressWarnings("rawtypes")\r
+Loader loaderMock;\r
+Cluster clusterMock;\r
+Class<Data> classDataMock;\r
+ConsistencyLevel consistencyLevelMock;\r
+Trans transMock;\r
+\r
+@Mock\r
+AuthzTrans authzTransMock;\r
+\r
+\r
+\r
+ @SuppressWarnings({ "rawtypes", "unchecked" })\r
+ @Before\r
+ public void setUp()\r
+ {\r
+ String name = "name";\r
+ String keySpace = "keySpace";\r
+ String table = "table";\r
+ cassDAOImpl = new CassDAOImpl(transStoreMock, name, clusterMock, keySpace, classDataMock, table, consistencyLevelMock, consistencyLevelMock);\r
+ }\r
+\r
+ \r
+ @Test \r
+ public void testReadConsistency() {\r
+ String table = "users";\r
+ PowerMockito.when(authzTransMock.getProperty(CASS_READ_CONSISTENCY+'.'+table)).thenReturn("TWO");\r
+ ConsistencyLevel consistencyLevel = cassDAOImpl.readConsistency(authzTransMock, table);\r
+ System.out.println("Consistency level" + consistencyLevel.name());\r
+ assertEquals("TWO", consistencyLevel.name());\r
+ }\r
+ \r
+ @Test \r
+ public void testWriteConsistency() {\r
+ String table = "users";\r
+ PowerMockito.when(authzTransMock.getProperty(CASS_WRITE_CONSISTENCY+'.'+table)).thenReturn(null);\r
+ ConsistencyLevel consistencyLevel = cassDAOImpl.writeConsistency(authzTransMock, table);\r
+ System.out.println("Consistency level" + consistencyLevel.name());\r
+ assertEquals("ONE", consistencyLevel.name());\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DAOException {\r
+DAOException daoException;\r
+\r
+ //DAOException daoException = new DAOException();\r
+ String message = "message";\r
+ Throwable cause; \r
+ @Before\r
+ public void setUp(){\r
+ daoException = new DAOException(); \r
+ }\r
+\r
+ @Test\r
+ public void test(){\r
+ assertTrue(true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import java.io.File;\r
+import java.io.FileInputStream;\r
+import java.io.IOException;\r
+import java.io.InputStream;\r
+import java.net.URL;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.util.Properties;\r
+\r
+import org.junit.After;\r
+import org.junit.AfterClass;\r
+import org.junit.Before;\r
+import org.junit.BeforeClass;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.cadi.Hash;\r
+import com.att.cadi.Symm;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.CassDAOImpl;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Trans.Metric;\r
+import com.datastax.driver.core.Cluster;\r
+\r
+import junit.framework.Assert;\r
+\r
+/**\r
+ * Do Setup of Cassandra for Cassandra JUnit Testing\r
+ * \r
+ *\r
+ */\r
+public class AbsJUCass {\r
+ protected static final String AUTHZ = "authz";\r
+ protected static Cluster cluster;\r
+ protected static AuthzEnv env;\r
+ protected static int iterations = 0;\r
+ protected static float totals=0.0f;\r
+ protected static float remote = 0.0f;\r
+ protected static float json = 0.0f;\r
+ protected static AuthzTrans trans;\r
+ protected static boolean details = true;\r
+ \r
+ @BeforeClass \r
+ public static void startup() throws APIException, IOException {\r
+ synchronized(AUTHZ) {\r
+ if(env==null) {\r
+ final String resource = "cadi.properties";\r
+ File f = new File("etc" + resource);\r
+ InputStream is=null;\r
+ Properties props = new Properties();\r
+ try {\r
+ if(f.exists()) {\r
+ is = new FileInputStream(f);\r
+ } else {\r
+ URL rsrc = ClassLoader.getSystemResource(resource);\r
+ is = rsrc.openStream();\r
+ }\r
+ props.load(is);\r
+ } finally {\r
+ if(is==null) {\r
+ env= new AuthzEnv();\r
+ Assert.fail(resource + " must exist in etc dir, or in Classpath");\r
+ }\r
+ is.close();\r
+ }\r
+ env = new AuthzEnv(props);\r
+ }\r
+ }\r
+ cluster = CassAccess.cluster(env,"LOCAL");\r
+\r
+ env.info().log("Connecting to Cluster");\r
+ try {\r
+ cluster.connect(AUTHZ);\r
+ } catch(Exception e) {\r
+ cluster=null;\r
+ env.error().log(e);\r
+ Assert.fail("Not able to connect to DB: " + e.getLocalizedMessage());\r
+ }\r
+ env.info().log("Connected");\r
+ \r
+ // Load special data here\r
+ \r
+ // WebPhone\r
+ env.setProperty("java.naming.provider.url","ldap://ldap.webphone.att.com:389");\r
+ env.setProperty("com.sun.jndi.ldap.connect.pool","true");\r
+ \r
+ iterations = 0;\r
+ \r
+ }\r
+ \r
+ @AfterClass\r
+ public static void shutdown() {\r
+ if(cluster!=null) {\r
+ cluster.close();\r
+ cluster = null;\r
+ }\r
+ }\r
+\r
+ @Before\r
+ public void newTrans() {\r
+ trans = env.newTrans();\r
+ \r
+ trans.setProperty(CassDAOImpl.USER_NAME, System.getProperty("user.name"));\r
+ }\r
+ \r
+ @After\r
+ public void auditTrail() {\r
+ if(totals==0) { // "updateTotals()" was not called... just do one Trans\r
+ StringBuilder sb = new StringBuilder();\r
+ Metric metric = trans.auditTrail(4, sb, Env.JSON, Env.REMOTE);\r
+ if(details) {\r
+ env.info().log(\r
+ sb,\r
+ "Total time:",\r
+ totals += metric.total,\r
+ "JSON time: ",\r
+ metric.buckets[0],\r
+ "REMOTE time: ",\r
+ metric.buckets[1]\r
+ );\r
+ } else {\r
+ totals += metric.total;\r
+ }\r
+ }\r
+ }\r
+ \r
+ protected void updateTotals() {\r
+ Metric metric = trans.auditTrail(0, null, Env.JSON, Env.REMOTE);\r
+ totals+=metric.total;\r
+ json +=metric.buckets[0];\r
+ remote+=metric.buckets[1];\r
+ }\r
+\r
+\r
+ @AfterClass\r
+ public static void print() {\r
+ float transTime;\r
+ if(iterations==0) {\r
+ transTime=totals;\r
+ } else {\r
+ transTime=totals/iterations;\r
+ }\r
+ env.info().log(\r
+ "Total time:",\r
+ totals, \r
+ "JSON time:",\r
+ json,\r
+ "REMOTE time:",\r
+ remote,\r
+ "Iterations:",\r
+ iterations,\r
+ "Transaction time:",\r
+ transTime\r
+ );\r
+ }\r
+ \r
+ /**\r
+ * Take a User/Pass and turn into an MD5 Hashed BasicAuth\r
+ * \r
+ * @param user\r
+ * @param pass\r
+ * @return\r
+ * @throws IOException\r
+ * @throws NoSuchAlgorithmException\r
+ */\r
+ public static byte[] userPassToBytes(String user, String pass)\r
+ throws IOException, NoSuchAlgorithmException {\r
+ // Take the form of BasicAuth, so as to allow any character in Password\r
+ // (this is an issue in 1.0)\r
+ // Also, it makes it quicker to evaluate Basic Auth direct questions\r
+ String ba = Symm.base64url.encode(user + ':' + pass);\r
+ // Take MD5 Hash, so that data in DB can't be reversed out.\r
+ return Hash.encryptMD5(ba.getBytes());\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertNotSame;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.util.Date;\r
+import java.util.List;\r
+import java.util.UUID;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.ApprovalDAO.Data;\r
+\r
+public class JU_ApprovalDAO extends AbsJUCass {\r
+ @Test\r
+ public void testCRUD() throws Exception {\r
+ ApprovalDAO rrDAO = new ApprovalDAO(trans, cluster, AUTHZ);\r
+ ApprovalDAO.Data data = new ApprovalDAO.Data();\r
+ \r
+ data.ticket = UUID.randomUUID(); // normally, read from Future object\r
+ data.user = "testid@test.com";\r
+ data.approver = "mySuper@att.com";\r
+ data.type = "supervisor";\r
+ data.status = "pending";\r
+ data.operation = "C";\r
+ data.updated = new Date();\r
+ \r
+ try {\r
+ // Test create\r
+ rrDAO.create(trans, data);\r
+ \r
+ // Test Read by Ticket\r
+ Result<List<ApprovalDAO.Data>> rlad;\r
+ rlad = rrDAO.readByTicket(trans, data.ticket);\r
+ assertTrue(rlad.isOK());\r
+ assertEquals(1,rlad.value.size());\r
+ compare(data,rlad.value.get(0));\r
+ \r
+ // Hold onto original ID for deletion, and read tests\r
+ UUID id = rlad.value.get(0).id;\r
+ \r
+ try {\r
+ // Test Read by User\r
+ rlad = rrDAO.readByUser(trans, data.user);\r
+ assertTrue(rlad.isOKhasData());\r
+ boolean ok = false;\r
+ for(ApprovalDAO.Data a : rlad.value) {\r
+ if(a.id.equals(id)) {\r
+ ok = true;\r
+ compare(data,a);\r
+ }\r
+ }\r
+ assertTrue(ok);\r
+ \r
+ // Test Read by Approver\r
+ rlad = rrDAO.readByApprover(trans, data.approver);\r
+ assertTrue(rlad.isOKhasData());\r
+ ok = false;\r
+ for(ApprovalDAO.Data a : rlad.value) {\r
+ if(a.id.equals(id)) {\r
+ ok = true;\r
+ compare(data,a);\r
+ }\r
+ }\r
+ assertTrue(ok);\r
+ \r
+ // Test Read by ID\r
+ rlad = rrDAO.read(trans, id);\r
+ assertTrue(rlad.isOKhasData());\r
+ ok = false;\r
+ for(ApprovalDAO.Data a : rlad.value) {\r
+ if(a.id.equals(id)) {\r
+ ok = true;\r
+ compare(data,a);\r
+ }\r
+ }\r
+ assertTrue(ok);\r
+ \r
+ // Test Update\r
+ data.status = "approved";\r
+ data.id = id;\r
+ assertTrue(rrDAO.update(trans, data).isOK());\r
+ \r
+ rlad = rrDAO.read(trans, id);\r
+ assertTrue(rlad.isOKhasData());\r
+ ok = false;\r
+ for(ApprovalDAO.Data a : rlad.value) {\r
+ if(a.id.equals(id)) {\r
+ ok = true;\r
+ compare(data,a);\r
+ }\r
+ }\r
+ assertTrue(ok);\r
+\r
+ } finally {\r
+ // Delete\r
+ data.id = id;\r
+ rrDAO.delete(trans, data, true);\r
+ rlad = rrDAO.read(trans, id);\r
+ assertTrue(rlad.isOK());\r
+ assertTrue(rlad.isEmpty());\r
+ }\r
+ \r
+ } finally {\r
+ rrDAO.close(trans);\r
+ }\r
+ }\r
+\r
+ private void compare(Data d1, Data d2) {\r
+ assertNotSame(d1.id,d2.id);\r
+ assertEquals(d1.ticket,d2.ticket);\r
+ assertEquals(d1.user,d2.user);\r
+ assertEquals(d1.approver,d2.approver);\r
+ assertEquals(d1.type,d2.type);\r
+ assertEquals(d1.status,d2.status);\r
+ assertEquals(d1.operation,d2.operation);\r
+ assertNotSame(d1.updated,d2.updated);\r
+ }\r
+\r
+ \r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+import com.att.dao.aaf.cass.ArtiDAO.Data;\r
+\r
+/**\r
+ * UserDAO unit test.\r
+ * User: tp007s\r
+ * Date: 7/19/13\r
+ */\r
+public class JU_ArtiDAO extends AbsJUCass {\r
+ @Test\r
+ public void test() throws IOException, NoSuchAlgorithmException {\r
+ ArtiDAO adao = new ArtiDAO(trans,cluster,"authz");\r
+ try {\r
+ // Create\r
+ ArtiDAO.Data data = new ArtiDAO.Data();\r
+ data.mechid="m55555@perturbed.att.com";\r
+ data.machine="perturbed1232.att.com";\r
+ data.type(false).add("file");\r
+ data.type(false).add("jks");\r
+ data.sponsor="Fred Flintstone";\r
+ data.ca="devl";\r
+ data.dir="/opt/app/aft/keys";\r
+ data.appName="kumquat";\r
+ data.os_user="aft";\r
+ data.notify="email:myname@bogus.email.com";\r
+ data.expires=new Date();\r
+ \r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new ArtiDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ checkData1(data, bdata);\r
+ \r
+ \r
+// DB work\r
+ adao.create(trans,data);\r
+ try {\r
+ // Validate Read with key fields in Data\r
+ Result<List<ArtiDAO.Data>> rlcd = adao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(ArtiDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Validate Read with key fields in Data\r
+ rlcd = adao.read(trans,data.mechid, data.machine);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(ArtiDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // By Machine\r
+ rlcd = adao.readByMachine(trans,data.machine);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(ArtiDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // By MechID\r
+ rlcd = adao.readByMechID(trans,data.mechid);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(ArtiDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Update\r
+ data.sponsor = "Wilma Flintstone";\r
+ adao.update(trans,data);\r
+ rlcd = adao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(ArtiDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ } \r
+\r
+ } finally {\r
+ // Always delete data, even if failure.\r
+ adao.delete(trans,data, true);\r
+ }\r
+ } finally {\r
+ adao.close(trans);\r
+ }\r
+\r
+ \r
+ }\r
+\r
+ private void checkData1(Data data, Data d) {\r
+ assertEquals(data.mechid,d.mechid);\r
+ assertEquals(data.machine,d.machine);\r
+ assertEquals(data.type(false).size(),d.type(false).size());\r
+ for(String s: data.type(false)) {\r
+ assertTrue(d.type(false).contains(s));\r
+ }\r
+ assertEquals(data.sponsor,d.sponsor);\r
+ assertEquals(data.ca,d.ca);\r
+ assertEquals(data.dir,d.dir);\r
+ assertEquals(data.appName,d.appName);\r
+ assertEquals(data.os_user,d.os_user);\r
+ assertEquals(data.notify,d.notify);\r
+ assertEquals(data.expires,d.expires);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+\r
+public class JU_Bytification {\r
+\r
+ @Test\r
+ public void testNS() throws IOException {\r
+ \r
+ // Normal\r
+ NsDAO.Data ns = new NsDAO.Data();\r
+ ns.name = "com.att.<pass>";\r
+ ns.type = NsType.APP.type;\r
+\r
+ ByteBuffer bb = ns.bytify();\r
+ \r
+ NsDAO.Data nsr = new NsDAO.Data();\r
+ nsr.reconstitute(bb);\r
+ check(ns,nsr);\r
+ \r
+ // Empty admin\r
+// ns.admin(true).clear();\r
+ bb = ns.bytify();\r
+ nsr = new NsDAO.Data();\r
+ nsr.reconstitute(bb);\r
+ check(ns,nsr);\r
+ \r
+ // Empty responsible\r
+// ns.responsible(true).clear();\r
+ bb = ns.bytify();\r
+ nsr = new NsDAO.Data();\r
+ nsr.reconstitute(bb);\r
+ check(ns,nsr);\r
+\r
+ bb = ns.bytify();\r
+ nsr = new NsDAO.Data();\r
+ nsr.reconstitute(bb);\r
+ check(ns,nsr);\r
+ }\r
+ \r
+ private void check(NsDAO.Data a, NsDAO.Data b) {\r
+ assertEquals(a.name,b.name);\r
+ assertEquals(a.type,b.type);\r
+// assertEquals(a.admin.size(),b.admin.size());\r
+ \r
+// for(String s: a.admin) {\r
+// assertTrue(b.admin.contains(s));\r
+// }\r
+// \r
+// assertEquals(a.responsible.size(),b.responsible.size());\r
+// for(String s: a.responsible) {\r
+// assertTrue(b.responsible.contains(s));\r
+// }\r
+ }\r
+\r
+ @Test\r
+ public void testRole() throws IOException {\r
+ RoleDAO.Data rd1 = new RoleDAO.Data();\r
+ rd1.ns = "com.att.<pass>";\r
+ rd1.name = "my.role";\r
+ rd1.perms(true).add("com.att.<pass>.my.Perm|myInstance|myAction");\r
+ rd1.perms(true).add("com.att.<pass>.my.Perm|myInstance|myAction2");\r
+\r
+ // Normal\r
+ ByteBuffer bb = rd1.bytify();\r
+ RoleDAO.Data rd2 = new RoleDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(rd1,rd2);\r
+ \r
+ // Overshoot Buffer\r
+ StringBuilder sb = new StringBuilder(300);\r
+ sb.append("role|instance|veryLongAction...");\r
+ for(int i=0;i<280;++i) {\r
+ sb.append('a');\r
+ }\r
+ rd1.perms(true).add(sb.toString());\r
+ bb = rd1.bytify();\r
+ rd2 = new RoleDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(rd1,rd2);\r
+ \r
+ // No Perms\r
+ rd1.perms.clear();\r
+ \r
+ bb = rd1.bytify();\r
+ rd2 = new RoleDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(rd1,rd2);\r
+ \r
+ // 1000 Perms\r
+ for(int i=0;i<1000;++i) {\r
+ rd1.perms(true).add("com|inst|action"+ i);\r
+ }\r
+\r
+ bb = rd1.bytify();\r
+ rd2 = new RoleDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(rd1,rd2);\r
+\r
+ }\r
+ \r
+ private void check(RoleDAO.Data a, RoleDAO.Data b) {\r
+ assertEquals(a.ns,b.ns);\r
+ assertEquals(a.name,b.name);\r
+ \r
+ assertEquals(a.perms.size(),b.perms.size());\r
+ for(String s: a.perms) {\r
+ assertTrue(b.perms.contains(s));\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void testPerm() throws IOException {\r
+ PermDAO.Data pd1 = new PermDAO.Data();\r
+ pd1.ns = "com.att.<pass>";\r
+ pd1.type = "my.perm";\r
+ pd1.instance = "instance";\r
+ pd1.action = "read";\r
+ pd1.roles(true).add("com.att.<pass>.my.Role");\r
+ pd1.roles(true).add("com.att.<pass>.my.Role2");\r
+\r
+ // Normal\r
+ ByteBuffer bb = pd1.bytify();\r
+ PermDAO.Data rd2 = new PermDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(pd1,rd2);\r
+ \r
+ // No Perms\r
+ pd1.roles.clear();\r
+ \r
+ bb = pd1.bytify();\r
+ rd2 = new PermDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(pd1,rd2);\r
+ \r
+ // 1000 Perms\r
+ for(int i=0;i<1000;++i) {\r
+ pd1.roles(true).add("com.att.<pass>.my.Role"+ i);\r
+ }\r
+\r
+ bb = pd1.bytify();\r
+ rd2 = new PermDAO.Data();\r
+ rd2.reconstitute(bb);\r
+ check(pd1,rd2);\r
+\r
+ }\r
+ \r
+ private void check(PermDAO.Data a, PermDAO.Data b) {\r
+ assertEquals(a.ns,b.ns);\r
+ assertEquals(a.type,b.type);\r
+ assertEquals(a.instance,b.instance);\r
+ assertEquals(a.action,b.action);\r
+ \r
+ assertEquals(a.roles.size(),b.roles.size());\r
+ for(String s: a.roles) {\r
+ assertTrue(b.roles.contains(s));\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void testUserRole() throws IOException {\r
+ UserRoleDAO.Data urd1 = new UserRoleDAO.Data();\r
+ urd1.user = "myname@abc.att.com";\r
+ urd1.role("com.att.<pass>","my.role");\r
+ urd1.expires = new Date();\r
+\r
+ // Normal\r
+ ByteBuffer bb = urd1.bytify();\r
+ UserRoleDAO.Data urd2 = new UserRoleDAO.Data();\r
+ urd2.reconstitute(bb);\r
+ check(urd1,urd2);\r
+ \r
+ // A null\r
+ urd1.expires = null; \r
+ urd1.role = null;\r
+ \r
+ bb = urd1.bytify();\r
+ urd2 = new UserRoleDAO.Data();\r
+ urd2.reconstitute(bb);\r
+ check(urd1,urd2);\r
+ }\r
+\r
+ private void check(UserRoleDAO.Data a, UserRoleDAO.Data b) {\r
+ assertEquals(a.user,b.user);\r
+ assertEquals(a.role,b.role);\r
+ assertEquals(a.expires,b.expires);\r
+ }\r
+\r
+ \r
+ @Test\r
+ public void testCred() throws IOException {\r
+ CredDAO.Data cd = new CredDAO.Data();\r
+ cd.id = "m55555@abc.att.com";\r
+ cd.ns = "com.att.abc";\r
+ cd.type = 2;\r
+ cd.cred = ByteBuffer.wrap(new byte[]{1,34,5,3,25,0,2,5,3,4});\r
+ cd.expires = new Date();\r
+\r
+ // Normal\r
+ ByteBuffer bb = cd.bytify();\r
+ CredDAO.Data cd2 = new CredDAO.Data();\r
+ cd2.reconstitute(bb);\r
+ check(cd,cd2);\r
+ \r
+ // nulls\r
+ cd.expires = null;\r
+ cd.cred = null;\r
+ \r
+ bb = cd.bytify();\r
+ cd2 = new CredDAO.Data();\r
+ cd2.reconstitute(bb);\r
+ check(cd,cd2);\r
+\r
+ }\r
+\r
+ private void check(CredDAO.Data a, CredDAO.Data b) {\r
+ assertEquals(a.id,b.id);\r
+ assertEquals(a.ns,b.ns);\r
+ assertEquals(a.type,b.type);\r
+ if(a.cred==null) {\r
+ assertEquals(a.cred,b.cred); \r
+ } else {\r
+ int l = a.cred.limit();\r
+ assertEquals(l,b.cred.limit());\r
+ for (int i=0;i<l;++i) {\r
+ assertEquals(a.cred.get(),b.cred.get());\r
+ }\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import java.io.IOException;\r
+import java.util.Date;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.CIDAO;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.cass.CacheInfoDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Chrono;\r
+\r
+import junit.framework.Assert;\r
+\r
+\r
+public class JU_CacheInfoDAO extends AbsJUCass {\r
+\r
+ @Test\r
+ public void test() throws DAOException, APIException, IOException {\r
+ CIDAO<AuthzTrans> id = new CacheInfoDAO(trans, cluster, AUTHZ);\r
+ Date date = new Date();\r
+ \r
+ id.touch(trans, RoleDAO.TABLE,1);\r
+ try {\r
+ Thread.sleep(3000);\r
+ } catch (InterruptedException e) {\r
+ }\r
+ Result<Void> rid = id.check(trans);\r
+ Assert.assertEquals(rid.status,Status.OK);\r
+ Date[] dates = CacheInfoDAO.info.get(RoleDAO.TABLE);\r
+ if(dates.length>0 && dates[1]!=null) {\r
+ System.out.println(Chrono.dateStamp(dates[1]));\r
+ System.out.println(Chrono.dateStamp(date));\r
+ Assert.assertTrue(Math.abs(dates[1].getTime() - date.getTime())<20000); // allow for 4 seconds, given Remote DB\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CertDAO.Data;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * UserDAO unit test.\r
+ * User: tp007s\r
+ * Date: 7/19/13\r
+ */\r
+public class JU_CertDAO extends AbsJUCass {\r
+ @Test\r
+ public void test() throws IOException, NoSuchAlgorithmException, APIException {\r
+ CertDAO cdao = new CertDAO(trans,cluster,"authz");\r
+ try {\r
+ // Create\r
+ CertDAO.Data data = new CertDAO.Data();\r
+ data.serial=new BigInteger("11839383");\r
+ data.id = "m55555@tguard.att.com";\r
+ data.x500="CN=ju_cert.dao.att.com, OU=AAF, O=\"ATT Services, Inc.\", L=Southfield, ST=Michigan, C=US";\r
+ data.x509="I'm a cert";\r
+ data.ca = "aaf";\r
+ cdao.create(trans,data);\r
+\r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new CertDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ checkData1(data, bdata);\r
+\r
+ // Validate Read with key fields in Data\r
+ Result<List<CertDAO.Data>> rlcd = cdao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CertDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+\r
+ // Validate Read with key fields in Data\r
+ rlcd = cdao.read(trans,data.ca,data.serial);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CertDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+\r
+ // Update\r
+ data.id = "m66666.tguard.att.com";\r
+ cdao.update(trans,data);\r
+ rlcd = cdao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CertDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ } \r
+ \r
+ cdao.delete(trans,data, true);\r
+ } finally {\r
+ cdao.close(trans);\r
+ }\r
+\r
+ \r
+ }\r
+\r
+ private void checkData1(Data data, Data d) {\r
+ assertEquals(data.ca,d.ca);\r
+ assertEquals(data.serial,d.serial);\r
+ assertEquals(data.id,d.id);\r
+ assertEquals(data.x500,d.x500);\r
+ assertEquals(data.x509,d.x509);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.CredDAO.Data;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * UserDAO unit test.\r
+ * User: tp007s\r
+ * Date: 7/19/13\r
+ */\r
+public class JU_CredDAO extends AbsJUCass {\r
+ @Test\r
+ public void test() throws IOException, NoSuchAlgorithmException, APIException {\r
+ CredDAO udao = new CredDAO(trans,cluster,"authz");\r
+ try {\r
+ // Create\r
+ CredDAO.Data data = new CredDAO.Data();\r
+ data.id = "m55555@aaf.att.com";\r
+ data.type = CredDAO.BASIC_AUTH;\r
+ data.notes = "temp pass";\r
+ data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mypass"));\r
+ data.other = 12;\r
+ data.expires = new Date(System.currentTimeMillis() + 60000*60*24*90);\r
+ udao.create(trans,data);\r
+ \r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new CredDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ checkData1(data, bdata);\r
+\r
+ // Validate Read with key fields in Data\r
+ Result<List<CredDAO.Data>> rlcd = udao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CredDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Update\r
+ data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mynewpass"));\r
+ udao.update(trans,data);\r
+ rlcd = udao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CredDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ } \r
+ \r
+ udao.delete(trans,data, true);\r
+ } finally {\r
+ udao.close(trans);\r
+ }\r
+\r
+ \r
+ }\r
+\r
+ private void checkData1(Data data, Data d) {\r
+ assertEquals(data.id,d.id);\r
+ assertEquals(data.type,d.type);\r
+ assertEquals(data.ns,d.ns);\r
+ assertEquals(data.notes,d.notes);\r
+ assertEquals(data.cred,d.cred);\r
+ assertEquals(data.other,d.other);\r
+ assertEquals(data.expires,d.expires);\r
+ }\r
+\r
+// private String CONST_myName = "MyName";\r
+// public static final java.nio.ByteBuffer CONST_MY_CRED = get_CONST_MY_CRED();\r
+// public static final int CONST_CRED_TYPE = 11;\r
+//\r
+// public static final Date CONST_UPDATE_DATE = new Date(System.currentTimeMillis()+60000*24);\r
+// @Test\r
+// public void test() {\r
+// UserDAO ud = new UserDAO(trans, cluster,"authz");\r
+// try {\r
+// UserDAO.Data data = createPrototypeUserData();\r
+// ud.create(trans, data);\r
+//\r
+// // Validate Read with key fields in Data\r
+// for(UserDAO.Data d : ud.read(trans, data)) {\r
+// checkData1(data,d);\r
+// }\r
+//\r
+// // Validate readByName\r
+// for(UserDAO.Data d : ud.read(trans, CONST_myName)) {\r
+// checkData1(data,d);\r
+// }\r
+//\r
+// ud.delete(trans, data);\r
+// List<UserDAO.Data> d_2 = ud.read(trans, CONST_myName);\r
+//\r
+// // Validate that data was deleted\r
+// assertEquals("User should not be found after deleted", 0, d_2.size() );\r
+//\r
+// data = new UserDAO.Data();\r
+// data.name = CONST_myName;\r
+// data.cred = CONST_MY_CRED;\r
+// data.cred_type= CONST_CRED_TYPE;\r
+// data.expires = new Date(System.currentTimeMillis()+60000*24);\r
+// final Result<UserDAO.Data> user = ud.r_create(trans, data);\r
+// assertEquals("ud.createUser should work", Result.Status.OK, user.status);\r
+//\r
+// checkDataIgnoreDateDiff(data, user.value);\r
+//\r
+// // finally leave system in consistent state by deleting user again\r
+// ud.delete(trans,data);\r
+//\r
+// } catch (DAOException e) {\r
+// e.printStackTrace();\r
+// fail("Fail due to Exception");\r
+// } finally {\r
+// ud.close(trans);\r
+// }\r
+// }\r
+//\r
+// private UserDAO.Data createPrototypeUserData() {\r
+// UserDAO.Data data = new UserDAO.Data();\r
+// data.name = CONST_myName;\r
+//\r
+// data.cred_type = CONST_CRED_TYPE;\r
+// data.cred = CONST_MY_CRED;\r
+// data.expires = CONST_UPDATE_DATE;\r
+// return data;\r
+// }\r
+//\r
+// // @Test\r
+// // public void testReadByUser() throws Exception {\r
+// // // this test was done above in our super test, since it uses the same setup\r
+// // }\r
+//\r
+// @Test\r
+// public void testFunctionCreateUser() throws Exception {\r
+// String name = "roger_rabbit";\r
+// Integer credType = CONST_CRED_TYPE;\r
+// java.nio.ByteBuffer cred = CONST_MY_CRED;\r
+// final UserDAO ud = new UserDAO(trans, cluster,"authz");\r
+// final UserDAO.Data data = createPrototypeUserData();\r
+// Result<UserDAO.Data> ret = ud.r_create(trans, data);\r
+// Result<List<Data>> byUserNameLookup = ud.r_read(trans, name);\r
+// \r
+// assertEquals("sanity test w/ different username (different than other test cases) failed", name, byUserNameLookup.value.get(0).name);\r
+// assertEquals("delete roger_rabbit failed", true, ud.delete(trans, byUserNameLookup.value.get(0)));\r
+// }\r
+//\r
+// @Test\r
+// public void testLowLevelCassandraCreateData_Given_UserAlreadyPresent_ShouldPass() throws Exception {\r
+// UserDAO ud = new UserDAO(trans, cluster,"authz");\r
+//\r
+// final UserDAO.Data data = createPrototypeUserData();\r
+// final UserDAO.Data data1 = ud.create(trans, data);\r
+// final UserDAO.Data data2 = ud.create(trans, data);\r
+//\r
+// assertNotNull(data1);\r
+// assertNotNull(data2);\r
+//\r
+// assertEquals(CONST_myName, data1.name);\r
+// assertEquals(CONST_myName, data2.name);\r
+// }\r
+//\r
+// @Test\r
+// public void testCreateUser_Given_UserAlreadyPresent_ShouldFail() throws Exception {\r
+// UserDAO ud = new UserDAO(trans, cluster,"authz");\r
+//\r
+// final UserDAO.Data data = createPrototypeUserData();\r
+//\r
+// // make sure that some prev test did not leave the user in the DB\r
+// ud.delete(trans, data);\r
+//\r
+// // attempt to create same user twice !!!\r
+// \r
+// final Result<UserDAO.Data> data1 = ud.r_create(trans, data);\r
+// final Result<UserDAO.Data> data2 = ud.r_create(trans, data);\r
+//\r
+// assertNotNull(data1);\r
+// assertNotNull(data2);\r
+//\r
+// assertEquals(true, Result.Status.OK == data1.status);\r
+// assertEquals(false, Result.Status.OK == data2.status);\r
+// }\r
+//\r
+// private void checkData1(UserDAO.Data data, UserDAO.Data d) {\r
+// data.name = CONST_myName;\r
+//\r
+// data.cred_type = CONST_CRED_TYPE;\r
+// data.cred = CONST_MY_CRED;\r
+// data.expires = CONST_UPDATE_DATE;\r
+//\r
+// assertEquals(data.name, d.name);\r
+// assertEquals(data.cred_type, d.cred_type);\r
+// assertEquals(data.cred, d.cred);\r
+// assertEquals(data.expires, d.expires);\r
+//\r
+// }\r
+//\r
+// private void checkDataIgnoreDateDiff(UserDAO.Data data, UserDAO.Data d) {\r
+// data.name = CONST_myName;\r
+//\r
+// data.cred_type = CONST_CRED_TYPE;\r
+// data.cred = CONST_MY_CRED;\r
+// data.expires = CONST_UPDATE_DATE;\r
+//\r
+// assertEquals(data.name, d.name);\r
+// assertEquals(data.cred_type, d.cred_type);\r
+// assertEquals(data.cred, d.cred);\r
+// // we allow dates to be different, e.g. high level calls e.g. createUser sets the date itself.\r
+// //assertEquals(data.updated, d.updated);\r
+//\r
+// }\r
+//\r
+// /**\r
+// * Get a CONST_MY_CRED ByteBuffer, which is the java type for a cass blob.\r
+// * @return\r
+// */\r
+// private static java.nio.ByteBuffer get_CONST_MY_CRED() {\r
+// return ByteBuffer.wrap("Hello".getBytes());\r
+// }\r
+//\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO.Data;\r
+\r
+\r
+public class JU_DelegateDAO extends AbsJUCass {\r
+ @Test\r
+ public void testCRUD() throws Exception {\r
+ DelegateDAO dao = new DelegateDAO(trans, cluster, AUTHZ);\r
+ DelegateDAO.Data data = new DelegateDAO.Data();\r
+ data.user = "myname";\r
+ data.delegate = "yourname";\r
+ data.expires = new Date();\r
+ \r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new DelegateDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ compare(data, bdata);\r
+\r
+ try {\r
+ // Test create\r
+ Result<Data> ddcr = dao.create(trans,data);\r
+ assertTrue(ddcr.isOK());\r
+ \r
+ \r
+ // Read by User\r
+ Result<List<DelegateDAO.Data>> records = dao.read(trans,data.user);\r
+ assertTrue(records.isOKhasData());\r
+ for(DelegateDAO.Data rdata : records.value) \r
+ compare(data,rdata);\r
+\r
+ // Read by Delegate\r
+ records = dao.readByDelegate(trans,data.delegate);\r
+ assertTrue(records.isOKhasData());\r
+ for(DelegateDAO.Data rdata : records.value) \r
+ compare(data,rdata);\r
+ \r
+ // Update\r
+ data.delegate = "hisname";\r
+ data.expires = new Date();\r
+ assertTrue(dao.update(trans, data).isOK());\r
+\r
+ // Read by User\r
+ records = dao.read(trans,data.user);\r
+ assertTrue(records.isOKhasData());\r
+ for(DelegateDAO.Data rdata : records.value) \r
+ compare(data,rdata);\r
+\r
+ // Read by Delegate\r
+ records = dao.readByDelegate(trans,data.delegate);\r
+ assertTrue(records.isOKhasData());\r
+ for(DelegateDAO.Data rdata : records.value) \r
+ compare(data,rdata);\r
+\r
+ // Test delete\r
+ dao.delete(trans,data, true);\r
+ records = dao.read(trans,data.user);\r
+ assertTrue(records.isEmpty());\r
+ \r
+ \r
+ } finally {\r
+ dao.close(trans);\r
+ }\r
+ }\r
+ \r
+ private void compare(Data d1, Data d2) {\r
+ assertEquals(d1.user, d2.user);\r
+ assertEquals(d1.delegate, d2.delegate);\r
+ assertEquals(d1.expires,d2.expires);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.CredDAO.Data;\r
+import com.att.inno.env.APIException;\r
+\r
+public class JU_FastCalling extends AbsJUCass {\r
+\r
+ @Test\r
+ public void test() throws IOException, NoSuchAlgorithmException, APIException {\r
+ trans.setProperty("cassandra.writeConsistency.cred","ONE");\r
+ \r
+ CredDAO udao = new CredDAO(env.newTransNoAvg(),cluster,"authz");\r
+ System.out.println("Starting calls");\r
+ for(iterations=0;iterations<8;++iterations) {\r
+ try {\r
+ // Create\r
+ CredDAO.Data data = new CredDAO.Data();\r
+ data.id = "m55555@aaf.att.com";\r
+ data.type = CredDAO.BASIC_AUTH;\r
+ data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mypass"));\r
+ data.expires = new Date(System.currentTimeMillis() + 60000*60*24*90);\r
+ udao.create(trans,data);\r
+ \r
+ // Validate Read with key fields in Data\r
+ Result<List<CredDAO.Data>> rlcd = udao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CredDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Update\r
+ data.cred = ByteBuffer.wrap(userPassToBytes("m55555","mynewpass"));\r
+ udao.update(trans,data);\r
+ rlcd = udao.read(trans,data);\r
+ assertTrue(rlcd.isOKhasData());\r
+ for(CredDAO.Data d : rlcd.value) {\r
+ checkData1(data,d);\r
+ } \r
+ \r
+ udao.delete(trans,data, true);\r
+ } finally {\r
+ updateTotals();\r
+ newTrans();\r
+ }\r
+ }\r
+\r
+ }\r
+\r
+ private void checkData1(Data data, Data d) {\r
+ assertEquals(data.id,d.id);\r
+ assertEquals(data.type,d.type);\r
+ assertEquals(data.cred,d.cred);\r
+ assertEquals(data.expires,d.expires);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertNotNull;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.util.List;\r
+import java.util.Random;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+\r
+public class JU_HistoryDAO extends AbsJUCass {\r
+ \r
+ @Test\r
+ public void testCreate() throws Exception {\r
+ HistoryDAO historyDAO = new HistoryDAO(trans, cluster, AUTHZ);\r
+ HistoryDAO.Data data = createHistoryData();\r
+ \r
+ try {\r
+ historyDAO.create(trans,data); \r
+ Thread.sleep(200);// History Create is Async\r
+ Result<List<HistoryDAO.Data>> records = historyDAO.readByUser(trans,data.user,data.yr_mon);\r
+ assertTrue(records.isOKhasData());\r
+ for(HistoryDAO.Data d : records.value) {\r
+ assertHistory(data, d);\r
+ }\r
+ } finally {\r
+ historyDAO.close(trans);\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void tesReadByUser() throws Exception {\r
+ HistoryDAO historyDAO = new HistoryDAO(trans,cluster, AUTHZ);\r
+ HistoryDAO.Data data = createHistoryData();\r
+ \r
+ try {\r
+ historyDAO.create(trans,data);\r
+ Thread.sleep(200);// History Create is Async\r
+ Result<List<HistoryDAO.Data>> records = historyDAO.readByUser(trans, data.user,data.yr_mon);\r
+ assertTrue(records.isOKhasData());\r
+ for(HistoryDAO.Data d : records.value) {\r
+ assertHistory(data, d);\r
+ }\r
+ } finally {\r
+ historyDAO.close(trans);\r
+ }\r
+ }\r
+ \r
+/*\r
+ @Test\r
+ public void readByUserAndMonth() throws Exception {\r
+ HistoryDAO historyDAO = new HistoryDAO(trans,cluster, AUTHZ);\r
+ HistoryDAO.Data data = createHistoryData();\r
+ \r
+ try {\r
+ historyDAO.create(trans,data); \r
+ Thread.sleep(200);// History Create is Async\r
+ Result<List<HistoryDAO.Data>> records = historyDAO.readByUserAndMonth(trans,\r
+ data.user, Integer.valueOf(String.valueOf(data.yr_mon).substring(0, 4)),\r
+ Integer.valueOf(String.valueOf(data.yr_mon).substring(4, 6)));\r
+ assertTrue(records.isOKhasData());\r
+ for(HistoryDAO.Data d : records.value) {\r
+ assertHistory(data, d);\r
+ }\r
+ } finally {\r
+ historyDAO.close(trans);\r
+ }\r
+ }\r
+*/ \r
+ //TODO readadd this\r
+// @Test\r
+// public void readByUserAndDay() throws Exception {\r
+// HistoryDAO historyDAO = new HistoryDAO(trans, cluster, AUTHZ);\r
+// HistoryDAO.Data data = createHistoryData();\r
+// \r
+// try {\r
+// historyDAO.create(trans, data); \r
+// Thread.sleep(200);// History Create is Async\r
+// \r
+// String dayTime = String.valueOf(data.day_time);\r
+// String day = null;\r
+// if (dayTime.length() < 8)\r
+// day = dayTime.substring(0, 1);\r
+// else \r
+// day = dayTime.substring(0, 2);\r
+// \r
+// List<HistoryDAO.Data> records = historyDAO.readByUserBetweenDates(trans,\r
+// data.user, Integer.valueOf(String.valueOf(data.yr_mon).substring(0, 4)),\r
+// Integer.valueOf(String.valueOf(data.yr_mon).substring(4, 6)),\r
+// Integer.valueOf(day), 0);\r
+// assertEquals(1,records.size());\r
+// for(HistoryDAO.Data d : records) {\r
+// assertHistory(data, d);\r
+// }\r
+// } finally {\r
+// historyDAO.close(trans);\r
+// }\r
+// }\r
+ private HistoryDAO.Data createHistoryData() {\r
+ HistoryDAO.Data data = HistoryDAO.newInitedData();\r
+ Random random = new Random();\r
+ data.user = "test" + random.nextInt();\r
+ data.action = "add";\r
+ data.target = "history";\r
+ data.memo = "adding a row into history table";\r
+// data.detail().put("id", "test");\r
+// data.detail().put("name", "test");\r
+ //String temp = "Test Blob Message";\r
+ data.reconstruct = ByteBuffer.wrap("Temp Blob Message".getBytes()); \r
+ return data;\r
+ }\r
+ \r
+ private void assertHistory(HistoryDAO.Data ip, HistoryDAO.Data op) {\r
+ assertEquals(ip.yr_mon, op.yr_mon); \r
+// assertEquals(ip.day_time, op.day_time); \r
+ assertEquals(ip.user, op.user); \r
+ assertEquals(ip.action, op.action);\r
+ assertEquals(ip.target, op.target);\r
+ assertEquals(ip.memo, op.memo);\r
+ //TODO : have to see if third party assert utility can be used\r
+// assertTrue(CollectionUtils.isEqualCollection(ip.detail, op.detail));\r
+// for (String key : ip.detail().keySet()) {\r
+// assertNotNull(op.detail().get(key));\r
+// }\r
+ assertNotNull(op.reconstruct);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertFalse;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Map.Entry;\r
+import java.util.Set;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.inno.env.APIException;\r
+\r
+\r
+public class JU_NsDAO extends AbsJUCass {\r
+ private static final String CRM = "ju_crm";\r
+ private static final String SWM = "ju_swm";\r
+\r
+ @Test\r
+ public void test() throws APIException, IOException {\r
+ NsDAO nsd = new NsDAO(trans, cluster, AUTHZ);\r
+ try {\r
+ final String nsparent = "com.test";\r
+ final String ns1 = nsparent +".ju_ns";\r
+ final String ns2 = nsparent + ".ju_ns2";\r
+ \r
+ Map<String,String> oAttribs = new HashMap<String,String>();\r
+ oAttribs.put(SWM, "swm_data");\r
+ oAttribs.put(CRM, "crm_data");\r
+ Data data = new NsDAO.Data();\r
+ data.name = ns1;\r
+ data.type = NsType.APP.type;\r
+ data.attrib(true).putAll(oAttribs);\r
+ \r
+\r
+ Result<List<Data>> rdrr;\r
+\r
+ // CREATE\r
+ Result<Data> rdc = nsd.create(trans, data);\r
+ assertTrue(rdc.isOK());\r
+ \r
+ try {\r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new NsDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ compare(data, bdata);\r
+\r
+ // Test READ by Object\r
+ rdrr = nsd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ Data d = rdrr.value.get(0);\r
+ assertEquals(d.name,data.name);\r
+ assertEquals(d.type,data.type);\r
+ attribsEqual(d.attrib(false),data.attrib(false));\r
+ attribsEqual(oAttribs,data.attrib(false));\r
+ \r
+ // Test Read by Key\r
+ rdrr = nsd.read(trans, data.name);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ d = rdrr.value.get(0);\r
+ assertEquals(d.name,data.name);\r
+ assertEquals(d.type,data.type);\r
+ attribsEqual(d.attrib(false),data.attrib(false));\r
+ attribsEqual(oAttribs,data.attrib(false));\r
+ \r
+ // Read NS by Type\r
+ Result<Set<String>> rtypes = nsd.readNsByAttrib(trans, SWM);\r
+ Set<String> types;\r
+ if(rtypes.notOK()) {\r
+ throw new IOException(rtypes.errorString());\r
+ } else {\r
+ types = rtypes.value;\r
+ }\r
+ assertEquals(1,types.size());\r
+ assertEquals(true,types.contains(ns1));\r
+ \r
+ // Add second NS to test list of data returned\r
+ Data data2 = new NsDAO.Data();\r
+ data2.name = ns2;\r
+ data2.type = 3; // app\r
+ Result<Data> rdc2 = nsd.create(trans, data2);\r
+ assertTrue(rdc2.isOK());\r
+ \r
+ // Interrupt - test PARENT\r
+ Result<List<Data>> rdchildren = nsd.getChildren(trans, "com.test");\r
+ assertTrue(rdchildren.isOKhasData());\r
+ boolean child1 = false;\r
+ boolean child2 = false;\r
+ for(Data dchild : rdchildren.value) {\r
+ if(ns1.equals(dchild.name))child1=true;\r
+ if(ns2.equals(dchild.name))child2=true;\r
+ }\r
+ assertTrue(child1);\r
+ assertTrue(child2);\r
+\r
+ // FINISH DATA 2 by deleting\r
+ Result<Void> rddr = nsd.delete(trans, data2, true);\r
+ assertTrue(rddr.isOK());\r
+\r
+ // ADD DESCRIPTION\r
+ String description = "This is my test Namespace";\r
+ assertFalse(description.equalsIgnoreCase(data.description));\r
+ \r
+ Result<Void> addDesc = nsd.addDescription(trans, data.name, description);\r
+ assertTrue(addDesc.isOK());\r
+ rdrr = nsd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ assertEquals(rdrr.value.get(0).description,description);\r
+ \r
+ // UPDATE\r
+ String newDescription = "zz1234 Owns This Namespace Now";\r
+ oAttribs.put("mso", "mso_data");\r
+ data.attrib(true).put("mso", "mso_data");\r
+ data.description = newDescription;\r
+ Result<Void> update = nsd.update(trans, data);\r
+ assertTrue(update.isOK());\r
+ rdrr = nsd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ assertEquals(rdrr.value.get(0).description,newDescription);\r
+ attribsEqual(oAttribs, rdrr.value.get(0).attrib);\r
+ \r
+ \r
+ } catch (IOException e) {\r
+ e.printStackTrace();\r
+ } finally {\r
+ // DELETE\r
+ Result<Void> rddr = nsd.delete(trans, data, true);\r
+ assertTrue(rddr.isOK());\r
+ rdrr = nsd.read(trans, data);\r
+ assertTrue(rdrr.isOK() && rdrr.isEmpty());\r
+ assertEquals(rdrr.value.size(),0);\r
+ }\r
+ } finally {\r
+ nsd.close(trans);\r
+ }\r
+ }\r
+\r
+ private void compare(NsDAO.Data d, NsDAO.Data data) {\r
+ assertEquals(d.name,data.name);\r
+ assertEquals(d.type,data.type);\r
+ attribsEqual(d.attrib(false),data.attrib(false));\r
+ attribsEqual(d.attrib(false),data.attrib(false));\r
+ }\r
+ \r
+ private void attribsEqual(Map<String,String> aa, Map<String,String> ba) {\r
+ assertEquals(aa.size(),ba.size());\r
+ for(Entry<String, String> es : aa.entrySet()) {\r
+ assertEquals(es.getValue(),ba.get(es.getKey()));\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.AfterClass;\r
+import org.junit.Test;\r
+\r
+import com.att.dao.aaf.cass.NsType;\r
+\r
+public class JU_NsType {\r
+\r
+ @AfterClass\r
+ public static void tearDownAfterClass() throws Exception {\r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ NsType nt,nt2;\r
+ String[] tests = new String[] {"DOT","ROOT","COMPANY","APP","STACKED_APP","STACK"};\r
+ for(String s : tests) {\r
+ nt = NsType.valueOf(s);\r
+ assertEquals(s,nt.name());\r
+ \r
+ nt2 = NsType.fromString(s);\r
+ assertEquals(nt,nt2);\r
+ \r
+ int t = nt.type;\r
+ nt2 = NsType.fromType(t);\r
+ assertEquals(nt,nt2);\r
+ }\r
+ \r
+ nt = NsType.fromType(Integer.MIN_VALUE);\r
+ assertEquals(nt,NsType.UNKNOWN);\r
+ nt = NsType.fromString("Garbage");\r
+ assertEquals(nt,NsType.UNKNOWN);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static junit.framework.Assert.assertEquals;\r
+import static junit.framework.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.PermDAO.Data;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * Test the PermissionDAO\r
+ * \r
+ * Utilize AbsJUCass to initialize and pre-load Cass\r
+ * \r
+ *\r
+ */\r
+public class JU_PermDAO extends AbsJUCass{\r
+\r
+ @Test\r
+ public void test() throws APIException, IOException {\r
+ PermDAO pd = new PermDAO(trans,cluster,"authz");\r
+ try {\r
+ PermDAO.Data data = new PermDAO.Data();\r
+ data.ns = "com.test.ju_perm";\r
+ data.type = "MyType";\r
+ data.instance = "MyInstance";\r
+ data.action = "MyAction";\r
+ data.roles(true).add(data.ns + ".dev");\r
+ \r
+\r
+\r
+ // CREATE\r
+ Result<Data> rpdc = pd.create(trans,data);\r
+ assertTrue(rpdc.isOK());\r
+\r
+ Result<List<PermDAO.Data>> rlpd;\r
+ try {\r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new PermDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ compare(data, bdata);\r
+\r
+ // Validate Read with key fields in Data\r
+ if((rlpd = pd.read(trans,data)).isOK())\r
+ for(PermDAO.Data d : rlpd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Validate readByName\r
+ if((rlpd = pd.readByType(trans,data.ns, data.type)).isOK())\r
+ for(PermDAO.Data d : rlpd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Add Role\r
+ RoleDAO.Data role = new RoleDAO.Data();\r
+ role.ns = data.ns;\r
+ role.name = "test";\r
+ \r
+ Result<Void> rvpd = pd.addRole(trans, data, role.fullName());\r
+ assertTrue(rvpd.isOK());\r
+ // Validate Read with key fields in Data\r
+ if((rlpd = pd.read(trans,data)).isOK())\r
+ for(PermDAO.Data d : rlpd.value) {\r
+ checkData2(data,d);\r
+ }\r
+ \r
+ // Remove Role\r
+ rvpd = pd.delRole(trans, data, role.fullName());\r
+ assertTrue(rvpd.isOK());\r
+ if((rlpd = pd.read(trans,data)).isOK())\r
+ for(PermDAO.Data d : rlpd.value) {\r
+ checkData1(data,d);\r
+ }\r
+ \r
+ // Add Child\r
+ Data data2 = new Data();\r
+ data2.ns = data.ns;\r
+ data2.type = data.type + ".2";\r
+ data2.instance = data.instance;\r
+ data2.action = data.action;\r
+ \r
+ rpdc = pd.create(trans, data2);\r
+ assertTrue(rpdc.isOK());\r
+ try {\r
+ rlpd = pd.readChildren(trans, data.ns,data.type);\r
+ assertTrue(rlpd.isOKhasData());\r
+ assertEquals(rlpd.value.size(),1);\r
+ assertEquals(rlpd.value.get(0).fullType(),data2.fullType());\r
+ } finally {\r
+ // Delete Child\r
+ pd.delete(trans, data2,true);\r
+\r
+ }\r
+ } catch (IOException e) {\r
+ e.printStackTrace();\r
+ } finally {\r
+ // DELETE\r
+ Result<Void> rpdd = pd.delete(trans,data,true);\r
+ assertTrue(rpdd.isOK());\r
+ rlpd = pd.read(trans, data);\r
+ assertTrue(rlpd.isOK() && rlpd.isEmpty());\r
+ assertEquals(rlpd.value.size(),0);\r
+ }\r
+ } finally {\r
+ pd.close(trans);\r
+ }\r
+ }\r
+\r
+ private void compare(Data a, Data b) {\r
+ assertEquals(a.ns,b.ns);\r
+ assertEquals(a.type,b.type);\r
+ assertEquals(a.instance,b.instance);\r
+ assertEquals(a.action,b.action);\r
+ assertEquals(a.roles(false).size(),b.roles(false).size());\r
+ for(String s: a.roles(false)) {\r
+ assertTrue(b.roles(false).contains(s));\r
+ }\r
+ }\r
+ private void checkData1(Data data, Data d) {\r
+ assertEquals(data.ns,d.ns);\r
+ assertEquals(data.type,d.type);\r
+ assertEquals(data.instance,d.instance);\r
+ assertEquals(data.action,d.action);\r
+ \r
+ Set<String> ss = d.roles(true);\r
+ assertEquals(1,ss.size());\r
+ assertTrue(ss.contains(data.ns+".dev"));\r
+ }\r
+ \r
+ private void checkData2(Data data, Data d) {\r
+ assertEquals(data.ns,d.ns);\r
+ assertEquals(data.type,d.type);\r
+ assertEquals(data.instance,d.instance);\r
+ assertEquals(data.action,d.action);\r
+ \r
+ Set<String> ss = d.roles(true);\r
+ assertEquals(2,ss.size());\r
+ assertTrue(ss.contains(data.ns+".dev"));\r
+ assertTrue(ss.contains(data.ns+".test"));\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import static junit.framework.Assert.assertEquals;\r
+import static junit.framework.Assert.assertTrue;\r
+\r
+import java.io.IOException;\r
+import java.nio.ByteBuffer;\r
+import java.util.List;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.RoleDAO.Data;\r
+import com.att.inno.env.APIException;\r
+\r
+\r
+public class JU_RoleDAO extends AbsJUCass {\r
+\r
+ @Test\r
+ public void test() throws IOException, APIException {\r
+ RoleDAO rd = new RoleDAO(trans, cluster, AUTHZ);\r
+ try {\r
+ Data data = new RoleDAO.Data();\r
+ data.ns = "com.test.ju_role";\r
+ data.name = "role1";\r
+\r
+// Bytification\r
+ ByteBuffer bb = data.bytify();\r
+ Data bdata = new RoleDAO.Data();\r
+ bdata.reconstitute(bb);\r
+ compare(data, bdata);\r
+\r
+ // CREATE\r
+ Result<Data> rdc = rd.create(trans, data);\r
+ assertTrue(rdc.isOK());\r
+ Result<List<Data>> rdrr;\r
+ try {\r
+ // READ\r
+ rdrr = rd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ Data d = rdrr.value.get(0);\r
+ assertEquals(d.perms.size(),0);\r
+ assertEquals(d.name,data.name);\r
+ assertEquals(d.ns,data.ns);\r
+\r
+ PermDAO.Data perm = new PermDAO.Data();\r
+ perm.ns = data.ns;\r
+ perm.type = "Perm";\r
+ perm.instance = "perm1";\r
+ perm.action = "write";\r
+ \r
+ // ADD Perm\r
+ Result<Void> rdar = rd.addPerm(trans, data, perm);\r
+ assertTrue(rdar.isOK());\r
+ rdrr = rd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ assertEquals(rdrr.value.get(0).perms.size(),1);\r
+ assertTrue(rdrr.value.get(0).perms.contains(perm.encode()));\r
+ \r
+ // DEL Perm\r
+ rdar = rd.delPerm(trans, data,perm);\r
+ assertTrue(rdar.isOK());\r
+ rdrr = rd.read(trans, data);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ assertEquals(rdrr.value.get(0).perms.size(),0);\r
+\r
+ // Add Child\r
+ Data data2 = new Data();\r
+ data2.ns = data.ns;\r
+ data2.name = data.name + ".2";\r
+ \r
+ rdc = rd.create(trans, data2);\r
+ assertTrue(rdc.isOK());\r
+ try {\r
+ rdrr = rd.readChildren(trans, data.ns,data.name);\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),1);\r
+ assertEquals(rdrr.value.get(0).name,data.name + ".2");\r
+ \r
+ rdrr = rd.readChildren(trans, data.ns,"*");\r
+ assertTrue(rdrr.isOKhasData());\r
+ assertEquals(rdrr.value.size(),2);\r
+\r
+ } finally {\r
+ // Delete Child\r
+ rd.delete(trans, data2, true);\r
+ }\r
+ \r
+ } finally {\r
+ // DELETE\r
+ Result<Void> rddr = rd.delete(trans, data, true);\r
+ assertTrue(rddr.isOK());\r
+ rdrr = rd.read(trans, data);\r
+ assertTrue(rdrr.isOK() && rdrr.isEmpty());\r
+ assertEquals(rdrr.value.size(),0);\r
+ }\r
+ } finally {\r
+ rd.close(trans);\r
+ }\r
+ }\r
+\r
+ private void compare(Data a, Data b) {\r
+ assertEquals(a.name,b.name);\r
+ assertEquals(a.description, b.description);\r
+ assertEquals(a.ns,b.ns);\r
+ assertEquals(a.perms(false).size(),b.perms(false).size());\r
+ for(String p : a.perms(false)) {\r
+ assertTrue(b.perms(false).contains(p));\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.dao.aaf.test;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.datastax.driver.core.Cluster;\r
+import com.datastax.driver.core.ResultSet;\r
+import com.datastax.driver.core.Row;\r
+import com.datastax.driver.core.Session;\r
+\r
+public class NS_ChildUpdate {\r
+\r
+ public static void main(String[] args) {\r
+ if(args.length < 3 ) {\r
+ System.out.println("usage: NS_ChildUpdate machine mechid (encrypted)passwd");\r
+ } else {\r
+ try {\r
+ AuthzEnv env = new AuthzEnv();\r
+ env.setLog4JNames("log.properties","authz","authz","audit","init","trace");\r
+ \r
+ Cluster cluster = Cluster.builder()\r
+ .addContactPoint(args[0])\r
+ .withCredentials(args[1],env.decrypt(args[2], false))\r
+ .build();\r
+ \r
+ Session session = cluster.connect("authz");\r
+ try {\r
+ ResultSet result = session.execute("SELECT name,parent FROM ns");\r
+ int count = 0;\r
+ for(Row r : result.all()) {\r
+ ++count;\r
+ String name = r.getString(0);\r
+ String parent = r.getString(1);\r
+ if(parent==null) {\r
+ int idx = name.lastIndexOf('.');\r
+ \r
+ parent = idx>0?name.substring(0, idx):".";\r
+ System.out.println("UPDATE " + name + " to " + parent);\r
+ session.execute("UPDATE ns SET parent='" + parent + "' WHERE name='" + name + "';");\r
+ }\r
+ }\r
+ System.out.println("Processed " + count + " records");\r
+ } finally {\r
+ session.close();\r
+ cluster.close();\r
+ }\r
+ } catch (Exception e) {\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+##\r
+## AUTHZ API (authz-service) Properties\r
+##\r
+\r
+cadi_prop_file=com.att.aaf.props;com.att.aaf.common.props\r
+\r
+#cadi_trust_all_x509=true\r
+#cadi_alias=aaf.att\r
+https.protocols=TLSv1.1,TLSv1.2\r
+\r
+cm_url=https://XXX:8150\r
+\r
+basic_realm=localized\r
+basic_warn=false\r
+localhost_deny=false\r
+\r
+cass_group_name=com.att.aaf\r
+cass_cluster_name=mithrilcsp.sbc.com\r
+aaf_default_realm=com.att.csp\r
+\r
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE\r
+aaf_id=???\r
+aaf_password=enc:XXX\r
+\r
+aaf_user_expires=3000\r
+aaf_clean_interval=4000\r
+\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-certman</artifactId>\r
+ <name>AAF Certification Managmenent</name>\r
+ <description>Certificate Manager API</description>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+\r
+ <properties>\r
+ <project.swmVersion>45</project.swmVersion>\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-cass</artifactId>\r
+ </dependency>\r
+\r
+ <!-- <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-att</artifactId>\r
+ </dependency> -->\r
+ \r
+ <dependency> \r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.google.code.jscep</groupId>\r
+ <artifactId>jscep</artifactId>\r
+ <version>2.4.0</version>\r
+ </dependency>\r
+ <!-- TESTING -->\r
+ <dependency>\r
+ <groupId>org.slf4j</groupId>\r
+ <artifactId>slf4j-log4j12</artifactId>\r
+ </dependency>\r
+ </dependencies>\r
+ \r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-jar-plugin</artifactId>\r
+ <configuration>\r
+ <includes>\r
+ <include>**/*.class</include>\r
+ </includes>\r
+ </configuration>\r
+ <version>2.3.1</version>\r
+ </plugin>\r
+ \r
+ <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <configuration>\r
+ <skip>true</skip>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins/>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+ <distributionManagement>\r
+ <snapshotRepository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>\r
+ </snapshotRepository>\r
+ <repository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>\r
+ </repository>\r
+ </distributionManagement>\r
+ \r
+ <scm>\r
+ <connection>https://github.com/att/AAF.git</connection>\r
+ <developerConnection>${project.scm.connection}</developerConnection>\r
+ <url>http://github.com/att/AAF/tree/master</url>\r
+ </scm>\r
+</project>\r
--- /dev/null
+##
+## AUTHZ Certman (authz-certman) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.certman/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_CERTMAN_PORT_RANGE_
+
+# Turn on both AAF TAF & LUR 2.0
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+
+
+
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}\r
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+\r
+log4j.appender.CM=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.CM.File=_LOG_DIR_/${LOG4J_FILENAME_cm}\r
+log4j.appender.CM.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.CM.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.CM.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.CM.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.CM.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n\r
+\r
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}\r
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.AUDIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.AUDIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=INFO,CM\r
+log4j.logger.org.apache=WARN,INIT\r
+log4j.logger.dme2=WARN,INIT\r
+log4j.logger.init=INFO,INIT\r
+log4j.logger.authz=_LOG4J_LEVEL_,CM\r
+log4j.logger.audit=INFO,AUDIT\r
+log4j.category.org.jscep=INFO\r
+\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">\r
+ <ns2:ManagedResource>\r
+ <ResourceDescriptor>\r
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>\r
+ <ResourceVersion>\r
+ <Major>_MAJOR_VER_</Major>\r
+ <Minor>_MINOR_VER_</Minor>\r
+ <Patch>_PATCH_VER_</Patch> \r
+ </ResourceVersion>\r
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>\r
+ </ResourceDescriptor>\r
+ <ResourceType>Java</ResourceType>\r
+ <ResourcePath>com.att.authz.cm.service.CertManAPI</ResourcePath>\r
+ <ResourceProps>\r
+ <Tag>process.workdir</Tag>\r
+ <Value>_ROOT_DIR_</Value>\r
+ </ResourceProps> \r
+ <ResourceProps>\r
+ <Tag>jvm.version</Tag>\r
+ <Value>1.8</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.args</Tag>\r
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.classpath</Tag>\r
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.min</Tag>\r
+ <Value>1024m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.max</Tag>\r
+ <Value>2048m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>start.class</Tag>\r
+ <Value>com.att.authz.cm.service.CertManAPI</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stdout.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stderr.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>\r
+ </ResourceProps>\r
+ <ResourceOSID>aft</ResourceOSID>\r
+ <ResourceStartType>AUTO</ResourceStartType>\r
+ <ResourceStartPriority>2</ResourceStartPriority>\r
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>\r
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount> \r
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>\r
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>\r
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>\r
+ </ns2:ManagedResource>\r
+</ns2:ManagedResourceList>\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.api;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.cm.mapper.Mapper.API;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.cm.service.Code;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cssa.rserv.HttpMethods;\r
+\r
+/**\r
+ * API Deployment Artifact Apis.. using Redirect for mechanism\r
+ * \r
+ *\r
+ */\r
+public class API_Artifact {\r
+ private static final String GET_ARTIFACTS = "Get Artifacts";\r
+\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param cmAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final CertManAPI cmAPI) throws Exception {\r
+ cmAPI.route(HttpMethods.POST, "/cert/artifacts", API.ARTIFACTS, new Code(cmAPI,"Create Artifacts") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.createArtifacts(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ cmAPI.route(HttpMethods.GET, "/cert/artifacts/:mechid/:machine", API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.readArtifacts(trans, resp, pathParam(req,":mechid"), pathParam(req,":machine"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ cmAPI.route(HttpMethods.GET, "/cert/artifacts", API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.readArtifacts(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ cmAPI.route(HttpMethods.PUT, "/cert/artifacts", API.ARTIFACTS, new Code(cmAPI,"Update Artifacts") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.updateArtifacts(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ cmAPI.route(HttpMethods.DELETE, "/cert/artifacts/:mechid/:machine", API.VOID, new Code(cmAPI,"Delete Artifacts") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteArtifacts(trans, resp, \r
+ pathParam(req, ":mechid"), pathParam(req,":machine"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+\r
+ cmAPI.route(HttpMethods.DELETE, "/cert/artifacts", API.VOID, new Code(cmAPI,"Delete Artifacts") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteArtifacts(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.api;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.mapper.Mapper.API;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.cm.service.Code;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TransStore;\r
+\r
+/**\r
+ * API Apis.. using Redirect for mechanism\r
+ * \r
+ *\r
+ */\r
+public class API_Cert {\r
+ public static final String CERT_AUTH = "CertAuthority";\r
+ private static Slot sCertAuth;\r
+\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param cmAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final CertManAPI cmAPI) throws Exception {\r
+ // Check for Created Certificate Authorities in TRANS\r
+ sCertAuth = ((TransStore) cmAPI.env).slot(CERT_AUTH);\r
+ \r
+ ////////\r
+ // Overall APIs\r
+ ///////\r
+ cmAPI.route(HttpMethods.PUT,"/cert/:ca",API.CERT_REQ,new Code(cmAPI,"Request Certificate") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String key = pathParam(req, ":ca");\r
+ CA ca;\r
+ if((ca = cmAPI.getCA(key))==null) {\r
+ context.error(trans,resp,Result.ERR_BadData,"CA %s is not supported",key);\r
+ } else {\r
+ trans.put(sCertAuth, ca);\r
+ \r
+ Result<Void> r = context.requestCert(trans, req, resp, req.getParameter("withTrust")!=null);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * \r
+ */\r
+ cmAPI.route(HttpMethods.GET, "/cert/may/:perm", API.VOID, new Code(cmAPI,"Check Permission") {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.check(trans, resp, pathParam(req,"perm"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ trans.checkpoint(r.errorString());\r
+ context.error(trans,resp,Result.err(Result.ERR_Denied,"%s does not have Permission.",trans.user()));\r
+ }\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.ca;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.net.Authenticator;\r
+import java.net.MalformedURLException;\r
+import java.net.PasswordAuthentication;\r
+import java.net.URL;\r
+import java.security.cert.CertStore;\r
+import java.security.cert.CertStoreException;\r
+import java.security.cert.Certificate;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
+import java.util.Collection;\r
+import java.util.Date;\r
+import java.util.Iterator;\r
+import java.util.List;\r
+\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
+import org.jscep.client.Client;\r
+import org.jscep.client.ClientException;\r
+import org.jscep.client.EnrollmentResponse;\r
+import org.jscep.client.verification.CertificateVerifier;\r
+import org.jscep.transaction.TransactionException;\r
+\r
+import com.att.authz.cm.cert.BCFactory;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.authz.cm.cert.StandardFields;\r
+import com.att.authz.common.Define;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.cadi.config.Config;\r
+import com.att.cadi.routing.GreatCircle;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+import com.att.inno.env.util.Split;\r
+\r
+public class AppCA extends CA {\r
+ public static final String CA_PERM_TYPE = Define.ROOT_NS+".ca"; // Permission Type for validation\r
+ private static final String AAF_DATA_DIR = "aaf_data_dir";\r
+ private static final String CA_PREFIX = "http://";\r
+ private static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll";\r
+\r
+ private final static String MS_PROFILE="1";\r
+ private static final String CM_TRUST_CAS = "cm_trust_cas";\r
+ private Clients clients;\r
+\r
+ private static class AAFStdFields implements StandardFields {\r
+ private final String env;\r
+ public AAFStdFields(Trans trans) throws CertException {\r
+ env = trans.getProperty(Config.AAF_ENV);\r
+ if(env==null) {\r
+ throw new CertException(Config.AAF_ENV + " must be set to create Certificates");\r
+ }\r
+ }\r
+ @Override\r
+ public void set(CSRMeta csr) {\r
+ // Environment\r
+ csr.environment(env);\r
+ // Standard Fields\r
+ csr.o("ATT Services,Inc.");\r
+ csr.l("St Louis");\r
+ csr.st("Missouri");\r
+ csr.c("US");\r
+ }\r
+ }\r
+\r
+ public AppCA(final Trans trans, final String name, final String urlstr, final String id, final String pw) throws IOException, CertificateException, CertException {\r
+ super(name,new AAFStdFields(trans), CA_PERM_TYPE);\r
+ \r
+ clients = new Clients(trans,urlstr);\r
+ \r
+ \r
+ // Set this for NTLM password Microsoft\r
+ Authenticator.setDefault(new Authenticator() {\r
+ public PasswordAuthentication getPasswordAuthentication () {\r
+ return new PasswordAuthentication (\r
+ id,\r
+ trans.decryptor().decrypt(pw).toCharArray());\r
+ }\r
+ });\r
+\r
+\r
+\r
+ try {\r
+ StringBuilder sb = new StringBuilder("CA Reported Trusted Certificates");\r
+ List<X509Certificate> trustCerts = new ArrayList<X509Certificate>();\r
+ for(Client client : clients) {\r
+ CertStore cs = client.getCaCertificate(MS_PROFILE);\r
+ \r
+ Collection<? extends Certificate> cc = cs.getCertificates(null);\r
+ for(Certificate c : cc) {\r
+ X509Certificate xc = (X509Certificate)c;\r
+ // Avoid duplicate Certificates from multiple servers\r
+ X509Certificate match = null;\r
+ for(X509Certificate t : trustCerts) {\r
+ if(t.getSerialNumber().equals(xc.getSerialNumber())) {\r
+ match = xc;\r
+ break;\r
+ }\r
+ }\r
+ if(match==null && xc.getSubjectDN().getName().startsWith("CN=ATT ")) {\r
+ sb.append("\n\t");\r
+ sb.append(xc.getSubjectDN());\r
+ sb.append("\n\t\tSerial Number: ");\r
+ String bi = xc.getSerialNumber().toString(16);\r
+ for(int i=0;i<bi.length();++i) {\r
+ if(i>1 && i%2==0) {\r
+ sb.append(':');\r
+ }\r
+ sb.append(bi.charAt(i));\r
+ }\r
+ sb.append("\n\t\tIssuer: ");\r
+ sb.append(xc.getIssuerDN());\r
+ sb.append("\n\t\tNot Before: ");\r
+ sb.append(xc.getNotBefore());\r
+ sb.append("\n\t\tNot After: ");\r
+ sb.append(xc.getNotAfter());\r
+ sb.append("\n\t\tSigAlgorithm: ");\r
+ sb.append(xc.getSigAlgName());\r
+ sb.append("\n\t\tType: ");\r
+ sb.append(xc.getType());\r
+ sb.append("\n\t\tVersion: ");\r
+ sb.append(xc.getVersion());\r
+\r
+ trustCerts.add(xc);\r
+ }\r
+ }\r
+ }\r
+ trans.init().log(sb);\r
+ // Add Additional ones from Property\r
+ String data_dir = trans.getProperty(AAF_DATA_DIR);\r
+ if(data_dir!=null) {\r
+ File data = new File(data_dir);\r
+ if(data.exists()) {\r
+ String trust_cas = trans.getProperty(CM_TRUST_CAS);\r
+ byte[] bytes;\r
+ if(trust_cas!=null) {\r
+ for(String fname : Split.split(';', trust_cas)) {\r
+ File crt = new File(data,fname);\r
+ if(crt.exists()) {\r
+ bytes = Factory.decode(crt);\r
+ try {\r
+ Collection<? extends Certificate> cc = Factory.toX509Certificate(bytes);\r
+ for(Certificate c : cc) {\r
+ trustCerts.add((X509Certificate)c);\r
+ }\r
+ } catch (CertificateException e) {\r
+ throw new CertException(e);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ String[] trustChain = new String[trustCerts.size()];\r
+ int i=-1;\r
+ for( Certificate cert : trustCerts) {\r
+ trustChain[++i]=BCFactory.toString(trans,cert);\r
+ }\r
+ \r
+ setTrustChain(trustChain);\r
+ } catch (ClientException | CertStoreException e) {\r
+ // Note: Cannot validly start without all Clients, because we need to read all Issuing Certificates\r
+ // This is acceptable risk for most things, as we're not real time in general\r
+ throw new CertException(e);\r
+ }\r
+ }\r
+\r
+\r
+ @Override\r
+ public X509Certificate sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {\r
+ TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB);\r
+ PKCS10CertificationRequest csr;\r
+ try {\r
+ csr = csrmeta.generateCSR(trans);\r
+ if(trans.info().isLoggable()) {\r
+ trans.info().log(BCFactory.toString(trans, csr));\r
+ } \r
+ if(trans.info().isLoggable()) {\r
+ trans.info().log(csr);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ tt = trans.start("Enroll CSR", Env.SUB);\r
+ Client client = null;\r
+ try {\r
+ client = clients.best();\r
+ EnrollmentResponse er = client.enrol(\r
+ csrmeta.initialConversationCert(trans),\r
+ csrmeta.keypair(trans).getPrivate(),\r
+ csr,\r
+ MS_PROFILE /* profile... MS can't deal with blanks*/);\r
+ while(true) {\r
+ if(er.isSuccess()) {\r
+ for( Certificate cert : er.getCertStore().getCertificates(null)) {\r
+ return (X509Certificate)cert;\r
+ }\r
+ break;\r
+ } else if (er.isPending()) {\r
+ trans.checkpoint("Polling, waiting on CA to complete");\r
+ Thread.sleep(3000);\r
+ } else if (er.isFailure()) {\r
+ throw new CertException(er.getFailInfo().toString());\r
+ }\r
+ }\r
+ } catch (ClientException e) {\r
+ trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client");\r
+ if(client!=null) {\r
+ clients.invalidate(client);\r
+ }\r
+ } catch (InterruptedException|TransactionException|CertificateException|OperatorCreationException | CertStoreException e) {\r
+ trans.error().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ return null;\r
+ }\r
+\r
+\r
+ private class Clients implements Iterable<Client>{\r
+ /**\r
+ * CSO Servers are in Dallas and St Louis\r
+ * GEO_LOCATION LATITUDE LONGITUDE ZIPCODE TIMEZONE\r
+ * ------------ -------- --------- ------- --------\r
+ * DLLSTXCF 32.779295 -96.800014 75202 America/Chicago\r
+ * STLSMORC 38.627345 -90.193774 63101 America/Chicago\r
+ * \r
+ * The online production issuing CA servers are:\r
+ * AAF - CADI Issuing CA 01 135.41.45.152 MOSTLS1AAFXXA02\r
+ * AAF - CADI Issuing CA 02 135.31.72.154 TXDLLS2AAFXXA02\r
+ */\r
+ \r
+ private final Client[] client;\r
+ private final Date[] failure;\r
+ private int preferred;\r
+\r
+ public Clients(Trans trans, String urlstr) throws MalformedURLException { \r
+ String[] urlstrs = Split.split(',', urlstr);\r
+ client = new Client[urlstrs.length];\r
+ failure = new Date[urlstrs.length];\r
+ double distance = Double.MAX_VALUE;\r
+ String localLat = trans.getProperty("AFT_LATITUDE","39.833333"); //Note: Defaulting to GEO center of US\r
+ String localLong = trans.getProperty("AFT_LONGITUDE","-98.583333");\r
+ for(int i=0;i<urlstrs.length;++i) {\r
+ String[] info = Split.split('/', urlstrs[i]);\r
+ if(info.length<3) {\r
+ throw new MalformedURLException("Configuration needs LAT and LONG, i.e. ip:port/lat/long");\r
+ }\r
+ client[i] = new Client(new URL(CA_PREFIX + info[0] + CA_POSTFIX), \r
+ new CertificateVerifier() {\r
+ @Override\r
+ public boolean verify(X509Certificate cert) {\r
+ return true;\r
+ }\r
+ }\r
+ );\r
+ double d = GreatCircle.calc(info[1],info[2],localLat,localLong);\r
+ if(d<distance) {\r
+ preferred = i;\r
+ distance=d;\r
+ }\r
+ }\r
+ trans.init().printf("Preferred Certificate Authority is %s",urlstrs[preferred]);\r
+ for(int i=0;i<urlstrs.length;++i) {\r
+ if(i!=preferred) {\r
+ trans.init().printf("Alternate Certificate Authority is %s",urlstrs[i]);\r
+ }\r
+ }\r
+ }\r
+ private Client best() throws ClientException {\r
+ if(failure[preferred]==null) {\r
+ return client[preferred];\r
+ } else {\r
+ Client c=null;\r
+ // See if Alternate available\r
+ for(int i=0;i<failure.length;++i) {\r
+ if(failure[i]==null) {\r
+ c=client[i];\r
+ }\r
+ }\r
+ \r
+ // If not, see if any expirations can be cleared\r
+ Date now = new Date();\r
+ for(int i=0;i<failure.length;++i) {\r
+ if(now.after(failure[i])) {\r
+ failure[i]=null;\r
+ if(c==null) {\r
+ c=client[i];\r
+ }\r
+ }\r
+ }\r
+ \r
+ // if still nothing found, then throw.\r
+ if(c==null) {\r
+ throw new ClientException("No available machines to call");\r
+ } \r
+ return c;\r
+ }\r
+ }\r
+ \r
+ public void invalidate(Client clt) {\r
+ for(int i=0;i<client.length;++i) {\r
+ if(client[i].equals(clt)) {\r
+ failure[i]=new Date(System.currentTimeMillis()+180000 /* 3 mins */);\r
+ }\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Iterator<Client> iterator() {\r
+ return new Iterator<Client>() {\r
+ private int iter = 0;\r
+ @Override\r
+ public boolean hasNext() {\r
+ return iter < Clients.this.client.length;\r
+ }\r
+\r
+ @Override\r
+ public Client next() {\r
+ return Clients.this.client[iter++];\r
+ }\r
+ \r
+ };\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.ca;\r
+\r
+import java.io.IOException;\r
+import java.security.MessageDigest;\r
+import java.security.cert.X509Certificate;\r
+\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.authz.cm.cert.StandardFields;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.inno.env.Trans;\r
+\r
+public abstract class CA {\r
+ private final String name;\r
+ private String[] trustChain;\r
+ private final StandardFields stdFields;\r
+ private MessageDigest messageDigest;\r
+ private final String permType;\r
+ \r
+ protected CA(String name, StandardFields sf, String permType) {\r
+ this.name = name;\r
+ stdFields = sf;\r
+ this.permType = permType;\r
+ }\r
+\r
+ /* \r
+ * NOTE: These two functions must be called in Protected Constructors during their Construction.\r
+ */\r
+ protected void setTrustChain(String[] trustChain) {\r
+ this.trustChain = trustChain;\r
+ }\r
+\r
+ protected void setMessageDigest(MessageDigest md) {\r
+ messageDigest = md;\r
+ }\r
+\r
+ /*\r
+ * End Required Constructor calls\r
+ */\r
+\r
+ public String getName() {\r
+ return name;\r
+ }\r
+\r
+ public String[] getTrustChain() {\r
+ return trustChain;\r
+ }\r
+ \r
+ public String getPermType() {\r
+ return permType;\r
+ }\r
+ \r
+ public StandardFields stdFields() {\r
+ return stdFields;\r
+ }\r
+ \r
+ public abstract X509Certificate sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException;\r
+\r
+ public MessageDigest messageDigest() {\r
+ return messageDigest;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.ca;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.security.GeneralSecurityException;\r
+import java.security.KeyFactory;\r
+import java.security.cert.Certificate;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+import java.security.interfaces.RSAPrivateKey;\r
+import java.security.spec.PKCS8EncodedKeySpec;\r
+import java.util.ArrayList;\r
+import java.util.Collection;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.List;\r
+import java.security.SecureRandom;\r
+\r
+import org.bouncycastle.asn1.ASN1Sequence;\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.asn1.x500.X500NameBuilder;\r
+import org.bouncycastle.asn1.x500.style.BCStyle;\r
+import org.bouncycastle.asn1.x509.BasicConstraints;\r
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;\r
+import org.bouncycastle.asn1.x509.Extension;\r
+import org.bouncycastle.asn1.x509.GeneralName;\r
+import org.bouncycastle.asn1.x509.GeneralNames;\r
+import org.bouncycastle.asn1.x509.KeyPurposeId;\r
+import org.bouncycastle.asn1.x509.KeyUsage;\r
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
+import org.bouncycastle.cert.X509v3CertificateBuilder;\r
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+\r
+import com.att.authz.cm.cert.BCFactory;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.authz.cm.cert.StandardFields;\r
+import com.att.authz.common.Define;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+public class DevlCA extends CA {\r
+ \r
+ // Extensions\r
+ private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {\r
+ KeyPurposeId.id_kp_serverAuth, // WebServer\r
+ KeyPurposeId.id_kp_clientAuth};// WebClient\r
+ \r
+ private X509Certificate caCert;\r
+ private final RSAPrivateKey caKey;\r
+ private final X500Name issuer;\r
+ private final SecureRandom random = new SecureRandom();\r
+ private byte[] serialish = new byte[24];\r
+\r
+ public DevlCA(Trans trans, String name, String dirString) throws IOException, CertException {\r
+ super(name, new StandardFields() {\r
+ @Override\r
+ public void set(CSRMeta csr) {\r
+ // Standard Fields\r
+ csr.o("ATT Services, Inc.");\r
+ csr.l("St Louis");\r
+ csr.st("Missouri");\r
+ csr.c("US");\r
+ }\r
+ }, Define.ROOT_NS+".ca" // Permission Type for validation\r
+ );\r
+ File dir = new File(dirString);\r
+ if(!dir.exists()) {\r
+ throw new CertException(dirString + " does not exist");\r
+ }\r
+ \r
+ File ca = new File(dir,"ca.crt");\r
+ if(ca.exists()) {\r
+ byte[] bytes = Factory.decode(ca);\r
+ Collection<? extends Certificate> certs;\r
+ try {\r
+ certs = Factory.toX509Certificate(bytes);\r
+ } catch (CertificateException e) {\r
+ throw new CertException(e);\r
+ }\r
+ List<String> lTrust = new ArrayList<String>();\r
+ caCert=null;\r
+ for(Certificate c : certs) {\r
+ if(caCert==null) {\r
+ caCert = (X509Certificate)c;\r
+ } else {\r
+ lTrust.add(Factory.toString(trans,c));\r
+ }\r
+ break;\r
+ }\r
+ }\r
+ \r
+ this.setTrustChain(new String[]{Factory.toString(trans,caCert)});\r
+ \r
+ /*\r
+ * Private key needs to be converted to "DER" format, with no password. \r
+ * Use chmod 400 on key\r
+ * \r
+ * openssl pkcs8 -topk8 -outform DER -nocrypt -in ca.key -out ca.der\r
+ *\r
+ */\r
+ ca = new File(dir,"ca.der");\r
+ if(ca.exists()) {\r
+ byte[] bytes = Factory.binary(ca);\r
+ \r
+// EncryptedPrivateKeyInfo ekey=new EncryptedPrivateKeyInfo(bytes);\r
+// Cipher cip=Cipher.getInstance(ekey.getAlgName());\r
+// PBEKeySpec pspec=new PBEKeySpec("password".toCharArray());\r
+// SecretKeyFactory skfac=SecretKeyFactory.getInstance(ekey.getAlgName());\r
+// Key pbeKey=skfac.generateSecret(pspec);\r
+// AlgorithmParameters algParams=ekey.getAlgParameters();\r
+// cip.init(Cipher.DECRYPT_MODE,pbeKey,algParams);\r
+ \r
+ KeyFactory keyFactory;\r
+ try {\r
+ keyFactory = KeyFactory.getInstance("RSA");\r
+ PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(bytes);\r
+ \r
+ caKey = (RSAPrivateKey) keyFactory.generatePrivate(privSpec);\r
+ } catch (GeneralSecurityException e) {\r
+ throw new CertException(e);\r
+ }\r
+ \r
+ X500NameBuilder xnb = new X500NameBuilder();\r
+ xnb.addRDN(BCStyle.C,"US");\r
+ xnb.addRDN(BCStyle.ST,"Missouri");\r
+ xnb.addRDN(BCStyle.L,"Arnold");\r
+ xnb.addRDN(BCStyle.O,"ATT Services, Inc.");\r
+ xnb.addRDN(BCStyle.OU,"AAF");\r
+ xnb.addRDN(BCStyle.CN,"aaf.att.com");\r
+ xnb.addRDN(BCStyle.EmailAddress,"DL-aaf-support@att.com");\r
+ issuer = xnb.build();\r
+ } else {\r
+ throw new CertException(ca.getPath() + " does not exist");\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.cm.service.CA#sign(org.bouncycastle.pkcs.PKCS10CertificationRequest)\r
+ */\r
+ @Override\r
+ public X509Certificate sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {\r
+ GregorianCalendar gc = new GregorianCalendar();\r
+ Date start = gc.getTime();\r
+ gc.add(GregorianCalendar.DAY_OF_MONTH, 1);\r
+ Date end = gc.getTime();\r
+ X509Certificate x509;\r
+ TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);\r
+ try {\r
+ BigInteger bi;\r
+ synchronized(serialish) {\r
+ random.nextBytes(serialish);\r
+ bi = new BigInteger(serialish);\r
+ }\r
+ \r
+ X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(\r
+ issuer,\r
+ bi, // replace with Serialnumber scheme\r
+ start,\r
+ end,\r
+ csrmeta.x500Name(),\r
+// SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)\r
+ new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))\r
+ );\r
+ List<GeneralName> lsan = new ArrayList<GeneralName>();\r
+ for(String s : csrmeta.sans()) {\r
+ lsan.add(new GeneralName(GeneralName.dNSName,s));\r
+ }\r
+ GeneralName[] sans = new GeneralName[lsan.size()];\r
+ lsan.toArray(sans);\r
+\r
+ JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();\r
+ xcb .addExtension(Extension.basicConstraints,\r
+ false, new BasicConstraints(false))\r
+ .addExtension(Extension.keyUsage,\r
+ true, new KeyUsage(KeyUsage.digitalSignature\r
+ | KeyUsage.keyEncipherment))\r
+ .addExtension(Extension.extendedKeyUsage,\r
+ true, new ExtendedKeyUsage(ASN_WebUsage))\r
+\r
+ .addExtension(Extension.authorityKeyIdentifier,\r
+ false, extUtils.createAuthorityKeyIdentifier(caCert))\r
+ .addExtension(Extension.subjectKeyIdentifier,\r
+ false, extUtils.createSubjectKeyIdentifier(caCert.getPublicKey()))\r
+ .addExtension(Extension.subjectAlternativeName,\r
+ false, new GeneralNames(sans))\r
+ ;\r
+ \r
+ x509 = new JcaX509CertificateConverter().getCertificate(\r
+ xcb.build(BCFactory.contentSigner(caKey)));\r
+ } catch (GeneralSecurityException|OperatorCreationException e) {\r
+ throw new CertException(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return x509;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.cert;\r
+\r
+import java.io.File;\r
+import java.io.FileReader;\r
+import java.io.IOException;\r
+import java.lang.reflect.Field;\r
+import java.security.InvalidKeyException;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.security.PrivateKey;\r
+import java.security.SignatureException;\r
+import java.util.List;\r
+\r
+import org.bouncycastle.asn1.ASN1Object;\r
+import org.bouncycastle.operator.ContentSigner;\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
+\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.validation.Validator;\r
+import com.att.cadi.Symm;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+/**\r
+ * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory\r
+ * utilizes only Java abstractions, and is useful in Client code.\r
+ * \r
+\r
+ *\r
+ */\r
+public class BCFactory extends Factory {\r
+ private static final JcaContentSignerBuilder jcsb;\r
+\r
+\r
+ static {\r
+ // Bouncy\r
+ jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO);\r
+ }\r
+ \r
+ public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException {\r
+ return jcsb.build(pk);\r
+ }\r
+ \r
+ public static String toString(Trans trans, PKCS10CertificationRequest csr) throws IOException, CertException {\r
+ TimeTaken tt = trans.start("CSR to String", Env.SUB);\r
+ try {\r
+ if(csr==null) {\r
+ throw new CertException("x509 Certificate Request not built");\r
+ }\r
+ return textBuilder("CERTIFICATE REQUEST",csr.getEncoded());\r
+ }finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException {\r
+ TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB);\r
+ try {\r
+ FileReader fr = new FileReader(file);\r
+ return new PKCS10CertificationRequest(decode(strip(fr)));\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {\r
+ TimeTaken tt = trans.start("Encode Security Object", Env.SUB);\r
+ try {\r
+ return sign(trans,toSign.getEncoded(),pk);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static CSRMeta createCSRMeta(CA ca,final String args[]) throws IllegalArgumentException, IllegalAccessException, CertException {\r
+ CSRMeta csr = new CSRMeta();\r
+ ca.stdFields().set(csr);\r
+ //TODO should we checkDigest?\r
+// digest = ca.messageDigest();\r
+\r
+ Field[] fld = CSRMeta.class.getDeclaredFields();\r
+ for(int i=0;i+1<args.length;++i) {\r
+ if(args[i].charAt(0)=='-') {\r
+ for(int j=0;j<fld.length;++j) {\r
+ if(fld[j].getType().equals(String.class) && args[i].substring(1).equals(fld[j].getName())) {\r
+ fld[j].set(csr,args[++i]);\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ String errs = validate(csr);\r
+ if(errs!=null) {\r
+ throw new CertException(errs);\r
+ }\r
+ return csr;\r
+ }\r
+ \r
+ \r
+ public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException {\r
+ CSRMeta csr = new CSRMeta();\r
+ boolean first = true;\r
+ // Set CN (and SAN)\r
+ for(String fqdn : fqdns) {\r
+ if(first) {\r
+ first = false;\r
+ csr.cn(fqdn);\r
+ } else {\r
+ csr.san(fqdn);\r
+ }\r
+ }\r
+ \r
+ csr.challenge(new String(Symm.randomGen(24)));\r
+ ca.stdFields().set(csr);\r
+ csr.mechID(mechid);\r
+ csr.email(sponsorEmail);\r
+ String errs = validate(csr);\r
+ if(errs!=null) {\r
+ throw new CertException(errs);\r
+ }\r
+ return csr;\r
+ }\r
+\r
+ private static String validate(CSRMeta csr) {\r
+ Validator v = new Validator();\r
+ if(v.nullOrBlank("cn", csr.cn())\r
+ .nullOrBlank("mechID", csr.mechID())\r
+ .nullOrBlank("email", csr.email())\r
+ .nullOrBlank("o",csr.o())\r
+ .nullOrBlank("l",csr.l())\r
+ .nullOrBlank("st",csr.st())\r
+ .nullOrBlank("c",csr.c())\r
+ .err()) {\r
+ return v.errs();\r
+ } else {\r
+ return null;\r
+ }\r
+ }\r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.cert;\r
+\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.security.KeyPair;\r
+import java.security.SecureRandom;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.List;\r
+\r
+import org.bouncycastle.asn1.ASN1Sequence;\r
+import org.bouncycastle.asn1.DERPrintableString;\r
+import org.bouncycastle.asn1.pkcs.Attribute;\r
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.asn1.x500.X500NameBuilder;\r
+import org.bouncycastle.asn1.x500.style.BCStyle;\r
+import org.bouncycastle.asn1.x509.Extension;\r
+import org.bouncycastle.asn1.x509.Extensions;\r
+import org.bouncycastle.asn1.x509.GeneralName;\r
+import org.bouncycastle.asn1.x509.GeneralNames;\r
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
+import org.bouncycastle.cert.X509v3CertificateBuilder;\r
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;\r
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;\r
+\r
+import com.att.cadi.cm.CertException;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.inno.env.Trans;\r
+\r
+public class CSRMeta {\r
+ private String environment;\r
+ private String cn;\r
+ private String mechID;\r
+ private String email;\r
+ private String o;\r
+ private String l;\r
+ private String st;\r
+ private String c;\r
+ private String challenge;\r
+ \r
+ private ArrayList<String> sanList = new ArrayList<String>();\r
+\r
+ private KeyPair keyPair;\r
+ private X500Name name = null;\r
+ private SecureRandom random = new SecureRandom();\r
+\r
+ public X500Name x500Name() throws IOException {\r
+ if(name==null) {\r
+ X500NameBuilder xnb = new X500NameBuilder();\r
+ xnb.addRDN(BCStyle.CN,cn);\r
+ xnb.addRDN(BCStyle.E,email);\r
+ if(environment==null) {\r
+ xnb.addRDN(BCStyle.OU,mechID);\r
+ } else {\r
+ xnb.addRDN(BCStyle.OU,mechID+':'+environment);\r
+ }\r
+ xnb.addRDN(BCStyle.O,o);\r
+ xnb.addRDN(BCStyle.L,l);\r
+ xnb.addRDN(BCStyle.ST,st);\r
+ xnb.addRDN(BCStyle.C,c);\r
+ name = xnb.build();\r
+ }\r
+ return name;\r
+ }\r
+ \r
+ \r
+ public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException {\r
+ PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());\r
+ if(challenge!=null) {\r
+ DERPrintableString password = new DERPrintableString(challenge);\r
+ builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);\r
+ }\r
+ \r
+ if(sanList.size()>0) {\r
+ GeneralName[] gna = new GeneralName[sanList.size()];\r
+ int i=-1;\r
+ for(String s : sanList) {\r
+ gna[++i]=new GeneralName(GeneralName.dNSName,s);\r
+ }\r
+ \r
+ builder.addAttribute(\r
+ PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,\r
+ new Extensions(new Extension[] {\r
+ new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())\r
+ })\r
+ );\r
+ }\r
+// builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))\r
+// .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature\r
+// | KeyUsage.keyEncipherment));\r
+ try {\r
+ return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));\r
+ } catch (OperatorCreationException e) {\r
+ throw new CertException(e);\r
+ }\r
+ }\r
+ \r
+ @SuppressWarnings("deprecation")\r
+ public static void dump(PKCS10CertificationRequest csr) {\r
+ Attribute[] certAttributes = csr.getAttributes();\r
+ for (Attribute attribute : certAttributes) {\r
+ if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {\r
+ Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));\r
+// Extension ext = extensions.getExtension(Extension.subjectAlternativeName);\r
+ GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);\r
+ GeneralName[] names = gns.getNames();\r
+ for(int k=0; k < names.length; k++) {\r
+ String title = "";\r
+ if(names[k].getTagNo() == GeneralName.dNSName) {\r
+ title = "dNSName";\r
+ }\r
+ else if(names[k].getTagNo() == GeneralName.iPAddress) {\r
+ title = "iPAddress";\r
+ // Deprecated, but I don't see anything better to use.\r
+ names[k].toASN1Object();\r
+ }\r
+ else if(names[k].getTagNo() == GeneralName.otherName) {\r
+ title = "otherName";\r
+ }\r
+ System.out.println(title + ": "+ names[k].getName());\r
+ } \r
+ }\r
+ }\r
+ }\r
+ \r
+ public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {\r
+ GregorianCalendar gc = new GregorianCalendar();\r
+ Date start = gc.getTime();\r
+ gc.add(GregorianCalendar.DAY_OF_MONTH,2);\r
+ Date end = gc.getTime();\r
+ X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(\r
+ x500Name(),\r
+ new BigInteger(12,random), // replace with Serialnumber scheme\r
+ start,\r
+ end,\r
+ x500Name(),\r
+// SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)\r
+ new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))\r
+ );\r
+ return new JcaX509CertificateConverter().getCertificate(\r
+ xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));\r
+ }\r
+\r
+ public CSRMeta san(String v) {\r
+ sanList.add(v);\r
+ return this;\r
+ }\r
+\r
+ public List<String> sans() {\r
+ return sanList;\r
+ }\r
+\r
+\r
+ public KeyPair keypair(Trans trans) {\r
+ if(keyPair == null) {\r
+ keyPair = Factory.generateKeyPair(trans);\r
+ }\r
+ return keyPair;\r
+ }\r
+\r
+ /**\r
+ * @return the cn\r
+ */\r
+ public String cn() {\r
+ return cn;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param cn the cn to set\r
+ */\r
+ public void cn(String cn) {\r
+ this.cn = cn;\r
+ }\r
+\r
+ /**\r
+ * Environment of Service MechID is good for\r
+ */\r
+ public void environment(String env) {\r
+ environment = env;\r
+ }\r
+ \r
+ /**\r
+ * \r
+ * @return\r
+ */\r
+ public String environment() {\r
+ return environment;\r
+ }\r
+ \r
+ /**\r
+ * @return the mechID\r
+ */\r
+ public String mechID() {\r
+ return mechID;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param mechID the mechID to set\r
+ */\r
+ public void mechID(String mechID) {\r
+ this.mechID = mechID;\r
+ }\r
+\r
+\r
+ /**\r
+ * @return the email\r
+ */\r
+ public String email() {\r
+ return email;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param email the email to set\r
+ */\r
+ public void email(String email) {\r
+ this.email = email;\r
+ }\r
+\r
+\r
+ /**\r
+ * @return the o\r
+ */\r
+ public String o() {\r
+ return o;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param o the o to set\r
+ */\r
+ public void o(String o) {\r
+ this.o = o;\r
+ }\r
+\r
+ /**\r
+ * \r
+ * @return the l\r
+ */\r
+ public String l() {\r
+ return l;\r
+ }\r
+ \r
+ /**\r
+ * @param l the l to set\r
+ */\r
+ public void l(String l) {\r
+ this.l=l;\r
+ }\r
+\r
+ /**\r
+ * @return the st\r
+ */\r
+ public String st() {\r
+ return st;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param st the st to set\r
+ */\r
+ public void st(String st) {\r
+ this.st = st;\r
+ }\r
+\r
+\r
+ /**\r
+ * @return the c\r
+ */\r
+ public String c() {\r
+ return c;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param c the c to set\r
+ */\r
+ public void c(String c) {\r
+ this.c = c;\r
+ }\r
+\r
+\r
+ /**\r
+ * @return the challenge\r
+ */\r
+ public String challenge() {\r
+ return challenge;\r
+ }\r
+\r
+\r
+ /**\r
+ * @param challenge the challenge to set\r
+ */\r
+ public void challenge(String challenge) {\r
+ this.challenge = challenge;\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.cert;\r
+\r
+import com.att.cadi.cm.CertException;\r
+\r
+public interface StandardFields {\r
+ public void set(CSRMeta csr) throws CertException;\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.data;\r
+\r
+public class CertDrop {\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.data;\r
+\r
+public class CertRenew {\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.data;\r
+\r
+import java.util.List;\r
+\r
+import javax.xml.datatype.XMLGregorianCalendar;\r
+\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.cert.BCFactory;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.cadi.cm.CertException;\r
+\r
+public class CertReq {\r
+ // These cannot be null\r
+ public CA certAuthority;\r
+ public String mechid;\r
+ public List<String> fqdns;\r
+ // Notify\r
+ public List<String> emails;\r
+ \r
+ \r
+ // These may be null\r
+ public String sponsor;\r
+ public XMLGregorianCalendar start, end;\r
+ \r
+ public CSRMeta getCSRMeta() throws CertException {\r
+ return BCFactory.createCSRMeta(certAuthority, mechid, sponsor,fqdns);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.data;\r
+\r
+import java.io.IOException;\r
+import java.security.GeneralSecurityException;\r
+import java.security.KeyPair;\r
+import java.security.cert.X509Certificate;\r
+\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.inno.env.Trans;\r
+\r
+public class CertResp {\r
+ public CertResp(Trans trans, X509Certificate x509, CSRMeta csrMeta, String[] notes) throws IOException, GeneralSecurityException, CertException {\r
+ keyPair = csrMeta.keypair(trans);\r
+ privateKey = Factory.toString(trans, keyPair.getPrivate());\r
+ certString = Factory.toString(trans,x509);\r
+ challenge=csrMeta.challenge();\r
+ this.notes = notes;\r
+ }\r
+ private KeyPair keyPair;\r
+ private String challenge;\r
+ \r
+ private String privateKey, certString;\r
+ private String[] notes;\r
+ \r
+ \r
+ public String asCertString() {\r
+ return certString;\r
+ }\r
+ \r
+ public String privateString() throws IOException {\r
+ return privateKey;\r
+ }\r
+ \r
+ public String challenge() {\r
+ return challenge==null?"":challenge;\r
+ }\r
+ \r
+ public String[] notes() {\r
+ return notes;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.facade;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.cm.mapper.Mapper;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public interface Facade<REQ,CERT,ARTIFACTS,ERROR> {\r
+\r
+///////////////////// STANDARD ELEMENTS //////////////////\r
+ /** \r
+ * @param trans\r
+ * @param response\r
+ * @param result\r
+ */\r
+ void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param response\r
+ * @param status\r
+ */\r
+ void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... detail);\r
+\r
+ /**\r
+ * Permission checker\r
+ *\r
+ * @param trans\r
+ * @param resp\r
+ * @param perm\r
+ * @return\r
+ * @throws IOException \r
+ */\r
+ Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException;\r
+\r
+ /**\r
+ * \r
+ * @return\r
+ */\r
+ public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper();\r
+\r
+///////////////////// STANDARD ELEMENTS //////////////////\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param resp\r
+ * @param rservlet\r
+ * @return\r
+ */\r
+ public abstract Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ public abstract Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ public abstract Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param resp\r
+ * @param mechid\r
+ * @param machine\r
+ * @return\r
+ */\r
+ Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param resp\r
+ * @return\r
+ */\r
+ Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param resp\r
+ * @param mechid\r
+ * @param machine\r
+ * @return\r
+ */\r
+ Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);\r
+\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.facade;\r
+\r
+import com.att.authz.cm.mapper.Mapper;\r
+import com.att.authz.cm.service.CMService;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+import aaf.v2_0.Error;\r
+import certman.v1_0.Artifacts;\r
+import certman.v1_0.BaseRequest;\r
+import certman.v1_0.CertInfo;\r
+\r
+/**\r
+ *\r
+ */\r
+public class Facade1_0 extends FacadeImpl<BaseRequest,CertInfo, Artifacts, Error> {\r
+ public Facade1_0(CertManAPI certman, \r
+ CMService service, \r
+ Mapper<BaseRequest,CertInfo,Artifacts,Error> mapper, \r
+ Data.TYPE type) throws APIException {\r
+ super(certman, service, mapper, type);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.facade;\r
+\r
+import com.att.authz.cm.mapper.Mapper1_0;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.cm.service.CMService;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+\r
+public class FacadeFactory {\r
+ public static Facade1_0 v1_0(CertManAPI certman, AuthzTrans trans, CMService service, Data.TYPE type) throws APIException {\r
+ return new Facade1_0(\r
+ certman,\r
+ service,\r
+ new Mapper1_0(),\r
+ type); \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.facade;\r
+\r
+import static com.att.authz.layer.Result.ERR_ActionNotCompleted;\r
+import static com.att.authz.layer.Result.ERR_BadData;\r
+import static com.att.authz.layer.Result.ERR_ConflictAlreadyExists;\r
+import static com.att.authz.layer.Result.ERR_Denied;\r
+import static com.att.authz.layer.Result.ERR_NotFound;\r
+import static com.att.authz.layer.Result.ERR_NotImplemented;\r
+import static com.att.authz.layer.Result.ERR_Policy;\r
+import static com.att.authz.layer.Result.ERR_Security;\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.cm.api.API_Cert;\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.data.CertResp;\r
+import com.att.authz.cm.mapper.Mapper;\r
+import com.att.authz.cm.mapper.Mapper.API;\r
+import com.att.authz.cm.service.CMService;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.aaf.AAFPermission;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.util.Split;\r
+import com.att.rosetta.env.RosettaDF;\r
+import com.att.rosetta.env.RosettaData;\r
+\r
+/**\r
+ * AuthzFacade\r
+ * \r
+ * This Service Facade encapsulates the essence of the API Service can do, and provides\r
+ * a single created object for elements such as RosettaDF.\r
+ *\r
+ * The Responsibilities of this class are to:\r
+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)\r
+ * 2) Validate incoming data (if applicable)\r
+ * 3) Convert the Service response into the right Format, and mark the Content Type\r
+ * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.\r
+ * 4) Log Service info, warnings and exceptions as necessary\r
+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream\r
+ * \r
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be \r
+ * clearly coordinated with the API Documentation\r
+ * \r
+ *\r
+ */\r
+public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends com.att.authz.layer.FacadeImpl implements Facade<REQ,CERT,ARTIFACTS,ERROR> \r
+ {\r
+ private static final String REQUEST_CERT = "Request New Certificate";\r
+ private static final String RENEW_CERT = "Renew Certificate";\r
+ private static final String DROP_CERT = "Drop Certificate";\r
+ private static final String CREATE_ARTIFACTS = "Create Deployment Artifact";\r
+ private static final String READ_ARTIFACTS = "Read Deployment Artifact";\r
+ private static final String UPDATE_ARTIFACTS = "Update Deployment Artifact";\r
+ private static final String DELETE_ARTIFACTS = "Delete Deployment Artifact";\r
+\r
+ private CMService service;\r
+\r
+ private final RosettaDF<ERROR> errDF;\r
+ private final RosettaDF<REQ> certRequestDF, certRenewDF, certDropDF;\r
+ private final RosettaDF<CERT> certDF;\r
+ private final RosettaDF<ARTIFACTS> artiDF;\r
+ private Mapper<REQ, CERT, ARTIFACTS, ERROR> mapper;\r
+ private Slot sCertAuth;\r
+ private CertManAPI certman;\r
+ private final String voidResp;\r
+\r
+ public FacadeImpl(CertManAPI certman,\r
+ CMService service, \r
+ Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper, \r
+ Data.TYPE dataType) throws APIException {\r
+ this.service = service;\r
+ this.mapper = mapper;\r
+ this.certman = certman;\r
+ AuthzEnv env = certman.env;\r
+ (errDF = env.newDataFactory(mapper.getClass(API.ERROR))).in(dataType).out(dataType);\r
+ (certRequestDF = env.newDataFactory(mapper.getClass(API.CERT_REQ))).in(dataType).out(dataType);\r
+ (certRenewDF = env.newDataFactory(mapper.getClass(API.CERT_RENEW))).in(dataType).out(dataType);\r
+ (certDropDF = env.newDataFactory(mapper.getClass(API.CERT_DROP))).in(dataType).out(dataType);\r
+ (certDF = env.newDataFactory(mapper.getClass(API.CERT))).in(dataType).out(dataType);\r
+ (artiDF = env.newDataFactory(mapper.getClass(API.ARTIFACTS))).in(dataType).out(dataType);\r
+ sCertAuth = env.slot(API_Cert.CERT_AUTH);\r
+ if(artiDF.getOutType().name().contains("xml")) {\r
+ voidResp = "application/Void+xml;charset=utf-8;version=1.0,application/xml;version=1.0,*/*";\r
+ } else {\r
+ voidResp = "application/Void+json;charset=utf-8;version=1.0,application/json;version=1.0,*/*";\r
+ }\r
+ }\r
+ \r
+ public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper() {\r
+ return mapper;\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#error(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)\r
+ * \r
+ * Note: Conforms to AT&T TSS RESTful Error Structure\r
+ */\r
+ @Override\r
+ public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {\r
+ error(trans, response, result.status,\r
+ result.details==null?"":result.details.trim(),\r
+ result.variables==null?new String[0]:result.variables);\r
+ }\r
+ \r
+ @Override\r
+ public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final String ... _detail) {\r
+ String msgId;\r
+ String prefix;\r
+ switch(status) {\r
+ case 202:\r
+ case ERR_ActionNotCompleted:\r
+ msgId = "SVC1202";\r
+ prefix = "Accepted, Action not complete";\r
+ response.setStatus(/*httpstatus=*/202);\r
+ break;\r
+\r
+ case 403:\r
+ case ERR_Policy:\r
+ case ERR_Security:\r
+ case ERR_Denied:\r
+ msgId = "SVC1403";\r
+ prefix = "Forbidden";\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ \r
+ case 404:\r
+ case ERR_NotFound:\r
+ msgId = "SVC1404";\r
+ prefix = "Not Found";\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+\r
+ case 406:\r
+ case ERR_BadData:\r
+ msgId="SVC1406";\r
+ prefix = "Not Acceptable";\r
+ response.setStatus(/*httpstatus=*/406);\r
+ break;\r
+ \r
+ case 409:\r
+ case ERR_ConflictAlreadyExists:\r
+ msgId = "SVC1409";\r
+ prefix = "Conflict Already Exists";\r
+ response.setStatus(/*httpstatus=*/409);\r
+ break;\r
+ \r
+ case 501:\r
+ case ERR_NotImplemented:\r
+ msgId = "SVC1501";\r
+ prefix = "Not Implemented"; \r
+ response.setStatus(/*httpstatus=*/501);\r
+ break;\r
+ \r
+\r
+ default:\r
+ msgId = "SVC1500";\r
+ prefix = "General Service Error";\r
+ response.setStatus(/*httpstatus=*/500);\r
+ break;\r
+ }\r
+\r
+ try {\r
+ StringBuilder holder = new StringBuilder();\r
+ errDF.newData(trans).load(\r
+ mapper().errorFromMessage(holder, msgId,prefix + ": " + _msg,_detail)).to(response.getOutputStream());\r
+ \r
+ holder.append(']');\r
+ trans.checkpoint(\r
+ "ErrResp [" + \r
+ holder,\r
+ Env.ALWAYS);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,"unable to send response for",_msg);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException {\r
+ String[] p = Split.split('|',perm);\r
+ if(p.length!=3) {\r
+ return Result.err(Result.ERR_BadData,"Invalid Perm String");\r
+ }\r
+ AAFPermission ap = new AAFPermission(p[0],p[1],p[2]);\r
+ if(certman.aafLurPerm.fish(trans.getUserPrincipal(), ap)) {\r
+ resp.setContentType(voidResp);\r
+ resp.getOutputStream().write(0);\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(Result.ERR_Denied,"%s does not have %s",trans.user(),ap.getKey());\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.auth.certman.facade.Facade#requestCert(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ @Override\r
+ public Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust) {\r
+ TimeTaken tt = trans.start(REQUEST_CERT, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQ request;\r
+ try {\r
+ Data<REQ> rd = certRequestDF.newData().load(req.getInputStream());\r
+ request = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,REQUEST_CERT);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<CertResp> rcr = service.requestCert(trans,mapper.toReq(trans,request));\r
+ if(rcr.notOK()) {\r
+ return Result.err(rcr);\r
+ }\r
+ \r
+ CA certAuth = trans.get(sCertAuth,null);\r
+ Result<CERT> rc = mapper.toCert(trans, rcr, withTrust?certAuth.getTrustChain():null);\r
+ switch(rc.status) {\r
+ case OK: \r
+ RosettaData<CERT> data = certDF.newData(trans).load(rc.value);\r
+ data.to(resp.getOutputStream());\r
+\r
+ setContentType(resp,certDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rc);\r
+ }\r
+\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,REQUEST_CERT);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust) {\r
+ TimeTaken tt = trans.start(RENEW_CERT, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQ request;\r
+ try {\r
+ Data<REQ> rd = certRenewDF.newData().load(req.getInputStream());\r
+ request = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,RENEW_CERT);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ String certAuth = trans.get(sCertAuth,null);\r
+ Result<CertResp> rcr = service.renewCert(trans,mapper.toRenew(trans,request));\r
+ Result<CERT> rc = mapper.toCert(trans, rcr, certman.getTrustChain(certAuth));\r
+\r
+ switch(rc.status) {\r
+ case OK: \r
+ RosettaData<CERT> data = certDF.newData(trans).load(rc.value);\r
+ data.to(resp.getOutputStream());\r
+\r
+ setContentType(resp,certDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rc);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,RENEW_CERT);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DROP_CERT, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQ request;\r
+ try {\r
+ Data<REQ> rd = certDropDF.newData().load(req.getInputStream());\r
+ request = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,DROP_CERT);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rv = service.dropCert(trans,mapper.toDrop(trans, request));\r
+ switch(rv.status) {\r
+ case OK: \r
+ setContentType(resp,certRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rv);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DROP_CERT);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ ////////////////////////////\r
+ // Artifacts\r
+ ////////////////////////////\r
+ @Override\r
+ public Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(CREATE_ARTIFACTS, Env.SUB);\r
+ try {\r
+ ARTIFACTS arti;\r
+ try {\r
+ Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());\r
+ arti = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_ARTIFACTS);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ return service.createArtifact(trans,mapper.toArtifact(trans,arti));\r
+ } catch (Exception e) {\r
+\r
+ trans.error().log(e,IN,CREATE_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);\r
+ try {\r
+ String mechid = req.getParameter("mechid");\r
+ String machine = req.getParameter("machine");\r
+ \r
+ Result<ARTIFACTS> ra;\r
+ if( machine !=null && mechid == null) {\r
+ ra = mapper.fromArtifacts(service.readArtifactsByMachine(trans, machine));\r
+ } else if(mechid!=null && machine==null) {\r
+ ra = mapper.fromArtifacts(service.readArtifactsByMechID(trans, mechid));\r
+ } else if(mechid!=null && machine!=null) {\r
+ ArtiDAO.Data add = new ArtiDAO.Data();\r
+ add.mechid = mechid;\r
+ add.machine = machine;\r
+ ra = mapper.fromArtifacts(service.readArtifacts(trans,add));\r
+ } else {\r
+ ra = Result.err(Status.ERR_BadData,"Invalid request inputs");\r
+ }\r
+ \r
+ if(ra.isOK()) {\r
+ RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,artiDF.getOutType());\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(ra);\r
+ }\r
+\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,READ_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {\r
+ TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);\r
+ try {\r
+ ArtiDAO.Data add = new ArtiDAO.Data();\r
+ add.mechid = mechid;\r
+ add.machine = machine;\r
+ Result<ARTIFACTS> ra = mapper.fromArtifacts(service.readArtifacts(trans,add));\r
+ if(ra.isOK()) {\r
+ RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,artiDF.getOutType());\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(ra);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,READ_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+\r
+ @Override\r
+ public Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_ARTIFACTS, Env.SUB);\r
+ try {\r
+ ARTIFACTS arti;\r
+ try {\r
+ Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());\r
+ arti = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,UPDATE_ARTIFACTS);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ return service.updateArtifact(trans,mapper.toArtifact(trans,arti));\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);\r
+ try {\r
+ ARTIFACTS arti;\r
+ try {\r
+ Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());\r
+ arti = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,DELETE_ARTIFACTS);\r
+ return Result.err(Result.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rv = service.deleteArtifact(trans,mapper.toArtifact(trans,arti));\r
+ switch(rv.status) {\r
+ case OK: \r
+ setContentType(resp,artiDF.getOutType());\r
+ } \r
+ return rv;\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {\r
+ TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);\r
+ try {\r
+ Result<Void> rv = service.deleteArtifact(trans, mechid, machine);\r
+ switch(rv.status) {\r
+ case OK: \r
+ setContentType(resp,artiDF.getOutType());\r
+ } \r
+ return rv;\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_ARTIFACTS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.mapper;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+\r
+import com.att.authz.cm.data.CertDrop;\r
+import com.att.authz.cm.data.CertRenew;\r
+import com.att.authz.cm.data.CertReq;\r
+import com.att.authz.cm.data.CertResp;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+\r
+public interface Mapper<REQ,CERT,ARTIFACTS,ERROR>\r
+{\r
+ public enum API{ERROR,VOID,CERT,CERT_REQ,CERT_RENEW,CERT_DROP,ARTIFACTS};\r
+ \r
+ public Class<?> getClass(API api);\r
+ public<A> A newInstance(API api);\r
+\r
+ public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);\r
+ \r
+ public Result<CERT> toCert(AuthzTrans trans, Result<CertResp> in, String[] trustChain) throws IOException;\r
+ public Result<CertReq> toReq(AuthzTrans trans, REQ req);\r
+ public Result<CertRenew> toRenew(AuthzTrans trans, REQ req);\r
+ public Result<CertDrop> toDrop(AuthzTrans trans, REQ req);\r
+ \r
+ public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, ARTIFACTS arti);\r
+ public Result<ARTIFACTS> fromArtifacts(Result<List<ArtiDAO.Data>> readArtifactsByMachine);\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.mapper;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import aaf.v2_0.Error;\r
+import certman.v1_0.Artifacts;\r
+import certman.v1_0.Artifacts.Artifact;\r
+import certman.v1_0.BaseRequest;\r
+import certman.v1_0.CertInfo;\r
+import certman.v1_0.CertificateDrop;\r
+import certman.v1_0.CertificateRenew;\r
+import certman.v1_0.CertificateRequest;\r
+\r
+import com.att.authz.cm.data.CertDrop;\r
+import com.att.authz.cm.data.CertRenew;\r
+import com.att.authz.cm.data.CertReq;\r
+import com.att.authz.cm.data.CertResp;\r
+import com.att.authz.cm.validation.Validator;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.aaf.v2_0.AAFCon;\r
+import com.att.cadi.util.Vars;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+import com.att.dao.aaf.cass.ArtiDAO.Data;\r
+\r
+\r
+public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {\r
+ \r
+ @Override\r
+ public Class<?> getClass(API api) {\r
+ switch(api) {\r
+ case CERT_REQ: return CertificateRequest.class;\r
+ case CERT_RENEW: return CertificateRenew.class;\r
+ case CERT_DROP: return CertificateDrop.class;\r
+ case CERT: return CertInfo.class;\r
+ case ARTIFACTS: return Artifacts.class;\r
+ case ERROR: return Error.class;\r
+ case VOID: return Void.class;\r
+ }\r
+ return null;\r
+ }\r
+\r
+ @SuppressWarnings("unchecked")\r
+ @Override\r
+ public <A> A newInstance(API api) {\r
+ switch(api) {\r
+ case CERT_REQ: return (A) new CertificateRequest();\r
+ case CERT_RENEW: return (A) new CertificateRenew();\r
+ case CERT_DROP: return (A) new CertificateDrop();\r
+ case CERT: return (A) new CertInfo();\r
+ case ARTIFACTS: return (A) new Artifacts();\r
+ case ERROR: return (A)new Error();\r
+ case VOID: return null;\r
+ }\r
+ return null;\r
+ }\r
+\r
+ ////////////// Mapping Functions /////////////\r
+ @Override\r
+ public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {\r
+ Error err = new Error();\r
+ err.setMessageId(msgID);\r
+ // AT&T Restful Error Format requires numbers "%" placements\r
+ err.setText(Vars.convert(holder, text, var));\r
+ for(String s : var) {\r
+ err.getVariables().add(s);\r
+ }\r
+ return err;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.certman.mapper.Mapper#toCert(com.att.authz.env.AuthzTrans, com.att.authz.layer.Result)\r
+ */\r
+ @Override\r
+ public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, String[] trustChain) throws IOException {\r
+ if(in.isOK()) {\r
+ CertResp cin = in.value;\r
+ CertInfo cout = newInstance(API.CERT);\r
+ cout.setPrivatekey(cin.privateString());\r
+ String value;\r
+ if((value=cin.challenge())!=null) {\r
+ cout.setChallenge(value);\r
+ }\r
+ cout.getCerts().add(cin.asCertString());\r
+ if(trustChain!=null) {\r
+ for(String c : trustChain) {\r
+ cout.getCerts().add(c);\r
+ }\r
+ }\r
+ if(cin.notes()!=null) {\r
+ boolean first = true;\r
+ StringBuilder sb = new StringBuilder();\r
+ for(String n : cin.notes()) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append('\n');\r
+ }\r
+ sb.append(n);\r
+ }\r
+ cout.setNotes(sb.toString());\r
+ }\r
+ return Result.ok(cout);\r
+ } else {\r
+ return Result.err(in);\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.certman.mapper.Mapper#toReq(com.att.authz.env.AuthzTrans, java.lang.Object)\r
+ */\r
+ @Override\r
+ public Result<CertReq> toReq(AuthzTrans trans, BaseRequest req) {\r
+ CertificateRequest in;\r
+ try {\r
+ in = (CertificateRequest)req;\r
+ } catch(ClassCastException e) {\r
+ return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest");\r
+ }\r
+\r
+ CertReq out = new CertReq();\r
+ Validator v = new Validator();\r
+ if(v.isNull("CertRequest", req)\r
+ .nullOrBlank("MechID", out.mechid=in.getMechid())\r
+ .nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1)\r
+ .err()) {\r
+ return Result.err(Result.ERR_BadData, v.errs());\r
+ }\r
+ out.emails = in.getEmail();\r
+ out.sponsor=in.getSponsor();\r
+ out.start = in.getStart();\r
+ out.end = in.getEnd();\r
+ return Result.ok(out);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.certman.mapper.Mapper#toRenew(com.att.authz.env.AuthzTrans, java.lang.Object)\r
+ */\r
+ @Override\r
+ public Result<CertRenew> toRenew(AuthzTrans trans, BaseRequest req) {\r
+ return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.certman.mapper.Mapper#toDrop(com.att.authz.env.AuthzTrans, java.lang.Object)\r
+ */\r
+ @Override\r
+ public Result<CertDrop> toDrop(AuthzTrans trans, BaseRequest req) {\r
+ return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.cm.mapper.Mapper#toArtifact(com.att.authz.env.AuthzTrans, java.lang.Object)\r
+ */\r
+ @Override\r
+ public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {\r
+ List<ArtiDAO.Data> ladd = new ArrayList<ArtiDAO.Data>();\r
+ for(Artifact arti : artifacts.getArtifact()) {\r
+ ArtiDAO.Data data = new ArtiDAO.Data();\r
+ data.mechid = arti.getMechid();\r
+ data.machine = arti.getMachine();\r
+ data.type(true).addAll(arti.getType());\r
+ data.ca = arti.getCa();\r
+ data.dir = arti.getDir();\r
+ data.os_user = arti.getOsUser();\r
+ // Optional (on way in)\r
+ data.appName = arti.getAppName();\r
+ data.renewDays = arti.getRenewDays();\r
+ data.notify = arti.getNotification();\r
+ \r
+ // Ignored on way in for create/update\r
+ data.sponsor = arti.getSponsor();\r
+ data.expires = null;\r
+ \r
+ // Derive Optional Data from Machine (Domain) if exists\r
+ if(data.machine!=null) {\r
+ if(data.ca==null) {\r
+ if(data.machine.endsWith(".att.com")) {\r
+ data.ca = "aaf"; // default\r
+ }\r
+ }\r
+ if(data.appName==null ) {\r
+ data.appName=AAFCon.reverseDomain(data.machine);\r
+ }\r
+ }\r
+\r
+ ladd.add(data);\r
+ }\r
+ return ladd;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.cm.mapper.Mapper#fromArtifacts(com.att.authz.layer.Result)\r
+ */\r
+ @Override\r
+ public Result<Artifacts> fromArtifacts(Result<List<Data>> lArtiDAO) {\r
+ if(lArtiDAO.isOK()) {\r
+ Artifacts artis = new Artifacts();\r
+ for(ArtiDAO.Data arti : lArtiDAO.value) {\r
+ Artifact a = new Artifact();\r
+ a.setMechid(arti.mechid);\r
+ a.setMachine(arti.machine);\r
+ a.setSponsor(arti.sponsor);\r
+ a.setAppName(arti.appName);\r
+ a.setCa(arti.ca);\r
+ a.setDir(arti.dir);\r
+ a.getType().addAll(arti.type(false));\r
+ a.setOsUser(arti.os_user);\r
+ a.setRenewDays(arti.renewDays);\r
+ a.setNotification(arti.notify);\r
+ artis.getArtifact().add(a);\r
+ }\r
+ return Result.ok(artis);\r
+ } else {\r
+ return Result.err(lArtiDAO);\r
+ }\r
+ }\r
+ \r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.service;\r
+\r
+import java.io.IOException;\r
+import java.net.InetAddress;\r
+import java.net.UnknownHostException;\r
+import java.nio.ByteBuffer;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import com.att.authz.cm.api.API_Cert;\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.cert.BCFactory;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.authz.cm.data.CertDrop;\r
+import com.att.authz.cm.data.CertRenew;\r
+import com.att.authz.cm.data.CertReq;\r
+import com.att.authz.cm.data.CertResp;\r
+import com.att.authz.cm.validation.Validator;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.authz.org.OrganizationException;\r
+import com.att.cadi.Hash;\r
+import com.att.cadi.aaf.AAFPermission;\r
+import com.att.cadi.aaf.v2_0.AAFCon;\r
+import com.att.cadi.cm.Factory;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.DAO;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+import com.att.dao.aaf.cass.CacheInfoDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.util.Chrono;\r
+import com.datastax.driver.core.Cluster;\r
+\r
+\r
+public class CMService {\r
+ // If we add more CAs, may want to parameterize\r
+ private static final int STD_RENEWAL = 30;\r
+ private static final int MAX_RENEWAL = 60;\r
+ private static final int MIN_RENEWAL = 10;\r
+ \r
+ public static final String REQUEST = "request";\r
+ public static final String RENEW = "renew";\r
+ public static final String DROP = "drop";\r
+ public static final String SANS = "san";\r
+ \r
+ private static final String[] NO_NOTES = new String[0];\r
+ private Slot sCertAuth;\r
+ private final CertDAO certDAO;\r
+ private final CredDAO credDAO;\r
+ private final ArtiDAO artiDAO;\r
+ private DAO<AuthzTrans, ?>[] daos;\r
+\r
+ @SuppressWarnings("unchecked")\r
+ public CMService(AuthzTrans trans, CertManAPI certman) throws APIException, IOException {\r
+\r
+ sCertAuth = certman.env.slot(API_Cert.CERT_AUTH);\r
+ Cluster cluster;\r
+ try {\r
+ cluster = com.att.dao.CassAccess.cluster(certman.env,null);\r
+ } catch (IOException e) {\r
+ throw new APIException(e);\r
+ }\r
+\r
+ // jg 4/2015 SessionFilter unneeded... DataStax already deals with Multithreading well\r
+ \r
+ HistoryDAO hd = new HistoryDAO(trans, cluster, CassAccess.KEYSPACE);\r
+ CacheInfoDAO cid = new CacheInfoDAO(trans, hd);\r
+ certDAO = new CertDAO(trans, hd, cid);\r
+ credDAO = new CredDAO(trans, hd, cid);\r
+ artiDAO = new ArtiDAO(trans, hd, cid);\r
+ \r
+ daos =(DAO<AuthzTrans, ?>[]) new DAO<?,?>[] {\r
+ hd,cid,certDAO,credDAO,artiDAO\r
+ };\r
+\r
+ // Setup Shutdown Hooks for Cluster and Pooled Sessions\r
+ Runtime.getRuntime().addShutdownHook(new Thread() {\r
+ @Override\r
+ public void run() {\r
+ for(DAO<AuthzTrans,?> dao : daos) {\r
+ dao.close(trans);\r
+ }\r
+\r
+// sessionFilter.destroy();\r
+ cluster.close();\r
+ }\r
+ }); \r
+ }\r
+ \r
+ public Result<CertResp> requestCert(AuthzTrans trans,Result<CertReq> req) {\r
+ if(req.isOK()) {\r
+ CA ca = trans.get(sCertAuth, null);\r
+ if(ca==null) {\r
+ return Result.err(Result.err(Result.ERR_BadData, "Invalid Cert Authority requested"));\r
+ }\r
+\r
+ // Allow only AAF CA without special permission\r
+ if(!ca.getName().equals("aaf") && !trans.fish( new AAFPermission(ca.getPermType(), ca.getName(), REQUEST))) {\r
+ return Result.err(Status.ERR_Denied, "'%s' does not have permission to request Certificates from Certificate Authority '%s'", \r
+ trans.user(),ca.getName());\r
+ }\r
+\r
+ List<String> notes = null;\r
+ List<String> fqdns;\r
+ String email = null;\r
+\r
+ try {\r
+ Organization org = trans.org();\r
+ \r
+ // Policy 1: Requests are only by Pre-Authorized Configurations\r
+ ArtiDAO.Data add = null;\r
+ try {\r
+ for(InetAddress ia : InetAddress.getAllByName(trans.ip())) {\r
+ Result<List<ArtiDAO.Data>> ra = artiDAO.read(trans, req.value.mechid,ia.getHostName());\r
+ if(ra.isOKhasData()) {\r
+ add = ra.value.get(0);\r
+ break;\r
+ }\r
+ }\r
+ } catch (UnknownHostException e1) {\r
+ return Result.err(Result.ERR_BadData,"There is no host for %s",trans.ip());\r
+ }\r
+ \r
+ if(add==null) {\r
+ return Result.err(Result.ERR_BadData,"There is no configuration for %s",req.value.mechid);\r
+ }\r
+ \r
+ // Policy 2: If Config marked as Expired, do not create or renew\r
+ Date now = new Date();\r
+ if(add.expires!=null && now.after(add.expires)) {\r
+ return Result.err(Result.ERR_Policy,"Configuration for %s %s is expired %s",add.mechid,add.machine,Chrono.dateFmt.format(add.expires));\r
+ }\r
+ \r
+ // Policy 3: MechID must be current\r
+ Identity muser = org.getIdentity(trans, add.mechid);\r
+ if(muser == null) {\r
+ return Result.err(Result.ERR_Policy,"MechID must exist in %s",org.getName());\r
+ }\r
+ \r
+ // Policy 4: Sponsor must be current\r
+ Identity ouser = muser.owner();\r
+ if(ouser==null) {\r
+ return Result.err(Result.ERR_Policy,"%s does not have a current sponsor at %s",add.mechid,org.getName());\r
+ } else if(!ouser.isFound() || !ouser.isResponsible()) {\r
+ return Result.err(Result.ERR_Policy,"%s reports that %s cannot be responsible for %s",org.getName(),trans.user());\r
+ }\r
+ \r
+ // Set Email from most current Sponsor\r
+ email = ouser.email();\r
+ \r
+ // Policy 5: keep Artifact data current\r
+ if(!ouser.fullID().equals(add.sponsor)) {\r
+ add.sponsor = ouser.fullID();\r
+ artiDAO.update(trans, add);\r
+ }\r
+ \r
+ // Policy 6: Requester must be granted Change permission in Namespace requested\r
+ String mechNS = AAFCon.reverseDomain(req.value.mechid);\r
+ if(mechNS==null) {\r
+ return Result.err(Status.ERR_Denied, "%s does not reflect a valid AAF Namespace",req.value.mechid);\r
+ }\r
+ \r
+ // Policy 7: Caller must be the MechID or have specifically delegated permissions\r
+ if(!trans.user().equals(req.value.mechid) && !trans.fish(new AAFPermission(mechNS + ".certman", ca.getName() , "request"))) {\r
+ return Result.err(Status.ERR_Denied, "%s must have access to modify x509 certs in NS %s",trans.user(),mechNS);\r
+ }\r
+ \r
+ \r
+ // Policy 8: SANs only allowed by Exception... need permission\r
+ fqdns = new ArrayList<String>();\r
+ fqdns.add(add.machine); // machine is first\r
+ if(req.value.fqdns.size()>1 && !trans.fish(new AAFPermission(ca.getPermType(), ca.getName(), SANS))) {\r
+ if(notes==null) {notes = new ArrayList<String>();}\r
+ notes.add("Warning: Subject Alternative Names only allowed by Permission: Get CSO Exception. This Certificate will be created, but without SANs");\r
+ } else {\r
+ for(String m : req.value.fqdns) {\r
+ if(!add.machine.equals(m)) {\r
+ fqdns.add(m);\r
+ }\r
+ }\r
+ }\r
+ \r
+ } catch (Exception e) {\r
+ trans.error().log(e);\r
+ return Result.err(Status.ERR_Denied,"MechID Sponsorship cannot be determined at this time. Try later");\r
+ }\r
+ \r
+ CSRMeta csrMeta;\r
+ try {\r
+ csrMeta = BCFactory.createCSRMeta(\r
+ ca, \r
+ req.value.mechid, \r
+ email, \r
+ fqdns);\r
+ X509Certificate x509 = ca.sign(trans, csrMeta);\r
+ if(x509==null) {\r
+ return Result.err(Result.ERR_ActionNotCompleted,"x509 Certificate not signed by CA");\r
+ }\r
+ CertDAO.Data cdd = new CertDAO.Data();\r
+ cdd.ca=ca.getName();\r
+ cdd.serial=x509.getSerialNumber();\r
+ cdd.id=req.value.mechid;\r
+ cdd.x500=x509.getSubjectDN().getName();\r
+ cdd.x509=Factory.toString(trans, x509);\r
+ certDAO.create(trans, cdd);\r
+ \r
+ CredDAO.Data crdd = new CredDAO.Data();\r
+ crdd.other = Question.random.nextInt();\r
+ crdd.cred=getChallenge256SaltedHash(csrMeta.challenge(),crdd.other);\r
+ crdd.expires = x509.getNotAfter();\r
+ crdd.id = req.value.mechid;\r
+ crdd.ns = Question.domain2ns(crdd.id);\r
+ crdd.type = CredDAO.CERT_SHA256_RSA;\r
+ credDAO.create(trans, crdd);\r
+ \r
+ CertResp cr = new CertResp(trans,x509,csrMeta, compileNotes(notes));\r
+ return Result.ok(cr);\r
+ } catch (Exception e) {\r
+ trans.error().log(e);\r
+ return Result.err(Result.ERR_ActionNotCompleted,e.getMessage());\r
+ }\r
+ } else {\r
+ return Result.err(req);\r
+ }\r
+ }\r
+\r
+ public Result<CertResp> renewCert(AuthzTrans trans, Result<CertRenew> renew) {\r
+ if(renew.isOK()) {\r
+ return Result.err(Result.ERR_NotImplemented,"Not implemented yet");\r
+ } else {\r
+ return Result.err(renew);\r
+ } \r
+ }\r
+\r
+ public Result<Void> dropCert(AuthzTrans trans, Result<CertDrop> drop) {\r
+ if(drop.isOK()) {\r
+ return Result.err(Result.ERR_NotImplemented,"Not implemented yet");\r
+ } else {\r
+ return Result.err(drop);\r
+ } \r
+ }\r
+\r
+ ///////////////\r
+ // Artifact\r
+ //////////////\r
+ public Result<Void> createArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {\r
+ Validator v = new Validator().artisRequired(list, 1);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+ for(ArtiDAO.Data add : list) {\r
+ try {\r
+ // Policy 1: MechID must exist in Org\r
+ Identity muser = trans.org().getIdentity(trans, add.mechid);\r
+ if(muser == null) {\r
+ return Result.err(Result.ERR_Denied,"%s is not valid for %s", add.mechid,trans.org().getName());\r
+ }\r
+ \r
+ // Policy 2: MechID must have valid Organization Owner\r
+ Identity ouser = muser.owner();\r
+ if(ouser == null) {\r
+ return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",\r
+ trans.user(),add.mechid,trans.org().getName());\r
+ }\r
+ \r
+ // Policy 3: Calling ID must be MechID Owner\r
+ if(!trans.user().equals(ouser.fullID())) {\r
+ return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",\r
+ trans.user(),add.mechid,trans.org().getName());\r
+ }\r
+\r
+ // Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)\r
+ if(add.renewDays<MIN_RENEWAL) {\r
+ add.renewDays = STD_RENEWAL;\r
+ } else if(add.renewDays>MAX_RENEWAL) {\r
+ add.renewDays = MAX_RENEWAL;\r
+ }\r
+ \r
+ // Policy 5: If Notify is blank, set to Owner's Email\r
+ if(add.notify==null || add.notify.length()==0) {\r
+ add.notify = "mailto:"+ouser.email();\r
+ }\r
+\r
+ // Set Sponsor from Golden Source\r
+ add.sponsor = ouser.fullID();\r
+ \r
+ \r
+ } catch (OrganizationException e) {\r
+ return Result.err(e);\r
+ }\r
+ // Add to DB\r
+ Result<ArtiDAO.Data> rv = artiDAO.create(trans, add);\r
+ // TODO come up with Partial Reporting Scheme, or allow only one at a time.\r
+ if(rv.notOK()) {\r
+ return Result.err(rv);\r
+ }\r
+ }\r
+ return Result.ok();\r
+ }\r
+\r
+ public Result<List<ArtiDAO.Data>> readArtifacts(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {\r
+ Validator v = new Validator().keys(add);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+ String ns = AAFCon.reverseDomain(add.mechid);\r
+ \r
+ if( trans.user().equals(add.mechid)\r
+ || trans.fish(new AAFPermission(ns + ".access", "*", "read"))\r
+ || (trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,add.mechid))==null) {\r
+ return artiDAO.read(trans, add);\r
+ } else {\r
+ return Result.err(Result.ERR_Denied,"%s is not %s, is not the sponsor, and doesn't have delegated permission.",trans.user(),add.mechid); // note: reason is set by 2nd case, if 1st case misses\r
+ }\r
+\r
+ }\r
+\r
+ public Result<List<ArtiDAO.Data>> readArtifactsByMechID(AuthzTrans trans, String mechid) throws OrganizationException {\r
+ Validator v = new Validator().nullOrBlank("mechid", mechid);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+ String ns = AAFCon.reverseDomain(mechid);\r
+ \r
+ String reason;\r
+ if(trans.fish(new AAFPermission(ns + ".access", "*", "read"))\r
+ || (reason=trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,mechid))==null) {\r
+ return artiDAO.readByMechID(trans, mechid);\r
+ } else {\r
+ return Result.err(Result.ERR_Denied,reason); // note: reason is set by 2nd case, if 1st case misses\r
+ }\r
+\r
+ }\r
+\r
+ public Result<List<ArtiDAO.Data>> readArtifactsByMachine(AuthzTrans trans, String machine) {\r
+ Validator v = new Validator().nullOrBlank("machine", machine);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // TODO do some checks?\r
+\r
+ Result<List<ArtiDAO.Data>> rv = artiDAO.readByMachine(trans, machine);\r
+ return rv;\r
+ }\r
+\r
+ public Result<Void> updateArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) throws OrganizationException {\r
+ Validator v = new Validator().artisRequired(list, 1);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // Check if requesting User is Sponsor\r
+ //TODO - Shall we do one, or multiples?\r
+ for(ArtiDAO.Data add : list) {\r
+ // Policy 1: MechID must exist in Org\r
+ Identity muser = trans.org().getIdentity(trans, add.mechid);\r
+ if(muser == null) {\r
+ return Result.err(Result.ERR_Denied,"%s is not valid for %s", add.mechid,trans.org().getName());\r
+ }\r
+ \r
+ // Policy 2: MechID must have valid Organization Owner\r
+ Identity ouser = muser.owner();\r
+ if(ouser == null) {\r
+ return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",\r
+ trans.user(),add.mechid,trans.org().getName());\r
+ }\r
+\r
+ // Policy 3: Renewal Days are between 10 and 60 (constants, may be parameterized)\r
+ if(add.renewDays<MIN_RENEWAL) {\r
+ add.renewDays = STD_RENEWAL;\r
+ } else if(add.renewDays>MAX_RENEWAL) {\r
+ add.renewDays = MAX_RENEWAL;\r
+ }\r
+\r
+ // Policy 4: Data is always updated with the latest Sponsor\r
+ // Add to Sponsor, to make sure we are always up to date.\r
+ add.sponsor = ouser.fullID();\r
+\r
+ // Policy 5: If Notify is blank, set to Owner's Email\r
+ if(add.notify==null || add.notify.length()==0) {\r
+ add.notify = "mailto:"+ouser.email();\r
+ }\r
+\r
+ // Policy 4: only Owner may update info\r
+ if(trans.user().equals(add.sponsor)) {\r
+ return artiDAO.update(trans, add);\r
+ } else {\r
+ return Result.err(Result.ERR_Denied,"%s may not update info for %s",trans.user(),muser.fullID());\r
+ }\r
+ \r
+ }\r
+ return Result.err(Result.ERR_BadData,"No Artifacts to update");\r
+ }\r
+ \r
+ public Result<Void> deleteArtifact(AuthzTrans trans, String mechid, String machine) throws OrganizationException {\r
+ Validator v = new Validator()\r
+ .nullOrBlank("mechid", mechid)\r
+ .nullOrBlank("machine", machine);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<List<ArtiDAO.Data>> rlad = artiDAO.read(trans, mechid, machine);\r
+ if(rlad.notOKorIsEmpty()) {\r
+ return Result.err(Result.ERR_NotFound,"Artifact for %s %s does not exist.",mechid,machine);\r
+ }\r
+ \r
+ return deleteArtifact(trans,rlad.value.get(0));\r
+ }\r
+ \r
+ private Result<Void> deleteArtifact(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {\r
+ // Policy 1: Record should be delete able only by Existing Sponsor. \r
+ String sponsor=null;\r
+ Identity muser = trans.org().getIdentity(trans, add.mechid);\r
+ if(muser != null) {\r
+ Identity ouser = muser.owner();\r
+ if(ouser!=null) {\r
+ sponsor = ouser.fullID();\r
+ }\r
+ }\r
+ // Policy 1.a: If Sponsorship is deleted in system of Record, then \r
+ // accept deletion by sponsor in Artifact Table\r
+ if(sponsor==null) {\r
+ sponsor = add.sponsor;\r
+ }\r
+ \r
+ String ns = AAFCon.reverseDomain(add.mechid);\r
+\r
+ if(trans.fish(new AAFPermission(ns + ".access", "*", "write"))\r
+ || trans.user().equals(sponsor)) {\r
+ return artiDAO.delete(trans, add, false);\r
+ }\r
+ return null;\r
+ }\r
+\r
+ public Result<Void> deleteArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {\r
+ Validator v = new Validator().artisRequired(list, 1);\r
+ if(v.err()) {\r
+ return Result.err(Result.ERR_BadData,v.errs());\r
+ }\r
+\r
+ try {\r
+ boolean partial = false;\r
+ Result<Void> result=null;\r
+ for(ArtiDAO.Data add : list) {\r
+ result = deleteArtifact(trans, add);\r
+ if(result.notOK()) {\r
+ partial = true;\r
+ }\r
+ }\r
+ if(result == null) {\r
+ result = Result.err(Result.ERR_BadData,"No Artifacts to delete"); \r
+ } else if(partial) {\r
+ result.partialContent(true);\r
+ }\r
+ return result;\r
+ } catch(Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ }\r
+\r
+ private String[] compileNotes(List<String> notes) {\r
+ String[] rv;\r
+ if(notes==null) {\r
+ rv = NO_NOTES;\r
+ } else {\r
+ rv = new String[notes.size()];\r
+ notes.toArray(rv);\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ private ByteBuffer getChallenge256SaltedHash(String challenge, int salt) throws NoSuchAlgorithmException {\r
+ ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + challenge.length());\r
+ bb.putInt(salt);\r
+ bb.put(challenge.getBytes());\r
+ byte[] hash = Hash.hashSHA256(bb.array());\r
+ return ByteBuffer.wrap(hash);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.service;\r
+\r
+import java.lang.reflect.Constructor;\r
+import java.util.ArrayList;\r
+import java.util.EnumSet;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Properties;\r
+import java.util.TreeMap;\r
+\r
+import com.att.aft.dme2.api.DME2Exception;\r
+//import com.att.aft.dme2.api.DME2FilterHolder;\r
+//import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.DME2Manager;\r
+import com.att.aft.dme2.api.DME2Server;\r
+import com.att.aft.dme2.api.DME2ServerProperties;\r
+import com.att.aft.dme2.api.DME2ServiceHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.util.DME2ServletHolder;\r
+//import com.att.aft.dme2.api.DME2ServletHolder;\r
+import com.att.authz.cm.api.API_Artifact;\r
+import com.att.authz.cm.api.API_Cert;\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.facade.Facade1_0;\r
+import com.att.authz.cm.facade.FacadeFactory;\r
+import com.att.authz.cm.mapper.Mapper.API;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.env.AuthzTransFilter;\r
+import com.att.authz.server.AbsServer;\r
+import com.att.cache.Cache;\r
+import com.att.cache.Cache.Dated;\r
+import com.att.cadi.Access;\r
+import com.att.cadi.Access.Level;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.TrustChecker;\r
+import com.att.cadi.aaf.v2_0.AAFAuthn;\r
+import com.att.cadi.aaf.v2_0.AAFCon;\r
+import com.att.cadi.aaf.v2_0.AAFConHttp;\r
+import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
+import com.att.cadi.aaf.v2_0.AAFTrustChecker;\r
+import com.att.cadi.config.Config;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Trans;\r
+import com.att.inno.env.util.Split;\r
+\r
+public class CertManAPI extends AbsServer {\r
+\r
+ private static final String USER_PERMS = "userPerms";\r
+ private static final Map<String,CA> certAuths = new TreeMap<String,CA>();\r
+ private static final String AAF_CERTMAN_CA_PREFIX = null;\r
+ public Facade1_0 facade1_0; // this is the default Facade\r
+ public Facade1_0 facade1_0_XML; // this is the XML Facade\r
+ public Map<String, Dated> cacheUser;\r
+ public AAFAuthn<?> aafAuthn;\r
+ public AAFLurPerm aafLurPerm;\r
+\r
+ private String[] EMPTY;\r
+ private AAFCon<?> aafcon;\r
+ \r
+ /**\r
+ * Construct AuthzAPI with all the Context Supporting Routes that Authz needs\r
+ * \r
+ * @param env\r
+ * @param si \r
+ * @param dm \r
+ * @param decryptor \r
+ * @throws APIException \r
+ */\r
+ public CertManAPI(AuthzEnv env) throws Exception {\r
+ super(env,"CertMan");\r
+ env.setLog4JNames("log4j.properties","authz","cm","audit","init","trace");\r
+ \r
+ //aafcon = new AAFConHttp(env);\r
+ \r
+ aafLurPerm = aafcon.newLur();\r
+ // Note: If you need both Authn and Authz construct the following:\r
+ aafAuthn = aafcon.newAuthn(aafLurPerm);\r
+\r
+ String aaf_env = env.getProperty(Config.AAF_ENV);\r
+ if(aaf_env==null) {\r
+ throw new APIException("aaf_env needs to be set");\r
+ }\r
+ \r
+ // Initialize Facade for all uses\r
+ AuthzTrans trans = env.newTrans();\r
+ \r
+ // Load Supported Certificate Authorities by property \r
+ for(String key : env.existingStaticSlotNames()) {\r
+ if(key.startsWith(AAF_CERTMAN_CA_PREFIX)) {\r
+ int idx = key.indexOf('.');\r
+ String[] params = Split.split(';', env.getProperty(key));\r
+ if(params.length>1) {\r
+ @SuppressWarnings("unchecked")\r
+ Class<CA> cac = (Class<CA>)Class.forName((String)params[0]);\r
+ Class<?> ptype[] = new Class<?>[params.length+1];\r
+ ptype[0]=Trans.class;\r
+ ptype[1]=String.class;\r
+ Object pinst[] = new Object[params.length+1];\r
+ pinst[0]=trans;\r
+ pinst[1]= key.substring(idx+1);\r
+ for(int i=1;i<params.length;++i) {\r
+ idx = i+1;\r
+ ptype[idx]=String.class;\r
+ pinst[idx]=params[i];\r
+ }\r
+ Constructor<CA> cons = cac.getConstructor(ptype);\r
+ CA ca = cons.newInstance(pinst);\r
+ certAuths.put(ca.getName(),ca);\r
+ }\r
+ }\r
+ }\r
+ if(certAuths.size()==0) {\r
+ throw new APIException("No Certificate Authorities have been configured in CertMan");\r
+ }\r
+ \r
+ CMService service = new CMService(trans, this);\r
+ // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor\r
+ facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade\r
+ facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); \r
+ \r
+\r
+ synchronized(env) {\r
+ if(cacheUser == null) {\r
+ cacheUser = Cache.obtain(USER_PERMS);\r
+ Cache.startCleansing(env, USER_PERMS);\r
+ Cache.addShutdownHook(); // Setup Shutdown Hook to close cache\r
+ }\r
+ }\r
+ \r
+ ////////////////////////////////////////////////////////////////////////////\r
+ // APIs\r
+ ////////////////////////////////////////////////////////////////////////\r
+ API_Cert.init(this);\r
+ API_Artifact.init(this);\r
+ \r
+ StringBuilder sb = new StringBuilder();\r
+ trans.auditTrail(2, sb);\r
+ trans.init().log(sb);\r
+ }\r
+ \r
+ public CA getCA(String key) {\r
+ return certAuths.get(key);\r
+ }\r
+\r
+ public String[] getTrustChain(String key) {\r
+ CA ca = certAuths.get(key);\r
+ if(ca==null) {\r
+ return EMPTY;\r
+ } else {\r
+ return ca.getTrustChain();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Setup XML and JSON implementations for each supported Version type\r
+ * \r
+ * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties\r
+ * to do Versions and Content switches\r
+ * \r
+ */\r
+ public void route(HttpMethods meth, String path, API api, Code code) throws Exception {\r
+ String version = "1.0";\r
+ // Get Correct API Class from Mapper\r
+ Class<?> respCls = facade1_0.mapper().getClass(api); \r
+ if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());\r
+ // setup Application API HTML ContentTypes for JSON and Route\r
+ String application = applicationJSON(respCls, version);\r
+ route(env,meth,path,code,application,"application/json;version="+version,"*/*");\r
+\r
+ // setup Application API HTML ContentTypes for XML and Route\r
+ application = applicationXML(respCls, version);\r
+ route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);\r
+ \r
+ // Add other Supported APIs here as created\r
+ }\r
+ \r
+ public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {\r
+ route(env,meth,path,code,""); // this will always match\r
+ }\r
+\r
+\r
+ /**\r
+ * Start up AuthzAPI as DME2 Service\r
+ * @param env\r
+ * @param props\r
+ * @throws DME2Exception\r
+ * @throws CadiException \r
+ */\r
+ public void startDME2(Properties props) throws DME2Exception, CadiException {\r
+ DME2Manager dme2 = new DME2Manager("AAF Certman DME2Manager", props);\r
+\r
+\r
+ DME2ServiceHolder svcHolder;\r
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();\r
+ svcHolder = new DME2ServiceHolder();\r
+ String serviceName = env.getProperty("DMEServiceName",null);\r
+ if(serviceName!=null) {\r
+ svcHolder.setServiceURI(serviceName);\r
+ svcHolder.setManager(dme2);\r
+ svcHolder.setContext("/");\r
+ \r
+ \r
+ \r
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/cert"});\r
+ srvHolder.setContextPath("/*");\r
+ slist.add(srvHolder);\r
+ \r
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(\r
+ RequestDispatcherType.REQUEST,\r
+ RequestDispatcherType.FORWARD,\r
+ RequestDispatcherType.ASYNC\r
+ );\r
+\r
+ ///////////////////////\r
+ // Apply Filters\r
+ ///////////////////////\r
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();\r
+ \r
+ // Secure all GUI interactions with AuthzTransFilter\r
+ flist.add(new DME2FilterHolder(\r
+ new AuthzTransFilter(env,aafcon,TrustChecker.NOTRUST),\r
+ "/*", edlist));\r
+ \r
+\r
+ svcHolder.setFilters(flist);\r
+ svcHolder.setServletHolders(slist);\r
+ \r
+ DME2Server dme2svr = dme2.getServer();\r
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();\r
+ dsprops.setGracefulShutdownTimeMs(1000);\r
+ \r
+ env.init().log("Starting AAF Certman Jetty/DME2 server...");\r
+ dme2svr.start();\r
+ try {\r
+// if(env.getProperty("NO_REGISTER",null)!=null)\r
+ dme2.bindService(svcHolder);\r
+ env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());\r
+ while(true) { // Per DME2 Examples...\r
+ Thread.sleep(5000);\r
+ }\r
+ } catch(InterruptedException e) {\r
+ env.init().log("AAF Jetty Server interrupted!");\r
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process\r
+ env.init().log(e,"DME2 Initialization Error");\r
+ dme2svr.stop();\r
+ System.exit(1);\r
+ }\r
+ } else {\r
+ env.init().log("Properties must contain DMEServiceName");\r
+ }\r
+ }\r
+\r
+ public static void main(String[] args) {\r
+ setup(CertManAPI.class, "certman.props");\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.service;\r
+\r
+import com.att.authz.cm.facade.Facade1_0;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.cssa.rserv.HttpCode;\r
+\r
+public abstract class Code extends HttpCode<AuthzTrans,Facade1_0> implements Cloneable {\r
+\r
+ public Code(CertManAPI cma, String description, String ... roles) {\r
+ super(cma.facade1_0, description, roles);\r
+ // Note, the first "Code" will be created with default Facade, "JSON".\r
+ // use clone for another Code with XML\r
+ }\r
+ \r
+\r
+ public <D extends Code> D clone(Facade1_0 facade) throws Exception {\r
+ @SuppressWarnings("unchecked")\r
+ D d = (D)clone();\r
+ d.context = facade;\r
+ return d;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.validation;\r
+\r
+import java.util.List;\r
+\r
+import com.att.authz.layer.Result;\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+import com.att.dao.aaf.cass.ArtiDAO.Data;\r
+\r
+/**\r
+ * Validator\r
+ * Consistently apply content rules for content (incoming)\r
+ * \r
+ * Note: We restrict content for usability in URLs (because RESTful service), and avoid \r
+ * issues with Regular Expressions, and other enabling technologies. \r
+ *\r
+ */\r
+public class Validator {\r
+ // Repeated Msg fragments\r
+ private static final String MECHID = "mechid";\r
+ private static final String MACHINE = "machine";\r
+ private static final String ARTIFACT_LIST_IS_NULL = "Artifact List is null.";\r
+ private static final String Y = "y.";\r
+ private static final String IES = "ies.";\r
+ private static final String ENTR = " entr";\r
+ private static final String MUST_HAVE_AT_LEAST = " must have at least ";\r
+ private static final String IS_NULL = " is null.";\r
+ private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";\r
+ private StringBuilder msgs;\r
+\r
+ public Validator nullOrBlank(String name, String str) {\r
+ if(str==null) {\r
+ msg(name + IS_NULL);\r
+ } else if(str.length()==0) {\r
+ msg(name + " is blank.");\r
+ }\r
+ return this;\r
+ }\r
+ \r
+ private void msg(String ... strs) {\r
+ if(msgs==null) {\r
+ msgs=new StringBuilder();\r
+ }\r
+ for(String str : strs) {\r
+ msgs.append(str);\r
+ }\r
+ msgs.append('\n');\r
+ }\r
+ \r
+ public boolean err() {\r
+ return msgs!=null;\r
+ }\r
+ \r
+ public String errs() {\r
+ return msgs.toString();\r
+ }\r
+\r
+ public Validator notOK(Result<?> res) {\r
+ if(res==null) {\r
+ msgs.append("Result object is blank");\r
+ } else if(res.notOK()) {\r
+ msgs.append(res.getClass().getSimpleName() + " is not OK");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator isNull(String name, Object obj) {\r
+ if(obj==null) {\r
+ msg(name + IS_NULL);\r
+ } \r
+ return this;\r
+ }\r
+\r
+ public Validator nullBlankMin(String name, List<String> list, int min) {\r
+ if(list==null) {\r
+ msg(name + IS_NULL);\r
+ } else {\r
+ if(list.size()<min) {\r
+ msg(name + MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));\r
+ } else {\r
+ for(String s : list) {\r
+ nullOrBlank("List Item",s);\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator artisRequired(List<ArtiDAO.Data> list, int min) {\r
+ if(list==null) {\r
+ msg(ARTIFACT_LIST_IS_NULL);\r
+ } else {\r
+ if(list.size()<min) {\r
+ msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));\r
+ } else {\r
+ for(ArtiDAO.Data a : list) {\r
+ allRequired(a);\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator artisKeys(List<ArtiDAO.Data> list, int min) {\r
+ if(list==null) {\r
+ msg(ARTIFACT_LIST_IS_NULL);\r
+ } else {\r
+ if(list.size()<min) {\r
+ msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));\r
+ } else {\r
+ for(ArtiDAO.Data a : list) {\r
+ keys(a);\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+ public Validator keys(ArtiDAO.Data add) {\r
+ if(add==null) {\r
+ msg("Artifact is null.");\r
+ } else {\r
+ nullOrBlank(MECHID, add.mechid);\r
+ nullOrBlank(MACHINE, add.machine);\r
+ }\r
+ return this;\r
+ }\r
+ \r
+ private Validator allRequired(Data a) {\r
+ if(a==null) {\r
+ msg("Artifact is null.");\r
+ } else {\r
+ nullOrBlank(MECHID, a.mechid);\r
+ nullOrBlank(MACHINE, a.machine);\r
+ nullOrBlank("ca",a.ca);\r
+ nullOrBlank("dir",a.dir);\r
+ nullOrBlank("os_user",a.os_user);\r
+ // Note: AppName, Notify & Sponsor are currently not required\r
+ }\r
+ return this;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.api;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Rule;\r
+import org.junit.Test;\r
+import org.junit.rules.ExpectedException;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.env.AuthzTrans;\r
+;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_API_Artifact {\r
+ \r
+ @Mock\r
+ private static API_Artifact api;\r
+ \r
+ @Mock\r
+ private static CertManAPI certManApi;\r
+ \r
+ private static CertManAPI noMockAPI;\r
+ private static API_Artifact api_1;\r
+ \r
+ private static HttpServletRequest req;\r
+ private static HttpServletResponse res;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ AuthzTrans trans = mock(AuthzTrans.class);\r
+ req = mock(HttpServletRequest.class);\r
+ trans.setProperty("testTag", "UserValue");\r
+ trans.set(req);\r
+ }\r
+ \r
+ @Rule\r
+ public ExpectedException thrown= ExpectedException.none();\r
+ \r
+ @Test\r
+ public void init_bothValued() {\r
+ try {\r
+ api.init(certManApi);\r
+ } catch (Exception e) {\r
+ thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_Null_() {\r
+ try {\r
+ api.init(null);\r
+ } catch (Exception e) {\r
+ //thrown.expect(Exception.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_NMC_Null() {\r
+ try {\r
+ api_1.init(null);\r
+ } catch (Exception e) {\r
+ //thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_NMC() {\r
+ try {\r
+ api_1.init(noMockAPI);\r
+ } catch (Exception e) {\r
+ //thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.api;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Rule;\r
+import org.junit.Test;\r
+import org.junit.rules.ExpectedException;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.env.AuthzTrans;\r
+;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_API_Cert {\r
+ \r
+ @Mock\r
+ private static API_Cert api;\r
+ \r
+ @Mock\r
+ private static CertManAPI certManApi;\r
+ \r
+ private static CertManAPI noMockAPI;\r
+ private static API_Cert api_1;\r
+ \r
+ private static HttpServletRequest req;\r
+ private static HttpServletResponse res;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ AuthzTrans trans = mock(AuthzTrans.class);\r
+ req = mock(HttpServletRequest.class);\r
+ trans.setProperty("testTag", "UserValue");\r
+ trans.set(req);\r
+ }\r
+ \r
+ @Rule\r
+ public ExpectedException thrown= ExpectedException.none();\r
+ \r
+ @Test\r
+ public void init_bothValued() {\r
+ try {\r
+ api.init(certManApi);\r
+ } catch (Exception e) {\r
+ //thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_Null_() {\r
+ try {\r
+ api.init(null);\r
+ } catch (Exception e) {\r
+ //thrown.expect(Exception.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_NMC_Null() {\r
+ try {\r
+ api_1.init(null);\r
+ } catch (Exception e) {\r
+ //thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void init_NMC() {\r
+ try {\r
+ api_1.init(noMockAPI);\r
+ } catch (Exception e) {\r
+ //thrown.expect(NullPointerException.class);\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.ca;\r
+\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.security.InvalidKeyException;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.security.NoSuchProviderException;\r
+import java.security.Principal;\r
+import java.security.PublicKey;\r
+import java.security.SignatureException;\r
+import java.security.cert.CertificateEncodingException;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.CertificateExpiredException;\r
+import java.security.cert.CertificateNotYetValidException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.Date;\r
+import java.util.Set;\r
+\r
+import javax.security.auth.x500.X500Principal;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.InjectMocks;\r
+import org.mockito.Mock;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.aft.dme2.api.http.HttpResponse;\r
+import com.att.aft.dme2.request.HttpRequest;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.dao.aaf.cached.CachedCertDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_AppCA {\r
+ \r
+ @Mock\r
+ private static CachedCertDAO certDAO;\r
+ \r
+ @Mock\r
+ private static HttpServletRequest req;\r
+ \r
+ @Mock\r
+ private static CSRMeta csrMeta;\r
+ \r
+ static Trans trans;\r
+ \r
+ static X509Certificate cert;\r
+ static byte [] name = {1,23,4,54,6,56};\r
+ \r
+ private static AppCA appCA;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws CertificateException, CertException, IOException {\r
+ String str = "core java api";\r
+ byte[] b = str.getBytes();\r
+ Principal prc = new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US");\r
+ req = mock(HttpServletRequest.class);\r
+ appCA = mock(AppCA.class);\r
+ X509Certificate cert = new X509Certificate() {\r
+ \r
+ @Override\r
+ public boolean hasUnsupportedCriticalExtension() {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public Set<String> getNonCriticalExtensionOIDs() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getExtensionValue(String oid) {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Set<String> getCriticalExtensionOIDs() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException,\r
+ InvalidKeyException, NoSuchProviderException, SignatureException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,\r
+ NoSuchProviderException, SignatureException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public String toString() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public PublicKey getPublicKey() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getEncoded() throws CertificateEncodingException {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public int getVersion() {\r
+ \r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getTBSCertificate() throws CertificateEncodingException {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getSubjectUniqueID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Principal getSubjectDN() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getSignature() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getSigAlgParams() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public String getSigAlgOID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public String getSigAlgName() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public BigInteger getSerialNumber() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Date getNotBefore() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Date getNotAfter() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getKeyUsage() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getIssuerUniqueID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Principal getIssuerDN() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public int getBasicConstraints() {\r
+ \r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {\r
+ \r
+ }\r
+ };\r
+ when(appCA.sign(Mockito.any(Trans.class), Mockito.any(CSRMeta.class))).thenReturn(cert);\r
+ certDAO = mock(CachedCertDAO.class, CALLS_REAL_METHODS);\r
+ }\r
+ \r
+ @Test\r
+ public void identity_True() throws CertificateException, IOException, CertException {\r
+ assertNotNull(appCA.sign(trans, csrMeta));\r
+ }\r
+ \r
+ \r
+ @Test\r
+ public void identityNull() throws CertificateException {\r
+ try {\r
+ assertNotNull(appCA.sign(null, csrMeta));\r
+ } catch (IOException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (CertException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void identityBothNull() throws CertificateException {\r
+ try {\r
+ assertNotNull(appCA.sign(null, null));\r
+ } catch (IOException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (CertException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.ca;\r
+\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+import java.math.BigInteger;\r
+import java.security.InvalidKeyException;\r
+import java.security.NoSuchAlgorithmException;\r
+import java.security.NoSuchProviderException;\r
+import java.security.Principal;\r
+import java.security.PublicKey;\r
+import java.security.SignatureException;\r
+import java.security.cert.CertificateEncodingException;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.CertificateExpiredException;\r
+import java.security.cert.CertificateNotYetValidException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.Date;\r
+import java.util.Set;\r
+\r
+import javax.security.auth.x500.X500Principal;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.InjectMocks;\r
+import org.mockito.Mock;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.aft.dme2.api.http.HttpResponse;\r
+import com.att.aft.dme2.request.HttpRequest;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.dao.aaf.cached.CachedCertDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_DevlCA {\r
+ \r
+ @Mock\r
+ private static CachedCertDAO certDAO;\r
+ \r
+ @Mock\r
+ private static HttpServletRequest req;\r
+ \r
+ @Mock\r
+ private static CSRMeta csrMeta;\r
+ \r
+ static Trans trans;\r
+ \r
+ static X509Certificate cert;\r
+ static byte [] name = {1,23,4,54,6,56};\r
+ \r
+ private static DevlCA devICA;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws CertificateException, CertException, IOException {\r
+ String str = "core java api";\r
+ byte[] b = str.getBytes();\r
+ Principal prc = new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US");\r
+ req = mock(HttpServletRequest.class);\r
+ devICA = mock(DevlCA.class);\r
+ X509Certificate cert = new X509Certificate() {\r
+ \r
+ @Override\r
+ public boolean hasUnsupportedCriticalExtension() {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public Set<String> getNonCriticalExtensionOIDs() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getExtensionValue(String oid) {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Set<String> getCriticalExtensionOIDs() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException,\r
+ InvalidKeyException, NoSuchProviderException, SignatureException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,\r
+ NoSuchProviderException, SignatureException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public String toString() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public PublicKey getPublicKey() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getEncoded() throws CertificateEncodingException {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public int getVersion() {\r
+ \r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getTBSCertificate() throws CertificateEncodingException {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getSubjectUniqueID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Principal getSubjectDN() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getSignature() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public byte[] getSigAlgParams() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public String getSigAlgOID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public String getSigAlgName() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public BigInteger getSerialNumber() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Date getNotBefore() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Date getNotAfter() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getKeyUsage() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public boolean[] getIssuerUniqueID() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public Principal getIssuerDN() {\r
+ \r
+ return null;\r
+ }\r
+ \r
+ @Override\r
+ public int getBasicConstraints() {\r
+ \r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {\r
+ \r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {\r
+ \r
+ }\r
+ };\r
+ when(devICA.sign(Mockito.any(Trans.class), Mockito.any(CSRMeta.class))).thenReturn(cert);\r
+ certDAO = mock(CachedCertDAO.class, CALLS_REAL_METHODS);\r
+ }\r
+ \r
+ @Test\r
+ public void identity_True() throws CertificateException, IOException, CertException {\r
+ assertNotNull(devICA.sign(trans, csrMeta));\r
+ }\r
+ \r
+ \r
+ @Test\r
+ public void identityNull() throws CertificateException {\r
+ try {\r
+ assertNotNull(devICA.sign(null, csrMeta));\r
+ } catch (IOException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (CertException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void identityBothNull() throws CertificateException {\r
+ try {\r
+ assertNotNull(devICA.sign(null, null));\r
+ } catch (IOException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (CertException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.cert;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+\r
+import java.io.File;\r
+import java.io.FileNotFoundException;\r
+import java.io.IOException;\r
+import java.security.Key;\r
+import java.security.PrivateKey;\r
+import java.security.PublicKey;\r
+\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
+import org.junit.BeforeClass;\r
+import org.junit.Rule;\r
+import org.junit.Test;\r
+import org.junit.rules.ExpectedException;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.cm.CertException;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_BCFactory {\r
+ \r
+ private static BCFactory bcFactory = new BCFactory();\r
+ \r
+ private static BCFactory bcFact;\r
+ \r
+ private static PrivateKey pk;\r
+ \r
+ \r
+ private static Trans trans;\r
+ \r
+ \r
+ private static PKCS10CertificationRequest req;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws IOException {\r
+ pk = new XYZKey();\r
+ trans = mock(Trans.class);\r
+ req = mock(PKCS10CertificationRequest.class);\r
+ when(req.getEncoded()).thenReturn(new byte[1]);\r
+ when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken(null, 0) {\r
+ \r
+ @Override\r
+ public void output(StringBuilder sb) {\r
+ // TODO Auto-generated method stub\r
+ \r
+ }\r
+ });\r
+ bcFact = mock(BCFactory.class);\r
+ }\r
+ \r
+ @Test\r
+ public void toStrin() throws OperatorCreationException, IOException, CertException {\r
+ assertNotNull(bcFactory.toString(trans, req));\r
+ }\r
+ \r
+ @Test\r
+ public void toStrinMoc() throws OperatorCreationException, IOException, CertException {\r
+ assertNotNull(bcFact.toString(trans, req));\r
+ }\r
+ \r
+ @Rule\r
+ public ExpectedException thrown= ExpectedException.none();\r
+ \r
+ @Test\r
+ public void toCSR() {\r
+ try {\r
+ assertNotNull(bcFactory.toCSR(trans, new File("/random/path")));\r
+ thrown.expect(FileNotFoundException.class);\r
+ } catch (IOException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+}\r
+\r
+class XYZKey implements Key, PublicKey, PrivateKey {\r
+ \r
+ int rotValue;\r
+ public XYZKey() {\r
+ rotValue = 1200213;\r
+ }\r
+ public String getAlgorithm() {\r
+ return "XYZ";\r
+ }\r
+\r
+ public String getFormat() {\r
+ return "XYZ Special Format";\r
+ }\r
+\r
+ public byte[] getEncoded() {\r
+ byte b[] = new byte[4];\r
+ b[3] = (byte) ((rotValue << 24) & 0xff);\r
+ b[2] = (byte) ((rotValue << 16) & 0xff);\r
+ b[1] = (byte) ((rotValue << 8) & 0xff);\r
+ b[0] = (byte) ((rotValue << 0) & 0xff);\r
+ return b;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.cert;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.io.IOException;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
+import org.junit.BeforeClass;\r
+import org.junit.Rule;\r
+import org.junit.Test;\r
+import org.junit.rules.ExpectedException;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.cm.CertException;\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_CSRMeta {\r
+ \r
+ private static CSRMeta csrmeta;\r
+ private static Trans trans;\r
+ private static PKCS10CertificationRequest req;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ trans = mock(Trans.class);\r
+ csrmeta = new CSRMeta();\r
+ csrmeta.cn("CN");\r
+ csrmeta.email("pupleti@ht.com");\r
+ csrmeta.mechID("HAKJH787");\r
+ csrmeta.o("O");\r
+ csrmeta.l("L");\r
+ csrmeta.st("ST");\r
+ csrmeta.c("C");\r
+ csrmeta.challenge("Challenge");\r
+ csrmeta.san("CA");\r
+ }\r
+ \r
+ @Test\r
+ public void x500Name() throws IOException {\r
+ \r
+ X500Name x500 = csrmeta.x500Name();\r
+ assertEquals(x500.toString(),"CN=CN,E=pupleti@ht.com,OU=HAKJH787,O=O,L=L,ST=ST,C=C");\r
+ }\r
+ \r
+ @Test\r
+ public void initialConversationCert() throws CertificateException, OperatorCreationException, IOException {\r
+ X509Certificate cert = csrmeta.initialConversationCert(trans);\r
+ assertEquals(cert.getBasicConstraints(),-1);\r
+ }\r
+ \r
+ @Test\r
+ public void generateCSR() throws IOException, CertException {\r
+ req = csrmeta.generateCSR(trans);\r
+ assertNotNull(req);\r
+ }\r
+ \r
+ @Rule\r
+ public ExpectedException thrown= ExpectedException.none();\r
+ \r
+ @Test\r
+ public void dump() throws IOException, CertException {\r
+ req = csrmeta.generateCSR(trans);\r
+ csrmeta.dump(req);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.data;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+\r
+import java.io.IOException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.authz.cm.ca.CA;\r
+import com.att.authz.cm.cert.BCFactory;\r
+import com.att.authz.cm.cert.CSRMeta;\r
+import com.att.authz.cm.cert.StandardFields;\r
+import com.att.cadi.cm.CertException;\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_CertReq {\r
+ \r
+ private static BCFactory bcFact;\r
+ \r
+ private static CSRMeta value;\r
+ \r
+ private static CertReq req;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ bcFact = mock(BCFactory.class);\r
+ value = mock(CSRMeta.class);\r
+ req = mock(CertReq.class);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void getCSRMeta() throws CertException {\r
+ //req = new CertReq();\r
+ req.mechid = "1213";\r
+ List<String> fqdnsas = new ArrayList<String>();\r
+ fqdnsas.add("String1");\r
+ List<String> emails = new ArrayList<String>();\r
+ emails.add("pupleti@hotmail.com");\r
+ req.emails = emails;\r
+ req.fqdns = fqdnsas;\r
+ StandardFields sf = mock(StandardFields.class);\r
+ req.certAuthority = new CA("testName", sf, "ALL") {\r
+ \r
+ @Override\r
+ public X509Certificate sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {\r
+ \r
+ return null;\r
+ }\r
+ };\r
+ req.sponsor = "asa@df.co";\r
+ assertNull(req.getCSRMeta());\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.facade;\r
+\r
+import static org.junit.Assert.*;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.ServletOutputStream;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+import javax.xml.namespace.QName;\r
+import javax.xml.validation.Schema;\r
+\r
+import org.junit.Before;\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.authz.cm.mapper.Mapper;\r
+import com.att.authz.cm.service.CMService;\r
+import com.att.authz.cm.service.CertManAPI;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.cadi.aaf.AAFPermission;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.LogTarget;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+import com.att.rosetta.env.RosettaDF;\r
+import com.att.rosetta.env.RosettaData;\r
+\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> {\r
+ \r
+ private static AuthzTrans trans;\r
+ private static HttpServletResponse resp;\r
+ private static CertManAPI certman;\r
+ private static FacadeImpl hImpl;\r
+ private static CMService service;\r
+ private Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper;\r
+ private Data.TYPE dataType;\r
+ private static AuthzEnv env;\r
+ \r
+ private static FacadeImpl fImpl;\r
+ private static HttpServletRequest req;\r
+ \r
+ @Before\r
+ public void setUp() throws APIException, IOException {\r
+ fImpl = mock(FacadeImpl.class);\r
+ env = mock(AuthzEnv.class);\r
+ resp = mock(HttpServletResponse.class);\r
+ req = mock(HttpServletRequest.class);\r
+ hImpl = mock(FacadeImpl.class, CALLS_REAL_METHODS);\r
+ Result<Void> rvd = (Result) mock(Result.class);\r
+ trans = mock(AuthzTrans.class);\r
+ when(trans.error()).thenReturn(new LogTarget() {\r
+ \r
+ @Override\r
+ public void printf(String fmt, Object... vars) {}\r
+ \r
+ @Override\r
+ public void log(Throwable e, Object... msgs) {\r
+ e.getMessage();\r
+ e.printStackTrace();\r
+ msgs.toString();\r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void log(Object... msgs) {\r
+ }\r
+ \r
+ @Override\r
+ public boolean isLoggable() {\r
+ \r
+ return false;\r
+ }\r
+ });\r
+ when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken("Now", 1) {\r
+ \r
+ @Override\r
+ public void output(StringBuilder sb) {\r
+ \r
+ }\r
+ });\r
+ when(fImpl.check(Mockito.any(AuthzTrans.class), Mockito.any(HttpServletResponse.class), Mockito.anyString())).thenReturn(rvd);\r
+ when(resp.getOutputStream()).thenReturn(new ServletOutputStream() {\r
+ \r
+ @Override\r
+ public void write(int b) throws IOException {\r
+ \r
+ \r
+ }\r
+ });\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void check() throws IOException {\r
+ AAFPermission ap = new AAFPermission("str1","str3","str2");\r
+ String perms = ap.getInstance();\r
+ assertNotNull(hImpl.check(trans, resp, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void checkNull() throws IOException {\r
+ AAFPermission ap = new AAFPermission(null,"Str3","str2");\r
+ String perms = ap.getInstance();\r
+ assertNotNull(hImpl.check(trans, resp, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void checkTwoNull() throws IOException {\r
+ AAFPermission ap = new AAFPermission(null,null,"str2");\r
+ String perms = ap.getInstance();\r
+ assertNotNull(fImpl.check(trans, resp, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void checkAllNull() throws IOException {\r
+ AAFPermission ap = new AAFPermission(null,null,null);\r
+ String perms = ap.getInstance();\r
+ assertNotNull(fImpl.check(trans, resp, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void checkTrans_null() throws IOException {\r
+ AAFPermission ap = new AAFPermission("str1","str3","str2");\r
+ String perms = ap.getInstance();\r
+ assertNotNull(hImpl.check(null, resp, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void checkRespNull() throws IOException {\r
+ AAFPermission ap = new AAFPermission("str1","str3","str2");\r
+ String perms = ap.getInstance();\r
+ assertNotNull(hImpl.check(trans, null, perms));\r
+ }\r
+ \r
+ @Test\r
+ public void requestCert() { \r
+ assertNotNull(hImpl.requestCert(trans, req, resp, true));\r
+ }\r
+ \r
+ @Test\r
+ public void renewCert() { \r
+ assertNotNull(hImpl.renewCert(trans, req, resp, true));\r
+ }\r
+ \r
+ @Test\r
+ public void dropCert() { \r
+ assertNotNull(hImpl.renewCert(trans, req, resp, true));\r
+ }\r
+ \r
+ @Test\r
+ public void createArtifacts() { \r
+ assertNotNull(hImpl.createArtifacts(trans, req, resp));\r
+ }\r
+ \r
+ @Test\r
+ public void readArtifacts() { \r
+ assertNotNull(hImpl.readArtifacts(trans, req, resp));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cm.validation;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.util.ArrayList;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.dao.aaf.cass.ArtiDAO;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Validator {\r
+ \r
+ private static Validator validator;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ validator = new Validator();\r
+ }\r
+ \r
+ @Test\r
+ public void nullCheck() {\r
+ assertNotNull(validator.nullOrBlank("TestName", null).errs());\r
+ }\r
+ \r
+ @Test\r
+ public void blankCheck() {\r
+ assertNotNull(validator.nullOrBlank("TestName", "").err());\r
+ }\r
+ \r
+ @Test\r
+ public void notOK_null() {\r
+ assertNotNull(validator.notOK(null));\r
+ }\r
+ \r
+ @Test\r
+ public void isNullCheck() {\r
+ assertNotNull(validator.isNull("TestName", null).errs());\r
+ }\r
+ \r
+ @Test\r
+ public void nullBlankMin() {\r
+ assertNotNull(validator.nullBlankMin("TestName", null, 0));\r
+ }\r
+ \r
+ @Test\r
+ public void artistsRequired() {\r
+ assertNotNull(validator.artisRequired(null, 0));\r
+ }\r
+ \r
+ @Test\r
+ public void artistRequired() {\r
+ assertNotNull(validator.artisRequired(new ArrayList<ArtiDAO.Data>(), -1));\r
+ }\r
+ \r
+ @Test\r
+ public void artistRequired_Null() {\r
+ assertNotNull(validator.artisRequired(null, -1));\r
+ }\r
+ \r
+ @Test\r
+ public void artistkeys() {\r
+ assertNotNull(validator.artisKeys(new ArrayList<ArtiDAO.Data>(), -1));\r
+ }\r
+ \r
+ @Test\r
+ public void artistKeys_Null() {\r
+ assertNotNull(validator.artisKeys(null, -1));\r
+ }\r
+ \r
+ @Test\r
+ public void keys() {\r
+ assertNotNull(validator.keys(new ArtiDAO.Data()));\r
+ }\r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+\r
+ <!-- No Parent on Purpose!!! -->\r
+ <artifactId>authz-client</artifactId>\r
+ <name>Authz Client</name>\r
+ <description>Client and XSD Generated code for Authz</description>\r
+ <groupId>com.att.authz</groupId>\r
+ <version>2.6</version>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+ \r
+ <properties>\r
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
+ <swm-distFiles-path>/opt/app/aft/${project.artifactId}/${project.version}</swm-distFiles-path>\r
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>junit</groupId>\r
+ <artifactId>junit</artifactId>\r
+ <version>4.10</version>\r
+ <scope>test</scope>\r
+ </dependency>\r
+ \r
+ </dependencies>\r
+\r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.codehaus.mojo</groupId>\r
+ <artifactId>jaxb2-maven-plugin</artifactId>\r
+ <version>1.3</version>\r
+ <executions>\r
+ <execution>\r
+ <phase>generate-sources</phase>\r
+ <goals>\r
+ <goal>xjc</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ <configuration>\r
+ <schemaDirectory>src/main/xsd</schemaDirectory>\r
+ </configuration>\r
+ </plugin>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-compiler-plugin</artifactId>\r
+ <configuration>\r
+ <source>1.6</source>\r
+ <target>1.6</target>\r
+ </configuration>\r
+ </plugin>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <version>2.5</version>\r
+ <configuration>\r
+ <skip>false</skip>\r
+ </configuration>\r
+ </plugin>\r
+\r
+ <!--This plugin's configuration is used to store Eclipse m2e settings \r
+ only. It has no influence on the Maven build itself. -->\r
+ <plugin>\r
+ <groupId>org.eclipse.m2e</groupId>\r
+ <artifactId>lifecycle-mapping</artifactId>\r
+ <version>1.0.0</version>\r
+ <configuration>\r
+ <lifecycleMappingMetadata>\r
+ <pluginExecutions>\r
+ <pluginExecution>\r
+ <pluginExecutionFilter>\r
+ <groupId>\r
+ org.codehaus.mojo\r
+ </groupId>\r
+ <artifactId>\r
+ jaxb2-maven-plugin\r
+ </artifactId>\r
+ <versionRange>\r
+ [1.3,)\r
+ </versionRange>\r
+ <goals>\r
+ <goal>xjc</goal>\r
+ </goals>\r
+ </pluginExecutionFilter>\r
+ <action>\r
+ <ignore></ignore>\r
+ </action>\r
+ </pluginExecution>\r
+ </pluginExecutions>\r
+ </lifecycleMappingMetadata>\r
+ </configuration>\r
+ </plugin>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-compiler-plugin</artifactId>\r
+ <version>2.3.2</version>\r
+ <configuration>\r
+ <source>1.6</source>\r
+ <target>1.6</target>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ </plugins>\r
+ </build>\r
+ \r
+ <distributionManagement>\r
+ <snapshotRepository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>\r
+ </snapshotRepository>\r
+ <repository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>\r
+ </repository>\r
+ </distributionManagement>\r
+ \r
+ <scm>\r
+ <connection>https://github.com/att/AAF.git</connection>\r
+ <developerConnection>${project.scm.connection}</developerConnection>\r
+ <url>http://github.com/att/AAF/tree/master</url>\r
+ </scm>\r
+\r
+</project>\r
+\r
--- /dev/null
+<!-- Used by AAF (ATT inc 2013) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:aaf="urn:aaf:v2_0"
+ targetNamespace="urn:aaf:v2_0"
+ elementFormDefault="qualified">
+
+<!--
+ Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
+ with Query Params.
+
+ Eliminate in 3.0
+ -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+
+
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ <!-- Deprecated. Use Query Command
+ <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ Keys
+ -->
+ <xs:element name="keys">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Permissions
+-->
+ <xs:complexType name = "pkey">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="permKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perm">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey">
+ <xs:sequence>
+ <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perms">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="permRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Roles
+-->
+ <xs:complexType name="rkey">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="roleKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="role">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey">
+ <xs:sequence>
+ <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRole return types 9/16/2015 -->
+ <xs:element name="userRole">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRoles return types 9/16/2015 -->
+ <xs:element name="userRoles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="userRoleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="rolePermRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+ <xs:element name="nsRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: dec 11, 2015. Request-able NS Type JG -->
+ <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
+
+ <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
+ -->
+ <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
+
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name = "nss">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG -->
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Users
+-->
+ <xs:element name="users">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <!-- Changed type to dateTime, because of importance of Certs -->
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <!-- need to differentiate User Cred Types, 5/20/2015
+ This Return Object is shared by multiple functions:
+ Type is not returned for "UserRole", but only "Cred"
+ -->
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Certs
+ Added 5/20/2015 to support identifying Certificate based Services
+ -->
+ <xs:element name="certs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Credentials
+-->
+ <xs:element name="credRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="id" type="xs:string"/>
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
+ <xs:choice >
+ <xs:element name="password" type="xs:string" />
+ <xs:element name="entry" type="xs:string" />
+ </xs:choice>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ History
+ -->
+ <xs:element name="history">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Approvals
+ -->
+ <xs:complexType name="approval">
+ <xs:sequence>
+ <!-- Note, id is set by system -->
+ <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="ticket" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="approver" type="xs:string"/>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="memo" type="xs:string"/>
+ <xs:element name="updated" type="xs:dateTime"/>
+ <xs:element name="status">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="approve"/>
+ <xs:enumeration value="reject"/>
+ <xs:enumeration value="pending"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="operation">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="C"/>
+ <xs:enumeration value="U"/>
+ <xs:enumeration value="D"/>
+ <xs:enumeration value="G"/>
+ <xs:enumeration value="UG"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="approvals">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Delegates
+-->
+ <xs:complexType name="delg">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="delegate" type="xs:string"/>
+ <xs:element name="expires" type="xs:date"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="delgRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="delgs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- jg 3/11/2015 New for 2.0.8 -->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
--- /dev/null
+<!-- Used by AAF (ATT inc 2016) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:certman="urn:certman:v1_0"
+ targetNamespace="urn:certman:v1_0"
+ elementFormDefault="qualified">
+
+ <!-- jg 4/21/2016 New for Certificate Info -->
+ <xs:element name="certInfo">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- Base64 Encoded Private Key -->
+ <xs:element name="privatekey" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Base64 Encoded Certificate -->
+ <xs:element name="certs" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (2 method Auth) -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Notes from Server concerning Cert (not an error) -->
+ <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="baseRequest">
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Sponsor is only required if the caller is not Sponsor. In that case, the calling ID must be delegated to do the work. -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="specificRequest">
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <xs:element name="serial" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Certificate has been compromised or other security issue -->
+ <xs:element name="revoke" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="certificateRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateRenew">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateDrop">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Placement Structures -->
+
+ <xs:element name="artifacts">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="artifact" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="machine" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="type" minOccurs="1" maxOccurs="3">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="file"/>
+ <xs:enumeration value="jks"/>
+ <xs:enumeration value="print"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="ca" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="dir" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="os_user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Ignored on input, and set by TABLES. However, returned on output -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <!-- Optional... if empty, will use MechID Namespace -->
+ <xs:element name="appName" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... if empty, will notify Sponsor -->
+ <xs:element name="notification" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... Days before auto renewal. Min is 10. Max is 1/3 expiration (60) -->
+ <xs:element name="renewDays" type="xs:int" minOccurs="0" maxOccurs="1" default="30"/>
+
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+
+</xs:schema>
\ No newline at end of file
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+DIR=`pwd`
+DME2REG=$DIR/../dme2reg
+CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar
+
+java -cp $CLASSPATH \
+ -Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props \
+ -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \
+ com.att.cmd.AAFcli $*
+
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+\r
+log4j.appender.SVR=org.apache.log4j.RollingFileAppender \r
+log4j.appender.SVR.File=${user.home}/.aaf/authz-cmd.log\r
+log4j.appender.SVR.MaxFileSize=10000KB\r
+log4j.appender.SVR.MaxBackupIndex=1\r
+log4j.appender.SVR.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.SVR.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN,SVR\r
+\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-cmd</artifactId>\r
+ <name>Authz Command</name>\r
+ <description>Command Line Processor for Authz</description>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>false</maven.test.failure.ignore>\r
+ <project.swmVersion>21</project.swmVersion>\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency> \r
+ <groupId>jline</groupId> \r
+ <artifactId>jline</artifactId> \r
+ <version>2.14.2</version> \r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>org.slf4j</groupId>\r
+ <artifactId>slf4j-log4j12</artifactId>\r
+ </dependency>\r
+<!-- \r
+ <dependency>\r
+ <groupId>com.att.aft</groupId>\r
+ <artifactId>dme2</artifactId>\r
+ </dependency>\r
+ -->\r
+\r
+ </dependencies>\r
+\r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <artifactId>maven-assembly-plugin</artifactId>\r
+ <version>2.4</version>\r
+ <configuration>\r
+ <classifier>tests</classifier>\r
+ <archive>\r
+ <manifestEntries>\r
+ <Sealed>true</Sealed>\r
+ </manifestEntries>\r
+ </archive>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>full</id>\r
+ <phase>package</phase>\r
+ <goals>\r
+ <goal>single</goal>\r
+ </goals>\r
+ <configuration>\r
+ <descriptors>\r
+ <descriptor>src/main/assemble/authz-cmd.xml</descriptor>\r
+ </descriptors>\r
+ </configuration>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <configuration>\r
+ <skip>true</skip>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins/>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+</project>\r
--- /dev/null
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">\r
+ \r
+ <id>jar-with-dependencies</id>\r
+ <formats>\r
+ <format>jar</format>\r
+ </formats>\r
+\r
+ <includeBaseDirectory>false</includeBaseDirectory>\r
+ <dependencySets>\r
+ <dependencySet>\r
+ <unpack>true</unpack>\r
+ <scope>compile</scope>\r
+ </dependencySet>\r
+ \r
+ </dependencySets>\r
+ <fileSets>\r
+ <fileSet>\r
+ <directory>src/main/xsd</directory>\r
+ </fileSet>\r
+ <fileSet>\r
+ <directory>etc</directory>\r
+ </fileSet>\r
+ </fileSets>\r
+</assembly>\r
--- /dev/null
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<assembly>\r
+ <id>swm</id>\r
+ <formats>\r
+ <format>zip</format>\r
+ </formats>\r
+ <baseDirectory>${artifactId}</baseDirectory>\r
+ <fileSets>\r
+ <fileSet>\r
+ <directory>target/swm</directory>\r
+ </fileSet>\r
+ </fileSets>\r
+</assembly>\r
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+\r
+log4j.appender.SVR=org.apache.log4j.RollingFileAppender \r
+log4j.appender.SVR.File=${user.home}/.aaf/authz-cmd.log\r
+log4j.appender.SVR.MaxFileSize=10000KB\r
+log4j.appender.SVR.MaxBackupIndex=1\r
+log4j.appender.SVR.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.SVR.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN,SVR\r
+\r
--- /dev/null
+| ############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the INFO and above levels.
+handlers=java.util.logging.FileHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overriden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level=INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+java.util.logging.FileHandler.properties=autoFlush,fileName,dataPattern,name
+java.util.logging.FileHandler.fileName=%h/.aaf/dme2.log
+java.util.logging.FileHandlerFileHandler.autoFlush=true
+java.util.logging.FileHandlerFileHandler.name=DailyRollingFileHandler
+java.util.logging.FileHandlerFileHandler.datePattern='.'yyyy-MM-dd
+com.att.aft.dme2.events.server.summary=WARN
+
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import java.io.BufferedReader;\r
+import java.io.Console;\r
+import java.io.File;\r
+import java.io.FileReader;\r
+import java.io.IOException;\r
+import java.io.InputStream;\r
+import java.io.InputStreamReader;\r
+import java.io.OutputStreamWriter;\r
+import java.io.PrintWriter;\r
+import java.io.Reader;\r
+import java.io.Writer;\r
+import java.net.HttpURLConnection;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import java.util.Properties;\r
+\r
+import org.apache.log4j.PropertyConfigurator;\r
+\r
+import com.att.aft.dme2.api.DME2Manager;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.cadi.Access.Level;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.Locator;\r
+import com.att.cadi.SecuritySetter;\r
+import com.att.cadi.client.PropertyLocator;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.config.Config;\r
+import com.att.cadi.config.SecurityInfo;\r
+import com.att.cadi.config.SecurityInfoC;\r
+import com.att.cadi.dme2.DME2Locator;\r
+import com.att.cadi.filter.AccessGetter;\r
+import com.att.cadi.http.HBasicAuthSS;\r
+import com.att.cadi.http.HMangr;\r
+import com.att.cmd.mgmt.Mgmt;\r
+import com.att.cmd.ns.NS;\r
+import com.att.cmd.perm.Perm;\r
+import com.att.cmd.role.Role;\r
+import com.att.cmd.user.User;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.impl.Log4JLogTarget;\r
+import com.att.inno.env.util.Split;\r
+\r
+import jline.console.ConsoleReader;\r
+\r
+public class AAFcli {\r
+\r
+ public static final String AAF_DEFAULT_REALM = "aaf_default_realm";\r
+ protected static PrintWriter pw;\r
+ protected HMangr hman;\r
+ // Storage for last reused client. We can do this\r
+ // because we're technically "single" threaded calls.\r
+ public Retryable<?> prevCall;\r
+\r
+ protected SecuritySetter<HttpURLConnection> ss;\r
+ protected AuthzEnv env;\r
+ private boolean close;\r
+ private List<Cmd> cmds;\r
+\r
+ // Lex State\r
+ private ArrayList<Integer> expect = new ArrayList<Integer>();\r
+ private boolean verbose = true;\r
+ private int delay;\r
+ private SecurityInfo si;\r
+ private boolean request = false;\r
+ private String force = null;\r
+ private boolean gui = false;\r
+\r
+ private static int TIMEOUT = Integer.parseInt(Config.AAF_CONN_TIMEOUT_DEF);\r
+ private static boolean isConsole = false;\r
+ private static boolean isTest = false;\r
+ private static boolean showDetails = false;\r
+ private static boolean ignoreDelay = false;\r
+ private static int globalDelay=0;\r
+ \r
+ public static int timeout() {\r
+ return TIMEOUT;\r
+ }\r
+\r
+ public AAFcli(AuthzEnv env, Writer wtr, HMangr hman, SecurityInfo si, SecuritySetter<HttpURLConnection> ss) throws APIException {\r
+ this.env = env;\r
+ this.ss = ss;\r
+ this.hman = hman;\r
+ this.si = si;\r
+ if (wtr instanceof PrintWriter) {\r
+ pw = (PrintWriter) wtr;\r
+ close = false;\r
+ } else {\r
+ pw = new PrintWriter(wtr);\r
+ close = true;\r
+ }\r
+\r
+\r
+ // client = new DRcli(new URI(aafurl), new\r
+ // BasicAuth(user,toPass(pass,true)))\r
+ // .apiVersion("2.0")\r
+ // .timeout(TIMEOUT);\r
+\r
+ /*\r
+ * Create Cmd Tree\r
+ */\r
+ cmds = new ArrayList<Cmd>();\r
+\r
+ Role role = new Role(this);\r
+ cmds.add(new Help(this, cmds));\r
+ cmds.add(new Version(this));\r
+ cmds.add(new Perm(role));\r
+ cmds.add(role);\r
+ cmds.add(new User(this));\r
+ cmds.add(new NS(this));\r
+ cmds.add(new Mgmt(this));\r
+ }\r
+\r
+ public void verbose(boolean v) {\r
+ verbose = v;\r
+ }\r
+\r
+ public void close() {\r
+ if (hman != null) {\r
+ hman.close();\r
+ hman = null;\r
+ }\r
+ if (close) {\r
+ pw.close();\r
+ }\r
+ }\r
+\r
+ public boolean eval(String line) throws Exception {\r
+ if (line.length() == 0) {\r
+ return true;\r
+ } else if (line.startsWith("#")) {\r
+ pw.println(line);\r
+ return true;\r
+ }\r
+\r
+ String[] largs = argEval(line);\r
+ int idx = 0;\r
+\r
+ // Variable replacement\r
+ StringBuilder sb = null;\r
+ while (idx < largs.length) {\r
+ int e = 0;\r
+ for (int v = largs[idx].indexOf("@["); v >= 0; v = largs[idx].indexOf("@[", v + 1)) {\r
+ if (sb == null) {\r
+ sb = new StringBuilder();\r
+ }\r
+ sb.append(largs[idx], e, v);\r
+ if ((e = largs[idx].indexOf(']', v)) >= 0) {\r
+ String p = env.getProperty(largs[idx].substring(v + 2, e++));\r
+ if (p != null) {\r
+ sb.append(p);\r
+ }\r
+ }\r
+ }\r
+ if (sb != null && sb.length() > 0) {\r
+ sb.append(largs[idx], e, largs[idx].length());\r
+ largs[idx] = sb.toString();\r
+ sb.setLength(0);\r
+ }\r
+ ++idx;\r
+ }\r
+\r
+ idx = 0;\r
+ boolean rv = true;\r
+ while (rv && idx < largs.length) {\r
+ // Allow Script to change Credential\r
+ if (!gui) {\r
+ if("as".equalsIgnoreCase(largs[idx])) {\r
+ if (largs.length > ++idx) {\r
+ // get Password from Props with ID as Key\r
+ String user = largs[idx++];\r
+ int colon = user.indexOf(':');\r
+ String pass;\r
+ if (colon > 0) {\r
+ pass = user.substring(colon + 1);\r
+ user = user.substring(0, colon);\r
+ } else {\r
+ pass = env.getProperty(user);\r
+ }\r
+ \r
+ if (pass != null) {\r
+ pass = env.decrypt(pass, false);\r
+ env.setProperty(user, pass);\r
+ ss = new HBasicAuthSS(user, pass,(SecurityInfoC<HttpURLConnection>) si);\r
+ pw.println("as " + user);\r
+ } else { // get Pass from System Properties, under name of\r
+ // Tag\r
+ pw.println("ERROR: No password set for " + user);\r
+ rv = false;\r
+ }\r
+ continue;\r
+ }\r
+ } else if ("expect".equalsIgnoreCase(largs[idx])) {\r
+ expect.clear();\r
+ if (largs.length > idx++) {\r
+ if (!"nothing".equals(largs[idx])) {\r
+ for (String str : largs[idx].split(",")) {\r
+ try {\r
+ if ("Exception".equalsIgnoreCase(str)) {\r
+ expect.add(-1);\r
+ } else {\r
+ expect.add(Integer.parseInt(str));\r
+ }\r
+ } catch (NumberFormatException e) {\r
+ throw new CadiException("\"expect\" should be followed by Number");\r
+ }\r
+ }\r
+ ++idx;\r
+ }\r
+ }\r
+ continue;\r
+ // Sleep, typically for reports, to allow DB to update\r
+ // Milliseconds\r
+ \r
+ } else if ("sleep".equalsIgnoreCase(largs[idx])) {\r
+ Integer t = Integer.parseInt(largs[++idx]);\r
+ pw.println("sleep " + t);\r
+ Thread.sleep(t);\r
+ ++idx;\r
+ continue;\r
+ } else if ("delay".equalsIgnoreCase(largs[idx])) {\r
+ delay = Integer.parseInt(largs[++idx]);\r
+ pw.println("delay " + delay);\r
+ ++idx;\r
+ continue;\r
+ } else if ("pause".equalsIgnoreCase(largs[idx])) {\r
+ pw.println("Press <Return> to continue...");\r
+ ++idx;\r
+ new BufferedReader(new InputStreamReader(System.in)).readLine();\r
+ continue;\r
+ } else if ("exit".equalsIgnoreCase(largs[idx])) {\r
+ pw.println("Exiting...");\r
+ return false;\r
+ }\r
+\r
+ } \r
+ \r
+ if("REQUEST".equalsIgnoreCase(largs[idx])) {\r
+ request=true;\r
+ ++idx;\r
+ } else if("FORCE".equalsIgnoreCase(largs[idx])) {\r
+ force="true";\r
+ ++idx;\r
+ } else if ("set".equalsIgnoreCase(largs[idx])) {\r
+ while (largs.length > ++idx) {\r
+ int equals = largs[idx].indexOf('=');\r
+ if (equals < 0) {\r
+ break;\r
+ }\r
+ String tag = largs[idx].substring(0, equals);\r
+ String value = largs[idx].substring(++equals);\r
+ pw.println("set " + tag + ' ' + value);\r
+ boolean isTrue = "TRUE".equalsIgnoreCase(value);\r
+ if("FORCE".equalsIgnoreCase(tag)) {\r
+ force = value;\r
+ } else if("REQUEST".equalsIgnoreCase(tag)) {\r
+ request = isTrue;\r
+ } else if("DETAILS".equalsIgnoreCase(tag)) {\r
+ showDetails = isTrue;\r
+ } else {\r
+ env.setProperty(tag, value);\r
+ }\r
+ }\r
+ continue;\r
+ // Allow Script to indicate if Failure is what is expected\r
+ }\r
+\r
+ int ret = 0;\r
+ for (Cmd c : cmds) {\r
+ if (largs[idx].equalsIgnoreCase(c.getName())) {\r
+ if (verbose) {\r
+ pw.println(line);\r
+ if (expect.size() > 0) {\r
+ pw.print("** Expect ");\r
+ boolean first = true;\r
+ for (Integer i : expect) {\r
+ if (first) {\r
+ first = false;\r
+ } else {\r
+ pw.print(',');\r
+ }\r
+ pw.print(i);\r
+ }\r
+ pw.println(" **");\r
+ }\r
+ }\r
+ try {\r
+ ret = c.exec(++idx, largs);\r
+ if (delay+globalDelay > 0) {\r
+ Thread.sleep(delay+globalDelay);\r
+ }\r
+ } catch (Exception e) {\r
+ if (expect.contains(-1)) {\r
+ pw.println(e.getMessage());\r
+ ret = -1;\r
+ } else {\r
+ throw e;\r
+ }\r
+ } finally {\r
+ clearSingleLineProperties();\r
+ }\r
+ rv = expect.isEmpty() ? true : expect.contains(ret);\r
+ if (verbose) {\r
+ if (rv) {\r
+ pw.println();\r
+ } else {\r
+ pw.print("!!! Unexpected Return Code: ");\r
+ pw.print(ret);\r
+ pw.println(", VALIDATE OUTPUT!!!");\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ }\r
+ pw.write("Unknown Instruction \"");\r
+ pw.write(largs[idx]);\r
+ pw.write("\"\n");\r
+ idx = largs.length;// always end after one command\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ private String[] argEval(String line) {\r
+ StringBuilder sb = new StringBuilder();\r
+ ArrayList<String> arr = new ArrayList<String>();\r
+ boolean start = true;\r
+ char quote = 0;\r
+ for (int i = 0; i < line.length(); ++i) {\r
+ char ch;\r
+ if (Character.isWhitespace(ch = line.charAt(i))) {\r
+ if (start) {\r
+ continue; // trim\r
+ } else if (quote != 0) {\r
+ sb.append(ch);\r
+ } else {\r
+ arr.add(sb.toString());\r
+ sb.setLength(0);\r
+ start = true;\r
+ }\r
+ } else if (ch == '\'' || ch == '"') { // toggle\r
+ if (quote == ch) {\r
+ quote = 0;\r
+ } else {\r
+ quote = ch;\r
+ }\r
+ } else {\r
+ start = false;\r
+ sb.append(ch);\r
+ }\r
+ }\r
+ if (sb.length() > 0) {\r
+ arr.add(sb.toString());\r
+ }\r
+\r
+ String[] rv = new String[arr.size()];\r
+ arr.toArray(rv);\r
+ return rv;\r
+ }\r
+\r
+ public static void keyboardHelp() {\r
+ System.out.println("'C-' means hold the ctrl key down while pressing the next key.");\r
+ System.out.println("'M-' means hold the alt key down while pressing the next key.");\r
+ System.out.println("For instance, C-b means hold ctrl key and press b, M-b means hold alt and press b\n");\r
+\r
+ System.out.println("Basic Keybindings:");\r
+ System.out.println("\tC-l - clear screen"); \r
+ System.out.println("\tC-a - beginning of line");\r
+ System.out.println("\tC-e - end of line");\r
+ System.out.println("\tC-b - backward character (left arrow also works)");\r
+ System.out.println("\tM-b - backward word");\r
+ System.out.println("\tC-f - forward character (right arrow also works)");\r
+ System.out.println("\tM-f - forward word");\r
+ System.out.println("\tC-d - delete character under cursor");\r
+ System.out.println("\tM-d - delete word forward");\r
+ System.out.println("\tM-backspace - delete word backward");\r
+ System.out.println("\tC-k - delete from cursor to end of line");\r
+ System.out.println("\tC-u - delete entire line, regardless of cursor position\n");\r
+\r
+ System.out.println("Command History:");\r
+ System.out.println("\tC-r - search backward in history (repeating C-r continues the search)");\r
+ System.out.println("\tC-p - move backwards through history (up arrow also works)");\r
+ System.out.println("\tC-n - move forwards through history (down arrow also works)\n");\r
+\r
+ }\r
+\r
+ /**\r
+ * @param args\r
+ */\r
+ public static void main(String[] args) {\r
+ int rv = 0;\r
+ // Cover for bash's need to escape *... (\\*)\r
+ for (int i = 0; i < args.length; ++i) {\r
+ if ("\\*".equals(args[i])) {\r
+ args[i] = "*";\r
+ }\r
+ }\r
+ \r
+ System.setProperty("java.util.logging.config.file", "etc/logging.props");\r
+ final AuthzEnv env = new AuthzEnv(System.getProperties());\r
+ \r
+ // Stop the (exceedingly annoying) DME2/other logs from printing console\r
+ InputStream is;\r
+\r
+ // Load Log4j too... sigh\r
+ is = ClassLoader.getSystemResourceAsStream("log4j.properties");\r
+ if(is==null) {\r
+ env.log(Level.WARN, "Cannot find 'log4j.properties' in Classpath. Best option: add 'etc' directory to classpath");\r
+ } else {\r
+ try {\r
+ Properties props = new Properties();\r
+ props.load(is);\r
+ PropertyConfigurator.configure(props);\r
+ } catch (Exception e) {\r
+ e.printStackTrace();\r
+ } finally {\r
+ try {\r
+ is.close();\r
+ } catch (IOException e) {\r
+ env.debug().log(e); // only logging to avoid Sonar False positives.\r
+ }\r
+ }\r
+ }\r
+\r
+ env.loadFromSystemPropsStartsWith("AFT", "DME2", "aaf", "keyfile");\r
+ try {\r
+ Log4JLogTarget.setLog4JEnv("aaf", env);\r
+ GetProp gp = new GetProp(env);\r
+ String user = gp.get(false,Config.AAF_MECHID,"fully qualified id");\r
+ String pass = gp.get(true, Config.AAF_MECHPASS, "password is hidden");\r
+ if(env.getProperty(Config.AAF_URL)==null) {\r
+ String p = env.getProperty("DMEServiceName");\r
+ if(p!=null) {\r
+ boolean https = "true".equalsIgnoreCase(env.getProperty("AFT_DME2_SSL_ENABLE"));\r
+ env.setProperty(Config.AAF_URL, "http"+(https?"s":"")+"://DME2RESOLVE/"+p);\r
+ }\r
+ }\r
+ String aafUrl = gp.get(false, Config.AAF_URL, "https://DME2RESOLVE or Direct URL:port");\r
+\r
+ if(aafUrl!=null && aafUrl.contains("//DME2")) {\r
+ //gp.set(Config.AFT_LATITUDE,"Lookup from a Map App or table");\r
+ //gp.set(Config.AFT_LONGITUDE,"Lookup from a Map App or table");\r
+ //gp.set(Config.AFT_ENVIRONMENT,"Check DME2 Installations");\r
+ }\r
+\r
+ if (gp.err() != null) {\r
+ gp.err().append("to continue...");\r
+ System.err.println(gp.err());\r
+ System.exit(1);\r
+ }\r
+ \r
+\r
+ Reader rdr = null;\r
+ boolean exitOnFailure = true;\r
+ /*\r
+ * Check for "-" options anywhere in command line\r
+ */\r
+ StringBuilder sb = new StringBuilder();\r
+ for (int i = 0; i < args.length; ++i) {\r
+ if ("-i".equalsIgnoreCase(args[i])) {\r
+ rdr = new InputStreamReader(System.in);\r
+ // } else if("-o".equalsIgnoreCase(args[i])) {\r
+ // // shall we do something different? Output stream is\r
+ // already done...\r
+ } else if ("-f".equalsIgnoreCase(args[i])) {\r
+ if (args.length > i + 1) {\r
+ rdr = new FileReader(args[++i]);\r
+ }\r
+ } else if ("-a".equalsIgnoreCase(args[i])) {\r
+ exitOnFailure = false;\r
+ } else if ("-c".equalsIgnoreCase(args[i])) {\r
+ isConsole = true;\r
+ } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {\r
+ env.setProperty(Cmd.STARTDATE, args[++i]);\r
+ } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {\r
+ env.setProperty(Cmd.ENDDATE, args[++i]);\r
+ } else if ("-t".equalsIgnoreCase(args[i])) {\r
+ isTest = true;\r
+ } else if ("-d".equalsIgnoreCase(args[i])) {\r
+ showDetails = true;\r
+ } else if ("-n".equalsIgnoreCase(args[i])) {\r
+ ignoreDelay = true;\r
+ } else {\r
+ if (sb.length() > 0) {\r
+ sb.append(' ');\r
+ }\r
+ sb.append(args[i]);\r
+ }\r
+ }\r
+\r
+ SecurityInfo si = new SecurityInfo(env);\r
+ env.loadToSystemPropsStartsWith("AAF", "DME2");\r
+ Locator loc;\r
+ if(aafUrl.contains("//DME2RESOLVE")) {\r
+ DME2Manager dm = new DME2Manager("AAFcli DME2Manager", System.getProperties());\r
+ loc = new DME2Locator(env, dm, aafUrl);\r
+ } else {\r
+ loc = new PropertyLocator(aafUrl);\r
+ }\r
+\r
+ //Config.configPropFiles(new AccessGetter(env), env);\r
+ \r
+ TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));\r
+ HMangr hman = new HMangr(env, loc).readTimeout(TIMEOUT).apiVersion("2.0");\r
+ \r
+ //TODO: Consider requiring a default in properties\r
+ env.setProperty(Config.AAF_DEFAULT_REALM, System.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()));\r
+\r
+ AAFcli aafcli = new AAFcli(env, new OutputStreamWriter(System.out), hman, si, \r
+ new HBasicAuthSS(user, env.decrypt(pass,false), (SecurityInfoC<HttpURLConnection>) si));\r
+ if(!ignoreDelay) {\r
+ File delay = new File("aafcli.delay");\r
+ if(delay.exists()) {\r
+ BufferedReader br = new BufferedReader(new FileReader(delay));\r
+ try {\r
+ globalDelay = Integer.parseInt(br.readLine());\r
+ } catch(Exception e) {\r
+ env.debug().log(e);\r
+ } finally {\r
+ br.close();\r
+ }\r
+ }\r
+ }\r
+ try {\r
+ if (isConsole) {\r
+ System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");\r
+ System.out.println("Type '?' for help with command line editing");\r
+ System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");\r
+\r
+ ConsoleReader reader = new ConsoleReader();\r
+ try {\r
+ reader.setPrompt("aafcli > ");\r
+ \r
+ String line;\r
+ while ((line = reader.readLine()) != null) {\r
+ showDetails = (line.contains("-d"))?true:false;\r
+ \r
+ if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {\r
+ break;\r
+ } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d") \r
+ || line.equalsIgnoreCase("help")) {\r
+ line = "--help";\r
+ } else if (line.equalsIgnoreCase("cls")) {\r
+ reader.clearScreen();\r
+ continue;\r
+ } else if (line.equalsIgnoreCase("?")) {\r
+ keyboardHelp();\r
+ continue;\r
+ }\r
+ try {\r
+ aafcli.eval(line);\r
+ pw.flush();\r
+ } catch (Exception e) {\r
+ pw.println(e.getMessage());\r
+ pw.flush();\r
+ }\r
+ }\r
+ } finally {\r
+ reader.close();\r
+ }\r
+ } else if (rdr != null) {\r
+ BufferedReader br = new BufferedReader(rdr);\r
+ String line;\r
+ while ((line = br.readLine()) != null) {\r
+ if (!aafcli.eval(line) && exitOnFailure) {\r
+ rv = 1;\r
+ break;\r
+ }\r
+ }\r
+ } else { // just run the command line\r
+ aafcli.verbose(false);\r
+ if (sb.length() == 0) {\r
+ sb.append("--help");\r
+ }\r
+ rv = aafcli.eval(sb.toString()) ? 0 : 1;\r
+ }\r
+ } finally {\r
+ aafcli.close();\r
+\r
+ // Don't close if No Reader, or it's a Reader of Standard In\r
+ if (rdr != null && !(rdr instanceof InputStreamReader)) {\r
+ rdr.close();\r
+ }\r
+ }\r
+ } catch (MessageException e) {\r
+ System.out.println("MessageException caught");\r
+\r
+ System.err.println(e.getMessage());\r
+ } catch (Exception e) {\r
+ e.printStackTrace(System.err);\r
+ }\r
+ System.exit(rv);\r
+\r
+ }\r
+\r
+ private static class GetProp {\r
+ private Console cons = System.console();\r
+ private StringBuilder err = null;\r
+ private AuthzEnv env;\r
+ \r
+ public GetProp(AuthzEnv env) {\r
+ this.env = env;\r
+ }\r
+\r
+ public String get(final boolean pass, final String tag, final String other) {\r
+ String data = env.getProperty(tag,null);\r
+ if (data == null) {\r
+ if(cons!=null) {\r
+ if(pass) {\r
+ char[] cp = System.console().readPassword("%s: ",tag);\r
+ if(cp!=null) {\r
+ data=String.valueOf(cp);\r
+ }\r
+ } else {\r
+ cons.writer().format("%s: ", tag);\r
+ cons.flush();\r
+ data = cons.readLine();\r
+ }\r
+ }\r
+ if(data==null) {\r
+ if(err == null) {\r
+ err = new StringBuilder("Add -D");\r
+ } else {\r
+ err.append(", -D");\r
+ }\r
+ err.append(tag);\r
+ if(other!=null) {\r
+ err.append("=<");\r
+ err.append(other);\r
+ err.append('>');\r
+ }\r
+ }\r
+ }\r
+ return data;\r
+ }\r
+ \r
+ public void set(final String tag, final String other) {\r
+ String data = env.getProperty(tag,null);\r
+ if (data == null) {\r
+ if(cons!=null) {\r
+ cons.writer().format("%s: ", tag);\r
+ cons.flush();\r
+ data = cons.readLine();\r
+ }\r
+ if(data==null) {\r
+ if(err == null) {\r
+ err = new StringBuilder("Add -D");\r
+ } else {\r
+ err.append(", -D");\r
+ }\r
+ err.append(tag);\r
+ if(other!=null) {\r
+ err.append("=<");\r
+ err.append(other);\r
+ err.append('>');\r
+ }\r
+ }\r
+ }\r
+ if(data!=null) {\r
+ System.setProperty(tag, data);\r
+ }\r
+ }\r
+\r
+ public StringBuilder err() {\r
+ return err;\r
+ }\r
+ }\r
+\r
+ public boolean isTest() {\r
+ return AAFcli.isTest;\r
+ }\r
+ \r
+ public boolean isDetailed() {\r
+ return AAFcli.showDetails;\r
+ }\r
+\r
+ public String typeString(Class<?> cls, boolean json) {\r
+ return "application/" + cls.getSimpleName() + "+" + (json ? "json" : "xml") + ";version=" + hman.apiVersion();\r
+ }\r
+\r
+ public String forceString() {\r
+ return force;\r
+ }\r
+\r
+ public boolean addRequest() {\r
+ return request;\r
+ }\r
+\r
+ public void clearSingleLineProperties() {\r
+ force = null;\r
+ request = false;\r
+ showDetails = false;\r
+ }\r
+\r
+ public void gui(boolean b) {\r
+ gui = b;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+\r
+public class BaseCmd<CMD extends Cmd> extends Cmd {\r
+ protected List<Cmd> cmds;\r
+\r
+ public BaseCmd(AAFcli aafcli, String name, Param ... params) {\r
+ super(aafcli, null, name, params);\r
+ cmds = new ArrayList<Cmd>();\r
+ }\r
+ \r
+ public BaseCmd(CMD parent, String name, Param ... params) {\r
+ super(parent.aafcli, parent, name, params);\r
+ cmds = new ArrayList<Cmd>();\r
+ }\r
+\r
+ \r
+ @Override\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ if(args.length-idx<1) {\r
+ pw().println(build(new StringBuilder(),null).toString());\r
+ } else {\r
+ String s = args[idx];\r
+ String name;\r
+ Cmd empty = null;\r
+ for(Cmd c: cmds) {\r
+ name = c.getName();\r
+ if(name==null && empty==null) { // Mark with Command is null, and take the first one. \r
+ empty = c;\r
+ } else if(s.equalsIgnoreCase(c.getName()))\r
+ return c.exec(idx+1, args);\r
+ }\r
+ if(empty!=null) {\r
+ return empty.exec(idx, args); // If name is null, don't account for it on command line. jg 4-29\r
+ }\r
+ pw().println("Instructions not understood.");\r
+ }\r
+ return 0;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import java.io.IOException;\r
+\r
+import com.att.aft.dme2.api.DME2Client;\r
+import com.att.cadi.SecuritySetter;\r
+import com.att.cadi.Symm;\r
+\r
+public class BasicAuth implements SecuritySetter<DME2Client> {\r
+ private String cred;\r
+ private String user;\r
+ \r
+ public BasicAuth(String user, String pass) throws IOException {\r
+ this.user = user;\r
+ cred = "Basic " + Symm.base64.encode(user+':'+pass);\r
+ }\r
+ \r
+ @Override\r
+ public void setSecurity(DME2Client client) {\r
+ client.addHeader("Authorization" , cred);\r
+ }\r
+\r
+ @Override\r
+ public String getID() {\r
+ return user;\r
+ }\r
+\r
+ //@Override\r
+ public int setLastResponse(int respCode) {\r
+ // TODO Auto-generated method stub\r
+ return 0;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import java.io.PrintWriter;\r
+import java.io.StringReader;\r
+import java.sql.Date;\r
+import java.text.DateFormat;\r
+import java.text.SimpleDateFormat;\r
+import java.util.ArrayList;\r
+import java.util.Comparator;\r
+import java.util.GregorianCalendar;\r
+import java.util.List;\r
+import java.util.Stack;\r
+import java.util.concurrent.ConcurrentHashMap;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.http.HMangr;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data.TYPE;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.util.Chrono;\r
+import com.att.rosetta.env.RosettaDF;\r
+import com.att.rosetta.env.RosettaEnv;\r
+\r
+import aaf.v2_0.Error;\r
+import aaf.v2_0.History;\r
+import aaf.v2_0.History.Item;\r
+import aaf.v2_0.Request;\r
+\r
+\r
+public abstract class Cmd {\r
+ private static final String AAF_DEFAULT_REALM = "aaf_default_realm";\r
+ \r
+ private static final DateFormat dateFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS");\r
+ protected static final String BLANK = "";\r
+ protected static final String COMMA = ","; // for use in splits\r
+\r
+ protected static final int lineLength = 80;\r
+\r
+ private final static String hformat = "%-23s %-5s %-20s %-35s\n";\r
+\r
+ public static final String STARTDATE = "startdate";\r
+ public static final String ENDDATE = "enddate";\r
+ \r
+ private String name;\r
+ private final Param[] params;\r
+ private int required;\r
+ protected final Cmd parent;\r
+ protected final List<Cmd> children;\r
+ private final ConcurrentHashMap<Class<?>,RosettaDF<?>> dfs = new ConcurrentHashMap<Class<?>,RosettaDF<?>>();\r
+ public final AAFcli aafcli;\r
+ protected Env env;\r
+\r
+ public Cmd(AAFcli aafcli, String name, Param ... params) {\r
+ this(aafcli,null, name,params);\r
+ }\r
+\r
+ public Cmd(Cmd parent, String name, Param ... params) {\r
+ this(parent.aafcli,parent, name,params);\r
+ }\r
+\r
+ Cmd(AAFcli aafcli, Cmd parent, String name, Param ... params) {\r
+ this.parent = parent;\r
+ this.aafcli = aafcli;\r
+ this.env = aafcli.env;\r
+ if(parent!=null) {\r
+ parent.children.add(this);\r
+ }\r
+ children = new ArrayList<Cmd>();\r
+ this.params = params;\r
+ this.name = name;\r
+ required=0;\r
+ for(Param p : params) {\r
+ if(p.required) {\r
+ ++required;\r
+ }\r
+ }\r
+ }\r
+ \r
+ public final int exec(int idx, String ... args) throws CadiException, APIException, LocatorException {\r
+ if(args.length-idx<required) {\r
+ throw new CadiException(build(new StringBuilder("Too few args: "),null).toString());\r
+ }\r
+ return _exec(idx,args);\r
+ }\r
+ \r
+ protected abstract int _exec(int idx, final String ... args) throws CadiException, APIException, LocatorException;\r
+ \r
+ public void detailedHelp(int indent,StringBuilder sb) {\r
+ }\r
+\r
+ protected void detailLine(StringBuilder sb, int length, String s) {\r
+ multiChar(sb,length,' ',0);\r
+ sb.append(s);\r
+ }\r
+\r
+ public void apis(int indent,StringBuilder sb) {\r
+ }\r
+\r
+ protected void api(StringBuilder sb, int _indent, HttpMethods hmeth, String pathInfo, Class<?> cls,boolean head) {\r
+ int indent = _indent;\r
+ final String meth = hmeth.name();\r
+ if(head) {\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"APIs:");\r
+ }\r
+ indent+=2;\r
+ multiChar(sb,indent,' ',0);\r
+ sb.append(meth);\r
+ sb.append(' ');\r
+ sb.append(pathInfo);\r
+ String cliString = aafcli.typeString(cls,true);\r
+ if(indent+meth.length()+pathInfo.length()+cliString.length()+2>80) {\r
+ sb.append(" ...");\r
+ multiChar(sb,indent+3+meth.length(),' ',0);\r
+ } else { // same line\r
+ sb.append(' ');\r
+ }\r
+ sb.append(cliString);\r
+ }\r
+\r
+ protected void multiChar(StringBuilder sb, int length, char c, int indent) {\r
+ sb.append('\n');\r
+ for(int i=0;i<indent;++i)sb.append(' ');\r
+ for(int i=indent;i<length;++i)sb.append(c);\r
+ }\r
+\r
+ public StringBuilder build(StringBuilder sb, StringBuilder detail) {\r
+ if(name!=null) {\r
+ sb.append(name);\r
+ sb.append(' ');\r
+ }\r
+ int line = sb.lastIndexOf("\n")+1;\r
+ if(line<0) {\r
+ line=0;\r
+ }\r
+ int indent = sb.length()-line;\r
+ for(Param p : params) {\r
+ sb.append(p.required?'<':'[');\r
+ sb.append(p.tag);\r
+ sb.append(p.required?"> ": "] ");\r
+ }\r
+ \r
+ boolean first = true;\r
+ for(Cmd child : children) {\r
+ if(first) {\r
+ first = false;\r
+ } else if(detail==null) {\r
+ multiChar(sb,indent,' ',0);\r
+ } else {\r
+ // Write parents for Detailed Report\r
+ Stack<String> stack = new Stack<String>();\r
+ for(Cmd c = child.parent;c!=null;c=c.parent) {\r
+ if(c.name!=null) {\r
+ stack.push(c.name);\r
+ }\r
+ }\r
+ if(!stack.isEmpty()) {\r
+ sb.append(" ");\r
+ while(!stack.isEmpty()) {\r
+ sb.append(stack.pop());\r
+ sb.append(' ');\r
+ }\r
+ }\r
+ }\r
+ child.build(sb,detail);\r
+ if(detail!=null) {\r
+ child.detailedHelp(4, detail);\r
+ // If Child wrote something, then add, bracketing by lines\r
+ if(detail.length()>0) {\r
+ multiChar(sb,80,'-',2);\r
+ sb.append(detail);\r
+ sb.append('\n');\r
+ multiChar(sb,80,'-',2);\r
+ sb.append('\n');\r
+ detail.setLength(0); // reuse\r
+ } else {\r
+ sb.append('\n');\r
+ }\r
+ }\r
+ }\r
+ return sb;\r
+ }\r
+ \r
+ protected void error(Future<?> future) {\r
+ StringBuilder sb = new StringBuilder("Failed");\r
+ String desc = future.body();\r
+ int code = future.code();\r
+ if(desc==null || desc.length()==0) {\r
+ withCode(sb,code);\r
+ } else if(desc.startsWith("{")) {\r
+ StringReader sr = new StringReader(desc);\r
+ try {\r
+ // Note: 11-18-2013. This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices.\r
+ Error err = getDF(Error.class).newData().in(TYPE.JSON).load(sr).asObject();\r
+ sb.append(" [");\r
+ sb.append(err.getMessageId());\r
+ sb.append("]: ");\r
+ String messageBody = err.getText();\r
+ List<String> vars = err.getVariables();\r
+ int pipe;\r
+ for (int varCounter=0;varCounter<vars.size();) {\r
+ String var = vars.get(varCounter);\r
+ ++varCounter;\r
+ if (messageBody.indexOf("%" + varCounter) >= 0) {\r
+ if((pipe = var.indexOf('|'))>=0) { // In AAF, we use a PIPE for Choice\r
+ if (aafcli.isTest()) {\r
+ String expiresStr = var.substring(pipe);\r
+ var = var.replace(expiresStr, "[Placeholder]");\r
+ } else {\r
+ StringBuilder varsb = new StringBuilder(var);\r
+ varsb.deleteCharAt(pipe);\r
+ var = varsb.toString();\r
+ }\r
+ messageBody = messageBody.replace("%" + varCounter, varCounter-1 + ") " + var);\r
+ } else {\r
+ messageBody = messageBody.replace("%" + varCounter, var);\r
+ }\r
+ }\r
+ }\r
+ sb.append(messageBody);\r
+ } catch (Exception e) {\r
+ withCode(sb,code);\r
+ sb.append(" (Note: Details cannot be obtained from Error Structure)");\r
+ }\r
+ } else if(desc.startsWith("<html>")){ // Core Jetty, etc sends HTML for Browsers\r
+ withCode(sb,code);\r
+ } else {\r
+ sb.append(" with code ");\r
+ sb.append(code);\r
+ sb.append(", ");\r
+ sb.append(desc);\r
+ }\r
+ pw().println(sb);\r
+ }\r
+\r
+ \r
+ private void withCode(StringBuilder sb, Integer code) {\r
+ sb.append(" with code ");\r
+ sb.append(code);\r
+ switch(code) {\r
+ case 401:\r
+ sb.append(" (HTTP Not Authenticated)");\r
+ break;\r
+ case 403:\r
+ sb.append(" (HTTP Forbidden)");\r
+ break;\r
+ case 404:\r
+ sb.append(" (HTTP Not Found)");\r
+ break;\r
+ default:\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Consistently set start and end dates from Requests (all derived from Request)\r
+ * @param req\r
+ */\r
+ protected void setStartEnd(Request req) {\r
+ // Set Start/End Dates, if exist\r
+ String str;\r
+ if((str = env.getProperty(Cmd.STARTDATE,null))!=null) {\r
+ req.setStart(Chrono.timeStamp(Date.valueOf(str)));\r
+ }\r
+ \r
+ if((str = env.getProperty(Cmd.ENDDATE,null))!=null) {\r
+ req.setEnd(Chrono.timeStamp(Date.valueOf(str)));\r
+ }\r
+ }\r
+\r
+ @SuppressWarnings("unchecked")\r
+ protected<T> RosettaDF<T> getDF(Class<T> cls) throws APIException {\r
+ RosettaDF<T> rdf = (RosettaDF<T>)dfs.get(cls);\r
+ if(rdf == null) {\r
+ rdf = env().newDataFactory(cls);\r
+ dfs.put(cls, rdf);\r
+ }\r
+ return rdf;\r
+ }\r
+\r
+ public void activity(History history, String header) {\r
+ if (history.getItem().isEmpty()) {\r
+ int start = header.indexOf('[');\r
+ if (start >= 0) {\r
+ pw().println("No Activity Found for " + header.substring(start));\r
+ }\r
+ } else {\r
+ pw().println(header);\r
+ for(int i=0;i<lineLength;++i)pw().print('-');\r
+ pw().println();\r
+ \r
+ pw().format(hformat,"Date","Table","User","Memo");\r
+ for(int i=0;i<lineLength;++i)pw().print('-');\r
+ pw().println();\r
+ \r
+ // Save Server time by Sorting locally\r
+ List<Item> items = history.getItem();\r
+ java.util.Collections.sort(items, new Comparator<Item>() {\r
+ @Override\r
+ public int compare(Item o1, Item o2) {\r
+ return o2.getTimestamp().compare(o1.getTimestamp());\r
+ }\r
+ });\r
+ \r
+ for(History.Item item : items) {\r
+ GregorianCalendar gc = item.getTimestamp().toGregorianCalendar();\r
+ pw().format(hformat,\r
+ dateFmt.format(gc.getTime()),\r
+ item.getTarget(),\r
+ item.getUser(),\r
+ item.getMemo());\r
+ }\r
+ }\r
+ }\r
+ \r
+ /**\r
+ * Turn String Array into a | delimited String\r
+ * @param options\r
+ * @return\r
+ */\r
+ public static String optionsToString(String[] options) {\r
+ StringBuilder sb = new StringBuilder();\r
+ boolean first = true;\r
+ for(String s : options) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append('|');\r
+ }\r
+ sb.append(s);\r
+ }\r
+ return sb.toString();\r
+ }\r
+ \r
+ /**\r
+ * return which index number the Option matches.\r
+ * \r
+ * throws an Exception if not part of this Option Set\r
+ * \r
+ * @param options\r
+ * @param test\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public int whichOption(String[] options, String test) throws CadiException {\r
+ for(int i=0;i<options.length;++i) {\r
+ if(options[i].equals(test)) {\r
+ return i;\r
+ }\r
+ }\r
+ throw new CadiException(build(new StringBuilder("Invalid Option: "),null).toString());\r
+ }\r
+\r
+ protected RosettaEnv env() {\r
+ return aafcli.env;\r
+ }\r
+\r
+ protected HMangr hman() {\r
+ return aafcli.hman;\r
+ }\r
+\r
+ public<RET> RET same(Retryable<RET> retryable) throws APIException, CadiException, LocatorException {\r
+ // We're storing in AAFCli, because we know it's always the same, and single threaded\r
+ if(aafcli.prevCall!=null) {\r
+ retryable.item(aafcli.prevCall.item());\r
+ retryable.lastClient=aafcli.prevCall.lastClient;\r
+ }\r
+ \r
+ RET ret = aafcli.hman.same(aafcli.ss,retryable);\r
+ \r
+ // Store last call in AAFcli, because Cmds are all different instances.\r
+ aafcli.prevCall = retryable;\r
+ return ret;\r
+ }\r
+\r
+ public<RET> RET all(Retryable<RET> retryable) throws APIException, CadiException, LocatorException {\r
+ this.setQueryParamsOn(retryable.lastClient);\r
+ return aafcli.hman.all(aafcli.ss,retryable);\r
+ }\r
+\r
+ public<RET> RET oneOf(Retryable<RET> retryable,String host) throws APIException, CadiException, LocatorException {\r
+ this.setQueryParamsOn(retryable.lastClient);\r
+ return aafcli.hman.oneOf(aafcli.ss,retryable,true,host);\r
+ }\r
+\r
+ protected PrintWriter pw() {\r
+ return AAFcli.pw;\r
+ }\r
+\r
+ public String getName() {\r
+ return name;\r
+ }\r
+ \r
+ public void reportHead(String ... str) {\r
+ pw().println();\r
+ boolean first = true;\r
+ int i=0;\r
+ for(String s : str) {\r
+ if(first) {\r
+ if(++i>1) {\r
+ first = false;\r
+ pw().print("[");\r
+ }\r
+ } else {\r
+ pw().print("] [");\r
+ }\r
+ pw().print(s);\r
+ }\r
+ if(!first) {\r
+ pw().print(']');\r
+ }\r
+ pw().println();\r
+ reportLine();\r
+ }\r
+ \r
+ public String reportColHead(String format, String ... args) {\r
+ pw().format(format,(Object[])args);\r
+ reportLine();\r
+ return format;\r
+ }\r
+\r
+ public void reportLine() {\r
+ for(int i=0;i<lineLength;++i)pw().print('-');\r
+ pw().println();\r
+ }\r
+ \r
+ protected void setQueryParamsOn(Rcli<?> rcli) {\r
+ StringBuilder sb=null;\r
+ String force;\r
+ if((force=aafcli.forceString())!=null) {\r
+ sb = new StringBuilder("force=");\r
+ sb.append(force);\r
+ }\r
+ if(aafcli.addRequest()) {\r
+ if(sb==null) {\r
+ sb = new StringBuilder("request=true");\r
+ } else {\r
+ sb.append("&request=true");\r
+ }\r
+ }\r
+ if(sb!=null && rcli!=null) {\r
+ rcli.setQueryParams(sb.toString());\r
+ }\r
+ }\r
+//\r
+// /**\r
+// * If Force is set, will return True once only, then revert to "FALSE".\r
+// * \r
+// * @return\r
+// */\r
+// protected String checkForce() {\r
+// if(TRUE.equalsIgnoreCase(env.getProperty(FORCE, FALSE))) {\r
+// env.setProperty(FORCE, FALSE);\r
+// return "true";\r
+// }\r
+// return FALSE;\r
+// }\r
+\r
+ public String toString() {\r
+ StringBuilder sb = new StringBuilder();\r
+ if(parent==null) { // ultimate parent\r
+ build(sb,null);\r
+ return sb.toString();\r
+ } else {\r
+ return parent.toString();\r
+ }\r
+ }\r
+ \r
+ public String getOrgRealm() {\r
+ return env.getProperty(AAF_DEFAULT_REALM);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import java.util.List;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Help extends Cmd {\r
+ private List<Cmd> cmds;\r
+\r
+ public Help(AAFcli aafcli, List<Cmd> cmds) {\r
+ super(aafcli, "--help", \r
+ new Param("-d (more details)", false),\r
+ new Param("command",false));\r
+ this.cmds = cmds;\r
+ }\r
+\r
+ @Override\r
+ public int _exec( int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ boolean first = true;\r
+ StringBuilder sb = new StringBuilder("AAF Command Line Tool");\r
+ StringBuilder details;\r
+ if(aafcli.isDetailed() ){\r
+ multiChar(sb, 21, '-',0);\r
+ details=new StringBuilder();// use for temporary writing of details\r
+ } else {\r
+ multiChar(sb, 21, '-',0);\r
+ details = null;\r
+ }\r
+ String comp = args.length>idx?args[idx++]:null;\r
+ if("help".equalsIgnoreCase(comp)) {\r
+ build(sb,null);\r
+ detailedHelp(4, sb);\r
+ sb.append('\n');\r
+ } else {\r
+ for(Cmd c : cmds) {\r
+ if(comp!=null) {\r
+ if(comp.equals(c.getName())) {\r
+ multiChar(sb,2,' ',0);\r
+ c.build(sb,details);\r
+ }\r
+ } else {\r
+ if(first) {\r
+ first=false;\r
+ } else {\r
+ multiChar(sb,80,'-',2);\r
+ }\r
+ multiChar(sb,2,' ',0);\r
+ c.build(sb,details);\r
+ if(details!=null) {\r
+ c.detailedHelp(4, sb);\r
+// multiChar(sb,80,'-',2);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ pw().println(sb.toString());\r
+ return HttpStatus.OK_200;\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"To print main help, enter \"aafcli\" or \"aafcli --help \"");\r
+ detailLine(sb,indent,"To print narrow the help content, enter sub-entries after aafcli,");\r
+ detailLine(sb,indent+2,"i.e. \"aafcli perm\"");\r
+ detailLine(sb,indent,"To see version of AAF CLI, enter \"aafcli --version \"");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"State Commands: change variables or credentials between calls.");\r
+ indent+=4;\r
+ detailLine(sb,indent,"set <tag>=<value> - Set any System Property to a new value");\r
+ detailLine(sb,indent,"as <id:password> - Change Credentials. Password may be encrypted");\r
+ detailLine(sb,indent,"expect <int> [int]* - In test mode, check for proper HTTP Status Codes");\r
+ detailLine(sb,indent,"sleep <int> - Wait for <int> seconds");\r
+ sb.append('\n');\r
+ detailLine(sb,indent-4,"CmdLine Arguments: change behavior of the aafcli program");\r
+ detailLine(sb,indent,"-i - Read commands from Shell Standard Input");\r
+ detailLine(sb,indent,"-f - Read commands from a file");\r
+ detailLine(sb,indent,"-a - In test mode, do not stop execution on unexpected error");\r
+ detailLine(sb,indent,"-t - Test Mode will not print variable fields that could break tc runs");\r
+ detailLine(sb,indent+6,"such as expiration dates of a credential");\r
+ detailLine(sb,indent,"-s - Request specific Start Date (not immediately)");\r
+ detailLine(sb,indent+6,"Format YYYY-MM-DD. Can also be set with \"set " + Cmd.STARTDATE + "=<value>\"");\r
+ detailLine(sb,indent,"-e - Set Expiration/End Date, where commands support");\r
+ detailLine(sb,indent+6,"Format YYYY-MM-DD. Can also be set with \"set " + Cmd.ENDDATE + "=<value>\"");\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+/**\r
+ * \r
+ */\r
+package com.att.cmd;\r
+\r
+/**\r
+ * An Exception designed simply to give End User message, no stack trace\r
+ * \r
+ *\r
+ */\r
+public class MessageException extends Exception {\r
+ /**\r
+ * \r
+ */\r
+ private static final long serialVersionUID = 8143933588878259048L;\r
+\r
+ /**\r
+ * @param Message\r
+ */\r
+ public MessageException(String msg) {\r
+ super(msg);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+public class Param {\r
+ public final String tag;\r
+ public final boolean required;\r
+ \r
+ /**\r
+ * \r
+ * @param t\r
+ * @param b\r
+ */\r
+ public Param(String t, boolean required) {\r
+ tag = t;\r
+ this.required=required;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.config.Config;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Version extends Cmd {\r
+\r
+\r
+ public Version(AAFcli aafcli) {\r
+ super(aafcli, "--version");\r
+ }\r
+\r
+ @Override\r
+ protected int _exec(int idx, String... args) throws CadiException, APIException, LocatorException {\r
+ pw().println("AAF Command Line Tool");\r
+ String version = this.env().getProperty(Config.AAF_DEPLOYED_VERSION, "N/A");\r
+ pw().println("Version: " + version);\r
+ return HttpStatus.OK_200;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Cache extends BaseCmd<Mgmt> {\r
+ public Cache(Mgmt mgmt) throws APIException {\r
+ super(mgmt, "cache");\r
+ cmds.add(new Clear(this));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class Clear extends Cmd {\r
+ public Clear(Cache parent) {\r
+ super(parent,"clear",\r
+ new Param("name[,name]*",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ int rv=409;\r
+ for(final String name : args[idx++].split(COMMA)) {\r
+ rv = all(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws APIException, CadiException {\r
+ int rv = 409;\r
+ Future<Void> fp = client.delete(\r
+ "/mgmt/cache/"+name, \r
+ Void.class\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Cleared Cache for " + name + " on " + client);\r
+ rv=200;\r
+ } else {\r
+ if(rv==409)rv = fp.code();\r
+ error(fp);\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Clear the cache for certain tables");\r
+ indent+=2;\r
+ detailLine(sb,indent,"name - name of table or 'all'");\r
+ detailLine(sb,indent+14,"Must have admin rights to '" + Define.ROOT_NS + '\'');\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.DELETE,"mgmt/cache/:name",Void.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Deny extends BaseCmd<Mgmt> {\r
+ private final static String[] options = {"add","del"};\r
+\r
+ public Deny(Mgmt mgmt) throws APIException {\r
+ super(mgmt, "deny");\r
+ cmds.add(new DenySomething(this,"ip","ipv4or6[,ipv4or6]*"));\r
+ cmds.add(new DenySomething(this,"id","identity[,identity]*"));\r
+ }\r
+ \r
+ public class DenySomething extends Cmd {\r
+\r
+ private boolean isID;\r
+\r
+ public DenySomething(Deny deny, String type, String repeatable) {\r
+ super(deny, type,\r
+ new Param(optionsToString(options),true),\r
+ new Param(repeatable,true));\r
+ isID = "id".equals(type);\r
+ }\r
+\r
+ @Override\r
+ protected int _exec(int _idx, String... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ String action = args[idx++];\r
+ final int option = whichOption(options, action);\r
+ int rv=409;\r
+ for(final String name : args[idx++].split(COMMA)) {\r
+ final String append;\r
+ if(isID && name.indexOf("@")<0) {\r
+ append='@'+ env.getProperty(AAFcli.AAF_DEFAULT_REALM);\r
+ } else {\r
+ append = "";\r
+ }\r
+ final String path = "/mgmt/deny/"+getName() + '/'+ name + append;\r
+ rv = all(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws APIException, CadiException {\r
+ int rv = 409;\r
+ Future<Void> fp;\r
+ String resp;\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create(path, Void.class);\r
+ resp = " added";\r
+ break;\r
+ default: \r
+ fp = client.delete(path, Void.class);\r
+ resp = " deleted";\r
+ }\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println(name + append + resp + " on " + client);\r
+ rv=fp.code();\r
+ } else {\r
+ if(rv==409)rv = fp.code();\r
+ error(fp);\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Log extends BaseCmd<Mgmt> {\r
+ private final static String[] options = {"add","del"};\r
+\r
+ public Log(Mgmt mgmt) throws APIException {\r
+ super(mgmt, "log",\r
+ new Param(optionsToString(options),true),\r
+ new Param("id[,id]*",true));\r
+ }\r
+ \r
+ @Override\r
+ public int _exec(int _idx, String ... args) throws CadiException, APIException, LocatorException {\r
+ int rv=409;\r
+ int idx = _idx;\r
+ final int option = whichOption(options, args[idx++]);\r
+\r
+ for(String name : args[idx++].split(COMMA)) {\r
+ final String fname;\r
+ if(name.indexOf("@")<0) {\r
+ fname=name+'@'+ env.getProperty(AAFcli.AAF_DEFAULT_REALM);\r
+ } else {\r
+ fname = name;\r
+ }\r
+ \r
+ \r
+\r
+ rv = all(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws APIException, CadiException {\r
+ int rv = 409;\r
+ Future<Void> fp;\r
+ String str = "/mgmt/log/id/"+fname;\r
+ String msg;\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create(str,Void.class);\r
+ msg = "Added";\r
+ break;\r
+ case 1:\r
+ fp = client.delete(str,Void.class);\r
+ msg = "Deleted";\r
+ break;\r
+ default:\r
+ fp = null;\r
+ msg = "Ignored";\r
+ }\r
+ \r
+ if(fp!=null) {\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println(msg + " Special Log for " + fname + " on " + client);\r
+ rv=200;\r
+ } else {\r
+ if(rv==409)rv = fp.code();\r
+ error(fp);\r
+ }\r
+ return rv;\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Clear the cache for certain tables");\r
+ indent+=2;\r
+ detailLine(sb,indent,"name - name of table or 'all'");\r
+ detailLine(sb,indent+14,"Must have admin rights to '" + Define.ROOT_NS + '\'');\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.DELETE,"mgmt/cache/:name",Void.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Mgmt extends BaseCmd<Mgmt> {\r
+ public Mgmt(AAFcli aafcli) throws APIException {\r
+ super(aafcli, "mgmt");\r
+ cmds.add(new Cache(this));\r
+ cmds.add(new Deny(this));\r
+ cmds.add(new Log(this));\r
+ cmds.add(new Session(this));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class SessClear extends Cmd {\r
+ public SessClear(Session parent) {\r
+ super(parent,"clear",\r
+ new Param("machine",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int idx, String ... args) throws CadiException, APIException, LocatorException {\r
+ int rv=409;\r
+ String machine = args[idx++];\r
+ rv = oneOf(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws APIException, CadiException {\r
+ int rv = 409;\r
+ Future<Void> fp = client.delete(\r
+ "/mgmt/dbsession", \r
+ Void.class\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Cleared DBSession on " + client);\r
+ rv=200;\r
+ } else {\r
+ if(rv==409)rv = fp.code();\r
+ error(fp);\r
+ }\r
+ return rv;\r
+ }\r
+ },machine);\r
+ return rv;\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Clear the cache for certain tables");\r
+ indent+=2;\r
+ detailLine(sb,indent,"name - name of table or 'all'");\r
+ detailLine(sb,indent+14,"Must have admin rights to '" + Define.ROOT_NS + '\'');\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.DELETE,"mgmt/cache/:name",Void.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Session extends BaseCmd<Mgmt> {\r
+ public Session(Mgmt mgmt) throws APIException {\r
+ super(mgmt, "dbsession");\r
+ cmds.add(new SessClear(this));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Admin extends BaseCmd<NS> {\r
+ private final static String[] options = {"add","del"};\r
+\r
+ public Admin(NS ns) throws APIException {\r
+ super(ns,"admin",\r
+ new Param(optionsToString(options),true),\r
+ new Param("name",true),\r
+ new Param("id[,id]*",true)\r
+ );\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final int option = whichOption(options, args[idx++]);\r
+ final String ns = args[idx++];\r
+ final String ids[] = args[idx++].split(",");\r
+ final String realm = getOrgRealm();\r
+// int rv = 500;\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException { \r
+ Future<Void> fp = null;\r
+ for(String id : ids) {\r
+ if (id.indexOf('@') < 0 && realm != null) id += '@' + realm;\r
+ String verb;\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create("/authz/ns/"+ns+"/admin/"+id,Void.class);\r
+ verb = " added to ";\r
+ break;\r
+ case 1: \r
+ fp = client.delete("/authz/ns/"+ns+"/admin/"+id,Void.class);\r
+ verb = " deleted from ";\r
+ break;\r
+ default:\r
+ throw new CadiException("Bad Argument");\r
+ };\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().append("Admin ");\r
+ pw().append(id);\r
+ pw().append(verb);\r
+ pw().println(ns);\r
+ } else {\r
+ error(fp);\r
+ return fp.code();\r
+ }\r
+ \r
+ }\r
+ return fp==null?500:fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Add or Delete Administrator to/from Namespace");\r
+ indent+=4;\r
+ detailLine(sb,indent,"name - Name of Namespace");\r
+ detailLine(sb,indent,"id - Credential of Person(s) to be Administrator");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"aafcli will call API on each ID presented.");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.POST,"authz/ns/<ns>/admin/<id>",Void.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/ns/<ns>/admin/<id>",Void.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Attrib extends BaseCmd<NS> {\r
+ private final static String[] options = {"add","upd","del"};\r
+\r
+ public Attrib(NS ns) throws APIException {\r
+ super(ns,"attrib",\r
+ new Param(optionsToString(options),true),\r
+ new Param("ns",true),\r
+ new Param("key",true),\r
+ new Param("value",false)\r
+ );\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final int option = whichOption(options, args[idx]);\r
+ final String ns = args[idx+1];\r
+ final String key = args[idx+2];\r
+ final String value;\r
+ if(option!=2) {\r
+ if(args.length<=idx+3) {\r
+ throw new CadiException("Not added: Need more Data");\r
+ }\r
+ value = args[idx+3];\r
+ } else {\r
+ value = "";\r
+ }\r
+ \r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException { \r
+ Future<Void> fp = null;\r
+ String message;\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create("/authz/ns/"+ns+"/attrib/"+key+'/'+value,Void.class);\r
+ message = String.format("Add Attrib %s=%s to %s",\r
+ key,value,ns);\r
+ break;\r
+ case 1: \r
+ fp = client.update("/authz/ns/"+ns+"/attrib/"+key+'/'+value);\r
+ message = String.format("Update Attrib %s=%s for %s",\r
+ key,value,ns);\r
+ break;\r
+ case 2: \r
+ fp = client.delete("/authz/ns/"+ns+"/attrib/"+key,Void.class);\r
+ message = String.format("Attrib %s deleted from %s",\r
+ key,ns);\r
+ break;\r
+ default:\r
+ throw new CadiException("Bad Argument");\r
+ };\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println(message);\r
+ } else {\r
+ error(fp);\r
+ return fp.code();\r
+ }\r
+ \r
+ return fp==null?500:fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Add or Delete Administrator to/from Namespace");\r
+ indent+=4;\r
+ detailLine(sb,indent,"name - Name of Namespace");\r
+ detailLine(sb,indent,"id - Credential of Person(s) to be Administrator");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"aafcli will call API on each ID presented.");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.POST,"authz/ns/<ns>/admin/<id>",Void.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/ns/<ns>/admin/<id>",Void.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.NsRequest;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class Create extends Cmd {\r
+ private static final String COMMA = ",";\r
+\r
+ public Create(NS parent) {\r
+ super(parent,"create", \r
+ new Param("name",true),\r
+ new Param("responsible (id[,id]*)",true), \r
+ new Param("admin (id[,id]*)",false));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+\r
+ final NsRequest nr = new NsRequest();\r
+ \r
+ String realm = getOrgRealm();\r
+ \r
+ nr.setName(args[idx++]);\r
+ String[] responsible = args[idx++].split(COMMA);\r
+ for(String s : responsible) {\r
+ if (s.indexOf('@') < 0 && realm != null) s += '@' + realm;\r
+ nr.getResponsible().add(s);\r
+ }\r
+ String[] admin;\r
+ if(args.length>idx) {\r
+ admin = args[idx++].split(COMMA);\r
+ } else {\r
+ admin = responsible;\r
+ }\r
+ for(String s : admin) {\r
+ if (s.indexOf('@') < 0 && realm != null) s += '@' + realm;\r
+ nr.getAdmin().add(s);\r
+ }\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(nr);\r
+ \r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ // Requestable\r
+ setQueryParamsOn(client);\r
+ Future<NsRequest> fp = client.create(\r
+ "/authz/ns", \r
+ getDF(NsRequest.class),\r
+ nr\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Created Namespace");\r
+ } else {\r
+ if(fp.code()==202) {\r
+ pw().println("Namespace Creation Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Create a Namespace");\r
+ indent+=2;\r
+ detailLine(sb,indent,"name - Namespaces are dot-delimited, ex com.att.myapp");\r
+ detailLine(sb,indent+14,"and must be created with parent credentials.");\r
+ detailLine(sb,indent+14,"Ex: to create com.att.myapp, you must be admin for com.att");\r
+ detailLine(sb,indent+14,"or com");\r
+ detailLine(sb,indent,"responsible - This is the person(s) who receives Notifications and");\r
+ detailLine(sb,indent+14,"approves Requests regarding this Namespace. Companies have");\r
+ detailLine(sb,indent+14,"Policies as to who may take on this responsibility");\r
+ detailLine(sb,indent,"admin - These are the people who are allowed to make changes on");\r
+ detailLine(sb,indent+14,"the Namespace, including creating Roles, Permissions");\r
+ detailLine(sb,indent+14,"and Credentials");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"Namespaces can be created even though there are Roles/Permissions which");\r
+ detailLine(sb,indent,"start with the requested sub-namespace. They are reassigned to the");\r
+ detailLine(sb,indent,"Child Namespace");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.POST,"authz/ns",NsRequest.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class Delete extends Cmd {\r
+ public Delete(NS parent) {\r
+ super(parent,"delete", \r
+ new Param("name",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int index = idx;\r
+ StringBuilder path = new StringBuilder("/authz/ns/");\r
+ path.append(args[index++]);\r
+ \r
+ // Send "Force" if set\r
+ setQueryParamsOn(client);\r
+ Future<Void> fp = client.delete(path.toString(),Void.class);\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Deleted Namespace");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Delete a Namespace");\r
+ indent+=4;\r
+ detailLine(sb,indent,"Namespaces cannot normally be deleted when there are still credentials,");\r
+ detailLine(sb,indent,"permissions or roles associated with them. These can be deleted");\r
+ detailLine(sb,indent,"automatically by setting \"force\" property.");\r
+ detailLine(sb,indent,"i.e. set force=true or just starting with \"force\"");\r
+ detailLine(sb,indent," (note force is unset after first use)");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"If \"set force=move\" is set, credentials are deleted, but ");\r
+ detailLine(sb,indent,"Permissions and Roles are assigned to the Parent Namespace instead of");\r
+ detailLine(sb,indent,"being deleted. Similarly, Namespaces can be created even though there");\r
+ detailLine(sb,indent,"are Roles/Perms whose type starts with the requested sub-namespace.");\r
+ detailLine(sb,indent,"They are simply reassigned to the Child Namespace");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.DELETE,"authz/ns/<ns>[?force=true]",Void.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.NsRequest;\r
+\r
+public class Describe extends Cmd {\r
+ private static final String NS_PATH = "/authz/ns";\r
+ public Describe(NS parent) {\r
+ super(parent,"describe", \r
+ new Param("name",true),\r
+ new Param("description",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String name = args[idx++];\r
+ StringBuilder desc = new StringBuilder();\r
+ while (idx < args.length) {\r
+ desc.append(args[idx++] + ' ');\r
+ }\r
+ \r
+ NsRequest nsr = new NsRequest();\r
+ nsr.setName(name);\r
+ nsr.setDescription(desc.toString());\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(nsr);\r
+ \r
+ Future<NsRequest> fn = null;\r
+ int rv;\r
+\r
+ fn = client.update(\r
+ NS_PATH,\r
+ getDF(NsRequest.class),\r
+ nsr\r
+ );\r
+\r
+ if(fn.get(AAFcli.timeout())) {\r
+ rv=fn.code();\r
+ pw().println("Description added to Namespace");\r
+ } else {\r
+ if((rv=fn.code())==202) {\r
+ pw().print("Adding description");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fn);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Add a description to a namespace");\r
+ api(sb,indent,HttpMethods.PUT,"authz/ns",NsRequest.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cadi.client.Future;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.util.Chrono;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+import aaf.v2_0.Nss.Ns.Attrib;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+public class List extends BaseCmd<NS> {\r
+\r
+ public List(NS parent) {\r
+ super(parent,"list");\r
+ cmds.add(new ListByName(this));\r
+ \r
+// TODO: uncomment when on cassandra 2.1.2 if we like cli command to get all ns's \r
+// a user is admin or responsible for \r
+ cmds.add(new ListAdminResponsible(this));\r
+ \r
+ cmds.add(new ListActivity(this));\r
+ cmds.add(new ListUsers(this));\r
+ cmds.add(new ListChildren(this));\r
+ cmds.add(new ListNsKeysByAttrib(this));\r
+ }\r
+\r
+ private static final String sformat = " %-72s\n";\r
+ protected static final String kformat = " %-72s\n";\r
+\r
+ \r
+ public void report(Future<Nss> fp, String ... str) {\r
+ reportHead(str);\r
+ if(fp==null) {\r
+ pw().println(" *** Namespace Not Found ***");\r
+ }\r
+ \r
+ if(fp!=null && fp.value!=null) {\r
+ for(Ns ns : fp.value.getNs()) {\r
+ pw().println(ns.getName());\r
+ if (this.aafcli.isDetailed()) {\r
+ pw().println(" Description");\r
+ pw().format(sformat,ns.getDescription()==null?"":ns.getDescription());\r
+ }\r
+ if(ns.getAdmin().size()>0) {\r
+ pw().println(" Administrators");\r
+ for(String admin : ns.getAdmin()) {\r
+ pw().format(sformat,admin);\r
+ }\r
+ }\r
+ if(ns.getResponsible().size()>0) {\r
+ pw().println(" Responsible Parties");\r
+ for(String responsible : ns.getResponsible()) {\r
+ pw().format(sformat,responsible);\r
+ }\r
+ }\r
+ if(ns.getAttrib().size()>0) {\r
+ pw().println(" Namespace Attributes");\r
+ for(Attrib attrib : ns.getAttrib()) {\r
+ StringBuilder sb = new StringBuilder(attrib.getKey());\r
+ if(attrib.getValue()==null || attrib.getValue().length()>0) {\r
+ sb.append('=');\r
+ sb.append(attrib.getValue());\r
+ }\r
+ pw().format(sformat,sb.toString());\r
+ }\r
+ \r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ public void reportName(Future<Nss> fp, String ... str) {\r
+ reportHead(str);\r
+ if(fp!=null && fp.value!=null) {\r
+ java.util.List<Ns> nss = fp.value.getNs();\r
+ Collections.sort(nss, new Comparator<Ns>() {\r
+ @Override\r
+ public int compare(Ns ns1, Ns ns2) {\r
+ return ns1.getName().compareTo(ns2.getName());\r
+ }\r
+ });\r
+ \r
+ for(Ns ns : nss) {\r
+ pw().println(ns.getName());\r
+ if (this.aafcli.isDetailed() && ns.getDescription() != null) {\r
+ pw().println(" " + ns.getDescription());\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ public void reportRole(Future<Roles> fr) {\r
+ if(fr!=null && fr.value!=null && fr.value.getRole().size()>0) {\r
+ pw().println(" Roles");\r
+ for(aaf.v2_0.Role r : fr.value.getRole()) {\r
+ pw().format(sformat,r.getName());\r
+ }\r
+ }\r
+ }\r
+\r
+ private static final String pformat = " %-30s %-24s %-15s\n";\r
+ public void reportPerm(Future<Perms> fp) {\r
+ if(fp!=null && fp.value!=null && fp.value.getPerm().size()>0) {\r
+ pw().println(" Permissions");\r
+ for(aaf.v2_0.Perm p : fp.value.getPerm()) {\r
+ pw().format(pformat,p.getType(),p.getInstance(),p.getAction());\r
+ }\r
+ }\r
+ }\r
+ \r
+ \r
+ private static final String cformat = " %-30s %-6s %-24s\n";\r
+ public void reportCred(Future<Users> fc) { \r
+ if(fc!=null && fc.value!=null && fc.value.getUser().size()>0) {\r
+ pw().println(" Credentials");\r
+ java.util.List<User> users = fc.value.getUser();\r
+ Collections.sort(users, new Comparator<User>() {\r
+ @Override\r
+ public int compare(User u1, User u2) {\r
+ return u1.getId().compareTo(u2.getId());\r
+ }\r
+ });\r
+ for(aaf.v2_0.Users.User u : users) {\r
+ if (this.aafcli.isTest()) {\r
+ pw().format(sformat,u.getId());\r
+ } else {\r
+ String type;\r
+ switch(u.getType()) {\r
+ case 1: type = "U/P"; break;\r
+ case 10: type="Cert"; break;\r
+ case 200: type="x509"; break;\r
+ default: type = "";\r
+ }\r
+ pw().format(cformat,u.getId(),type,Chrono.niceDateStamp(u.getExpires()));\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.History;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListActivity extends Cmd {\r
+ private static final String HEADER = "List Activity of Namespace";\r
+ \r
+ public ListActivity(List parent) {\r
+ super(parent,"activity", \r
+ new Param("name",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String ns = args[idx++];\r
+ \r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<History> fp = client.read(\r
+ "/authz/hist/ns/"+ns, \r
+ getDF(History.class)\r
+ );\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ activity(fp.value, HEADER + " [ " + ns + " ]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/hist/ns/<ns>",History.class,true);\r
+ }\r
+\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+\r
+public class ListAdminResponsible extends Cmd {\r
+ private static final String HEADER="List Namespaces with ";\r
+ private final static String[] options = {"admin","responsible"};\r
+ \r
+ public ListAdminResponsible(List parent) {\r
+ super(parent,null, \r
+ new Param(optionsToString(options),true),\r
+ new Param("user",true)); \r
+ }\r
+\r
+ @Override\r
+ protected int _exec(final int index, final String... args) throws CadiException, APIException, LocatorException {\r
+\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String title = args[idx++];\r
+ String user = args[idx++];\r
+ if (user.indexOf('@') < 0 && getOrgRealm() != null) user += '@' + getOrgRealm();\r
+ \r
+ Future<Nss> fn = client.read("/authz/nss/"+title+"/"+user,getDF(Nss.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ ((List)parent).reportName(fn,HEADER + title + " privileges for ",user);\r
+ } else if(fn.code()==404) {\r
+ ((List)parent).report(null,HEADER + title + " privileges for ",user);\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER + "admin or responsible priveleges for user");\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/<admin|responsible>/<user>",Nss.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.Users;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListByName extends Cmd {\r
+ private static final String HEADER="List Namespaces by Name";\r
+ \r
+ public ListByName(List parent) {\r
+ super(parent,"name", \r
+ new Param("ns",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String ns=args[idx++];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Nss> fn = client.read("/authz/nss/"+ns,getDF(Nss.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ ((List)parent).report(fn,HEADER,ns);\r
+ if(fn.value!=null) {\r
+ for(Ns n : fn.value.getNs()) {\r
+ Future<Roles> fr = client.read("/authz/roles/ns/"+n.getName(), getDF(Roles.class));\r
+ if(fr.get(AAFcli.timeout())) {\r
+ ((List)parent).reportRole(fr);\r
+ }\r
+ }\r
+ for(Ns n : fn.value.getNs()) {\r
+ Future<Perms> fp = client.read("/authz/perms/ns/"+n.getName(), getDF(Perms.class));\r
+ if(fp.get(AAFcli.timeout())) {\r
+ ((List)parent).reportPerm(fp);\r
+ }\r
+ }\r
+ for(Ns n : fn.value.getNs()) {\r
+ Future<Users> fu = client.read("/authn/creds/ns/"+n.getName(), getDF(Users.class));\r
+ if(fu.get(AAFcli.timeout())) {\r
+ ((List)parent).reportCred(fu);\r
+ }\r
+ }\r
+ }\r
+ } else if(fn.code()==404) {\r
+ ((List)parent).report(null,HEADER,ns);\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);\r
+ detailLine(sb,indent,"Indirectly uses:");\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/ns/<ns>",Roles.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/ns/<ns>",Perms.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authn/creds/ns/<ns>",Users.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListChildren extends Cmd {\r
+ private static final String HEADER="List Child Namespaces";\r
+ \r
+ public ListChildren(List parent) {\r
+ super(parent,"children", \r
+ new Param("ns",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String ns=args[idx++];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Nss> fn = client.read("/authz/nss/children/"+ns,getDF(Nss.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ parent.reportHead(HEADER);\r
+ for(Ns ns : fn.value.getNs()) {\r
+ pw().format(List.kformat, ns.getName());\r
+ }\r
+ } else if(fn.code()==404) {\r
+ ((List)parent).report(null,HEADER,ns);\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/children/<ns>",Nss.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Keys;\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.Users;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListNsKeysByAttrib extends Cmd {\r
+ private static final String HEADER="List Namespace Names by Attribute";\r
+ \r
+ public ListNsKeysByAttrib(List parent) {\r
+ super(parent,"keys", \r
+ new Param("attrib",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final String attrib=args[idx];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Keys> fn = client.read("/authz/ns/attrib/"+attrib,getDF(Keys.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ parent.reportHead(HEADER);\r
+ for(String key : fn.value.getKey()) {\r
+ pw().printf(List.kformat, key);\r
+ }\r
+ } else if(fn.code()==404) {\r
+ parent.reportHead(HEADER);\r
+ pw().println(" *** No Namespaces Found ***");\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);\r
+ detailLine(sb,indent,"Indirectly uses:");\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/ns/<ns>",Roles.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/ns/<ns>",Perms.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authn/creds/ns/<ns>",Users.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import javax.xml.datatype.XMLGregorianCalendar;\r
+\r
+import com.att.cmd.BaseCmd;\r
+\r
+import aaf.v2_0.Users.User;\r
+\r
+public class ListUsers extends BaseCmd<List> {\r
+ \r
+ public ListUsers(List parent) {\r
+ super(parent,"user");\r
+ cmds.add(new ListUsersWithPerm(this));\r
+ cmds.add(new ListUsersInRole(this));\r
+ }\r
+\r
+ public void report(String header, String ns) {\r
+ ((List)parent).report(null, header,ns);\r
+ }\r
+\r
+ public void report(String subHead) {\r
+ pw().println(subHead);\r
+ }\r
+\r
+ private static final String uformat = "%s%-50s expires:%02d/%02d/%04d\n";\r
+ public void report(String prefix, User u) {\r
+ XMLGregorianCalendar xgc = u.getExpires();\r
+ pw().format(uformat,prefix,u.getId(),xgc.getMonth()+1,xgc.getDay(),xgc.getYear());\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import java.util.HashSet;\r
+import java.util.Set;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+import aaf.v2_0.Role;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListUsersInRole extends Cmd {\r
+ private static final String HEADER="List Users in Roles of Namespace ";\r
+ \r
+ public ListUsersInRole(ListUsers parent) {\r
+ super(parent,"role", \r
+ new Param("ns",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String ns=args[idx++];\r
+ final boolean detail = aafcli.isDetailed();\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ ((ListUsers)parent).report(HEADER,ns);\r
+ Future<Nss> fn = client.read("/authz/nss/"+ns,getDF(Nss.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ if(fn.value!=null) {\r
+ Set<String> uset = detail?null:new HashSet<String>();\r
+ for(Ns n : fn.value.getNs()) {\r
+ Future<Roles> fr = client.read("/authz/roles/ns/"+n.getName(), getDF(Roles.class));\r
+ if(fr.get(AAFcli.timeout())) {\r
+ for(Role r : fr.value.getRole()) {\r
+ if(detail) {\r
+ ((ListUsers)parent).report(r.getName());\r
+ }\r
+ Future<Users> fus = client.read(\r
+ "/authz/users/role/"+r.getName(), \r
+ getDF(Users.class)\r
+ );\r
+ if(fus.get(AAFcli.timeout())) {\r
+ for(User u : fus.value.getUser()) {\r
+ if(detail) {\r
+ ((ListUsers)parent).report(" ",u);\r
+ } else {\r
+ uset.add(u.getId());\r
+ }\r
+ }\r
+ } else if(fn.code()==404) {\r
+ return 200;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ if(uset!=null) {\r
+ for(String u : uset) {\r
+ pw().print(" ");\r
+ pw().println(u);\r
+ }\r
+ }\r
+ }\r
+ } else if(fn.code()==404) {\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=4;\r
+ detailLine(sb,indent,"Report Users associated with this Namespace's Roles");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"If \"set details=true\" is specified, then all roles are printed ");\r
+ detailLine(sb,indent,"with the associated users and expiration dates");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/ns/<ns>",Roles.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authz/users/role/<ns>",Users.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import java.util.HashSet;\r
+import java.util.Set;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+import aaf.v2_0.Perm;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListUsersWithPerm extends Cmd {\r
+ private static final String HEADER="List Users of Permissions of Namespace ";\r
+ \r
+ public ListUsersWithPerm(ListUsers parent) {\r
+ super(parent,"perm", \r
+ new Param("ns",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String ns=args[idx++];\r
+ final boolean detail = aafcli.isDetailed();\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ ((ListUsers)parent).report(HEADER,ns);\r
+ Future<Nss> fn = client.read("/authz/nss/"+ns,getDF(Nss.class));\r
+ if(fn.get(AAFcli.timeout())) {\r
+ if(fn.value!=null) {\r
+ Set<String> uset = detail?null:new HashSet<String>();\r
+ \r
+ for(Ns n : fn.value.getNs()) {\r
+ Future<Perms> fp = client.read("/authz/perms/ns/"+n.getName(), getDF(Perms.class));\r
+ if(fp.get(AAFcli.timeout())) {\r
+ for(Perm p : fp.value.getPerm()) {\r
+ String perm = p.getType()+'/'+p.getInstance()+'/'+p.getAction();\r
+ if(detail)((ListUsers)parent).report(perm);\r
+ Future<Users> fus = client.read(\r
+ "/authz/users/perm/"+perm, \r
+ getDF(Users.class)\r
+ );\r
+ if(fus.get(AAFcli.timeout())) {\r
+ for(User u : fus.value.getUser()) {\r
+ if(detail)\r
+ ((ListUsers)parent).report(" ",u);\r
+ else \r
+ uset.add(u.getId());\r
+ }\r
+ } else if(fn.code()==404) {\r
+ return 200;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ if(uset!=null) {\r
+ for(String u : uset) {\r
+ pw().print(" ");\r
+ pw().println(u);\r
+ }\r
+ }\r
+ }\r
+ } else if(fn.code()==404) {\r
+ return 200;\r
+ } else { \r
+ error(fn);\r
+ }\r
+ return fn.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=4;\r
+ detailLine(sb,indent,"Report Users associated with this Namespace's Permissions");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"If \"set detail=true\" is specified, then Permissions are printed with the associated");\r
+ detailLine(sb,indent,"users and expiration dates");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/ns/<ns>",Perms.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authz/users/perm/<type>/<instance>/<action>",Users.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class NS extends BaseCmd<NS> {\r
+// final Role role;\r
+\r
+ public NS(AAFcli aafcli) throws APIException {\r
+ super(aafcli, "ns");\r
+// this.role = role;\r
+ \r
+ cmds.add(new Create(this));\r
+ cmds.add(new Delete(this));\r
+ cmds.add(new Admin(this));\r
+ cmds.add(new Responsible(this));\r
+ cmds.add(new Describe(this));\r
+ cmds.add(new Attrib(this));\r
+ cmds.add(new List(this));\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Responsible extends BaseCmd<NS> {\r
+ private final static String[] options = {"add","del"};\r
+\r
+ public Responsible(NS ns) throws APIException {\r
+ super(ns,"responsible",\r
+ new Param(optionsToString(options),true),\r
+ new Param("name",true),\r
+ new Param("id[,id]*",true)\r
+ );\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+\r
+ final int option = whichOption(options, args[idx++]);\r
+ final String ns = args[idx++];\r
+ final String ids[] = args[idx++].split(",");\r
+ final String realm = getOrgRealm();\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Void> fp=null;\r
+ for(String id : ids) {\r
+ if (id.indexOf('@') < 0 && realm != null) id += '@' + realm;\r
+ String verb;\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create("/authz/ns/"+ns+"/responsible/"+id,Void.class);\r
+ verb = " is now ";\r
+ break;\r
+ case 1: \r
+ fp = client.delete("/authz/ns/"+ns+"/responsible/"+id,Void.class);\r
+ verb = " is no longer ";\r
+ break;\r
+ default:\r
+ throw new CadiException("Bad Argument");\r
+ };\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().append(id);\r
+ pw().append(verb);\r
+ pw().append("responsible for ");\r
+ pw().println(ns);\r
+ } else {\r
+ error(fp);\r
+ return fp.code();\r
+ }\r
+ }\r
+ return fp==null?500:fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Add or Delete Responsible person to/from Namespace");\r
+ indent+=2;\r
+ detailLine(sb,indent,"Responsible persons receive Notifications and approve Requests ");\r
+ detailLine(sb,indent,"regarding this Namespace. Companies have Policies as to who may");\r
+ detailLine(sb,indent,"take on this responsibility");\r
+\r
+ indent+=2;\r
+ detailLine(sb,indent,"name - Name of Namespace");\r
+ detailLine(sb,indent,"id - Credential of Person(s) to be made responsible");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"aafcli will call API on each ID presented.");\r
+ indent-=4;\r
+ api(sb,indent,HttpMethods.POST,"authz/ns/<ns>/responsible/<id>",Void.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/ns/<ns>/responsible/<id>",Void.class,false);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.PermRequest;\r
+import aaf.v2_0.RoleRequest;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class Create extends Cmd {\r
+ public Create(Perm parent) {\r
+ super(parent,"create", \r
+ new Param("type",true), \r
+ new Param("instance",true),\r
+ new Param("action", true),\r
+ new Param("role[,role]* (to Grant to)", false)\r
+ );\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ final PermRequest pr = new PermRequest(); \r
+ pr.setType(args[idx++]);\r
+ pr.setInstance(args[idx++]);\r
+ pr.setAction(args[idx++]);\r
+ String roleCommas = (args.length>idx)?args[idx++]:null;\r
+ String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*");\r
+ boolean force = aafcli.forceString()!=null;\r
+ int rv;\r
+ \r
+ if(roles!=null && force) { // Make sure Roles are Created\r
+ RoleRequest rr = new RoleRequest();\r
+ for(String role : roles) {\r
+ rr.setName(role);;\r
+ Future<RoleRequest> fr = client.create(\r
+ "/authz/role",\r
+ getDF(RoleRequest.class),\r
+ rr\r
+ );\r
+ fr.get(AAFcli.timeout());\r
+ switch(fr.code()){\r
+ case 201:\r
+ pw().println("Created Role [" + role + ']');\r
+ break;\r
+ case 409:\r
+ break;\r
+ default: \r
+ pw().println("Role [" + role + "] does not exist, and cannot be created.");\r
+ return HttpStatus.PARTIAL_CONTENT_206;\r
+ }\r
+ }\r
+ }\r
+\r
+ // Set Start/End commands\r
+ setStartEnd(pr);\r
+ setQueryParamsOn(client);\r
+ Future<PermRequest> fp = client.create(\r
+ "/authz/perm",\r
+ getDF(PermRequest.class),\r
+ pr\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ rv = fp.code();\r
+ pw().println("Created Permission");\r
+ if(roles!=null) {\r
+ if(aafcli.forceString()!=null) { // Make sure Roles are Created\r
+ RoleRequest rr = new RoleRequest();\r
+ for(String role : roles) {\r
+ rr.setName(role);;\r
+ Future<RoleRequest> fr = client.create(\r
+ "/authz/role",\r
+ getDF(RoleRequest.class),\r
+ rr\r
+ );\r
+ fr.get(AAFcli.timeout());\r
+ switch(fr.code()){\r
+ case 201:\r
+ case 409:break;\r
+ default: \r
+ \r
+ }\r
+ }\r
+ }\r
+ \r
+ try {\r
+ if(201!=(rv=((Perm)parent)._exec(0, \r
+ new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) {\r
+ rv = HttpStatus.PARTIAL_CONTENT_206;\r
+ }\r
+ } catch (LocatorException e) {\r
+ throw new CadiException(e);\r
+ }\r
+ }\r
+ } else {\r
+ rv = fp.code();\r
+ if(rv==409 && force) {\r
+ rv = 201;\r
+ } else if(rv==202) {\r
+ pw().println("Permission Creation Accepted, but requires Approvals before actualizing");\r
+ if (roles!=null)\r
+ pw().println("You need to grant the roles after approval.");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Create a Permission with:");\r
+ detailLine(sb,indent+=2,"type - A Namespace qualified identifier identifying the kind of");\r
+ detailLine(sb,indent+11,"resource to be protected");\r
+ detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource");\r
+ detailLine(sb,indent,"action - What kind of action is allowed");\r
+ detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)");\r
+ detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace");\r
+ sb.append('\n');\r
+ detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)");\r
+ api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.PermRequest;\r
+\r
+/**\r
+ *\r
+ */\r
+public class Delete extends Cmd {\r
+ public Delete(Perm parent) {\r
+ super(parent,"delete", \r
+ new Param("type",true), \r
+ new Param("instance",true),\r
+ new Param("action", true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ // Object Style Delete\r
+ PermRequest pk = new PermRequest();\r
+ pk.setType(args[idx++]);\r
+ pk.setInstance(args[idx++]);\r
+ pk.setAction(args[idx++]);\r
+ \r
+ // Set "Force" if set\r
+ setQueryParamsOn(client);\r
+ Future<PermRequest> fp = client.delete(\r
+ "/authz/perm", \r
+ getDF(PermRequest.class),\r
+ pk);\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Deleted Permission");\r
+ } else {\r
+ if(fp.code()==202) {\r
+ pw().println("Permission Deletion Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Delete a Permission with type,instance and action");\r
+ detailLine(sb,indent+4,"see Create for definitions");\r
+ api(sb,indent,HttpMethods.DELETE,"authz/perm",PermRequest.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.PermRequest;\r
+\r
+public class Describe extends Cmd {\r
+ private static final String PERM_PATH = "/authz/perm";\r
+ public Describe(Perm parent) {\r
+ super(parent,"describe", \r
+ new Param("type",true),\r
+ new Param("instance", true),\r
+ new Param("action", true),\r
+ new Param("description",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String type = args[idx++];\r
+ String instance = args[idx++];\r
+ String action = args[idx++];\r
+ StringBuilder desc = new StringBuilder();\r
+ while (idx < args.length) {\r
+ desc.append(args[idx++] + ' ');\r
+ }\r
+ \r
+ PermRequest pr = new PermRequest();\r
+ pr.setType(type);\r
+ pr.setInstance(instance);\r
+ pr.setAction(action);\r
+ pr.setDescription(desc.toString());\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(pr);\r
+ \r
+ Future<PermRequest> fp = null;\r
+ int rv;\r
+\r
+ fp = client.update(\r
+ PERM_PATH,\r
+ getDF(PermRequest.class),\r
+ pr\r
+ );\r
+\r
+ if(fp.get(AAFcli.timeout())) {\r
+ rv=fp.code();\r
+ pw().println("Description added to Permission");\r
+ } else {\r
+ if((rv=fp.code())==202) {\r
+ pw().print("Adding description");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Add a description to a permission");\r
+ api(sb,indent,HttpMethods.PUT,"authz/perm",PermRequest.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.RolePermRequest;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class Grant extends Cmd {\r
+ private final static String[] options = {"grant","ungrant","setTo"};\r
+\r
+ public Grant(Perm parent) {\r
+ super(parent,null,\r
+ new Param(optionsToString(options),true),\r
+ new Param("type",true),\r
+ new Param("instance",true),\r
+ new Param("action",true),\r
+ new Param("role[,role]* (!REQ S)",false)\r
+ ); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String action = args[idx++];\r
+ int option = whichOption(options, action);\r
+ \r
+ RolePermRequest rpr = new RolePermRequest();\r
+ Pkey pk = new Pkey();\r
+ pk.setType(args[idx++]);\r
+ pk.setInstance(args[idx++]);\r
+ pk.setAction(args[idx++]);\r
+ rpr.setPerm(pk);\r
+ setStartEnd(rpr);\r
+ \r
+ Future<RolePermRequest> frpr = null;\r
+ \r
+ if (option != 2) {\r
+ String[] roles = args[idx++].split(",");\r
+ String strA,strB;\r
+ for(String role : roles) {\r
+ rpr.setRole(role);\r
+ if(option==0) {\r
+ // You can request to Grant Permission to a Role\r
+ setQueryParamsOn(client);\r
+ frpr = client.create(\r
+ "/authz/role/perm", \r
+ getDF(RolePermRequest.class),\r
+ rpr\r
+ );\r
+ strA = "Granted Permission [";\r
+ strB = "] to Role [";\r
+ } else {\r
+ // You can request to UnGrant Permission to a Role\r
+ setQueryParamsOn(client);\r
+ frpr = client.delete(\r
+ "/authz/role/" + role + "/perm", \r
+ getDF(RolePermRequest.class),\r
+ rpr\r
+ );\r
+ strA = "UnGranted Permission [";\r
+ strB = "] from Role [";\r
+ }\r
+ if(frpr.get(AAFcli.timeout())) {\r
+ pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction() \r
+ + strB + role +']');\r
+ } else {\r
+ if (frpr.code()==202) {\r
+ pw().print("Permission Role ");\r
+ pw().print(option==0?"Granted":"Ungranted");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(frpr);\r
+ idx=Integer.MAX_VALUE;\r
+ } \r
+ }\r
+ }\r
+ } else {\r
+ String allRoles = "";\r
+ if (idx < args.length) \r
+ allRoles = args[idx++];\r
+ \r
+ rpr.setRole(allRoles);\r
+ frpr = client.update(\r
+ "/authz/role/perm", \r
+ getDF(RolePermRequest.class), \r
+ rpr);\r
+ if(frpr.get(AAFcli.timeout())) {\r
+ pw().println("Set Permission's Roles to [" + allRoles + "]");\r
+ } else {\r
+ error(frpr);\r
+ } \r
+ } \r
+ return frpr==null?0:frpr.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");\r
+ detailLine(sb,indent,"Ungrant a Permission from a Role or Roles OR");\r
+ detailLine(sb,indent,"Set a Permission's roles to roles supplied.");\r
+ detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");\r
+ detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");\r
+ detailLine(sb,indent,"see Create for definitions of type,instance and action");\r
+ api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);\r
+ api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Pkey;\r
+\r
+\r
+public class List extends BaseCmd<Perm> {\r
+// private static final String LIST_PERM_DETAILS = "list permission details";\r
+ \r
+ public List(Perm parent) {\r
+ super(parent,"list");\r
+\r
+ cmds.add(new ListByUser(this));\r
+ cmds.add(new ListByName(this));\r
+ cmds.add(new ListByNS(this));\r
+ cmds.add(new ListByRole(this));\r
+ cmds.add(new ListActivity(this));\r
+ }\r
+ // Package Level on purpose\r
+ abstract class ListPerms extends Retryable<Integer> {\r
+ protected int list(Future<Perms> fp,Rcli<?> client, String header, String parentPerm) throws CadiException, APIException {\r
+ if(fp.get(AAFcli.timeout())) { \r
+ ArrayList<String> permNss = null;\r
+ if (aafcli.isDetailed()) {\r
+ permNss = new ArrayList<String>();\r
+ String permNs = null;\r
+ for(Pkey perm : fp.value.getPerm()) { \r
+ if (permNs != null && perm.getType().contains(permNs)) {\r
+ permNss.add(permNs);\r
+ } else {\r
+ Future<Nss> fpn = null;\r
+ String permType = perm.getType();\r
+ permNs = permType;\r
+ do {\r
+ permNs = permType.substring(0,permNs.lastIndexOf('.'));\r
+ fpn = client.read("/authz/nss/"+permNs,getDF(Nss.class));\r
+ } while (!fpn.get(AAFcli.timeout()));\r
+ permNss.add(permNs);\r
+ }\r
+ } \r
+ } \r
+ report(fp,permNss,header, parentPerm);\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ }\r
+\r
+ private static final Comparator<aaf.v2_0.Perm> permCompare = new Comparator<aaf.v2_0.Perm>() {\r
+ @Override\r
+ public int compare(aaf.v2_0.Perm a, aaf.v2_0.Perm b) {\r
+ int rc;\r
+ if((rc=a.getType().compareTo(b.getType()))!=0) {\r
+ return rc;\r
+ }\r
+ if((rc=a.getInstance().compareTo(b.getInstance()))!=0) {\r
+ return rc;\r
+ }\r
+ return a.getAction().compareTo(b.getAction());\r
+ }\r
+ };\r
+ \r
+ void report(Future<Perms> fp, ArrayList<String> permNss, String ... str) {\r
+ reportHead(str);\r
+ if (this.aafcli.isDetailed()) { \r
+ String format = reportColHead("%-20s %-15s %-30s %-15s\n %-75s\n","PERM NS","Type","Instance","Action", "Description");\r
+ Collections.sort(fp.value.getPerm(),permCompare);\r
+ for(aaf.v2_0.Perm p : fp.value.getPerm()) {\r
+ String permNs = permNss.remove(0);\r
+ pw().format(format,\r
+ permNs,\r
+ p.getType().substring(permNs.length()+1),\r
+ p.getInstance(),\r
+ p.getAction(),\r
+ p.getDescription()==null?"":p.getDescription());\r
+ }\r
+ pw().println();\r
+ } else {\r
+ String format = reportColHead("%-30s %-30s %-10s\n","PERM Type","Instance","Action");\r
+\r
+ Collections.sort(fp.value.getPerm(),permCompare);\r
+ for(aaf.v2_0.Perm p : fp.value.getPerm()) {\r
+ pw().format(format,\r
+ p.getType(),\r
+ p.getInstance(),\r
+ p.getAction());\r
+ }\r
+ pw().println();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.History;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListActivity extends Cmd {\r
+ private static final String HEADER = "List Activity of Permission";\r
+ \r
+ public ListActivity(List parent) {\r
+ super(parent,"activity", \r
+ new Param("type",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String type = args[idx++];\r
+ Future<History> fp = client.read(\r
+ "/authz/hist/perm/"+type, \r
+ getDF(History.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ activity(fp.value, HEADER + " [ " + type + " ]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/hist/perm/<type>",History.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Perms;\r
+\r
+/**\r
+ * Return Perms by NS\r
+ * \r
+ *\r
+ */\r
+public class ListByNS extends Cmd {\r
+ private static final String HEADER = "List Perms by NS ";\r
+ \r
+ public ListByNS(List parent) {\r
+ super(parent,"ns", \r
+ new Param("name",true)); \r
+ }\r
+\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final String ns=args[idx];\r
+\r
+ return same(((List)parent).new ListPerms() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Perms> fp = client.read(\r
+ "/authz/perms/ns/"+ns, \r
+ getDF(Perms.class)\r
+ );\r
+ return list(fp,client, HEADER, ns);\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/ns/<ns>",Perms.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Perms;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class ListByName extends Cmd {\r
+ private static final String HEADER = "List Child Permissions";\r
+ \r
+ public ListByName(List parent) {\r
+ super(parent,"name", \r
+ new Param("root perm name",true)); \r
+ }\r
+\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(((List)parent).new ListPerms() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ String parentPerm=args[index];\r
+ \r
+ Future<Perms> fp = client.read(\r
+ "/authz/perms/"+parentPerm, \r
+ getDF(Perms.class) \r
+ );\r
+ return list(fp,client,HEADER,parentPerm);\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/<parent type>",Perms.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Perms;\r
+\r
+/**\r
+ * Return Perms by Role\r
+ * \r
+ *\r
+ */\r
+public class ListByRole extends Cmd {\r
+ private static final String HEADER = "List Perms by Role ";\r
+ \r
+ public ListByRole(List parent) {\r
+ super(parent,"role", \r
+ new Param("name",true)); \r
+ }\r
+\r
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final String role=args[idx];\r
+\r
+ return same(((List)parent).new ListPerms() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+\r
+ Future<Perms> fp = client.read(\r
+ "/authz/perms/role/"+role, \r
+ getDF(Perms.class)\r
+ );\r
+ return list(fp,client, HEADER, role);\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/role/<role>",Perms.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Perms;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class ListByUser extends Cmd {\r
+ private static final String HEADER = "List Permissions by User";\r
+ public ListByUser(List parent) {\r
+ super(parent,"user", \r
+ new Param("id",true)); \r
+ }\r
+\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ String user=args[idx];\r
+ String realm = getOrgRealm();\r
+ final String fullUser;\r
+ if (user.indexOf('@') < 0 && realm != null) \r
+ fullUser = user + '@' + realm;\r
+ else\r
+ fullUser = user;\r
+ \r
+ return same(((List)parent).new ListPerms() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Perms> fp = client.read(\r
+ "/authz/perms/user/"+fullUser, \r
+ getDF(Perms.class)\r
+ );\r
+ return list(fp, client, HEADER, fullUser);\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/perms/user/<user id>",Perms.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Perm extends BaseCmd<Perm> {\r
+ Role role;\r
+\r
+ public Perm(Role role) throws APIException {\r
+ super(role.aafcli, "perm");\r
+ this.role = role;\r
+\r
+ cmds.add(new Create(this));\r
+ cmds.add(new Delete(this));\r
+ cmds.add(new Grant(this));\r
+ cmds.add(new Rename(this));\r
+ cmds.add(new Describe(this));\r
+ cmds.add(new List(this));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.PermRequest;\r
+\r
+public class Rename extends Cmd {\r
+ public Rename(Perm parent) {\r
+ super(parent,"rename", \r
+ new Param("type",true), \r
+ new Param("instance",true),\r
+ new Param("action", true),\r
+ new Param("new type",true), \r
+ new Param("new instance",true),\r
+ new Param("new action", true)\r
+ );\r
+ }\r
+ \r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String origType = args[idx++];\r
+ String origInstance = args[idx++];\r
+ String origAction = args[idx++];\r
+ \r
+ //Create new permission\r
+ PermRequest pr = new PermRequest();\r
+ pr.setType(args[idx++]);\r
+ pr.setInstance(args[idx++]);\r
+ pr.setAction(args[idx++]);\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(pr);\r
+ Future<PermRequest> fp = client.update(\r
+ "/authz/perm/"+origType+"/"+origInstance+"/"+origAction,\r
+ getDF(PermRequest.class),\r
+ pr\r
+ );\r
+ int rv;\r
+ if(fp.get(AAFcli.timeout())) {\r
+ rv = fp.code();\r
+ pw().println("Updated Permission");\r
+ } else {\r
+ rv = fp.code();\r
+ if(rv==202) {\r
+ pw().println("Permission Update Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ \r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Rename a Permission from:");\r
+ detailLine(sb,indent+2,"<type> <instance> <action>");\r
+ detailLine(sb,indent,"to:");\r
+ detailLine(sb,indent+2,"<new type> <new instance> <new action>");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"Namespace must be the same in <type> and <new type>");\r
+ detailLine(sb,indent+4,"see Create for definitions of type,instance and action");\r
+ api(sb,indent,HttpMethods.PUT,"authz/perm/<type>/<instance>/<action>",PermRequest.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.RoleRequest;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class CreateDelete extends Cmd {\r
+ private static final String ROLE_PATH = "/authz/role";\r
+ private final static String[] options = {"create","delete"};\r
+ public CreateDelete(Role parent) {\r
+ super(parent,null, \r
+ new Param(optionsToString(options),true),\r
+ new Param("name",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String action = args[idx++];\r
+ int option = whichOption(options, action);\r
+ \r
+ RoleRequest rr = new RoleRequest();\r
+ rr.setName(args[idx++]);\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(rr);\r
+ \r
+ Future<RoleRequest> fp = null;\r
+ String verb = null;\r
+ int rv;\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create(\r
+ ROLE_PATH,\r
+ getDF(RoleRequest.class),\r
+ rr\r
+ );\r
+ verb = "Create";\r
+ break;\r
+ case 1:\r
+ // Send "Force" if set\r
+ setQueryParamsOn(client);\r
+ fp = client.delete(\r
+ ROLE_PATH, // +args[idx++], \r
+ getDF(RoleRequest.class),\r
+ rr\r
+ );\r
+ verb = "Delete";\r
+ break;\r
+ default: // note, if not an option, whichOption throws Exception\r
+ break;\r
+ \r
+ }\r
+ boolean rolesSupplied = (args.length>idx);\r
+ if(fp.get(AAFcli.timeout())) {\r
+ rv=fp.code();\r
+ pw().print(verb);\r
+ pw().println("d Role");\r
+ if(rolesSupplied) {\r
+ for(;args.length>idx;++idx ) {\r
+ try {\r
+ if(201!=(rv=((Role)parent)._exec(0,new String[] {"user","add",rr.getName(),args[idx]}))) {\r
+ rv = HttpStatus.PARTIAL_CONTENT_206;\r
+ }\r
+ } catch (LocatorException e) {\r
+ throw new CadiException(e);\r
+ }\r
+ }\r
+ }\r
+ } else {\r
+ if((rv=fp.code())==202) {\r
+ pw().print("Role ");\r
+ pw().print(verb);\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Create OR Delete a Role");\r
+ detailLine(sb,indent+2,"name - Name of Role to create");\r
+ api(sb,indent,HttpMethods.POST,"authz/role",RoleRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/role",RoleRequest.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.RoleRequest;\r
+\r
+public class Describe extends Cmd {\r
+ private static final String ROLE_PATH = "/authz/role";\r
+ public Describe(Role parent) {\r
+ super(parent,"describe", \r
+ new Param("name",true),\r
+ new Param("description",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String role = args[idx++];\r
+ StringBuilder desc = new StringBuilder();\r
+ while (idx < args.length) {\r
+ desc.append(args[idx++] + ' ');\r
+ }\r
+ \r
+ RoleRequest rr = new RoleRequest();\r
+ rr.setName(role);\r
+ rr.setDescription(desc.toString());\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(rr);\r
+ \r
+ Future<RoleRequest> fp = null;\r
+ int rv;\r
+\r
+ fp = client.update(\r
+ ROLE_PATH,\r
+ getDF(RoleRequest.class),\r
+ rr\r
+ );\r
+\r
+ if(fp.get(AAFcli.timeout())) {\r
+ rv=fp.code();\r
+ pw().println("Description added to role");\r
+ } else {\r
+ if((rv=fp.code())==202) {\r
+ pw().print("Adding description");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Add a description to a role");\r
+ api(sb,indent,HttpMethods.PUT,"authz/role",RoleRequest.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+import java.util.HashMap;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.Roles;\r
+\r
+\r
+\r
+public class List extends BaseCmd<Role> {\r
+ private static final String LIST_ROLES_BY_NAME = "list roles for role";\r
+\r
+ public List(Role parent) {\r
+ super(parent,"list");\r
+ cmds.add(new ListByUser(this));\r
+ cmds.add(new ListByRole(this));\r
+ cmds.add(new ListByNS(this));\r
+ cmds.add(new ListByNameOnly(this));\r
+ cmds.add(new ListByPerm(this));\r
+ cmds.add(new ListActivity(this));\r
+ }\r
+ \r
+ // Package Level on purpose\r
+ abstract class ListRoles extends Retryable<Integer> {\r
+ protected int list(Future<Roles> fp,Rcli<?> client, String header) throws APIException, CadiException {\r
+ if(fp.get(AAFcli.timeout())) {\r
+ Future<Nss> fn = null;\r
+ ArrayList<String> roleNss = null;\r
+ ArrayList<String> permNss = null;\r
+ if (aafcli.isDetailed()) {\r
+ roleNss = new ArrayList<String>();\r
+ permNss = new ArrayList<String>();\r
+ for(aaf.v2_0.Role p : fp.value.getRole()) {\r
+ String roleNs = p.getName();\r
+ do {\r
+ roleNs = p.getName().substring(0,roleNs.lastIndexOf('.'));\r
+ fn = client.read("/authz/nss/"+roleNs,getDF(Nss.class));\r
+ } while (!fn.get(AAFcli.timeout()));\r
+ roleNss.add(roleNs);\r
+ \r
+ for(Pkey perm : p.getPerms()) {\r
+ if (perm.getType().contains(roleNs))\r
+ permNss.add(roleNs);\r
+ else {\r
+ Future<Nss> fpn = null;\r
+ String permType = perm.getType();\r
+ String permNs = permType;\r
+ do {\r
+ permNs = permType.substring(0,permNs.lastIndexOf('.'));\r
+ fpn = client.read("/authz/nss/"+permNs,getDF(Nss.class));\r
+ } while (!fpn.get(AAFcli.timeout()));\r
+ permNss.add(permNs);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ report(fp,roleNss,permNss,null,header);\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ }\r
+\r
+ private final static String roleFormat = "%-50s\n";\r
+ \r
+ private static final Comparator<aaf.v2_0.Role> roleCompare = new Comparator<aaf.v2_0.Role>() {\r
+ @Override\r
+ public int compare(aaf.v2_0.Role a, aaf.v2_0.Role b) {\r
+ return a.getName().compareTo(b.getName());\r
+ }\r
+ };\r
+ public void report(Future<Roles> fp, ArrayList<String> roleNss, ArrayList<String> permNss,\r
+ HashMap<String,Boolean> expiredMap, String ... str) {\r
+ reportHead(str);\r
+ if (fp != null && aafcli.isDetailed() && str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) {\r
+ String description = fp.value.getRole().get(0).getDescription();\r
+ if (description == null) description = "";\r
+ reportColHead("%-80s\n","Description: " + description);\r
+ } \r
+\r
+ if(fp==null) {\r
+ pw().println("<No Roles Found>");\r
+ } else if (aafcli.isDetailed()){\r
+ String permFormat = " %-20s %-15s %-30s %-15s\n";\r
+ String fullFormat = roleFormat+permFormat;\r
+ reportColHead(fullFormat,"[ROLE NS].Name","PERM NS","Type","Instance","Action");\r
+ Collections.sort(fp.value.getRole(),roleCompare);\r
+ for(aaf.v2_0.Role p : fp.value.getRole()) {\r
+ String roleNs = roleNss.remove(0);\r
+ pw().format(roleFormat, "["+roleNs+"]"+p.getName().substring(roleNs.length()));\r
+ for(Pkey perm : p.getPerms()) {\r
+ String permNs = permNss.remove(0);\r
+ pw().format(permFormat, \r
+ permNs,\r
+ perm.getType().substring(permNs.length()+1),\r
+ perm.getInstance(),\r
+ perm.getAction());\r
+ }\r
+ }\r
+ } else {\r
+ String permFormat = " %-30s %-30s %-15s\n";\r
+ String fullFormat = roleFormat+permFormat;\r
+ reportColHead(fullFormat,"ROLE Name","PERM Type","Instance","Action");\r
+ Collections.sort(fp.value.getRole(),roleCompare);\r
+ for(aaf.v2_0.Role p : fp.value.getRole()) {\r
+ if (expiredMap != null) {\r
+ String roleName = p.getName();\r
+ Boolean b = expiredMap.get(roleName);\r
+ if (b != null && b.booleanValue())\r
+ pw().format(roleFormat, roleName+"*");\r
+ else {\r
+ pw().format(roleFormat, roleName);\r
+ for(Pkey perm : p.getPerms()) {\r
+ pw().format(permFormat, \r
+ perm.getType(),\r
+ perm.getInstance(),\r
+ perm.getAction());\r
+ }\r
+ }\r
+ } else {\r
+ pw().format(roleFormat, p.getName());\r
+ for(Pkey perm : p.getPerms()) {\r
+ pw().format(permFormat, \r
+ perm.getType(),\r
+ perm.getInstance(),\r
+ perm.getAction());\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.History;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListActivity extends Cmd {\r
+ private static final String HEADER = "List Activity of Role";\r
+\r
+ public ListActivity(List parent) {\r
+ super(parent,"activity", \r
+ new Param("name",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String role = args[idx++];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<History> fp = client.read(\r
+ "/authz/hist/role/"+role, \r
+ getDF(History.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ activity(fp.value,HEADER + " [ " + role + " ]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/hist/role/<role>",History.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Roles;\r
+\r
+/**\r
+ * Return Roles by NS\r
+ * \r
+ *\r
+ */\r
+public class ListByNS extends Cmd {\r
+ private static final String HEADER = "List Roles by NS ";\r
+ \r
+ public ListByNS(List parent) {\r
+ super(parent,"ns", \r
+ new Param("name",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final String ns=args[idx];\r
+\r
+ return same(((List)parent).new ListRoles() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Roles> fp = client.read(\r
+ "/authz/roles/ns/"+ns, \r
+ getDF(Roles.class)\r
+ );\r
+ return list(fp,client, HEADER+"["+ns+"]");\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/name/<ns>",Roles.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Roles;\r
+\r
+/**\r
+ * Return Roles by NS\r
+ * \r
+ *\r
+ */\r
+public class ListByNameOnly extends Cmd {\r
+ private static final String HEADER = "List Roles by Name ";\r
+ \r
+ public ListByNameOnly(List parent) {\r
+ super(parent,"name", \r
+ new Param("name",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ final String name=args[idx];\r
+\r
+ return same(((List)parent).new ListRoles() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Roles> fp = client.read(\r
+ "/authz/roles/name/"+name, \r
+ getDF(Roles.class)\r
+ );\r
+ return list(fp,client, HEADER+"["+name+"]");\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/name/<name>",Roles.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Roles;\r
+\r
+/**\r
+ * Return Roles by NS\r
+ * \r
+ *\r
+ */\r
+public class ListByPerm extends Cmd {\r
+ private static final String HEADER = "List Roles by Perm ";\r
+ \r
+ public ListByPerm(List parent) {\r
+ super(parent,"perm", \r
+ new Param("type",true),\r
+ new Param("instance", true),\r
+ new Param("action", true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String type=args[idx];\r
+ final String instance=args[++idx];\r
+ final String action=args[++idx];\r
+\r
+ return same(((List)parent).new ListRoles() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+\r
+ Future<Roles> fp = client.read(\r
+ "/authz/roles/perm/"+type+'/'+instance+'/'+action, \r
+ getDF(Roles.class)\r
+ );\r
+ return list(fp,client, HEADER+type+'|'+instance+'|'+action);\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/user/<user>",Roles.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Roles;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class ListByRole extends Cmd {\r
+ private static final String HEADER="List Roles for Role";\r
+ \r
+ public ListByRole(List parent) {\r
+ super(parent,"role", \r
+ new Param("role",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(((List)parent).new ListRoles() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ String role=args[idx]; \r
+ Future<Roles> fp = client.read(\r
+ "/authz/roles/"+role, \r
+ getDF(Roles.class) \r
+ );\r
+ return list(fp,client,HEADER+"["+role+"]");\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/<role>",Roles.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import java.util.ArrayList;\r
+import java.util.HashMap;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Chrono;\r
+\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.Users;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListByUser extends Cmd {\r
+ private static final String HEADER = "List Roles for User ";\r
+ \r
+ public ListByUser(List parent) {\r
+ super(parent,"user", \r
+ new Param("id",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec( int idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ String user=args[idx];\r
+ String realm = getOrgRealm();\r
+ final String fullUser;\r
+ if (user.indexOf('@') < 0 && realm != null) {\r
+ fullUser = user + '@' + realm;\r
+ } else {\r
+ fullUser = user;\r
+ }\r
+\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+\r
+ Future<Roles> fp = client.read(\r
+ "/authz/roles/user/"+fullUser, \r
+ getDF(Roles.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ Future<Nss> fn = null;\r
+ ArrayList<String> roleNss = null;\r
+ ArrayList<String> permNss = null;\r
+ HashMap<String, Boolean> expiredMap = new HashMap<String, Boolean>();\r
+ if (aafcli.isDetailed()) {\r
+ roleNss = new ArrayList<String>();\r
+ permNss = new ArrayList<String>();\r
+ for(aaf.v2_0.Role p : fp.value.getRole()) {\r
+ String roleNs = p.getName();\r
+ do {\r
+ roleNs = p.getName().substring(0,roleNs.lastIndexOf('.'));\r
+ fn = client.read("/authz/nss/"+roleNs,getDF(Nss.class));\r
+ } while (!fn.get(AAFcli.timeout()));\r
+ roleNss.add(roleNs);\r
+ \r
+ for(Pkey perm : p.getPerms()) {\r
+ if (perm.getType().contains(roleNs)) {\r
+ permNss.add(roleNs);\r
+ } else {\r
+ Future<Nss> fpn = null;\r
+ String permType = perm.getType();\r
+ String permNs = permType;\r
+ do {\r
+ permNs = permType.substring(0,permNs.lastIndexOf('.'));\r
+ fpn = client.read("/authz/nss/"+permNs,getDF(Nss.class));\r
+ } while (!fpn.get(AAFcli.timeout()));\r
+ permNss.add(permNs);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ if (fp.value != null) {\r
+ for(aaf.v2_0.Role p : fp.value.getRole()) {\r
+ Future<Users> fu = client.read(\r
+ "/authz/userRole/"+fullUser+"/"+p.getName(), \r
+ getDF(Users.class)\r
+ );\r
+ if (fu.get(5000)) {\r
+ if(fu.value != null) {\r
+ for (Users.User u : fu.value.getUser()) {\r
+ if(u.getExpires().normalize().compare(Chrono.timeStamp().normalize()) > 0) {\r
+ expiredMap.put(p.getName(), new Boolean(false));\r
+ } else {\r
+ expiredMap.put(p.getName(), new Boolean(true));\r
+ }\r
+ }\r
+ }\r
+ }\r
+ } \r
+ }\r
+ \r
+ ((List)parent).report(fp,roleNss,permNss,expiredMap,HEADER,fullUser);\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/roles/user/<user>",Roles.class,true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class Role extends BaseCmd<Role> {\r
+ public List list;\r
+\r
+ public Role(AAFcli aafcli) throws APIException {\r
+ super(aafcli, "role");\r
+ cmds.add(new CreateDelete(this));\r
+// cmds.add(new Delete(this));\r
+ cmds.add(new User(this));\r
+ cmds.add(new Describe(this));\r
+ cmds.add(list = new List(this));\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.UserRoleRequest;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class User extends Cmd {\r
+ private final static String[] options = {"add","del","setTo","extend"};\r
+ public User(Role parent) {\r
+ super(parent,"user", \r
+ new Param(optionsToString(options),true),\r
+ new Param("role",true),\r
+ new Param("id[,id]* (not required for setTo)",false)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String realm = getOrgRealm();\r
+ String action = args[idx++];\r
+ int option = whichOption(options, action);\r
+ UserRoleRequest urr = new UserRoleRequest();\r
+ urr.setRole(args[idx++]);\r
+ // Set Start/End commands\r
+ setStartEnd(urr);\r
+ \r
+ Future<?> fp = null;\r
+ \r
+ if (option != 2) {\r
+ String[] ids = args[idx++].split(",");\r
+ String verb=null,participle=null;\r
+ // You can request to be added or removed from role.\r
+ setQueryParamsOn(client);\r
+\r
+ for(String id: ids) {\r
+ if (id.indexOf('@') < 0 && realm != null) id += '@' + realm;\r
+ urr.setUser(id);\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create(\r
+ "/authz/userRole", \r
+ getDF(UserRoleRequest.class), \r
+ urr);\r
+ verb = "Added";\r
+ participle = "] to Role [" ;\r
+ break;\r
+ case 1:\r
+ fp = client.delete(\r
+ "/authz/userRole/"+urr.getUser()+'/'+urr.getRole(), \r
+ Void.class);\r
+ verb = "Removed";\r
+ participle = "] from Role [" ;\r
+ break;\r
+ case 3:\r
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());\r
+ verb = "Extended";\r
+ participle = "] in Role [" ;\r
+ break;\r
+\r
+ default: // actually, should never get here...\r
+ throw new CadiException("Invalid action [" + action + ']');\r
+ }\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().print(verb);\r
+ pw().print(" User [");\r
+ pw().print(urr.getUser());\r
+ pw().print(participle);\r
+ pw().print(urr.getRole());\r
+ pw().println(']');\r
+ } else {\r
+ switch(fp.code()) {\r
+ case 202:\r
+ pw().print("User Role ");\r
+ pw().print(action);\r
+ pw().println(" is Accepted, but requires Approvals before actualizing");\r
+ break;\r
+ case 404:\r
+ if(option==3) {\r
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");\r
+ break;\r
+ }\r
+ default:\r
+ error(fp);\r
+ }\r
+ }\r
+ }\r
+ } else {\r
+ String allUsers = "";\r
+ if (idx < args.length) \r
+ allUsers = args[idx++];\r
+ StringBuilder finalUsers = new StringBuilder(); \r
+ for (String u : allUsers.split(",")) {\r
+ if (u != "") {\r
+ if (u.indexOf('@') < 0 && realm != null) u += '@' + realm;\r
+ if (finalUsers.length() > 0) finalUsers.append(",");\r
+ finalUsers.append(u);\r
+ }\r
+ }\r
+\r
+ urr.setUser(finalUsers.toString());\r
+ fp = client.update(\r
+ "/authz/userRole/role", \r
+ getDF(UserRoleRequest.class), \r
+ urr);\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Set the Role to Users [" + allUsers + "]");\r
+ } else {\r
+ error(fp);\r
+ } \r
+ }\r
+ return fp==null?0:fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Add OR Delete a User to/from a Role OR");\r
+ detailLine(sb,indent,"Set a User's Roles to the roles supplied");\r
+ detailLine(sb,indent+2,"role - Name of Role to create");\r
+ detailLine(sb,indent+2,"id(s) - ID or IDs to add to the Role");\r
+ sb.append('\n');\r
+ detailLine(sb,indent+2,"Note: this is the same as \"user role add...\" except allows");\r
+ detailLine(sb,indent+2,"assignment of role to multiple userss");\r
+ detailLine(sb,indent+2,"WARNING: Users supplied with setTo will be the ONLY users attached to this role");\r
+ detailLine(sb,indent+2,"If no users are supplied, the users attached to this role are reset.");\r
+ api(sb,indent,HttpMethods.POST,"authz/userRole",UserRoleRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/userRole/<user>/<role>",Void.class,false);\r
+ api(sb,indent,HttpMethods.PUT,"authz/userRole/<role>",UserRoleRequest.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.CredRequest;\r
+\r
+public class Cred extends Cmd {\r
+ private static final String CRED_PATH = "/authn/cred";\r
+ private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};\r
+// private Clean clean;\r
+ public Cred(User parent) {\r
+ super(parent,"cred",\r
+ new Param(optionsToString(options),true),\r
+ new Param("id",true),\r
+ new Param("password (! D|E)",false),\r
+ new Param("entry# (if multi)",false)\r
+ );\r
+// clean = new Clean(this);\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException { \r
+ int idx = _idx;\r
+ String key = args[idx++];\r
+ final int option = whichOption(options,key);\r
+\r
+ final CredRequest cr = new CredRequest();\r
+ cr.setId(args[idx++]);\r
+ if(option!=1 && option!=3) {\r
+ if(idx>=args.length) throw new CadiException("Password Required");\r
+ cr.setPassword(args[idx++]);\r
+ }\r
+ if(args.length>idx)\r
+ cr.setEntry(args[idx++]);\r
+ \r
+ // Set Start/End commands\r
+ setStartEnd(cr);\r
+// final int cleanIDX = _idx+1;\r
+ Integer ret = same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<CredRequest> fp=null;\r
+ String verb =null;\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create(\r
+ CRED_PATH, \r
+ getDF(CredRequest.class), \r
+ cr\r
+ );\r
+ verb = "Added Credential [";\r
+ break;\r
+ case 1:\r
+// if(aafcli.addForce())cr.setForce("TRUE");\r
+ setQueryParamsOn(client);\r
+ fp = client.delete(CRED_PATH,\r
+ getDF(CredRequest.class),\r
+ cr\r
+ );\r
+ verb = "Deleted Credential [";\r
+ break;\r
+ case 2:\r
+ fp = client.update(\r
+ CRED_PATH,\r
+ getDF(CredRequest.class),\r
+ cr\r
+ );\r
+ verb = "Reset Credential [";\r
+ break;\r
+ case 3:\r
+ fp = client.update(\r
+ CRED_PATH+"/5",\r
+ getDF(CredRequest.class),\r
+ cr\r
+ );\r
+ verb = "Extended Credential [";\r
+ break;\r
+// case 4:\r
+// return clean.exec(cleanIDX, args);\r
+ }\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().print(verb);\r
+ pw().print(cr.getId());\r
+ pw().println(']');\r
+ } else if(fp.code()==202) {\r
+ pw().println("Credential Action Accepted, but requires Approvals before actualizing");\r
+ } else if(fp.code()==406 && option==1) {\r
+ pw().println("You cannot delete this Credential");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ if(ret==null)ret = -1;\r
+ return ret;\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Add, Delete or Reset Credential");\r
+ indent+=2;\r
+ detailLine(sb,indent,"id - the ID to create/delete/reset within AAF");\r
+ detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");\r
+ detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");\r
+ detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");\r
+ detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");\r
+ detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");\r
+ sb.append('\n'); \r
+ detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);\r
+ api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import java.text.ParseException;\r
+import java.util.Date;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.util.Chrono;\r
+import com.att.rosetta.env.RosettaDF;\r
+\r
+import aaf.v2_0.DelgRequest;\r
+\r
+public class Delg extends BaseCmd<User> {\r
+ static final String AUTHZ_DELG = "/authz/delegate";\r
+ private final static String[] options = {"add","upd","del"};\r
+\r
+ public Delg(User user) throws APIException {\r
+ super(user,"delegate",\r
+ new Param(optionsToString(options),true),\r
+ new Param("from",true),\r
+ new Param("to REQ A&U",false),\r
+ new Param("until (YYYY-MM-DD) REQ A", false)\r
+ );\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String realm = getOrgRealm();\r
+ DelgRequest dr = new DelgRequest();\r
+ setStartEnd(dr);\r
+ \r
+ int option= whichOption(options, args[idx++]);\r
+ String user = args[idx++];\r
+ if (user.indexOf('@') < 0 && realm != null) user += '@' + realm;\r
+ dr.setUser(user);\r
+ if(option<2) {\r
+ String delegate = args[idx++];\r
+ if (delegate.indexOf('@') < 0 && realm != null) delegate += '@' + realm;\r
+ dr.setDelegate(delegate);\r
+ if(option<2 && args.length>idx) {\r
+ Date date;\r
+ try {\r
+ date = Chrono.dateOnlyFmt.parse(args[idx++]);\r
+ } catch (ParseException e) {\r
+ throw new CadiException(e);\r
+ }\r
+ dr.setEnd(Chrono.timeStamp(date));\r
+ }\r
+ }\r
+ \r
+ Future<DelgRequest> fp;\r
+ RosettaDF<DelgRequest> df = getDF(DelgRequest.class);\r
+ String verb;\r
+ setQueryParamsOn(client);\r
+\r
+ switch(option) {\r
+ case 0: \r
+ fp = client.create(AUTHZ_DELG, df, dr);\r
+ verb = "Added";\r
+ break;\r
+ case 1: \r
+ fp = client.update(AUTHZ_DELG, df, dr); \r
+ verb = "Updated";\r
+ break;\r
+ case 2: \r
+ fp = client.delete(AUTHZ_DELG, df, dr); \r
+ verb = "Deleted";\r
+ break;\r
+ default:\r
+ throw new CadiException("Bad Argument");\r
+ };\r
+ \r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().append("Delegate ");\r
+ pw().println(verb);\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,"Add, Update or Delete Delegate");\r
+ indent+=2;\r
+ detailLine(sb,indent,"A Delegate is a person who will temporarily cover the Approval and");\r
+ detailLine(sb,indent,"Ownership questions on behalf of the person Responsible.");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"fromID - the person who is the Responsible person of record");\r
+ detailLine(sb,indent,"toID - the person who will be delegated (required for Add/Update)");\r
+ detailLine(sb,indent,"until - the end date for this delegation");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.POST,AUTHZ_DELG,DelgRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,AUTHZ_DELG,DelgRequest.class,false);\r
+ api(sb,indent,HttpMethods.PUT,AUTHZ_DELG,DelgRequest.class,false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.util.Chrono;\r
+\r
+import aaf.v2_0.Approval;\r
+import aaf.v2_0.Approvals;\r
+import aaf.v2_0.Delg;\r
+import aaf.v2_0.Delgs;\r
+import aaf.v2_0.Users;\r
+\r
+public class List extends BaseCmd<User> {\r
+\r
+ public List(User parent) {\r
+ super(parent,"list");\r
+ cmds.add(new ListForRoles(this));\r
+ cmds.add(new ListForPermission(this));\r
+ cmds.add(new ListForCreds(this));\r
+ cmds.add(new ListDelegates(this));\r
+ cmds.add(new ListApprovals(this));\r
+ cmds.add(new ListActivity(this));\r
+ }\r
+\r
+ \r
+ void report(Users users, boolean count, String ... str) {\r
+ reportHead(str);\r
+ String format = reportColHead("%-50s %-30s\n","User","Expires");\r
+ String date = "XXXX-XX-XX";\r
+ int idx = 0;\r
+ java.util.List<aaf.v2_0.Users.User> sorted = users.getUser();\r
+ Collections.sort(sorted, new Comparator<aaf.v2_0.Users.User>() {\r
+ @Override\r
+ public int compare(aaf.v2_0.Users.User u1, aaf.v2_0.Users.User u2) {\r
+ if(u2==null || u2 == null) {\r
+ return -1;\r
+ }\r
+ return u1.getId().compareTo(u2.getId());\r
+ }\r
+ });\r
+ for(aaf.v2_0.Users.User user : sorted) {\r
+ if(!aafcli.isTest()) \r
+ date = Chrono.dateOnlyStamp(user.getExpires());\r
+ \r
+ pw().format(format, \r
+ count? (Integer.valueOf(++idx) + ") " + user.getId()): user.getId(), \r
+ date);\r
+ }\r
+ pw().println();\r
+ }\r
+\r
+ public void report(Approvals approvals, String title, String id) {\r
+ reportHead(title,id);\r
+ String format = reportColHead(" %-20s %-20s %-11s %-6s %12s\n","User","Approver","Type","Status","Updated");\r
+ java.util.List<Approval> lapp = approvals.getApprovals();\r
+ Collections.sort(lapp, new Comparator<Approval>() {\r
+ @Override\r
+ public int compare(Approval a1, Approval a2) {\r
+ return a1.getTicket().compareTo(a2.getTicket());\r
+ }\r
+ } );\r
+ String ticket = null, prev = null;\r
+ for(Approval app : lapp ) {\r
+ ticket = app.getTicket();\r
+ if(!ticket.equals(prev)) {\r
+ pw().print("Ticket: ");\r
+ pw().println(ticket);\r
+ }\r
+ prev = ticket;\r
+\r
+ pw().format(format,\r
+ app.getUser(),\r
+ app.getApprover(),\r
+ app.getType(),\r
+ app.getStatus(),\r
+ Chrono.niceDateStamp(app.getUpdated())\r
+ );\r
+ }\r
+ }\r
+\r
+ public void report(Delgs delgs, String title, String id) {\r
+ reportHead(title,id);\r
+ String format = reportColHead(" %-25s %-25s %-10s\n","User","Delegate","Expires");\r
+ String date = "XXXX-XX-XX";\r
+ for(Delg delg : delgs.getDelgs()) {\r
+ if(!this.aafcli.isTest()) \r
+ date = Chrono.dateOnlyStamp(delg.getExpires());\r
+ pw().printf(format, \r
+ delg.getUser(),\r
+ delg.getDelegate(),\r
+ date\r
+ );\r
+ }\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.History;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListActivity extends Cmd {\r
+ private static final String HEADER = "List Activity of User";\r
+\r
+ public ListActivity(List parent) {\r
+ super(parent,"activity", \r
+ new Param("user",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ String user = args[idx++];\r
+ String realm = getOrgRealm();\r
+ final String fullUser = (user.indexOf('@') < 0 && realm != null)?user + '@' + realm:user;\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ \r
+ Future<History> fp = client.read(\r
+ "/authz/hist/user/"+fullUser, \r
+ getDF(History.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ activity(fp.value,HEADER + " [ " + fullUser + " ]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,HEADER);\r
+ api(sb,indent,HttpMethods.GET,"authz/hist/user/<user>",History.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Approvals;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class ListApprovals extends Cmd {\r
+ private static final String HEADER = "List Approvals"; \r
+ private final static String[] options = {"user","approver","ticket"};\r
+ public ListApprovals(List parent) {\r
+ super(parent,"approvals", \r
+ new Param(optionsToString(options),true),\r
+ new Param("value",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String type = args[idx++];\r
+ int option = whichOption(options,type);\r
+ String value = args[idx++];\r
+ final String fullValue;\r
+ if (option != 2) {\r
+ String realm = getOrgRealm();\r
+ fullValue = (value.indexOf('@')<0 && realm != null)?value +'@'+realm:value;\r
+ } else {\r
+ fullValue = value;\r
+ }\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Approvals> fp = client.read(\r
+ "/authz/approval/"+type+'/'+fullValue, \r
+ getDF(Approvals.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ ((List)parent).report(fp.value,HEADER + " by " + type,fullValue);\r
+ if(fp.code()==404) {\r
+ return 200;\r
+ }\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=2;\r
+ detailLine(sb,indent,"Approvals are used when the Requestor does not have the rights");\r
+ detailLine(sb,indent,"to perform the action required. Approvers are those listed as");\r
+ detailLine(sb,indent,"responsible for Namespace associated with the request, and those");\r
+ detailLine(sb,indent,"required by the Company by Policy. This may be, for instance");\r
+ detailLine(sb,indent,"the supervisor of the requestor");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"Delegates can be listed by User, Approver or Ticket.");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.GET,"authz/approval/user/<value>",Approvals.class,true);\r
+ api(sb,indent,HttpMethods.GET,"authz/approval/approver/<value>",Approvals.class,false);\r
+ api(sb,indent,HttpMethods.GET,"authz/approval/ticket/<value>",Approvals.class,false);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Delgs;\r
+\r
+/**\r
+ *\r
+ */\r
+public class ListDelegates extends Cmd {\r
+ private static final String HEADER = "List Delegates"; \r
+ private static final String[] options = {"user","delegate"};\r
+ public ListDelegates(List parent) {\r
+ super(parent,"delegates", \r
+ new Param(optionsToString(options),true),\r
+ new Param("id",true));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ String realm = getOrgRealm();\r
+ int idx = _idx;\r
+ final String key = args[idx++];\r
+ //int option = whichOption(options,key);\r
+ String id = args[idx++];\r
+ final String fullID = (id.indexOf('@') < 0 && realm != null)? id + '@' + realm:id;\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ \r
+ Future<Delgs> fp = client.read(\r
+ "/authz/delegates/" + key + '/' + fullID, \r
+ getDF(Delgs.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ ((List)parent).report(fp.value,HEADER + " by " + key, fullID);\r
+ if(fp.code()==404)return 200;\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=2;\r
+ detailLine(sb,indent,"Delegates are those people temporarily assigned to cover the");\r
+ detailLine(sb,indent,"responsibility of Approving, etc, while the actual Responsible");\r
+ detailLine(sb,indent,"Party is absent. Typically, this is for Vacation, or Business");\r
+ detailLine(sb,indent,"Travel.");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.GET,"authz/delegates/user/<id>",Delgs.class,true);\r
+ api(sb,indent,HttpMethods.GET,"authz/delegates/delegate/<id>",Delgs.class,false);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+/**\r
+ * List for Creds\r
+ *\r
+ */\r
+public class ListForCreds extends Cmd {\r
+ private final static String[] options = {"ns","id"};\r
+\r
+ private static final String HEADER = "List creds for ";\r
+ public ListForCreds(List parent) {\r
+ super(parent,"cred",\r
+ new Param(optionsToString(options),true),\r
+ new Param("value",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final int option = whichOption(options, args[idx++]);\r
+ final String which = options[option];\r
+ final String value = args[idx++];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Users> fp = client.read(\r
+ "/authn/creds/"+which+'/'+value, \r
+ getDF(Users.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ if (aafcli.isTest())\r
+ Collections.sort(fp.value.getUser(), new Comparator<User>() {\r
+ @Override\r
+ public int compare(User u1, User u2) {\r
+ return u1.getId().compareTo(u2.getId());\r
+ } \r
+ });\r
+ ((com.att.cmd.user.List)parent).report(fp.value,option==1,HEADER+which,value);\r
+ if(fp.code()==404)return 200;\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=2;\r
+ detailLine(sb,indent,"This report lists the users associated to Roles.");\r
+ detailLine(sb,indent,"role - the Role name");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.GET,"authz/users/role/<role>",Users.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListForPermission extends Cmd {\r
+ private static final String HEADER = "List Users for Permission";\r
+ public ListForPermission(List parent) {\r
+ super(parent,"perm", \r
+ new Param("type",true),\r
+ new Param("instance",true),\r
+ new Param("action",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String type = args[idx++];\r
+ String instance = args[idx++];\r
+ if("\\*".equals(instance))instance="*";\r
+ String action = args[idx++];\r
+ if("\\*".equals(action))action="*";\r
+ Future<Users> fp = client.read(\r
+ "/authz/users/perm/"+type+'/'+instance+'/'+action, \r
+ getDF(Users.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ if (aafcli.isTest())\r
+ Collections.sort(fp.value.getUser(), new Comparator<User>() {\r
+ @Override\r
+ public int compare(User u1, User u2) {\r
+ return u1.getId().compareTo(u2.getId());\r
+ } \r
+ });\r
+ ((com.att.cmd.user.List)parent).report(fp.value,false,HEADER,type+"|"+instance+"|"+action);\r
+ if(fp.code()==404)return 200;\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=2;\r
+ detailLine(sb,indent,"This report lists the users associated to Permissions. Since Users");\r
+ detailLine(sb,indent,"are associated to Roles, and Roles have Permissions, this report");\r
+ detailLine(sb,indent,"accomodates all these linkages.");\r
+ sb.append('\n');\r
+ detailLine(sb,indent,"The URL must contain the Permission's type,instance and action, and ");\r
+ detailLine(sb,indent,"may include \"*\"s (type in as \\\\*).");\r
+ detailLine(sb,indent,"See Perm Create Documentation for definitions.");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.GET,"authz/users/perm/<type>/<instance>/<action>",Users.class,true);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class ListForRoles extends Cmd {\r
+ private static final String HEADER = "List Users for Role";\r
+ public ListForRoles(List parent) {\r
+ super(parent,"role", new Param("role",true)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {\r
+ int idx = _idx;\r
+ final String role = args[idx++];\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ Future<Users> fp = client.read(\r
+ "/authz/users/role/"+role, \r
+ getDF(Users.class)\r
+ );\r
+ if(fp.get(AAFcli.timeout())) {\r
+ if (aafcli.isTest())\r
+ Collections.sort(fp.value.getUser(), new Comparator<User>() {\r
+ @Override\r
+ public int compare(User u1, User u2) {\r
+ return u1.getId().compareTo(u2.getId());\r
+ } \r
+ });\r
+ ((com.att.cmd.user.List)parent).report(fp.value,false, HEADER,role);\r
+ if(fp.code()==404)return 200;\r
+ } else {\r
+ error(fp);\r
+ }\r
+ return fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int _indent, StringBuilder sb) {\r
+ int indent = _indent;\r
+ detailLine(sb,indent,HEADER);\r
+ indent+=2;\r
+ detailLine(sb,indent,"This report lists the users associated to Roles.");\r
+ detailLine(sb,indent,"role - the Role name");\r
+ indent-=2;\r
+ api(sb,indent,HttpMethods.GET,"authz/users/role/<role>",Users.class,true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.Cmd;\r
+import com.att.cmd.Param;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+import aaf.v2_0.UserRoleRequest;\r
+\r
+/**\r
+ * p\r
+ * \r
+ *\r
+ */\r
+public class Role extends Cmd {\r
+ private static final String[] options = {"add", "del", "setTo","extend"};\r
+ public Role(User parent) {\r
+ super(parent, "role", new Param(optionsToString(options), true), new Param("user", true), new Param(\r
+ "role[,role]* (!REQ S)", false));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String key = args[idx++];\r
+ int option = whichOption(options, key);\r
+ String user = args[idx++];\r
+ String realm = getOrgRealm();\r
+\r
+ UserRoleRequest urr = new UserRoleRequest();\r
+ if (user.indexOf('@') < 0 && realm != null) user += '@' + realm;\r
+ urr.setUser(user);\r
+ // Set Start/End commands\r
+ setStartEnd(urr);\r
+\r
+ Future<?> fp = null;\r
+\r
+ if (option != 2) {\r
+ if (args.length < 5) {\r
+ throw new CadiException(build(new StringBuilder("Too few args: "), null).toString()); \r
+ }\r
+ String[] roles = args[idx++].split(",");\r
+ for (String role : roles) {\r
+ String verb = null,participle=null;\r
+ urr.setRole(role);\r
+ // You can request to be added or removed from role.\r
+ setQueryParamsOn(client);\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);\r
+ verb = "Added";\r
+ participle = "] to User [" ;\r
+ break;\r
+ case 1:\r
+ fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);\r
+ verb = "Removed";\r
+ participle = "] from User [" ;\r
+ break;\r
+ case 3:\r
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());\r
+ verb = "Extended";\r
+ participle = "] to User [" ;\r
+ break;\r
+ default:\r
+ throw new CadiException("Invalid action [" + key + ']');\r
+ }\r
+ if (fp.get(AAFcli.timeout())) {\r
+ pw().print(verb);\r
+ pw().print(" Role [");\r
+ pw().print(urr.getRole());\r
+ pw().print(participle);\r
+ pw().print(urr.getUser());\r
+ pw().println(']');\r
+ } else {\r
+ switch(fp.code()) {\r
+ case 202:\r
+ pw().print("UserRole ");\r
+ pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ break;\r
+ case 404:\r
+ if(option==3) {\r
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");\r
+ break;\r
+ }\r
+ default:\r
+ error(fp);\r
+ }\r
+ }\r
+ }\r
+ } else {\r
+ // option 2 is setTo command (an update call)\r
+ String allRoles = "";\r
+ if (idx < args.length)\r
+ allRoles = args[idx++];\r
+\r
+ urr.setRole(allRoles);\r
+ fp = client.update("/authz/userRole/user", getDF(UserRoleRequest.class), urr);\r
+ if (fp.get(AAFcli.timeout())) {\r
+ pw().println("Set User's Roles to [" + allRoles + "]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return fp == null ? 0 : fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb, indent, "Add OR Delete a User to/from a Role OR");\r
+ detailLine(sb, indent, "Set a User's Roles to the roles supplied");\r
+ detailLine(sb, indent + 2, "user - ID of User");\r
+ detailLine(sb, indent + 2, "role(s) - Role or Roles to which to add the User");\r
+ sb.append('\n');\r
+ detailLine(sb, indent + 2, "Note: this is the same as \"role user add...\" except allows");\r
+ detailLine(sb, indent + 2, "assignment of user to multiple roles");\r
+ detailLine(sb, indent + 2, "WARNING: Roles supplied with setTo will be the ONLY roles attached to this user");\r
+ detailLine(sb, indent + 2, "If no roles are supplied, user's roles are reset.");\r
+ api(sb, indent, HttpMethods.POST, "authz/userRole", UserRoleRequest.class, true);\r
+ api(sb, indent, HttpMethods.DELETE, "authz/userRole/<user>/<role>", Void.class, false);\r
+ api(sb, indent, HttpMethods.PUT, "authz/userRole/<user>", UserRoleRequest.class, false);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.BaseCmd;\r
+import com.att.inno.env.APIException;\r
+\r
+public class User extends BaseCmd<User> {\r
+ public User(AAFcli aafcli) throws APIException {\r
+ super(aafcli,"user");\r
+ cmds.add(new Role(this));\r
+ cmds.add(new Cred(this));\r
+ cmds.add(new Delg(this));\r
+ cmds.add(new List(this));\r
+ }\r
+}\r
--- /dev/null
+#!/bin/bash
+JAVA_HOME=_JAVA_HOME_
+JAVA=${JAVA_HOME}/bin/java
+DEFAULT_DOMAIN=XXX_DOMAIN
+###
+# Give some help hints if first run
+#
+if [ "`declare -f aaflogout`" = "" ] || [ "$1" = "-h" ]; then
+ echo
+ echo " COMMANDS:"
+ echo " aaflogin -f = Redo Local Login"
+ echo " aaflogout = Logout from Environment"
+ echo " aaflogin -r = Reset Password on AAF Service"
+ echo " aaflogin -h = Help"
+ echo " aafcli = AAF Management Tool"
+ echo
+fi
+
+if [ "$1" != "-h" ]; then
+
+
+###
+# Load User/Password for aafcli, and create in function.
+#
+# To use, source aaflogin
+#
+# ex: . ./aaflogin
+#
+# -f = force relogin
+# -r = reset password sequence
+#
+# see aaflogout to logout
+###
+
+###
+# Gather Classpath - warning, DME2 doesn't work with -Djava.ext.dirs
+###
+AAF_CP=_ROOT_DIR_/etc
+for JAR in `find _ROOT_DIR_/lib -name "*.jar"` ; do
+ AAF_CP="$AAF_CP:$JAR"
+done
+
+###
+# Create Keyfile to use temporarily, if not exists
+###
+if [ ! -e $HOME/.aaf/keyfile ]; then
+ mkdir -p $HOME/.aaf
+ ${JAVA} -cp $AAF_CP com.att.cadi.CmdLine keygen $HOME/.aaf/keyfile
+ chmod 400 $HOME/.aaf/keyfile
+fi
+
+###
+# Obtain User ID from AAF_ID, or SUDO_USER or USER, that order
+###
+if [ "$AAF_ID" == "" ] || [ "$1" == "-f" ] ; then
+ if [ "$AAF_ID" == "" ] ; then
+ if [ "$SUDO_USER" != "" ] ; then
+ AAF_ID=$SUDO_USER
+ else if [ "$USER" != "" ] ; then
+ AAF_ID=$USER
+ fi
+ fi
+ fi
+
+ echo -n "Enter AAF ID [$AAF_ID]: "
+ read TEMP
+ if [ "$TEMP" != "" ] ; then
+ AAF_ID=$TEMP
+ fi
+ export AAF_ID
+fi
+
+###
+# Add Function to remove AAF Vars and Functions from the Shell
+#
+function aaflogout {
+ unset AAF_ID
+ unset AAF_PASS
+ unset AAF_CP
+ unset -f aafcli
+ unset -f cmcli
+ unset -f aaflogout
+ rm -f $HOME/.aaf/keyfile
+}
+
+
+###
+# Load the Password
+###
+if [ "$AAF_PASS" == "" ] || [ "$1" == "-f" ] ; then
+ # Ask for User and Password. Assuming Unix and availability of "stty"
+ if [[ "$AAF_ID" == *"@$DEFAULT_DOMAIN" ]] || [[ "$AAF_ID" != *"@"* ]] ; then
+ PASS_PROMPT="AT&T Global Login"
+ AAF_DEFAULT_DOMAIN="-Daaf_default_domain=$DEFAULT_DOMAIN"
+ else
+ PASS_PROMPT="AAF"
+ AAF_DEFAULT_DOMAIN=""
+ fi
+
+
+ read -ers -p "Enter "$PASS_PROMPT" Password for $AAF_ID: " AAF_PASS
+ echo
+ AAF_PASS=enc:`$JAVA -cp $AAF_CP $AAF_DEFAULT_DOMAIN com.att.cadi.CmdLine digest "$AAF_PASS" $HOME/.aaf/keyfile`
+ export AAF_PASS
+fi
+
+
+
+###
+# load aafcli function in the Shell
+###
+
+function aafcli {
+ # for separating VM_ARGS in aafcli
+ AAF_SPACE=" "
+ THE_ID=$AAF_ID
+ if [ "${AAF_ID}" = "${AAF_ID/@/%}" ]; then
+ THE_ID+="@$DEFAULT_DOMAIN"
+ fi
+ _JAVA_HOME_/bin/java \
+ -cp $AAF_CP \
+ -Daaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ \
+ -DAFT_LATITUDE=_AFT_LATITUDE_ \
+ -DAFT_LONGITUDE=_AFT_LONGITUDE_ \
+ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ \
+ -Daaf_id=$THE_ID \
+ -Daaf_password=$AAF_PASS \
+ -Daaf_dme_timeout=60000 \
+ -Dcadi_keyfile=$HOME/.aaf/keyfile \
+ -Daaf_default_realm=$DEFAULT_DOMAIN \
+ -DDEPLOYED_VERSION=_ARTIFACT_VERSION_ \
+ _DME2_FS_ \
+ com.att.cmd.AAFcli $*
+ unset THE_ID
+ unset AAF_SPACE
+}
+
+###
+# load cmcli function in the Shell
+###
+
+function cmcli {
+ # for separating VM_ARGS in cmcli
+ AAF_SPACE=" "
+ THE_ID=$AAF_ID
+ if [ "${AAF_ID}" = "${AAF_ID/@/%}" ]; then
+ THE_ID+="@$DEFAULT_DOMAIN"
+ fi
+ CM_URL=_CM_URL_
+ if [ "${CM_URL}" = "" ]; then
+ CM_URL=https://DME2RESOLVE/service=com.att.authz.Certman/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+ fi
+
+ _JAVA_HOME_/bin/java \
+ -cp $AAF_CP \
+ -DAFT_LATITUDE=_AFT_LATITUDE_ \
+ -DAFT_LONGITUDE=_AFT_LONGITUDE_ \
+ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ \
+ -Daaf_dme_timeout=60000 \
+ -Daaf_default_realm=$DEFAULT_DOMAIN \
+ -DDEPLOYED_VERSION=_ARTIFACT_VERSION_ \
+ _DME2_FS_ \
+ com.att.cadi.cm.CmAgent cm_url=${CM_URL} aaf_id=$THE_ID aaf_password="$AAF_PASS" \
+ cadi_keyfile=$HOME/.aaf/keyfile $*
+ unset THE_ID
+ unset AAF_SPACE
+ unset CM_URL
+}
+
+
+###
+# if "-r" the do Remote Password Reset
+###
+if [ "$1" == "-r" ] ; then
+ # Ask for User and Password. Assuming Unix and availability of "stty"
+ read -ers -p "Enter New AAF Password for $AAF_ID: " AAF_NEWPASS
+ echo
+ read -ers -p "Reenter New AAF Password for $AAF_ID: " AAF_NEWPASS2
+ echo
+ if [ "$AAF_NEWPASS" == "$AAF_NEWPASS2" ] ; then
+ RESP=`aafcli user resetCred "$AAF_ID@aaf.att.com" $AAF_NEWPASS`
+ echo $RESP
+ if [ "$RESP" == "Reset Credential [$AAF_ID@aaf.att.com]" ] ; then
+ export AAF_PASS=enc:`$JAVA -cp $AAF_CP com.att.cadi.CmdLine digest $AAF_NEWPASS $HOME/.aaf/keyfile`
+ fi
+ else
+ echo "Passwords don't match!"
+ fi
+fi
+
+###
+# Export key variables for use in other Scripts
+###
+export AAF_ID
+export AAF_PASS
+export AAF_CP
+export -f aafcli
+export -f aaflogout
+fi
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import static org.junit.Assert.assertTrue;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.io.IOException;\r
+import java.io.OutputStreamWriter;\r
+import java.net.HttpURLConnection;\r
+import java.security.GeneralSecurityException;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.cadi.Locator;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.client.PropertyLocator;\r
+import com.att.cadi.config.Config;\r
+import com.att.cadi.config.SecurityInfo;\r
+import com.att.cadi.http.HBasicAuthSS;\r
+import com.att.cadi.http.HMangr;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_AAFCli {\r
+ \r
+ private static AAFcli cli;\r
+ private static int TIMEOUT = Integer.parseInt(Config.AAF_CONN_TIMEOUT_DEF);\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws Exception, Exception {\r
+ cli = getAAfCli();\r
+ }\r
+ \r
+ @Test\r
+ public void eval() throws Exception {\r
+ assertTrue(cli.eval("#startswith"));\r
+ }\r
+ \r
+ @Test\r
+ public void eval_empty() throws Exception{\r
+ assertTrue(cli.eval(""));\r
+ }\r
+ \r
+ @Test\r
+ public void eval_randomString() throws Exception {\r
+ assertTrue(cli.eval("Some random string @#&*& to check complete 100 coverage"));\r
+ }\r
+ \r
+ public static AAFcli getAAfCli() throws APIException, LocatorException, GeneralSecurityException, IOException {\r
+ final AuthzEnv env = new AuthzEnv(System.getProperties());\r
+ String aafUrl = "https://DME2RESOLVE";\r
+ SecurityInfo si = new SecurityInfo(env);\r
+ env.loadToSystemPropsStartsWith("AAF", "DME2");\r
+ Locator loc;\r
+ loc = new PropertyLocator(aafUrl); \r
+ TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));\r
+ HMangr hman = new HMangr(env, loc).readTimeout(TIMEOUT).apiVersion("2.0");\r
+ \r
+ //TODO: Consider requiring a default in properties\r
+ env.setProperty(Config.AAF_DEFAULT_REALM, System.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()));\r
+ HBasicAuthSS ss = mock(HBasicAuthSS.class);\r
+ return new AAFcli(env, new OutputStreamWriter(System.out), hman, si, ss);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import java.io.IOException;\r
+import java.security.GeneralSecurityException;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_BaseCmd {\r
+ \r
+ private static AAFcli cli;\r
+ private static BaseCmd bCmd;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws APIException, LocatorException, GeneralSecurityException, IOException {\r
+ cli = JU_AAFCli.getAAfCli();\r
+ bCmd = new BaseCmd<>(cli, "testString");\r
+ }\r
+ \r
+ @Test\r
+ public void exec() throws CadiException, APIException, LocatorException {\r
+ assertEquals(bCmd._exec(0, "add","del","reset","extend"), 0);\r
+ \r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import java.io.IOException;\r
+\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_BasicAuth {\r
+ \r
+ @Test\r
+ public void getID () {\r
+ try {\r
+ BasicAuth bAuth = new BasicAuth("testUser", "nopass");\r
+ assertEquals(bAuth.getID(), "testUser");\r
+ System.out.println(bAuth.getID());\r
+ } catch (IOException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ \r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import java.io.IOException;\r
+import java.security.GeneralSecurityException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Help {\r
+ \r
+ private static AAFcli cli;\r
+ private static Help help;\r
+ \r
+ @Mock\r
+ private static List<Cmd> cmds;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws APIException, LocatorException, GeneralSecurityException, IOException {\r
+ cli = JU_AAFCli.getAAfCli();\r
+ cmds = new ArrayList<>();\r
+ help = new Help(cli, cmds);\r
+ }\r
+ \r
+ @Test\r
+ public void exec_HTTP_200() {\r
+ try {\r
+ assertEquals(help._exec(0, "helps"), HttpStatus.OK_200);\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import java.io.IOException;\r
+import java.security.GeneralSecurityException;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Version {\r
+ \r
+ private static AAFcli cli;\r
+ private static Version version;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws APIException, LocatorException, GeneralSecurityException, IOException {\r
+ cli = JU_AAFCli.getAAfCli();\r
+ version = new Version(cli);\r
+ }\r
+ \r
+ @Test\r
+ public void exec_HTTP_200() throws CadiException, APIException, LocatorException {\r
+ assertEquals(version._exec(0, "Version"), HttpStatus.OK_200);\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import static org.mockito.Mockito.mock;\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Clear {\r
+ \r
+ private static Clear clr;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ clr = mock(Clear.class);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(clr._exec(0, "clear"), 0);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import static org.mockito.Mockito.mock;\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Log {\r
+ \r
+ private static Log log;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ log = mock(Log.class);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(log._exec(0, "session clear"), 0);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.mgmt;\r
+\r
+import static org.mockito.Mockito.mock;\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_SessClear {\r
+ \r
+ private static SessClear sessclr;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() {\r
+ sessclr = mock(SessClear.class);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(sessclr._exec(0, "session clear"), 0);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Modifier;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Admin {\r
+ \r
+ private static Admin admin;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ admin = new Admin(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(admin._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Modifier;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Attrib {\r
+ \r
+ private static Attrib attrib;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ attrib = new Attrib(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(attrib._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Modifier;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Create {\r
+ \r
+ private static Create create;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ create = new Create(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(create._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Modifier;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Delete {\r
+ \r
+ private static Delete del;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ del = new Delete(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(del._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.mockito.Mockito.CALLS_REAL_METHODS;\r
+import static org.mockito.Mockito.mock;\r
+\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Modifier;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Describe {\r
+ \r
+ private static Describe desc;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ desc = new Describe(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(desc._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListActivity {\r
+ \r
+ private static ListActivity lsActivity;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ lsActivity = new ListActivity(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsActivity._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListAdminResponsible {\r
+ \r
+ private static ListAdminResponsible lsAdminRes;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ lsAdminRes = new ListAdminResponsible(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsAdminRes._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByName {\r
+ \r
+ private static ListByName lsByName;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ lsByName = new ListByName(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByName._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListChildren {\r
+ \r
+ private static ListChildren lsChildren;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ lsChildren = new ListChildren(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsChildren._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListNsKeysByAttrib {\r
+ \r
+ private static ListNsKeysByAttrib lsNsKeys;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ lsNsKeys = new ListNsKeysByAttrib(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsNsKeys._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListUsersInRole {\r
+ \r
+ private static ListUsersInRole lsUserinRole;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ ListUsers lsU = new ListUsers(ls);\r
+ lsUserinRole = new ListUsersInRole(lsU);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsUserinRole._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListUsersWithPerm {\r
+ \r
+ private static ListUsersWithPerm lsUserWithPerm;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ List ls = new List(ns);\r
+ ListUsers lsU = new ListUsers(ls);\r
+ lsUserWithPerm = new ListUsersWithPerm(lsU);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsUserWithPerm._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.ns;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Responsible {\r
+ \r
+ private static Responsible respsble;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ NS ns = new NS(cli);\r
+ respsble = new Responsible(ns);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(respsble._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Create {\r
+ \r
+ private static Create create;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ create = new Create(perm);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(create._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Delete {\r
+ \r
+ private static Delete del;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ del = new Delete(perm);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(del._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Describe {\r
+ \r
+ private static Describe desc;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ desc = new Describe(perm);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(desc._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Grant {\r
+ \r
+ private static Grant grant;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ grant = new Grant(perm);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(grant._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListActivity {\r
+ \r
+ private static ListActivity lsActivity;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ List ls = new List(perm);\r
+ lsActivity = new ListActivity(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsActivity._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByNS {\r
+ \r
+ private static ListByNS lsByNS;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ List ls = new List(perm);\r
+ lsByNS = new ListByNS(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByNS._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByName {\r
+ \r
+ private static ListByName lsByName;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ List ls = new List(perm);\r
+ lsByName = new ListByName(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByName._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByRole {\r
+ \r
+ private static ListByRole lsByRole;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ List ls = new List(perm);\r
+ lsByRole = new ListByRole(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByRole._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByUser {\r
+ \r
+ private static ListByUser lsByName;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ List ls = new List(perm);\r
+ lsByName = new ListByUser(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByName._exec(0, "add","del","reset","extend"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.perm;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Rename {\r
+ \r
+ private static Rename rename;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ Perm perm = new Perm(role);\r
+ rename = new Rename(perm);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(rename._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_CreateDelete {\r
+ \r
+ private static CreateDelete createDel;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ createDel = new CreateDelete(role);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(createDel._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Describe {\r
+ \r
+ private static Describe desc;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ desc = new Describe(role);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(desc._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListActivity {\r
+ \r
+ private static ListActivity lsActivity;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsActivity = new ListActivity(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsActivity._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByNS {\r
+ \r
+ private static ListByNS lsByNS;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsByNS = new ListByNS(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByNS._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByNameOnly {\r
+ \r
+ private static ListByNameOnly lsByName;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsByName = new ListByNameOnly(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByName._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByPerm {\r
+ \r
+ private static ListByPerm lsByPerm;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsByPerm = new ListByPerm(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByPerm._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByRole {\r
+ \r
+ private static ListByRole lsByRole;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsByRole = new ListByRole(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByRole._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListByUser {\r
+ \r
+ private static ListByUser lsByUser;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ List ls = new List(role);\r
+ lsByUser = new ListByUser(ls);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsByUser._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.role;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.cmd.perm.Perm;\r
+import com.att.cmd.role.Role;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_User {\r
+ \r
+ private static User user;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ Role role = new Role(cli);\r
+ user = new User(role);\r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(user._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertNotNull;\r
+import static org.mockito.Mockito.mock;\r
+import static org.mockito.Mockito.when;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Cred {\r
+\r
+ private static Cred testCred;\r
+ private static User testUser;\r
+\r
+\r
+ @BeforeClass\r
+ public static void setUp() {\r
+ testCred = mock(Cred.class);\r
+ testUser = mock(User.class);\r
+ try {\r
+ when(testCred._exec(4, "String1","String2","String3","String4")).thenReturn(10);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void exec() throws CadiException, APIException, LocatorException {\r
+ assertEquals(testCred._exec(4, "String1","String2","String3","String4"), 10);\r
+ }\r
+\r
+\r
+ @Test\r
+ public void exec_add() { \r
+ try {\r
+ assertNotNull(testCred._exec(0, "zeroed","add","del","reset","extend"));\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+\r
+ }\r
+\r
+ @Test\r
+ public void exec_del() { \r
+ try {\r
+ assertNotNull(testCred._exec(1, "zeroed","add","del","reset","extend"));\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+\r
+ }\r
+\r
+ @Test\r
+ public void exec_reset() { \r
+ try {\r
+ assertNotNull(testCred._exec(2, "zeroed","add","del","reset","extend"));\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+\r
+ }\r
+\r
+ @Test\r
+ public void exec_extend() { \r
+ try {\r
+ assertNotNull(testCred._exec(3, "zeroed","add","del","reset","extend"));\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.mockito.Mockito.mock;\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Delg {\r
+ \r
+ private static User testUser;\r
+ private static Delg delg;\r
+ \r
+ @BeforeClass\r
+ public static void setUp() throws APIException {\r
+ testUser = mock(User.class);\r
+ delg = mock(Delg.class);\r
+ }\r
+ \r
+ @Test\r
+ public void exec_add() {\r
+ try {\r
+ assertEquals(delg._exec(0, "zero","add","upd","del"), 0);\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void exec_upd() {\r
+ try {\r
+ assertEquals(delg._exec(1, "zero","add","upd","del"), 0);\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void exec_del() {\r
+ try {\r
+ assertEquals(delg._exec(2, "zero","add","upd","del"), 0);\r
+ } catch (CadiException | APIException | LocatorException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListActivity {\r
+ \r
+ private static ListActivity lsActivity;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsActivity = new ListActivity(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsActivity._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListApprovals {\r
+ \r
+ private static ListApprovals lsApprovals;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsApprovals = new ListApprovals(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsApprovals._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListDelegates {\r
+ \r
+ private static ListDelegates lsDelegates;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsDelegates = new ListDelegates(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsDelegates._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListForCreds {\r
+ \r
+ private static ListForCreds lsForCreds;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsForCreds = new ListForCreds(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsForCreds._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListForPermission {\r
+ \r
+ private static ListForPermission lsForPermission;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsForPermission = new ListForPermission(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsForPermission._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_ListForRoles {\r
+ \r
+ private static ListForRoles lsForRoles;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ List parent = new List(usr);\r
+ lsForRoles = new ListForRoles(parent);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(lsForRoles._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cmd.user;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cmd.AAFcli;\r
+import com.att.cmd.JU_AAFCli;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_Role {\r
+ \r
+ private static Role role;\r
+ \r
+ @BeforeClass\r
+ public static void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {\r
+ AAFcli cli = JU_AAFCli.getAAfCli();\r
+ User usr = new User(cli);\r
+ role = new Role(usr);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void exec() {\r
+ try {\r
+ assertEquals(role._exec(0, "add","del","reset","extend","clear", "rename", "create"),500);\r
+ } catch (CadiException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (APIException e) {\r
+ \r
+ e.printStackTrace();\r
+ } catch (LocatorException e) {\r
+ \r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-core</artifactId>\r
+ <name>Authz Core</name>\r
+ <description>Core Libraries for Authz</description>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.inno</groupId>\r
+ <artifactId>env</artifactId>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>com.att.inno</groupId>\r
+ <artifactId>log4j</artifactId>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>com.att.inno</groupId>\r
+ <artifactId>rosetta</artifactId>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ <exclusions>\r
+ <exclusion> \r
+ <groupId>javax.servlet</groupId>\r
+ <artifactId>servlet-api</artifactId>\r
+ </exclusion>\r
+ </exclusions> \r
+ \r
+ </dependency>\r
+ <dependency>\r
+ <groupId>javax.servlet</groupId>\r
+ <artifactId>servlet-api</artifactId>\r
+ </dependency>\r
+\r
+ </dependencies>\r
+\r
+ <build>\r
+ <plugins>\r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <version>2.6</version>\r
+ <configuration>\r
+ <skip>false</skip>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ </plugins>\r
+ </pluginManagement>\r
+ </build>\r
+</project>\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.common;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.config.Config;\r
+import com.att.inno.env.Env;\r
+\r
+public class Define {\r
+ public static String ROOT_NS="NS.Not.Set";\r
+ public static String ROOT_COMPANY=ROOT_NS;\r
+\r
+ public static void set(Env env) throws CadiException {\r
+ ROOT_NS = env.getProperty(Config.AAF_ROOT_NS);\r
+ if(ROOT_NS==null) {\r
+ throw new CadiException(Config.AAF_ROOT_NS + " property is required.");\r
+ }\r
+ ROOT_COMPANY = env.getProperty(Config.AAF_ROOT_COMPANY);\r
+ if(ROOT_COMPANY==null) {\r
+ int last = ROOT_NS.lastIndexOf('.');\r
+ if(last>=0) {\r
+ ROOT_COMPANY = ROOT_NS.substring(0, last);\r
+ } else {\r
+ throw new CadiException(Config.AAF_ROOT_COMPANY + " or " + Config.AAF_ROOT_NS + " property with 3 positions is required.");\r
+ }\r
+ }\r
+ env.init().log("AAF Root NS is " + ROOT_NS + ", and AAF Root Company is " +ROOT_COMPANY);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.IOException;\r
+import java.io.InputStream;\r
+import java.util.Map.Entry;\r
+import java.util.Properties;\r
+\r
+import com.att.cadi.Access;\r
+import com.att.cadi.Symm;\r
+import com.att.cadi.config.Config;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Decryptor;\r
+import com.att.inno.env.Encryptor;\r
+import com.att.inno.env.impl.Log4JLogTarget;\r
+import com.att.inno.env.log4j.LogFileNamer;\r
+import com.att.rosetta.env.RosettaEnv;\r
+\r
+\r
+/**\r
+ * AuthzEnv is the Env tailored to Authz Service\r
+ * \r
+ * Most of it is derived from RosettaEnv, but it also implements Access, which\r
+ * is an Interface that Allows CADI to interact with Container Logging\r
+ * \r
+ *\r
+ */\r
+public class AuthzEnv extends RosettaEnv implements Access {\r
+ private long[] times = new long[20];\r
+ private int idx = 0;\r
+ //private int mask = Level.AUDIT.maskOf();\r
+\r
+ public AuthzEnv() {\r
+ super();\r
+ }\r
+\r
+ public AuthzEnv(String ... args) {\r
+ super(args);\r
+ }\r
+\r
+ public AuthzEnv(Properties props) {\r
+ super(Config.CADI_PROP_FILES,props);\r
+ }\r
+ \r
+\r
+ @Override\r
+ public AuthzTransImpl newTrans() {\r
+ synchronized(this) {\r
+ times[idx]=System.currentTimeMillis();\r
+ if(++idx>=times.length)idx=0;\r
+ }\r
+ return new AuthzTransImpl(this);\r
+ }\r
+\r
+ /**\r
+ * Create a Trans, but do not include in Weighted Average\r
+ * @return\r
+ */\r
+ public AuthzTrans newTransNoAvg() {\r
+ return new AuthzTransImpl(this);\r
+ }\r
+\r
+ public long transRate() {\r
+ int count = 0;\r
+ long pot = 0;\r
+ long prev = 0;\r
+ for(int i=idx;i<times.length;++i) {\r
+ if(times[i]>0) {\r
+ if(prev>0) {\r
+ ++count;\r
+ pot += times[i]-prev;\r
+ }\r
+ prev = times[i]; \r
+ }\r
+ }\r
+ for(int i=0;i<idx;++i) {\r
+ if(times[i]>0) {\r
+ if(prev>0) {\r
+ ++count;\r
+ pot += times[i]-prev;\r
+ }\r
+ prev = times[i]; \r
+ }\r
+ }\r
+\r
+ return count==0?300000L:pot/count; // Return Weighted Avg, or 5 mins, if none avail.\r
+ }\r
+ \r
+ @Override\r
+ public ClassLoader classLoader() {\r
+ return getClass().getClassLoader();\r
+ }\r
+\r
+ @Override\r
+ public void load(InputStream is) throws IOException {\r
+ Properties props = new Properties();\r
+ props.load(is);\r
+ for(Entry<Object, Object> es : props.entrySet()) {\r
+ String key = es.getKey().toString();\r
+ String value =es.getValue().toString();\r
+ put(staticSlot(key==null?null:key.trim()),value==null?null:value.trim());\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void log(Level lvl, Object... msgs) {\r
+// if(lvl.inMask(mask)) {\r
+// switch(lvl) {\r
+// case INIT:\r
+// init().log(msgs);\r
+// break;\r
+// case AUDIT:\r
+// audit().log(msgs);\r
+// break;\r
+// case DEBUG:\r
+// debug().log(msgs);\r
+// break;\r
+// case ERROR:\r
+// error().log(msgs);\r
+// break;\r
+// case INFO:\r
+// info().log(msgs);\r
+// break;\r
+// case WARN:\r
+// warn().log(msgs);\r
+// break;\r
+// case NONE:\r
+// break;\r
+// }\r
+// }\r
+ }\r
+\r
+ @Override\r
+ public void log(Exception e, Object... msgs) {\r
+ error().log(e,msgs);\r
+ }\r
+\r
+ //@Override\r
+ public void printf(Level level, String fmt, Object... elements) {\r
+ if(willLog(level)) {\r
+ log(level,String.format(fmt, elements));\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.cadi.Access#willLog(com.att.cadi.Access.Level)\r
+ */\r
+ @Override\r
+ public boolean willLog(Level level) {\r
+ \r
+// if(level.inMask(mask)) {\r
+// switch(level) {\r
+// case INIT:\r
+// return init().isLoggable();\r
+// case AUDIT:\r
+// return audit().isLoggable();\r
+// case DEBUG:\r
+// return debug().isLoggable();\r
+// case ERROR:\r
+// return error().isLoggable();\r
+// case INFO:\r
+// return info().isLoggable();\r
+// case WARN:\r
+// return warn().isLoggable();\r
+// case NONE:\r
+// return false;\r
+// }\r
+// }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public void setLogLevel(Level level) {\r
+ super.debug().isLoggable();\r
+ //level.toggle(mask);\r
+ }\r
+\r
+ public void setLog4JNames(String path, String root, String _service, String _audit, String _init, String _trace) throws APIException {\r
+ LogFileNamer lfn = new LogFileNamer(root);\r
+ if(_service==null) {\r
+ throw new APIException("AuthzEnv.setLog4JNames \"_service\" required (as default). Others can be null");\r
+ }\r
+ String service=_service=lfn.setAppender(_service); // when name is split, i.e. authz|service, the Appender is "authz", and "service"\r
+ String audit=_audit==null?service:lfn.setAppender(_audit); // is part of the log-file name\r
+ String init=_init==null?service:lfn.setAppender(_init);\r
+ String trace=_trace==null?service:lfn.setAppender(_trace);\r
+ //TODO Validate path on Classpath\r
+ lfn.configure(path);\r
+ super.fatal = new Log4JLogTarget(service,org.apache.log4j.Level.FATAL);\r
+ super.error = new Log4JLogTarget(service,org.apache.log4j.Level.ERROR);\r
+ super.warn = new Log4JLogTarget(service,org.apache.log4j.Level.WARN);\r
+ super.audit = new Log4JLogTarget(audit,org.apache.log4j.Level.WARN);\r
+ super.init = new Log4JLogTarget(init,org.apache.log4j.Level.WARN);\r
+ super.info = new Log4JLogTarget(service,org.apache.log4j.Level.INFO);\r
+ super.debug = new Log4JLogTarget(service,org.apache.log4j.Level.DEBUG);\r
+ super.trace = new Log4JLogTarget(trace,org.apache.log4j.Level.TRACE);\r
+ }\r
+ \r
+ private static final byte[] ENC="enc:???".getBytes();\r
+ public String decrypt(String encrypted, final boolean anytext) throws IOException {\r
+ if(encrypted==null) {\r
+ throw new IOException("Password to be decrypted is null");\r
+ }\r
+ if(anytext || encrypted.startsWith("enc:")) {\r
+ if(decryptor.equals(Decryptor.NULL) && getProperty(Config.CADI_KEYFILE)!=null) {\r
+ final Symm s = Symm.obtain(this);\r
+ decryptor = new Decryptor() {\r
+ private Symm symm = s;\r
+ @Override\r
+ public String decrypt(String encrypted) {\r
+ try {\r
+ return (encrypted!=null && (anytext || encrypted.startsWith(Symm.ENC)))\r
+ ? symm.depass(encrypted)\r
+ : encrypted;\r
+ } catch (IOException e) {\r
+ return "";\r
+ }\r
+ }\r
+ };\r
+ encryptor = new Encryptor() {\r
+ @Override\r
+ public String encrypt(String data) {\r
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
+ try {\r
+ baos.write(ENC);\r
+ return "enc:???"+s.enpass(data);\r
+ } catch (IOException e) {\r
+ return "";\r
+ }\r
+ }\r
+ \r
+ };\r
+ }\r
+ return decryptor.decrypt(encrypted);\r
+ } else {\r
+ return encrypted;\r
+ }\r
+ }\r
+ \r
+ \r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.security.Principal;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.org.Organization;\r
+import com.att.cadi.Lur;\r
+import com.att.cadi.Permission;\r
+import com.att.inno.env.LogTarget;\r
+import com.att.inno.env.TransStore;\r
+\r
+public interface AuthzTrans extends TransStore {\r
+ public abstract AuthzTrans set(HttpServletRequest req);\r
+\r
+ public abstract void setUser(Principal p);\r
+ \r
+ public abstract String user();\r
+\r
+ public abstract Principal getUserPrincipal();\r
+\r
+ public abstract String ip();\r
+\r
+ public abstract int port();\r
+\r
+ public abstract String meth();\r
+\r
+ public abstract String path();\r
+\r
+ public abstract String agent();\r
+ \r
+ public abstract AuthzEnv env();\r
+\r
+ public abstract void setLur(Lur lur);\r
+\r
+ public abstract boolean fish(Permission p);\r
+ \r
+ public abstract boolean forceRequested();\r
+ \r
+ public abstract Organization org();\r
+\r
+ public abstract boolean moveRequested();\r
+\r
+ public abstract boolean futureRequested();\r
+ \r
+ public abstract void logAuditTrail(LogTarget lt);\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.security.Principal;\r
+\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.Connector;\r
+import com.att.cadi.TrustChecker;\r
+import com.att.cadi.principal.BasicPrincipal;\r
+import com.att.cadi.principal.TrustPrincipal;\r
+import com.att.cadi.principal.X509Principal;\r
+import com.att.cssa.rserv.TransFilter;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans.Metric;\r
+\r
+public class AuthzTransFilter extends TransFilter<AuthzTrans> {\r
+ private AuthzEnv env;\r
+ public Metric serviceMetric;\r
+ public static Slot transIDslot;\r
+\r
+ public static final String TRANS_ID_SLOT = "TRANS_ID_SLOT";\r
+ public static final int BUCKETSIZE = 2;\r
+\r
+ public AuthzTransFilter(AuthzEnv env, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {\r
+ super(env,con, tc, additionalTafLurs);\r
+ this.env = env;\r
+ serviceMetric = new Metric();\r
+ serviceMetric.buckets = new float[BUCKETSIZE];\r
+ if(transIDslot==null) {\r
+ transIDslot = env.slot(TRANS_ID_SLOT);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ protected AuthzTrans newTrans() {\r
+ AuthzTrans at = env.newTrans();\r
+ at.setLur(getLur());\r
+ return at;\r
+ }\r
+\r
+ @Override\r
+ protected TimeTaken start(AuthzTrans trans, ServletRequest request) {\r
+ trans.set((HttpServletRequest)request);\r
+ return trans.start("Trans " + //(context==null?"n/a":context.toString()) +\r
+ " IP: " + trans.ip() +\r
+ " Port: " + trans.port()\r
+ , Env.SUB);\r
+ }\r
+\r
+ @Override\r
+ protected void authenticated(AuthzTrans trans, Principal p) {\r
+ trans.setUser(p);\r
+ }\r
+\r
+ @Override\r
+ protected void tallyHo(AuthzTrans trans) {\r
+ if(trans.info().isLoggable()) {\r
+ // Transaction is done, now post\r
+ StringBuilder sb = new StringBuilder("AuditTrail\n");\r
+ // We'll grabAct sub-metrics for Remote Calls and JSON\r
+ // IMPORTANT!!! if you add more entries here, change "BUCKETSIZE"!!!\r
+ Metric m = trans.auditTrail(1, sb, Env.REMOTE,Env.JSON);\r
+\r
+ // Add current Metrics to total metrics\r
+ serviceMetric.total+= m.total;\r
+ for(int i=0;i<serviceMetric.buckets.length;++i) {\r
+ serviceMetric.buckets[i]+=m.buckets[i];\r
+ }\r
+ \r
+ // Log current info\r
+ sb.append(" Total: ");\r
+ sb.append(m.total);\r
+ sb.append(" Remote: ");\r
+ sb.append(m.buckets[0]);\r
+ sb.append(" JSON: ");\r
+ sb.append(m.buckets[1]);\r
+ trans.info().log(sb);\r
+ } else {\r
+ // IMPORTANT!!! if you add more entries here, change "BUCKETSIZE"!!!\r
+ StringBuilder content = new StringBuilder(); \r
+ Metric m = trans.auditTrail(1, content, Env.REMOTE,Env.JSON);\r
+ // Add current Metrics to total metrics\r
+ serviceMetric.total+= m.total;\r
+ for(int i=0;i<serviceMetric.buckets.length;++i) {\r
+ serviceMetric.buckets[i]+=m.buckets[i];\r
+ }\r
+ \r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append("user=");\r
+ Principal p = trans.getUserPrincipal();\r
+ if(p==null) {\r
+ sb.append("n/a");\r
+ } else {\r
+ sb.append(p.getName());\r
+ if(p instanceof TrustPrincipal) {\r
+ sb.append('(');\r
+ sb.append(((TrustPrincipal)p).getOrigName());\r
+ sb.append(')');\r
+ } else {\r
+ sb.append('[');\r
+ if(p instanceof X509Principal) {\r
+ sb.append("x509");\r
+ } else if(p instanceof BasicPrincipal) {\r
+ sb.append("BAth");\r
+ } else {\r
+ sb.append(p.getClass().getSimpleName());\r
+ }\r
+ sb.append(']');\r
+ }\r
+ }\r
+ sb.append(",ip=");\r
+ sb.append(trans.ip());\r
+ sb.append(",port=");\r
+ sb.append(trans.port());\r
+ sb.append(",ms=");\r
+ sb.append(m.total);\r
+ sb.append(",meth=");\r
+ sb.append(trans.meth());\r
+ sb.append(",path=");\r
+ sb.append(trans.path());\r
+\r
+ Long tsi;\r
+ if((tsi=trans.get(transIDslot, null))!=null) {\r
+ sb.append(",traceID=");\r
+ sb.append(Long.toHexString(tsi));\r
+ }\r
+ \r
+ if(content.length()>0) {\r
+ sb.append(",msg=\"");\r
+ sb.append(content);\r
+ sb.append('"');\r
+ }\r
+ \r
+ trans.warn().log(sb);\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.security.Principal;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.OrganizationFactory;\r
+import com.att.cadi.Lur;\r
+import com.att.cadi.Permission;\r
+import com.att.inno.env.LogTarget;\r
+import com.att.inno.env.impl.BasicTrans;\r
+\r
+public class AuthzTransImpl extends BasicTrans implements AuthzTrans {\r
+ private static final String TRUE = "true";\r
+ private Principal user;\r
+ private String ip,agent,meth,path;\r
+ private int port;\r
+ private Lur lur;\r
+ private Organization org;\r
+ private String force;\r
+ private boolean futureRequested;\r
+\r
+ public AuthzTransImpl(AuthzEnv env) {\r
+ super(env);\r
+ ip="n/a";\r
+ org=null;\r
+ }\r
+\r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#set(javax.servlet.http.HttpServletRequest)\r
+ */\r
+ @Override\r
+ public AuthzTrans set(HttpServletRequest req) {\r
+ user = req.getUserPrincipal();\r
+ ip = req.getRemoteAddr();\r
+ port = req.getRemotePort();\r
+ agent = req.getHeader("User-Agent");\r
+ meth = req.getMethod();\r
+ path = req.getPathInfo();\r
+ force = req.getParameter("force");\r
+ futureRequested = TRUE.equalsIgnoreCase(req.getParameter("request"));\r
+ org=null;\r
+ return this;\r
+ }\r
+ \r
+ @Override\r
+ public void setUser(Principal p) {\r
+ user = p;\r
+ }\r
+\r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#user()\r
+ */\r
+ @Override\r
+ public String user() {\r
+ return user==null?"n/a":user.getName();\r
+ }\r
+ \r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#getUserPrincipal()\r
+ */\r
+ @Override\r
+ public Principal getUserPrincipal() {\r
+ return user;\r
+ }\r
+\r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#ip()\r
+ */\r
+ @Override\r
+ public String ip() {\r
+ return ip;\r
+ }\r
+\r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#port()\r
+ */\r
+ @Override\r
+ public int port() {\r
+ return port;\r
+ }\r
+\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.env.AuthzTrans#meth()\r
+ */\r
+ @Override\r
+ public String meth() {\r
+ return meth;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.env.AuthzTrans#path()\r
+ */\r
+ @Override\r
+ public String path() {\r
+ return path;\r
+ }\r
+\r
+ /**\r
+ * @see com.att.authz.env.AuthTrans#agent()\r
+ */\r
+ @Override\r
+ public String agent() {\r
+ return agent;\r
+ }\r
+\r
+ @Override\r
+ public AuthzEnv env() {\r
+ return (AuthzEnv)delegate;\r
+ }\r
+ \r
+ @Override\r
+ public boolean forceRequested() {\r
+ return TRUE.equalsIgnoreCase(force);\r
+ }\r
+ \r
+ public void forceRequested(boolean force) {\r
+ this.force = force?TRUE:"false";\r
+ }\r
+ \r
+ @Override\r
+ public boolean moveRequested() {\r
+ return "move".equalsIgnoreCase(force);\r
+ }\r
+\r
+ @Override\r
+ public boolean futureRequested() {\r
+ return futureRequested;\r
+ }\r
+ \r
+\r
+ @Override\r
+ public void setLur(Lur lur) {\r
+ this.lur = lur;\r
+ }\r
+ \r
+ @Override\r
+ public boolean fish(Permission p) {\r
+ if(lur!=null) {\r
+ return lur.fish(user, p);\r
+ }\r
+ return false;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.env.AuthzTrans#org()\r
+ */\r
+ @Override\r
+ public Organization org() {\r
+ if(org==null) {\r
+ try {\r
+ if((org = OrganizationFactory.obtain(env(), user()))==null) {\r
+ org = Organization.NULL;\r
+ }\r
+ } catch (Exception e) {\r
+ org = Organization.NULL;\r
+ }\r
+ } \r
+ return org;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.env.AuthzTrans#logAuditTrailOnly(com.att.inno.env.LogTarget)\r
+ */\r
+ @Override\r
+ public void logAuditTrail(LogTarget lt) {\r
+ if(lt.isLoggable()) {\r
+ StringBuilder sb = new StringBuilder();\r
+ auditTrail(1, sb);\r
+ lt.log(sb);\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.security.Principal;\r
+\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.cssa.rserv.TransOnlyFilter;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans.Metric;\r
+\r
+public class AuthzTransOnlyFilter extends TransOnlyFilter<AuthzTrans> {\r
+ private AuthzEnv env;\r
+ public Metric serviceMetric;\r
+\r
+ public static final int BUCKETSIZE = 2;\r
+\r
+ public AuthzTransOnlyFilter(AuthzEnv env) {\r
+ this.env = env;\r
+ serviceMetric = new Metric();\r
+ serviceMetric.buckets = new float[BUCKETSIZE]; \r
+ }\r
+ \r
+ @Override\r
+ protected AuthzTrans newTrans() {\r
+ return env.newTrans();\r
+ }\r
+\r
+ @Override\r
+ protected TimeTaken start(AuthzTrans trans, ServletRequest request) {\r
+ trans.set((HttpServletRequest)request);\r
+ return trans.start("Trans " + //(context==null?"n/a":context.toString()) +\r
+ " IP: " + trans.ip() +\r
+ " Port: " + trans.port()\r
+ , Env.SUB);\r
+ }\r
+\r
+ @Override\r
+ protected void authenticated(AuthzTrans trans, Principal p) {\r
+ trans.setUser(p);\r
+ }\r
+\r
+ @Override\r
+ protected void tallyHo(AuthzTrans trans) {\r
+ // Transaction is done, now post\r
+ StringBuilder sb = new StringBuilder("AuditTrail\n");\r
+ // We'll grab sub-metrics for Remote Calls and JSON\r
+ // IMPORTANT!!! if you add more entries here, change "BUCKETSIZE"!!!\r
+ Metric m = trans.auditTrail(1, sb, Env.REMOTE,Env.JSON);\r
+ // Add current Metrics to total metrics\r
+ serviceMetric.total+= m.total;\r
+ for(int i=0;i<serviceMetric.buckets.length;++i) {\r
+ serviceMetric.buckets[i]+=m.buckets[i];\r
+ }\r
+ // Log current info\r
+ sb.append(" Total: ");\r
+ sb.append(m.total);\r
+ sb.append(" Remote: ");\r
+ sb.append(m.buckets[0]);\r
+ sb.append(" JSON: ");\r
+ sb.append(m.buckets[1]);\r
+ trans.info().log(sb);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import java.security.Principal;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.org.Organization;\r
+import com.att.cadi.Lur;\r
+import com.att.cadi.Permission;\r
+import com.att.inno.env.Decryptor;\r
+import com.att.inno.env.Encryptor;\r
+import com.att.inno.env.LogTarget;\r
+import com.att.inno.env.Slot;\r
+import com.att.inno.env.StaticSlot;\r
+import com.att.inno.env.TimeTaken;\r
+\r
+/**\r
+ * A NULL implementation of AuthzTrans, for use in DirectAAF Taf/Lurs\r
+ */\r
+public class NullTrans implements AuthzTrans {\r
+ private static final AuthzTrans singleton = new NullTrans();\r
+ \r
+ public static final AuthzTrans singleton() {\r
+ return singleton;\r
+ }\r
+ \r
+ public void checkpoint(String text) {}\r
+ public void checkpoint(String text, int additionalFlag) {}\r
+ public Metric auditTrail(int indent, StringBuilder sb, int... flag) {return null;}\r
+ public LogTarget fatal() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget error() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget audit() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.env.Env#init()\r
+ */\r
+ @Override\r
+ public LogTarget init() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget warn() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget info() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget debug() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public LogTarget trace() {\r
+ return LogTarget.NULL;\r
+ }\r
+\r
+ public TimeTaken start(String name, int flag) {\r
+ return new TimeTaken(name,flag) {\r
+ public void output(StringBuilder sb) {\r
+ sb.append(name);\r
+ sb.append(' ');\r
+ sb.append(millis());\r
+ sb.append("ms");\r
+ }\r
+ };\r
+ }\r
+\r
+ @Override\r
+ public String setProperty(String tag, String value) {\r
+ return value;\r
+ }\r
+\r
+ @Override\r
+ public String getProperty(String tag) {\r
+ return tag;\r
+ }\r
+\r
+ @Override\r
+ public String getProperty(String tag, String deflt) {\r
+ return deflt;\r
+ }\r
+\r
+ @Override\r
+ public Decryptor decryptor() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public Encryptor encryptor() {\r
+ return null;\r
+ }\r
+ @Override\r
+ public AuthzTrans set(HttpServletRequest req) {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public String user() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public Principal getUserPrincipal() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public String ip() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public int port() {\r
+ return 0;\r
+ }\r
+ @Override\r
+ public String meth() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public String path() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public void put(Slot slot, Object value) {\r
+ }\r
+ @Override\r
+ public <T> T get(Slot slot, T deflt) {\r
+ return null;\r
+ }\r
+ @Override\r
+ public <T> T get(StaticSlot slot, T dflt) {\r
+ return null;\r
+ }\r
+ @Override\r
+ public void setUser(Principal p) {\r
+ }\r
+ @Override\r
+ public Slot slot(String name) {\r
+ return null;\r
+ }\r
+ @Override\r
+ public AuthzEnv env() {\r
+ return null;\r
+ }\r
+ @Override\r
+ public String agent() {\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public void setLur(Lur lur) {\r
+ }\r
+\r
+ @Override\r
+ public boolean fish(Permission p) {\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public boolean forceRequested() {\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public boolean futureRequested() {\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public boolean moveRequested() {\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public Organization org() {\r
+ return Organization.NULL;\r
+ }\r
+\r
+ @Override\r
+ public void logAuditTrail(LogTarget lt) {\r
+ }\r
+\r
+ @Override\r
+ public Metric auditTrail(LogTarget lt, int indent, StringBuilder sb, int... flag) {\r
+ // TODO Auto-generated method stub\r
+ return null;\r
+ }\r
+\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.layer;\r
+\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Data.TYPE;\r
+\r
+\r
+\r
+public abstract class FacadeImpl {\r
+ protected static final String IN = "in";\r
+\r
+ protected void setContentType(HttpServletResponse response, TYPE type) {\r
+ response.setContentType(type==Data.TYPE.JSON?"application/json":"text.xml");\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.layer;\r
+\r
+import java.util.Collection;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+\r
+/**\r
+ * It would be nice if Java Enums were extensible, but they're not.\r
+ * \r
+ *\r
+ */\r
+public class Result<RV> {\r
+ private static final String SUCCESS = "Success";\r
+ public static final String[] EMPTY_VARS = new String[0];\r
+\r
+ public final static int OK=0,\r
+ ERR_Security = 1,\r
+ ERR_Denied = 2,\r
+ ERR_Policy = 3,\r
+ ERR_BadData = 4,\r
+ ERR_NotImplemented = 5,\r
+ ERR_NotFound = 6,\r
+ ERR_ConflictAlreadyExists = 7,\r
+ ERR_ActionNotCompleted = 8,\r
+ ERR_Backend = 9,\r
+ ERR_General = 20;\r
+ \r
+ public final RV value;\r
+ public final int status;\r
+ public final String details;\r
+ public final String[] variables;\r
+ \r
+ protected Result(RV value, int status, String details, String[] variables) {\r
+ this.value = value;\r
+ if(value==null) {\r
+ specialCondition|=EMPTY_LIST;\r
+ }\r
+ this.status = status;\r
+ this.details = details;\r
+ if(variables==null) {\r
+ this.variables = EMPTY_VARS;\r
+ } else {\r
+ this.variables=variables;\r
+ }\r
+ }\r
+ \r
+ /**\r
+ * Create a Result class with "OK" status and "Success" for details\r
+ * \r
+ * This is the easiest to use\r
+ * \r
+ * @param value\r
+ * @param status\r
+ * @return\r
+ */\r
+ public static<R> Result<R> ok(R value) {\r
+ return new Result<R>(value,OK,SUCCESS,null);\r
+ }\r
+\r
+ /**\r
+ * Accept Arrays and mark as empty or not\r
+ * @param value\r
+ * @return\r
+ */\r
+ public static<R> Result<R[]> ok(R value[]) {\r
+ return new Result<R[]>(value,OK,SUCCESS,null).emptyList(value.length==0);\r
+ }\r
+\r
+ /**\r
+ * Accept Sets and mark as empty or not\r
+ * @param value\r
+ * @return\r
+ */\r
+ public static<R> Result<Set<R>> ok(Set<R> value) {\r
+ return new Result<Set<R>>(value,OK,SUCCESS,null).emptyList(value.size()==0);\r
+ }\r
+\r
+ /**\r
+ * Accept Lists and mark as empty or not\r
+ * @param value\r
+ * @return\r
+ */\r
+ public static<R> Result<List<R>> ok(List<R> value) {\r
+ return new Result<List<R>>(value,OK,SUCCESS,null).emptyList(value.size()==0);\r
+ }\r
+\r
+ /**\r
+ * Accept Collections and mark as empty or not\r
+ * @param value\r
+ * @return\r
+ */\r
+ public static<R> Result<Collection<R>> ok(Collection<R> value) {\r
+ return new Result<Collection<R>>(value,OK,SUCCESS,null).emptyList(value.size()==0);\r
+ }\r
+\r
+\r
+ /**\r
+ * Special Case for Void Type\r
+ * @return\r
+ */\r
+ public static Result<Void> ok() {\r
+ return new Result<Void>(null,OK,SUCCESS,null);\r
+ }\r
+\r
+ /**\r
+ * Create a Status (usually non OK, with a details statement \r
+ * @param value\r
+ * @param status\r
+ * @param details\r
+ * @return\r
+ */\r
+// public static<R> Result<R> err(int status, String details) {\r
+// return new Result<R>(null,status,details,null);\r
+// }\r
+ \r
+ /**\r
+ * Create a Status (usually non OK, with a details statement and variables supported\r
+ * @param status\r
+ * @param details\r
+ * @param variables\r
+ * @return\r
+ */\r
+ public static<R> Result<R> err(int status, String details, String ... variables) {\r
+ return new Result<R>(null,status,details,variables);\r
+ }\r
+\r
+ /**\r
+ * Create Error from status and Details of previous Result (and not data)\r
+ * @param pdr\r
+ * @return\r
+ */\r
+ public static<R> Result<R> err(Result<?> pdr) {\r
+ return new Result<R>(null,pdr.status,pdr.details,pdr.variables);\r
+ }\r
+\r
+ /**\r
+ * Create General Error from Exception\r
+ * @param e\r
+ * @return\r
+ */\r
+ public static<R> Result<R> err(Exception e) {\r
+ return new Result<R>(null,ERR_General,e.getMessage(),EMPTY_VARS);\r
+ }\r
+\r
+ /**\r
+ * Create a Status (usually non OK, with a details statement \r
+ * @param value\r
+ * @param status\r
+ * @param details\r
+ * @return\r
+ */\r
+ public static<R> Result<R> create(R value, int status, String details, String ... vars) {\r
+ return new Result<R>(value,status,details,vars);\r
+ }\r
+\r
+ /**\r
+ * Create a Status from a previous status' result/details \r
+ * @param value\r
+ * @param status\r
+ * @param details\r
+ * @return\r
+ */\r
+ public static<R> Result<R> create(R value, Result<?> result) {\r
+ return new Result<R>(value,result.status,result.details,result.variables);\r
+ }\r
+\r
+ private static final int PARTIAL_CONTENT = 0x001;\r
+ private static final int EMPTY_LIST = 0x002;\r
+ \r
+ /**\r
+ * AAF Specific problems, etc \r
+ * \r
+ *\r
+ */\r
+\r
+ /**\r
+ * specialCondition is a bit field to enable multiple conditions, e.g. PARTIAL_CONTENT\r
+ */\r
+ private int specialCondition = 0;\r
+\r
+\r
+ /**\r
+ * Is result set only partial results, i.e. the DAO clipped the real result set to a smaller number.\r
+ * @return true iff result returned PARTIAL_CONTENT\r
+ */\r
+ public boolean partialContent() {\r
+ return (specialCondition & PARTIAL_CONTENT) == PARTIAL_CONTENT;\r
+ }\r
+\r
+ /**\r
+ * Set fact that result set only returned partial results, i.e. the DAO clipped the real result set to a smaller number.\r
+ * @param hasPartialContent set true iff result returned PARTIAL_CONTENT\r
+ * @return this Result object, so you can chain calls, in builder style\r
+ */\r
+ public Result<RV> partialContent(boolean hasPartialContent) {\r
+ if (hasPartialContent) {\r
+ specialCondition |= PARTIAL_CONTENT;\r
+ } else {\r
+ specialCondition &= (~PARTIAL_CONTENT);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ /**\r
+ * When Result is a List, you can check here to see if it's empty instead of looping\r
+ * \r
+ * @return\r
+ */\r
+ public boolean isEmpty() {\r
+ return (specialCondition & EMPTY_LIST) == EMPTY_LIST;\r
+ }\r
+\r
+ /**\r
+ * A common occurrence is that data comes back, but list is empty. If set, you can skip looking\r
+ * at list at the outset.\r
+ * \r
+ * @param emptyList\r
+ * @return\r
+ */\r
+ public Result<RV> emptyList(boolean emptyList) {\r
+ if (emptyList) {\r
+ specialCondition |= EMPTY_LIST;\r
+ } else {\r
+ specialCondition &= (~EMPTY_LIST);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ \r
+ /** \r
+ * Convenience function. Checks OK, and also if List is not Empty\r
+ * Not valid if Data is not a List\r
+ * @return\r
+ */\r
+ public boolean isOK() {\r
+ return status == OK;\r
+ }\r
+\r
+ /** \r
+ * Convenience function. Checks OK, and also if List is not Empty\r
+ * Not valid if Data is not a List\r
+ * @return\r
+ */\r
+ public boolean notOK() {\r
+ return status != OK;\r
+ }\r
+\r
+ /** \r
+ * Convenience function. Checks OK, and also if List is not Empty\r
+ * Not valid if Data is not a List\r
+ * @return\r
+ */\r
+ public boolean isOKhasData() {\r
+ return status == OK && (specialCondition & EMPTY_LIST) != EMPTY_LIST;\r
+ }\r
+\r
+\r
+ /** \r
+ * Convenience function. Checks OK, and also if List is not Empty\r
+ * Not valid if Data is not a List\r
+ * @return\r
+ */\r
+ public boolean notOKorIsEmpty() {\r
+ return status != OK || (specialCondition & EMPTY_LIST) == EMPTY_LIST;\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ if(status==0) {\r
+ return details;\r
+ } else {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(status);\r
+ sb.append(':');\r
+ sb.append(String.format(details,((Object[])variables)));\r
+ if(isEmpty()) {\r
+ sb.append("{empty}");\r
+ }\r
+ sb.append('-');\r
+ sb.append(value.toString());\r
+ return sb.toString();\r
+ }\r
+ }\r
+ \r
+ public String errorString() {\r
+ StringBuilder sb = new StringBuilder();\r
+ switch(status) {\r
+ case 1: sb.append("Security"); break;\r
+ case 2: sb.append("Denied"); break;\r
+ case 3: sb.append("Policy"); break;\r
+ case 4: sb.append("BadData"); break;\r
+ case 5: sb.append("NotImplemented"); break;\r
+ case 6: sb.append("NotFound"); break;\r
+ case 7: sb.append("AlreadyExists"); break;\r
+ case 8: sb.append("ActionNotComplete"); break;\r
+ default: sb.append("Error");\r
+ }\r
+ sb.append(" - ");\r
+ sb.append(String.format(details, (Object[])variables));\r
+ return sb.toString();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.local;\r
+\r
+import java.io.File;\r
+import java.io.FileNotFoundException;\r
+import java.io.IOException;\r
+import java.io.RandomAccessFile;\r
+import java.util.Iterator;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.local.DataFile.Token;\r
+import com.att.authz.local.DataFile.Token.Field;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+\r
+public abstract class AbsData implements Iterable<String> {\r
+ protected DataFile data;\r
+ protected TextIndex ti;\r
+ private File dataf,idxf,lockf;\r
+ private String name;\r
+ private char delim;\r
+ private int maxLineSize;\r
+ private int fieldOffset;\r
+ private int skipLines;\r
+\r
+ public AbsData(File dataf,char sepChar, int maxLineSize, int fieldOffset) {\r
+ File dir = dataf.getParentFile();\r
+ int dot = dataf.getName().lastIndexOf('.');\r
+ if(dot>=0) {\r
+ name = dataf.getName().substring(0,dot);\r
+ }\r
+\r
+ this.dataf=dataf;\r
+ this.delim = sepChar;\r
+ this.maxLineSize = maxLineSize;\r
+ this.fieldOffset = fieldOffset;\r
+ idxf = new File(dir,name.concat(".idx"));\r
+ lockf = new File(dir,name.concat(".lock"));\r
+ \r
+ \r
+ data = new DataFile(dataf,"r");\r
+ ti = new TextIndex(idxf);\r
+ skipLines=0;\r
+ }\r
+ \r
+ public void skipLines(int lines) {\r
+ skipLines=lines;\r
+ }\r
+ \r
+ public String name() {\r
+ return name;\r
+ }\r
+ \r
+ public void open(AuthzTrans trans, long timeout) throws IOException {\r
+ TimeTaken tt = trans.start("Open Data File", Env.SUB);\r
+ boolean opened = false, first = true;\r
+ try {\r
+ if(!dataf.exists()) {\r
+ throw new FileNotFoundException("Data File Missing:" + dataf.getCanonicalPath());\r
+ }\r
+ long begin = System.currentTimeMillis();\r
+ long end = begin+timeout;\r
+ boolean exists;\r
+ while((exists=lockf.exists()) && begin<end) {\r
+ if(first) {\r
+ trans.warn().log("Waiting for",lockf.getCanonicalPath(),"to close");\r
+ first = false;\r
+ } \r
+ try {\r
+ Thread.sleep(200);\r
+ } catch (InterruptedException e) {\r
+ break;\r
+ }\r
+ begin = System.currentTimeMillis();\r
+ }\r
+ if(exists) {\r
+ throw new IOException(lockf.getCanonicalPath() + "exists. May not open Datafile");\r
+ }\r
+ data.open();\r
+ try {\r
+ ensureIdxGood(trans);\r
+ } catch (IOException e) {\r
+ data.close();\r
+ throw e;\r
+ }\r
+ ti.open();\r
+ opened = true;\r
+ \r
+ } finally {\r
+ tt.done();\r
+ }\r
+ if(!opened) {\r
+ throw new IOException("DataFile pair for " + name + " was not able to be opened in " + timeout + "ms");\r
+ }\r
+ }\r
+ \r
+ private synchronized void ensureIdxGood(AuthzTrans trans) throws IOException {\r
+ if(!idxf.exists() || idxf.length()==0 || dataf.lastModified()>idxf.lastModified()) {\r
+ trans.warn().log(idxf.getCanonicalPath(),"is missing, empty or out of date, creating");\r
+ RandomAccessFile raf = new RandomAccessFile(lockf, "rw");\r
+ try {\r
+ ti.create(trans, data, maxLineSize, delim, fieldOffset, skipLines);\r
+ if(!idxf.exists() || (idxf.length()==0 && dataf.length()!=0)) {\r
+ throw new IOException("Data Index File did not create correctly");\r
+ }\r
+ } finally {\r
+ raf.close();\r
+ lockf.delete();\r
+ }\r
+ }\r
+ }\r
+\r
+ public void close(AuthzTrans trans) throws IOException {\r
+ ti.close();\r
+ data.close();\r
+ }\r
+ \r
+ public class Reuse {\r
+ private Token tokenData;\r
+ private Field fieldData;\r
+\r
+ private Reuse(int size,char delim) {\r
+ tokenData = data.new Token(size);\r
+ fieldData = getTokenData().new Field(delim);\r
+ }\r
+ \r
+ public void reset() {\r
+ getFieldData().reset();\r
+ }\r
+\r
+ public void pos(int rec) {\r
+ getFieldData().reset();\r
+ getTokenData().pos(rec);\r
+ }\r
+\r
+ public String next() {\r
+ return getFieldData().next();\r
+ }\r
+ \r
+ public String at(int field) {\r
+ return getFieldData().at(field);\r
+ }\r
+\r
+ public String atToEnd(int field) {\r
+ return getFieldData().atToEnd(field);\r
+ }\r
+\r
+ public Field getFieldData() {\r
+ return fieldData;\r
+ }\r
+\r
+ public Token getTokenData() {\r
+ return tokenData;\r
+ }\r
+\r
+ }\r
+ \r
+ public Reuse reuse() {\r
+ return new Reuse(maxLineSize,delim);\r
+ }\r
+\r
+ public Iter iterator() {\r
+ return new Iter();\r
+ }\r
+ \r
+ public class Iter implements Iterator<String> {\r
+ private Reuse reuse;\r
+ private com.att.authz.local.TextIndex.Iter tii;\r
+\r
+ public Iter() {\r
+ reuse = reuse();\r
+ tii = ti.new Iter();\r
+ }\r
+\r
+ @Override\r
+ public boolean hasNext() {\r
+ return tii.hasNext();\r
+ }\r
+\r
+ @Override\r
+ public String next() {\r
+ reuse.reset();\r
+ int rec = tii.next();\r
+ reuse.pos(rec);\r
+ return reuse.at(0);\r
+ }\r
+\r
+ @Override\r
+ public void remove() {\r
+ // read only\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.local;\r
+\r
+import java.io.File;\r
+import java.io.FileNotFoundException;\r
+import java.io.IOException;\r
+import java.io.RandomAccessFile;\r
+import java.nio.ByteBuffer;\r
+import java.nio.IntBuffer;\r
+import java.nio.MappedByteBuffer;\r
+import java.nio.channels.FileChannel;\r
+import java.nio.channels.FileChannel.MapMode;\r
+\r
+public class DataFile {\r
+ private RandomAccessFile rafile;\r
+ private FileChannel channel;\r
+ public MappedByteBuffer mapBuff;\r
+ private final File file;\r
+ private final String access;\r
+ \r
+ public DataFile(File file, String access) {\r
+ this.file = file;\r
+ this.access = access;\r
+ }\r
+ public void open() throws IOException {\r
+ if(!file.exists()) throw new FileNotFoundException();\r
+ rafile = new RandomAccessFile(file,access);\r
+ channel = rafile.getChannel();\r
+ mapBuff = channel.map("r".equals(access)?MapMode.READ_ONLY:MapMode.READ_WRITE,0,channel.size());\r
+ }\r
+ public void close() throws IOException {\r
+ if(channel!=null){channel.close();}\r
+ if(rafile!=null) {rafile.close();}\r
+ mapBuff = null;\r
+ }\r
+\r
+ public long size() throws IOException {\r
+ return channel.size();\r
+ }\r
+\r
+ private synchronized int load(Token t) {\r
+ int len = Math.min(mapBuff.limit()-t.next,t.buff.length);\r
+ if(len>0) {\r
+ mapBuff.position(t.next);\r
+ mapBuff.get(t.buff,0,len);\r
+ }\r
+ return len<0?0:len;\r
+ }\r
+ \r
+ public class Token {\r
+ private byte[] buff;\r
+ int pos, next, end;\r
+ \r
+ public Token(int size) {\r
+ buff = new byte[size];\r
+ pos = next = end = 0;\r
+ }\r
+ \r
+ public boolean pos(int to) {\r
+ pos = next = to;\r
+ return (end=load(this))>0;\r
+ }\r
+ \r
+ public boolean nextLine() {\r
+ end = load(this);\r
+ pos = next;\r
+ for(int i=0;i<end;++i) {\r
+ if(buff[i]=='\n') {\r
+ end = i;\r
+ next += i+1;\r
+ return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+ \r
+ public IntBuffer getIntBuffer() {\r
+ return ByteBuffer.wrap(buff).asIntBuffer();\r
+ }\r
+\r
+\r
+\r
+ public String toString() {\r
+ return new String(buff,0,end);\r
+ }\r
+ public class Field {\r
+ char delim;\r
+ int idx;\r
+ ByteBuffer bb;\r
+\r
+ public Field(char delimiter) {\r
+ delim = delimiter;\r
+ idx = 0;\r
+ bb = null;\r
+ }\r
+ \r
+ public Field reset() {\r
+ idx = 0;\r
+ return this;\r
+ }\r
+ \r
+ public String next() {\r
+ if(idx>=end)return null;\r
+ int start = idx;\r
+ byte c=0;\r
+ int endStr = -1;\r
+ while(idx<end && idx<buff.length && (c=buff[idx])!=delim && c!='\n') { // for DOS\r
+ if(c=='\r')endStr=idx;\r
+ ++idx;\r
+ }\r
+ \r
+ if(endStr<0) {\r
+ endStr=idx-start;\r
+ } else {\r
+ endStr=endStr-start;\r
+ }\r
+ ++idx;\r
+ return new String(buff,start,endStr);\r
+ }\r
+\r
+ public String at(int fieldOffset) {\r
+ int start;\r
+ byte c=0;\r
+ for(int count = idx = start = 0; idx<end && idx<buff.length; ++idx) {\r
+ if((c=buff[idx])==delim || c=='\n') {\r
+ if(count++ == fieldOffset) {\r
+ break;\r
+ }\r
+ start = idx+1;\r
+ }\r
+ }\r
+ return new String(buff,start,(idx-start-(c=='\r'?1:0)));\r
+ }\r
+ \r
+ public String atToEnd(int fieldOffset) {\r
+ int start;\r
+ byte c=0;\r
+ for(int count = idx = start = 0; idx<end && idx<buff.length; ++idx) {\r
+ if((c=buff[idx])==delim || c=='\n') {\r
+ if(count++ == fieldOffset) {\r
+ break;\r
+ }\r
+ start = idx+1;\r
+ }\r
+ }\r
+ \r
+ for(; idx<end && idx<buff.length && (c=buff[idx])!='\n'; ++idx) {\r
+ ++idx;\r
+ }\r
+ return new String(buff,start,(idx-start-((c=='\r' || idx>=end)?1:0)));\r
+ }\r
+\r
+ }\r
+\r
+ public int pos() {\r
+ return pos;\r
+ }\r
+ }\r
+\r
+ public File file() {\r
+ return file;\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.local;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.io.RandomAccessFile;\r
+import java.nio.ByteBuffer;\r
+import java.nio.IntBuffer;\r
+import java.nio.channels.FileChannel;\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.LinkedList;\r
+import java.util.List;\r
+\r
+import com.att.authz.local.DataFile.Token;\r
+import com.att.authz.local.DataFile.Token.Field;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+public class TextIndex {\r
+ private static final int REC_SIZE=8;\r
+ \r
+ private File file;\r
+ private DataFile dataFile=null;\r
+ \r
+ public TextIndex(File theFile) {\r
+ file = theFile;\r
+ }\r
+ \r
+ public void open() throws IOException {\r
+ dataFile = new DataFile(file,"r");\r
+ dataFile.open();\r
+ }\r
+ \r
+ public void close() throws IOException {\r
+ if(dataFile!=null) {dataFile.close();}\r
+ }\r
+\r
+ public int find(Object key, AbsData.Reuse reuse, int offset) throws IOException {\r
+ return find(key,reuse.getTokenData(),reuse.getFieldData(),offset);\r
+ }\r
+ \r
+ public int find(Object key, DataFile.Token dtok, Field df, int offset) throws IOException {\r
+ if(dataFile==null) {throw new IOException("File not opened");}\r
+ long hash = hashToLong(key.hashCode());\r
+ int min=0, max = (int)(dataFile.size()/REC_SIZE);\r
+ Token ttok = dataFile.new Token(REC_SIZE);\r
+ IntBuffer tib = ttok.getIntBuffer();\r
+ long lhash;\r
+ int curr;\r
+ while((max-min)>100) {\r
+ ttok.pos((curr=(min+(max-min)/2))*REC_SIZE);\r
+ tib.rewind();\r
+ lhash = hashToLong(tib.get());\r
+ if(lhash<hash) {\r
+ min=curr+1;\r
+ } else if(lhash>hash) {\r
+ max=curr-1;\r
+ } else {\r
+ min=curr-40;\r
+ max=curr+40;\r
+ break;\r
+ }\r
+ }\r
+ \r
+ List<Integer> entries = new ArrayList<Integer>();\r
+ for(int i=min;i<=max;++i) {\r
+ ttok.pos(i*REC_SIZE);\r
+ tib.rewind();\r
+ lhash = hashToLong(tib.get());\r
+ if(lhash==hash) {\r
+ entries.add(tib.get());\r
+ } else if(lhash>hash) {\r
+ break;\r
+ }\r
+ }\r
+ \r
+ for(Integer i : entries) {\r
+ dtok.pos(i);\r
+ if(df.at(offset).equals(key)) {\r
+ return i;\r
+ }\r
+ }\r
+ return -1;\r
+ }\r
+ \r
+\r
+ /*\r
+ * Have to change Bytes into a Long, to avoid the inevitable signs in the Hash\r
+ */\r
+ private static long hashToLong(int hash) {\r
+ long rv;\r
+ if(hash<0) {\r
+ rv = 0xFFFFFFFFL & hash;\r
+ } else {\r
+ rv = hash;\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ public void create(final Trans trans,final DataFile data, int maxLine, char delim, int fieldOffset, int skipLines) throws IOException {\r
+ RandomAccessFile raf;\r
+ FileChannel fos;\r
+ \r
+ List<Idx> list = new LinkedList<Idx>(); // Some hashcodes will double... DO NOT make a set\r
+ TimeTaken tt2 = trans.start("Open Files", Env.SUB);\r
+ try {\r
+ raf = new RandomAccessFile(file,"rw");\r
+ raf.setLength(0L);\r
+ fos = raf.getChannel();\r
+ } finally {\r
+ tt2.done();\r
+ }\r
+ \r
+ try {\r
+ \r
+ Token t = data.new Token(maxLine); \r
+ Field f = t.new Field(delim);\r
+ \r
+ int count = 0;\r
+ if(skipLines>0) {\r
+ trans.info().log("Skipping",skipLines,"line"+(skipLines==1?" in":"s in"),data.file().getName());\r
+ }\r
+ for(int i=0;i<skipLines;++i) {\r
+ t.nextLine();\r
+ }\r
+ tt2 = trans.start("Read", Env.SUB);\r
+ try {\r
+ while(t.nextLine()) {\r
+ list.add(new Idx(f.at(fieldOffset),t.pos()));\r
+ ++count;\r
+ }\r
+ } finally {\r
+ tt2.done();\r
+ }\r
+ trans.checkpoint(" Read " + count + " records");\r
+ tt2 = trans.start("Sort List", Env.SUB);\r
+ Collections.sort(list);\r
+ tt2.done();\r
+ tt2 = trans.start("Write Idx", Env.SUB);\r
+ try {\r
+ ByteBuffer bb = ByteBuffer.allocate(8*1024);\r
+ IntBuffer ib = bb.asIntBuffer();\r
+ for(Idx idx : list) {\r
+ if(!ib.hasRemaining()) {\r
+ fos.write(bb);\r
+ ib.clear();\r
+ bb.rewind();\r
+ }\r
+ ib.put(idx.hash);\r
+ ib.put(idx.pos);\r
+ }\r
+ bb.limit(4*ib.position());\r
+ fos.write(bb);\r
+ } finally {\r
+ tt2.done();\r
+ }\r
+ } finally {\r
+ fos.close();\r
+ raf.close();\r
+ }\r
+ }\r
+ \r
+ public class Iter {\r
+ private int idx;\r
+ private Token t;\r
+ private long end;\r
+ private IntBuffer ib;\r
+\r
+\r
+ public Iter() {\r
+ try {\r
+ idx = 0;\r
+ end = dataFile.size();\r
+ t = dataFile.new Token(REC_SIZE);\r
+ ib = t.getIntBuffer();\r
+\r
+ } catch (IOException e) {\r
+ end = -1L;\r
+ }\r
+ }\r
+ \r
+ public int next() {\r
+ t.pos(idx);\r
+ ib.clear();\r
+ ib.get();\r
+ int rec = ib.get();\r
+ idx += REC_SIZE;\r
+ return rec;\r
+ }\r
+\r
+ public boolean hasNext() {\r
+ return idx<end;\r
+ }\r
+ }\r
+ \r
+ private static class Idx implements Comparable<Idx> {\r
+ public int hash, pos;\r
+ public Idx(Object obj, int pos) {\r
+ hash = obj.hashCode();\r
+ this.pos = pos;\r
+ }\r
+ \r
+ @Override\r
+ public int compareTo(Idx ib) {\r
+ long a = hashToLong(hash);\r
+ long b = hashToLong(ib.hash);\r
+ return a>b?1:a<b?-1:0;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#equals(java.lang.Object)\r
+ */\r
+ @Override\r
+ public boolean equals(Object o) {\r
+ if(o!=null && o instanceof Idx) {\r
+ return hash == ((Idx)o).hash;\r
+ }\r
+ return false;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#hashCode()\r
+ */\r
+ @Override\r
+ public int hashCode() {\r
+ return hash;\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+public interface EmailWarnings\r
+{\r
+ public long credExpirationWarning();\r
+ public long roleExpirationWarning();\r
+ public long credEmailInterval();\r
+ public long roleEmailInterval();\r
+ public long apprEmailInterval();\r
+ public long emailUrgentWarning();\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+public interface Executor {\r
+ // remove User from user/Role\r
+ // remove user from Admins\r
+ // if # of Owners > 1, remove User from Owner\r
+ // if # of Owners = 1, changeOwner to X Remove Owner????\r
+ boolean hasPermission(String user, String ns, String type, String instance, String action); \r
+ boolean inRole(String name);\r
+ \r
+ public String namespace() throws Exception;\r
+ public String id();\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+\r
+/**\r
+ * Organization\r
+ * \r
+ * There is Organizational specific information required which we have extracted to a plugin\r
+ * \r
+ * It supports using Company Specific User Directory lookups, as well as supporting an\r
+ * Approval/Validation Process to simplify control of Roles and Permissions for large organizations\r
+ * in lieu of direct manipulation by a set of Admins. \r
+ * \r
+ *\r
+ */\r
+public interface Organization {\r
+ public static final String N_A = "n/a";\r
+\r
+ public interface Identity {\r
+ public String id();\r
+ public String fullID(); // Fully Qualified ID (includes Domain of Organization)\r
+ public String type(); // Must be one of "IdentityTypes", see below\r
+ public String responsibleTo(); // Chain of Command, Comma Separated if required\r
+ public List<String> delegate(); // Someone who has authority to act on behalf of Identity\r
+ public String email();\r
+ public String fullName();\r
+ public boolean isResponsible(); // Is id passed belong to a person suitable to be Responsible for content Management\r
+ public boolean isFound(); // Is Identity found in Identity stores\r
+ public Identity owner() throws OrganizationException; // Identity is directly responsible for App ID\r
+ public Organization org(); // Organization of Identity\r
+ }\r
+\r
+\r
+ /**\r
+ * Name of Organization, suitable for Logging\r
+ * @return\r
+ */\r
+ public String getName();\r
+\r
+ /**\r
+ * Realm, for use in distinguishing IDs from different systems/Companies\r
+ * @return\r
+ */\r
+ public String getRealm();\r
+\r
+ String getDomain();\r
+\r
+ /**\r
+ * Get Identity information based on userID\r
+ * \r
+ * @param id\r
+ * @return\r
+ */\r
+ public Identity getIdentity(AuthzTrans trans, String id) throws OrganizationException;\r
+ \r
+\r
+ /**\r
+ * Does the ID pass Organization Standards\r
+ * \r
+ * Return a Blank (empty) String if empty, otherwise, return a "\n" separated list of \r
+ * reasons why it fails\r
+ * \r
+ * @param id\r
+ * @return\r
+ */\r
+ public String isValidID(String id);\r
+\r
+ /**\r
+ * Return a Blank (empty) String if empty, otherwise, return a "\n" separated list of \r
+ * reasons why it fails\r
+ * \r
+ * Identity is passed in to allow policies regarding passwords that are the same as user ID\r
+ * \r
+ * any entries for "prev" imply a reset\r
+ * \r
+ * @param id\r
+ * @param password\r
+ * @return\r
+ */\r
+ public String isValidPassword(String user, String password, String ... prev);\r
+\r
+\r
+ /**\r
+ * Does your Company distinguish essential permission structures by kind of Identity?\r
+ * i.e. Employee, Contractor, Vendor \r
+ * @return\r
+ */\r
+ public Set<String> getIdentityTypes();\r
+\r
+ public enum Notify {\r
+ Approval(1),\r
+ PasswordExpiration(2),\r
+ RoleExpiration(3);\r
+\r
+ final int id;\r
+ Notify(int id) {this.id = id;}\r
+ public int getValue() {return id;}\r
+ public static Notify from(int type) {\r
+ for(Notify t : Notify.values()) {\r
+ if(t.id==type) {\r
+ return t;\r
+ }\r
+ }\r
+ return null;\r
+ }\r
+ }\r
+\r
+ public enum Response{\r
+ OK,\r
+ ERR_NotImplemented,\r
+ ERR_UserNotExist,\r
+ ERR_NotificationFailure,\r
+ };\r
+ \r
+ public enum Expiration {\r
+ Password,\r
+ TempPassword, \r
+ Future,\r
+ UserInRole,\r
+ UserDelegate, \r
+ ExtendPassword\r
+ }\r
+ \r
+ public enum Policy {\r
+ CHANGE_JOB, \r
+ LEFT_COMPANY, \r
+ CREATE_MECHID, \r
+ CREATE_MECHID_BY_PERM_ONLY,\r
+ OWNS_MECHID,\r
+ AS_EMPLOYEE, \r
+ MAY_EXTEND_CRED_EXPIRES\r
+ }\r
+ \r
+ /**\r
+ * Notify a User of Action or Info\r
+ * \r
+ * @param type\r
+ * @param url\r
+ * @param users (separated by commas)\r
+ * @param ccs (separated by commas)\r
+ * @param summary\r
+ */\r
+\r
+ public Response notify(AuthzTrans trans, Notify type, String url, String ids[], String ccs[], String summary, Boolean urgent);\r
+\r
+ /**\r
+ * (more) generic way to send an email\r
+ * \r
+ * @param toList\r
+ * @param ccList\r
+ * @param subject\r
+ * @param body\r
+ * @param urgent\r
+ */\r
+\r
+ public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body, Boolean urgent) throws OrganizationException;\r
+\r
+ /**\r
+ * whenToValidate\r
+ * \r
+ * Authz support services will ask the Organization Object at startup when it should\r
+ * kickoff Validation processes given particular types. \r
+ * \r
+ * This allows the Organization to express Policy\r
+ * \r
+ * Turn off Validation behavior by returning "null"\r
+ * \r
+ */\r
+ public Date whenToValidate(Notify type, Date lastValidated);\r
+\r
+ \r
+ /**\r
+ * Expiration\r
+ * \r
+ * Given a Calendar item of Start (or now), set the Expiration Date based on the Policy\r
+ * based on type.\r
+ * \r
+ * For instance, "Passwords expire in 3 months"\r
+ * \r
+ * The Extra Parameter is used by certain Orgs.\r
+ * \r
+ * For Password, the extra is UserID, so it can check the Identity Type\r
+ * \r
+ * @param gc\r
+ * @param exp\r
+ * @return\r
+ */\r
+ public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String ... extra);\r
+ \r
+ /**\r
+ * Get Email Warning timing policies\r
+ * @return\r
+ */\r
+ public EmailWarnings emailWarningPolicy();\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public List<Identity> getApprovers(AuthzTrans trans, String user) throws OrganizationException ;\r
+ \r
+ /*\r
+ * \r
+ * @param user\r
+ * @param type\r
+ * @param users\r
+ * @return\r
+ public Response notifyRequest(AuthzTrans trans, String user, Approval type, List<User> approvers);\r
+ */\r
+ \r
+ /**\r
+ * \r
+ * @return\r
+ */\r
+ public String getApproverType();\r
+\r
+ /*\r
+ * startOfDay - define for company what hour of day business starts (specifically for password and other expiration which\r
+ * were set by Date only.)\r
+ * \r
+ * @return\r
+ */\r
+ public int startOfDay();\r
+\r
+ /**\r
+ * implement this method to support any IDs that can have multiple entries in the cred table\r
+ * NOTE: the combination of ID/expiration date/(encryption type when implemented) must be unique.\r
+ * Since expiration date is based on startOfDay for your company, you cannot create many\r
+ * creds for the same ID in the same day.\r
+ * @param id\r
+ * @return\r
+ */\r
+ public boolean canHaveMultipleCreds(String id);\r
+ \r
+ /**\r
+ * \r
+ * @param id\r
+ * @return\r
+ */\r
+ public boolean isValidCred(String id);\r
+ \r
+ /**\r
+ * If response is Null, then it is valid. Otherwise, the Organization specific reason is returned.\r
+ * \r
+ * @param trans\r
+ * @param policy\r
+ * @param executor\r
+ * @param vars\r
+ * @return\r
+ * @throws OrganizationException\r
+ */\r
+ public String validate(AuthzTrans trans, Policy policy, Executor executor, String ... vars) throws OrganizationException;\r
+\r
+ boolean isTestEnv();\r
+\r
+ public void setTestMode(boolean dryRun);\r
+\r
+ public static final Organization NULL = new Organization() \r
+ {\r
+ private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1);\r
+ private final List<Identity> nullList = new ArrayList<Identity>();\r
+ private final Set<String> nullStringSet = new HashSet<String>();\r
+ private final Identity nullIdentity = new Identity() {\r
+ List<String> nullIdentity = new ArrayList<String>();\r
+ @Override\r
+ public String type() {\r
+ return N_A;\r
+ }\r
+ @Override\r
+ public String responsibleTo() {\r
+ return N_A;\r
+ }\r
+ @Override\r
+ public boolean isResponsible() {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public boolean isFound() {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public String id() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public String fullID() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public String email() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public List<String> delegate() {\r
+ return nullIdentity;\r
+ }\r
+ @Override\r
+ public String fullName() {\r
+ return N_A;\r
+ }\r
+ @Override\r
+ public Identity owner() {\r
+ return null;\r
+ }\r
+ @Override\r
+ public Organization org() {\r
+ return NULL;\r
+ }\r
+ };\r
+\r
+ @Override\r
+ public String getName() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public String getRealm() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public String getDomain() {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public Identity getIdentity(AuthzTrans trans, String id) {\r
+ return nullIdentity;\r
+ }\r
+ \r
+ @Override\r
+ public String isValidID(String id) {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public String isValidPassword(String user, String password,String... prev) {\r
+ return N_A;\r
+ }\r
+ \r
+ @Override\r
+ public Set<String> getIdentityTypes() {\r
+ return nullStringSet;\r
+ }\r
+ \r
+ @Override\r
+ public Response notify(AuthzTrans trans, Notify type, String url,\r
+ String[] users, String[] ccs, String summary, Boolean urgent) {\r
+ return Response.ERR_NotImplemented;\r
+ }\r
+ \r
+ @Override\r
+ public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList,\r
+ String subject, String body, Boolean urgent) throws OrganizationException {\r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public Date whenToValidate(Notify type, Date lastValidated) {\r
+ return gc.getTime();\r
+ }\r
+ \r
+ @Override\r
+ public GregorianCalendar expiration(GregorianCalendar gc,\r
+ Expiration exp, String... extra) {\r
+ return gc==null?new GregorianCalendar():gc;\r
+ }\r
+ \r
+ @Override\r
+ public List<Identity> getApprovers(AuthzTrans trans, String user)\r
+ throws OrganizationException {\r
+ return nullList;\r
+ }\r
+ \r
+ @Override\r
+ public String getApproverType() {\r
+ return "";\r
+ }\r
+ \r
+ @Override\r
+ public int startOfDay() {\r
+ return 0;\r
+ }\r
+ \r
+ @Override\r
+ public boolean canHaveMultipleCreds(String id) {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public boolean isValidCred(String id) {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public String validate(AuthzTrans trans, Policy policy, Executor executor, String ... vars)\r
+ throws OrganizationException {\r
+ return "Null Organization rejects all Policies";\r
+ }\r
+ \r
+ @Override\r
+ public boolean isTestEnv() {\r
+ return false;\r
+ }\r
+ \r
+ @Override\r
+ public void setTestMode(boolean dryRun) {\r
+ }\r
+\r
+ @Override\r
+ public EmailWarnings emailWarningPolicy() {\r
+ return new EmailWarnings() {\r
+\r
+ @Override\r
+ public long credEmailInterval()\r
+ {\r
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7\r
+ }\r
+ \r
+ @Override\r
+ public long roleEmailInterval()\r
+ {\r
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7\r
+ }\r
+ \r
+ @Override\r
+ public long apprEmailInterval() {\r
+ return 259200000L; // 3 days in millis 1000 * 86400 * 3\r
+ }\r
+ \r
+ @Override\r
+ public long credExpirationWarning()\r
+ {\r
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds\r
+ }\r
+ \r
+ @Override\r
+ public long roleExpirationWarning()\r
+ {\r
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds\r
+ }\r
+\r
+ @Override\r
+ public long emailUrgentWarning()\r
+ {\r
+ return( 1209600000L ); // Two weeks, in milliseconds 1000 * 86400 * 14 in milliseconds\r
+ }\r
+\r
+ };\r
+ }\r
+ };\r
+}\r
+\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+public class OrganizationException extends Exception {\r
+\r
+ /**\r
+ * \r
+ */\r
+ private static final long serialVersionUID = 1L;\r
+\r
+ public OrganizationException() {\r
+ super();\r
+ }\r
+\r
+ public OrganizationException(String message) {\r
+ super(message);\r
+ }\r
+\r
+ public OrganizationException(Throwable cause) {\r
+ super(cause);\r
+ }\r
+\r
+ public OrganizationException(String message, Throwable cause) {\r
+ super(message, cause);\r
+ }\r
+\r
+ public OrganizationException(String message, Throwable cause, boolean enableSuppression,\r
+ boolean writableStackTrace) {\r
+ super(message, cause, enableSuppression, writableStackTrace);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+import java.lang.reflect.Constructor;\r
+import java.lang.reflect.InvocationTargetException;\r
+import java.util.Map;\r
+import java.util.concurrent.ConcurrentHashMap;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Slot;\r
+\r
+/**\r
+ * Organization Plugin Mechanism\r
+ * \r
+ * Define a NameSpace for the company (i.e. com.att), and put in Properties as \r
+ * "Organization.[your NS" and assign the supporting Class. \r
+ * \r
+ * Example:\r
+ * Organization.com.att=com.att.authz.org.att.ATT\r
+ *\r
+ *\r
+ */\r
+public class OrganizationFactory {\r
+ public static final String ORG_SLOT = "ORG_SLOT";\r
+ private static Organization defaultOrg = null;\r
+ private static Map<String,Organization> orgs = new ConcurrentHashMap<String,Organization>();\r
+ private static Slot orgSlot;\r
+ \r
+ public static void setDefaultOrg(AuthzEnv env, String orgClass) throws APIException {\r
+ orgSlot = env.slot(ORG_SLOT);\r
+ try {\r
+ @SuppressWarnings("unchecked")\r
+ Class<Organization> cls = (Class<Organization>) Class.forName(orgClass);\r
+ Constructor<Organization> cnst = cls.getConstructor(AuthzEnv.class);\r
+ defaultOrg = cnst.newInstance(env);\r
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | \r
+ InstantiationException | IllegalAccessException | IllegalArgumentException | \r
+ InvocationTargetException e) {\r
+ throw new APIException(e);\r
+ }\r
+ }\r
+ \r
+ public static Organization obtain(AuthzEnv env,String orgNS) throws OrganizationException {\r
+ int at = orgNS.indexOf('@');\r
+ if(at<0) {\r
+ if(!orgNS.startsWith("com.")) {\r
+ int dot1;\r
+ if((dot1 = orgNS.lastIndexOf('.'))>-1) {\r
+ int dot2;\r
+ StringBuilder sb = new StringBuilder();\r
+ if((dot2 = orgNS.lastIndexOf('.',dot1-1))>-1) {\r
+ sb.append(orgNS,dot1+1,orgNS.length());\r
+ sb.append('.');\r
+ sb.append(orgNS,dot2+1,dot1);\r
+ } else {\r
+ sb.append(orgNS,dot1+1,orgNS.length());\r
+ sb.append('.');\r
+ sb.append(orgNS,at+1,dot1);\r
+ }\r
+ orgNS=sb.toString();\r
+ }\r
+ }\r
+ } else {\r
+ // Only use two places (Enterprise) of domain\r
+ int dot;\r
+ if((dot= orgNS.lastIndexOf('.'))>-1) {\r
+ StringBuilder sb = new StringBuilder();\r
+ int dot2;\r
+ if((dot2 = orgNS.lastIndexOf('.',dot-1))>-1) {\r
+ sb.append(orgNS.substring(dot+1));\r
+ sb.append(orgNS.subSequence(dot2, dot));\r
+ orgNS = sb.toString();\r
+ } else {\r
+ sb.append(orgNS.substring(dot+1));\r
+ sb.append('.');\r
+ sb.append(orgNS.subSequence(at+1, dot));\r
+ orgNS = sb.toString();\r
+ }\r
+ }\r
+ }\r
+ Organization org = orgs.get(orgNS);\r
+ if(org == null) {\r
+ String orgClass = env.getProperty("Organization."+orgNS);\r
+ if(orgClass == null) {\r
+ env.warn().log("There is no Organization." + orgNS + " property");\r
+ } else {\r
+ for(Organization o : orgs.values()) {\r
+ if(orgClass.equals(o.getClass().getName())) {\r
+ org = o;\r
+ }\r
+ }\r
+ if(org==null) {\r
+ try {\r
+ @SuppressWarnings("unchecked")\r
+ Class<Organization> cls = (Class<Organization>) Class.forName(orgClass);\r
+ Constructor<Organization> cnst = cls.getConstructor(AuthzEnv.class);\r
+ org = cnst.newInstance(env);\r
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | \r
+ InstantiationException | IllegalAccessException | IllegalArgumentException | \r
+ InvocationTargetException e) {\r
+ throw new OrganizationException(e);\r
+ }\r
+ }\r
+ orgs.put(orgNS, org);\r
+ }\r
+ if(org==null && defaultOrg!=null) {\r
+ org=defaultOrg;\r
+ orgs.put(orgNS, org);\r
+ }\r
+ }\r
+ \r
+ return org;\r
+ }\r
+\r
+ public static void set(AuthzTrans trans, String orgNS) throws OrganizationException {\r
+ Organization org = obtain(trans.env(),orgNS);\r
+ trans.put(orgSlot, org);\r
+ }\r
+ \r
+ public static Organization get(AuthzTrans trans) {\r
+ return trans.get(orgSlot,defaultOrg);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.server;\r
+\r
+import java.io.IOException;\r
+import java.io.InputStream;\r
+import java.lang.reflect.Constructor;\r
+import java.net.URL;\r
+import java.security.GeneralSecurityException;\r
+import java.security.Principal;\r
+import java.util.Properties;\r
+\r
+import javax.net.ssl.SSLContext;\r
+import javax.net.ssl.SSLSocketFactory;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+//import com.att.cadi.PropAccess;\r
+import com.att.cadi.aaf.v2_0.AAFConHttp;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.config.Config;\r
+import com.att.cadi.http.HTransferSS;\r
+import com.att.cssa.rserv.RServlet;\r
+import com.att.inno.env.APIException;\r
+\r
+public abstract class AbsServer extends RServlet<AuthzTrans> {\r
+ private static final String AAF_API_VERSION = "2.0";\r
+ public final String app;\r
+ public final AuthzEnv env;\r
+ public AAFConHttp aafCon;\r
+\r
+ public AbsServer(final AuthzEnv env, final String app) throws CadiException, GeneralSecurityException, IOException {\r
+ this.env = env;\r
+ this.app = app;\r
+ if(env.getProperty(Config.AAF_URL)!=null) {\r
+ //aafCon = new AAFConHttp(env);\r
+ }\r
+ }\r
+ \r
+ // This is a method, so we can overload for AAFAPI\r
+ public String aaf_url() {\r
+ return env.getProperty(Config.AAF_URL);\r
+ }\r
+ \r
+ public abstract void startDME2(Properties props) throws Exception;\r
+ public static void setup(Class<?> abss, String propFile) {\r
+\r
+ try {\r
+ // Load Properties from authFramework.properties. Needed for DME2 and AuthzEnv\r
+ Properties props = new Properties();\r
+ URL rsrc = ClassLoader.getSystemResource(propFile);\r
+ if(rsrc==null) {\r
+ System.err.println("Folder containing " + propFile + " must be on Classpath");\r
+ System.exit(1);\r
+ }\r
+\r
+ InputStream is = rsrc.openStream();\r
+ try {\r
+ props.load(is);\r
+ } finally {\r
+ is.close();\r
+ is=null;\r
+ }\r
+\r
+ // Load Properties into AuthzEnv\r
+ AuthzEnv env = new AuthzEnv(props);\r
+ // Log where Config found\r
+ env.init().log("Configuring from",rsrc.getPath());\r
+ rsrc = null;\r
+ \r
+ // Print Cipher Suites Available\r
+ if(env.debug().isLoggable()) {\r
+ SSLContext context = SSLContext.getDefault();\r
+ SSLSocketFactory sf = context.getSocketFactory();\r
+ StringBuilder sb = new StringBuilder("Available Cipher Suites: ");\r
+ boolean first = true;\r
+ int count=0;\r
+ for( String cs : sf.getSupportedCipherSuites()) {\r
+ if(first)first = false;\r
+ else sb.append(',');\r
+ sb.append(cs);\r
+ if(++count%4==0){sb.append('\n');}\r
+ }\r
+ env.debug().log(sb);\r
+ }\r
+\r
+ // Set ROOT NS, etc\r
+ Define.set(env);\r
+\r
+ // Convert CADI properties and Encrypted Passwords for these two properties (if exist) \r
+ // to DME2 Readable. Further, Discovery Props are loaded to System if missing.\r
+ // May be causing client errors\r
+ //Config.cadiToDME2(env,props);\r
+ env.init().log("DME2 ServiceName: " + env.getProperty("DMEServiceName","unknown"));\r
+\r
+ // Construct with Env\r
+ Constructor<?> cons = abss.getConstructor(new Class<?>[] {AuthzEnv.class});\r
+ // Start DME2 (DME2 needs Properties form of props)\r
+ AbsServer s = (AbsServer)cons.newInstance(env);\r
+ \r
+ // Schedule removal of Clear Text Passwords from System Props (DME2 Requirement) \r
+// new Timer("PassRemove").schedule(tt, 120000);\r
+// tt=null;\r
+ \r
+ s.startDME2(props);\r
+ } catch (Exception e) {\r
+ e.printStackTrace(System.err);\r
+ System.exit(1);\r
+ }\r
+ }\r
+ \r
+ public Rcli<?> client() throws CadiException {\r
+ return aafCon.client(AAF_API_VERSION);\r
+ }\r
+\r
+ public Rcli<?> clientAsUser(Principal p) throws CadiException {\r
+ return aafCon.client(AAF_API_VERSION).forUser(\r
+ new HTransferSS(p,app, aafCon.securityInfo()));\r
+ }\r
+\r
+ public<RET> RET clientAsUser(Principal p,Retryable<RET> retryable) throws APIException, LocatorException, CadiException {\r
+ return aafCon.hman().best(new HTransferSS(p,app, aafCon.securityInfo()), retryable);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cache;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.HashMap;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Set;\r
+import java.util.Timer;\r
+import java.util.TimerTask;\r
+import java.util.concurrent.ConcurrentHashMap;\r
+import java.util.logging.Level;\r
+\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * Create and maintain a Map of Maps used for Caching\r
+ * \r
+ *\r
+ * @param <TRANS>\r
+ * @param <DATA>\r
+ */\r
+public class Cache<TRANS extends Trans, DATA> {\r
+ private static Clean clean;\r
+ private static Timer cleanseTimer;\r
+\r
+ public static final String CACHE_HIGH_COUNT = "CACHE_HIGH_COUNT";\r
+ public static final String CACHE_CLEAN_INTERVAL = "CACHE_CLEAN_INTERVAL";\r
+// public static final String CACHE_MIN_REFRESH_INTERVAL = "CACHE_MIN_REFRESH_INTERVAL";\r
+\r
+ private static final Map<String,Map<String,Dated>> cacheMap;\r
+\r
+ static {\r
+ cacheMap = new HashMap<String,Map<String,Dated>>();\r
+ }\r
+\r
+ /**\r
+ * Dated Class - store any Data with timestamp\r
+ * \r
+ *\r
+ */\r
+ public final static class Dated { \r
+ public Date timestamp;\r
+ public List<?> data;\r
+ \r
+ public Dated(List<?> data) {\r
+ timestamp = new Date();\r
+ this.data = data;\r
+ }\r
+\r
+ public <T> Dated(T t) {\r
+ timestamp = new Date();\r
+ ArrayList<T> al = new ArrayList<T>(1);\r
+ al.add(t);\r
+ data = al;\r
+ }\r
+\r
+ public void touch() {\r
+ timestamp = new Date();\r
+ }\r
+ }\r
+ \r
+ public static Map<String,Dated> obtain(String key) {\r
+ Map<String, Dated> m = cacheMap.get(key);\r
+ if(m==null) {\r
+ m = new ConcurrentHashMap<String, Dated>();\r
+ synchronized(cacheMap) {\r
+ cacheMap.put(key, m);\r
+ }\r
+ }\r
+ return m;\r
+ }\r
+\r
+ /**\r
+ * Clean will examine resources, and remove those that have expired.\r
+ * \r
+ * If "highs" have been exceeded, then we'll expire 10% more the next time. This will adjust after each run\r
+ * without checking contents more than once, making a good average "high" in the minimum speed.\r
+ * \r
+ *\r
+ */\r
+ private final static class Clean extends TimerTask {\r
+ private final Env env;\r
+ private Set<String> set;\r
+ \r
+ // The idea here is to not be too restrictive on a high, but to Expire more items by \r
+ // shortening the time to expire. This is done by judiciously incrementing "advance"\r
+ // when the "highs" are exceeded. This effectively reduces numbers of cached items quickly.\r
+ private final int high;\r
+ private long advance;\r
+ private final long timeInterval;\r
+ \r
+ public Clean(Env env, long cleanInterval, int highCount) {\r
+ this.env = env;\r
+ high = highCount;\r
+ timeInterval = cleanInterval;\r
+ advance = 0;\r
+ set = new HashSet<String>();\r
+ }\r
+ \r
+ public synchronized void add(String key) {\r
+ set.add(key);\r
+ }\r
+\r
+ public void run() {\r
+ int count = 0;\r
+ int total = 0;\r
+ // look at now. If we need to expire more by increasing "now" by "advance"\r
+ Date now = new Date(System.currentTimeMillis() + advance);\r
+ \r
+ \r
+ for(String name : set) {\r
+ Map<String,Dated> map = cacheMap.get(name);\r
+ if(map!=null) for(Map.Entry<String,Dated> me : map.entrySet()) {\r
+ ++total;\r
+ if(me.getValue().timestamp.before(now)) {\r
+ map.remove(me.getKey());\r
+ ++count;\r
+ }\r
+ }\r
+// if(count>0) {\r
+// env.info().log(Level.INFO, "Cache removed",count,"expired",name,"Elements");\r
+// }\r
+ }\r
+ \r
+ if(count>0) {\r
+ env.info().log(Level.INFO, "Cache removed",count,"expired Cached Elements out of", total);\r
+ }\r
+\r
+ // If High (total) is reached during this period, increase the number of expired services removed for next time.\r
+ // There's no point doing it again here, as there should have been cleaned items.\r
+ if(total>high) {\r
+ // advance cleanup by 10%, without getting greater than timeInterval.\r
+ advance = Math.min(timeInterval, advance+(timeInterval/10));\r
+ } else {\r
+ // reduce advance by 10%, without getting lower than 0.\r
+ advance = Math.max(0, advance-(timeInterval/10));\r
+ }\r
+ }\r
+ }\r
+\r
+ public static synchronized void startCleansing(Env env, String ... keys) {\r
+ if(cleanseTimer==null) {\r
+ cleanseTimer = new Timer("Cache Cleanup Timer");\r
+ int cleanInterval = Integer.parseInt(env.getProperty(CACHE_CLEAN_INTERVAL,"60000")); // 1 minute clean cycles \r
+ int highCount = Integer.parseInt(env.getProperty(CACHE_HIGH_COUNT,"5000"));\r
+ cleanseTimer.schedule(clean = new Clean(env, cleanInterval, highCount), cleanInterval, cleanInterval);\r
+ }\r
+ \r
+ for(String key : keys) {\r
+ clean.add(key);\r
+ }\r
+ }\r
+\r
+ public static void stopTimer() {\r
+ if(cleanseTimer!=null) {\r
+ cleanseTimer.cancel();\r
+ cleanseTimer = null;\r
+ }\r
+ }\r
+\r
+ public static void addShutdownHook() {\r
+ Runtime.getRuntime().addShutdownHook(new Thread() {\r
+ @Override\r
+ public void run() {\r
+ Cache.stopTimer();\r
+ }\r
+ }); \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Iterator;\r
+import java.util.List;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * Find Acceptable Paths and place them where TypeCode can evaluate.\r
+ * \r
+ * If there are more than one, TypeCode will choose based on "q" value\r
+ *\r
+ * @param <TRANS>\r
+ */\r
+class Acceptor<TRANS extends Trans> {\r
+ private List<Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>>> types;\r
+ List<Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>>> acceptable;\r
+ \r
+ public Acceptor(List<Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>>> types) {\r
+ this.types = types;\r
+ acceptable = new ArrayList<Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>>>();\r
+ }\r
+ \r
+ private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) {\r
+// int plus = str.indexOf('+');\r
+// if(plus<0) {\r
+ boolean ok = false;\r
+ boolean any = false;\r
+ for(Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {\r
+ ok = true;\r
+ if(type.x.equals(str)) {\r
+ for(Iterator<String> iter = props.iterator();ok && iter.hasNext();) {\r
+ ok = props(type,iter.next(),iter.next());\r
+ }\r
+ if(ok) {\r
+ any = true;\r
+ acceptable.add(type);\r
+ }\r
+ }\r
+ }\r
+// } else { // Handle Accepts with "+" as in application/xaml+xml\r
+// int prev = str.indexOf('/')+1;\r
+// String first = str.substring(0,prev);\r
+// String nstr;\r
+// while(prev!=0) {\r
+// nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus));\r
+// \r
+// for(Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {\r
+// if(type.x.equals(nstr)) {\r
+// acceptable.add(type);\r
+// return type;\r
+// }\r
+// }\r
+// prev = plus+1;\r
+// plus=str.indexOf('+', prev);\r
+// };\r
+// }\r
+ return any;\r
+ }\r
+\r
+ /**\r
+ * Evaluate Properties\r
+ * @param type\r
+ * @param tag\r
+ * @param value\r
+ * @return\r
+ */\r
+ private boolean props(Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type, String tag, String value) {\r
+ boolean rv = false;\r
+ if(type.y!=null) {\r
+ for(Pair<String,Object> prop : type.y.y){\r
+ if(tag.equals(prop.x)) {\r
+ if(tag.equals("charset")) {\r
+ return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched\r
+ } else if(tag.equals("version")) {\r
+ return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding\r
+ } else if(tag.equals(Content.Q)) { // replace Q value\r
+ try {\r
+ type.y.y.get(0).y=Float.parseFloat(value);\r
+ } catch (NumberFormatException e) {\r
+ rv=false; // need to do something to make Sonar happy. But nothing to do.\r
+ }\r
+ return true;\r
+ } else {\r
+ return value.equals(prop.y);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ /**\r
+ * parse \r
+ * \r
+ * Note: I'm processing by index to avoid lots of memory creation, which speeds things\r
+ * up for this time critical section of code. \r
+ * @param code\r
+ * @param cntnt\r
+ * @return\r
+ */\r
+ protected boolean parse(HttpCode<TRANS, ?> code, String cntnt) {\r
+ byte bytes[] = cntnt.getBytes();\r
+ \r
+ int cis,cie=-1,cend;\r
+ int sis,sie,send;\r
+ String name;\r
+ ArrayList<String> props = new ArrayList<String>();\r
+ do {\r
+ // Clear these in case more than one Semi\r
+ props.clear(); // on loop, do not want mixed properties\r
+ name=null;\r
+ \r
+ cis = cie+1; // find comma start\r
+ while(cis<bytes.length && Character.isSpaceChar(bytes[cis]))++cis;\r
+ cie = cntnt.indexOf(',',cis); // find comma end\r
+ cend = cie<0?bytes.length:cie; // If no comma, set comma end to full length, else cie\r
+ while(cend>cis && Character.isSpaceChar(bytes[cend-1]))--cend;\r
+ // Start SEMIS\r
+ sie=cis-1; \r
+ do {\r
+ sis = sie+1; // semi start is one after previous end\r
+ while(sis<bytes.length && Character.isSpaceChar(bytes[sis]))++sis; \r
+ sie = cntnt.indexOf(';',sis);\r
+ send = sie>cend || sie<0?cend:sie; // if the Semicolon is after the comma, or non-existent, use comma end, else keep\r
+ while(send>sis && Character.isSpaceChar(bytes[send-1]))--send;\r
+ if(name==null) { // first entry in Comma set is the name, not a property\r
+ name = new String(bytes,sis,send-sis);\r
+ } else { // We've looped past the first Semi, now process as properties\r
+ // If there are additional elements (more entities within Semi Colons)\r
+ // apply Properties\r
+ int eq = cntnt.indexOf('=',sis);\r
+ if(eq>sis && eq<send) {\r
+ props.add(new String(bytes,sis,eq-sis));\r
+ props.add(new String(bytes,eq+1,send-(eq+1)));\r
+ }\r
+ }\r
+ // End Property\r
+ } while(sie<=cend && sie>=cis); // End SEMI processing\r
+ // Now evaluate Comma set and return if true\r
+ if(eval(code,name,props))return true; // else loop again to check next comma\r
+ } while(cie>=0); // loop to next comma\r
+ return false; // didn't get even one match\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+\r
+import java.io.File;\r
+import java.io.FileInputStream;\r
+import java.io.FileNotFoundException;\r
+import java.io.FileOutputStream;\r
+import java.io.FileReader;\r
+import java.io.IOException;\r
+import java.io.OutputStream;\r
+import java.io.Writer;\r
+import java.nio.ByteBuffer;\r
+import java.nio.channels.FileChannel;\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.Date;\r
+import java.util.HashSet;\r
+import java.util.Map;\r
+import java.util.Map.Entry;\r
+import java.util.NavigableMap;\r
+import java.util.Set;\r
+import java.util.Timer;\r
+import java.util.TimerTask;\r
+import java.util.TreeMap;\r
+import java.util.concurrent.ConcurrentSkipListMap;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.EnvJAXB;\r
+import com.att.inno.env.LogTarget;\r
+import com.att.inno.env.Store;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+/*\r
+ * CachingFileAccess\r
+ * \r
+ * \r
+ */\r
+public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void> {\r
+ public static void setEnv(Store store, String[] args) {\r
+ for(int i=0;i<args.length-1;i+=2) { // cover two parms required for each \r
+ if(CFA_WEB_DIR.equals(args[i])) {\r
+ store.put(store.staticSlot(CFA_WEB_DIR), args[i+1]); \r
+ } else if(CFA_CACHE_CHECK_INTERVAL.equals(args[i])) {\r
+ store.put(store.staticSlot(CFA_CACHE_CHECK_INTERVAL), Long.parseLong(args[i+1]));\r
+ } else if(CFA_MAX_SIZE.equals(args[i])) {\r
+ store.put(store.staticSlot(CFA_MAX_SIZE), Integer.parseInt(args[i+1]));\r
+ }\r
+ }\r
+ }\r
+ \r
+ private static String MAX_AGE = "max-age=3600"; // 1 hour Caching\r
+ private final Map<String,String> typeMap;\r
+ private final NavigableMap<String,Content> content;\r
+ private final Set<String> attachOnly;\r
+ private final static String WEB_DIR_DEFAULT = "theme";\r
+ public final static String CFA_WEB_DIR = "CFA_WebPath";\r
+ // when to re-validate from file\r
+ // Re validating means comparing the Timestamp on the disk, and seeing it has changed. Cache is not marked\r
+ // dirty unless file has changed, but it still makes File IO, which for some kinds of cached data, i.e. \r
+ // deployed GUI elements is unnecessary, and wastes time.\r
+ // This parameter exists to cover the cases where data can be more volatile, so the user can choose how often the\r
+ // File IO will be accessed, based on probability of change. "0", of course, means, check every time.\r
+ private final static String CFA_CACHE_CHECK_INTERVAL = "CFA_CheckIntervalMS";\r
+ private final static String CFA_MAX_SIZE = "CFA_MaxSize"; // Cache size limit\r
+ private final static String CFA_CLEAR_COMMAND = "CFA_ClearCommand";\r
+\r
+ // Note: can be null without a problem, but included\r
+ // to tie in with existing Logging.\r
+ public LogTarget logT = null;\r
+ public long checkInterval; // = 600000L; // only check if not hit in 10 mins by default\r
+ public int maxItemSize; // = 512000; // max file 500k\r
+ private Timer timer;\r
+ private String web_path;\r
+ // A command key is set in the Properties, preferably changed on deployment.\r
+ // it is compared at the beginning of the path, and if so, it is assumed to issue certain commands\r
+ // It's purpose is to protect, to some degree the command, even though it is HTTP, allowing \r
+ // local batch files to, for instance, clear caches on resetting of files.\r
+ private String clear_command;\r
+ \r
+ public CachingFileAccess(EnvJAXB env, String ... args) {\r
+ super(null,"Caching File Access");\r
+ setEnv(env,args);\r
+ content = new ConcurrentSkipListMap<String,Content>(); // multi-thread changes possible\r
+\r
+ attachOnly = new HashSet<String>(); // short, unchanged\r
+\r
+ typeMap = new TreeMap<String,String>(); // Structure unchanged after Construction\r
+ typeMap.put("ico","image/icon");\r
+ typeMap.put("html","text/html");\r
+ typeMap.put("css","text/css");\r
+ typeMap.put("js","text/javascript");\r
+ typeMap.put("txt","text/plain");\r
+ typeMap.put("xml","text/xml");\r
+ typeMap.put("xsd","text/xml");\r
+ attachOnly.add("xsd");\r
+ typeMap.put("crl", "application/x-pkcs7-crl");\r
+ typeMap.put("appcache","text/cache-manifest");\r
+\r
+ typeMap.put("json","text/json");\r
+ typeMap.put("ogg", "audio/ogg");\r
+ typeMap.put("jpg","image/jpeg");\r
+ typeMap.put("gif","image/gif");\r
+ typeMap.put("png","image/png");\r
+ typeMap.put("svg","image/svg+xml");\r
+ typeMap.put("jar","application/x-java-applet");\r
+ typeMap.put("jnlp", "application/x-java-jnlp-file");\r
+ typeMap.put("class", "application/java");\r
+ \r
+ timer = new Timer("Caching Cleanup",true);\r
+ timer.schedule(new Cleanup(content,500),60000,60000);\r
+ \r
+ // Property params\r
+ web_path = env.getProperty(CFA_WEB_DIR,WEB_DIR_DEFAULT);\r
+ Object obj;\r
+ obj = env.get(env.staticSlot(CFA_CACHE_CHECK_INTERVAL),600000L); // Default is 10 mins\r
+ if(obj instanceof Long) {checkInterval=(Long)obj;\r
+ } else {checkInterval=Long.parseLong((String)obj);}\r
+ \r
+ obj = env.get(env.staticSlot(CFA_MAX_SIZE), 512000); // Default is max file 500k\r
+ if(obj instanceof Integer) {maxItemSize=(Integer)obj;\r
+ } else {maxItemSize =Integer.parseInt((String)obj);}\r
+ \r
+ clear_command = env.getProperty(CFA_CLEAR_COMMAND,null);\r
+ }\r
+\r
+ \r
+\r
+ @Override\r
+ public void handle(TRANS trans, HttpServletRequest req, HttpServletResponse resp) throws IOException {\r
+ String key = pathParam(req, ":key");\r
+ if(key.equals(clear_command)) {\r
+ String cmd = pathParam(req,":cmd");\r
+ resp.setHeader("Content-type",typeMap.get("txt"));\r
+ if("clear".equals(cmd)) {\r
+ content.clear();\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ resp.setStatus(HttpStatus.BAD_REQUEST_400);\r
+ }\r
+ return;\r
+ }\r
+ Content c = load(logT , web_path,key, null, checkInterval);\r
+ if(c.attachmentOnly) {\r
+ resp.setHeader("Content-disposition", "attachment");\r
+ }\r
+ c.write(resp.getOutputStream());\r
+ c.setHeader(resp);\r
+ trans.checkpoint(req.getPathInfo());\r
+ }\r
+\r
+\r
+ public String webPath() {\r
+ return web_path;\r
+ }\r
+ \r
+ /**\r
+ * Reset the Cleanup size and interval\r
+ * \r
+ * The size and interval when started are 500 items (memory size unknown) checked every minute in a background thread.\r
+ * \r
+ * @param size\r
+ * @param interval\r
+ */\r
+ public void cleanupParams(int size, long interval) {\r
+ timer.cancel();\r
+ timer.schedule(new Cleanup(content,size), interval, interval);\r
+ }\r
+ \r
+\r
+ \r
+ /**\r
+ * Load a file, first checking cache\r
+ * \r
+ * \r
+ * @param logTarget - logTarget can be null (won't log)\r
+ * @param dataRoot - data root storage directory\r
+ * @param key - relative File Path\r
+ * @param mediaType - what kind of file is it. If null, will check via file extension\r
+ * @param timeCheck - "-1" will take system default - Otherwise, will compare "now" + timeCheck(Millis) before looking at File mod\r
+ * @return\r
+ * @throws IOException\r
+ */\r
+ public Content load(LogTarget logTarget, String dataRoot, String key, String mediaType, long _timeCheck) throws IOException {\r
+ long timeCheck = _timeCheck;\r
+ if(timeCheck<0) {\r
+ timeCheck=checkInterval; // if time < 0, then use default\r
+ }\r
+ String fileName = dataRoot + '/' + key;\r
+ Content c = content.get(key);\r
+ long systime = System.currentTimeMillis(); \r
+ File f=null;\r
+ if(c!=null) {\r
+ // Don't check every hit... only after certain time value\r
+ if(c.date < systime + timeCheck) {\r
+ f = new File(fileName);\r
+ if(f.lastModified()>c.date) {\r
+ c=null;\r
+ }\r
+ }\r
+ }\r
+ if(c==null) { \r
+ if(logTarget!=null) {\r
+ logTarget.log("File Read: ",key);\r
+ }\r
+ \r
+ if(f==null){\r
+ f = new File(fileName);\r
+ }\r
+\r
+ boolean cacheMe;\r
+ if(f.exists()) {\r
+ if(f.length() > maxItemSize) {\r
+ c = new DirectFileContent(f);\r
+ cacheMe = false;\r
+ } else {\r
+ c = new CachedContent(f);\r
+ cacheMe = checkInterval>0;\r
+ }\r
+ \r
+ if(mediaType==null) { // determine from file Ending\r
+ int idx = key.lastIndexOf('.');\r
+ String subkey = key.substring(++idx);\r
+ if((c.contentType = idx<0?null:typeMap.get(subkey))==null) {\r
+ // if nothing else, just set to default type...\r
+ c.contentType = "application/octet-stream";\r
+ }\r
+ c.attachmentOnly = attachOnly.contains(subkey);\r
+ } else {\r
+ c.contentType=mediaType;\r
+ c.attachmentOnly = false;\r
+ }\r
+ \r
+ c.date = f.lastModified();\r
+ \r
+ if(cacheMe) {\r
+ content.put(key, c);\r
+ }\r
+ } else {\r
+ c=NULL;\r
+ }\r
+ } else {\r
+ if(logTarget!=null)logTarget.log("Cache Read: ",key);\r
+ }\r
+\r
+ // refresh hit time\r
+ c.access = systime;\r
+ return c;\r
+ }\r
+ \r
+ public Content loadOrDefault(Trans trans, String targetDir, String targetFileName, String sourcePath, String mediaType) throws IOException {\r
+ try {\r
+ return load(trans.info(),targetDir,targetFileName,mediaType,0);\r
+ } catch(FileNotFoundException e) {\r
+ String targetPath = targetDir + '/' + targetFileName;\r
+ TimeTaken tt = trans.start("File doesn't exist; copy " + sourcePath + " to " + targetPath, Env.SUB);\r
+ try {\r
+ FileInputStream sourceFIS = new FileInputStream(sourcePath);\r
+ FileChannel sourceFC = sourceFIS.getChannel();\r
+ File targetFile = new File(targetPath);\r
+ targetFile.getParentFile().mkdirs(); // ensure directory exists\r
+ FileOutputStream targetFOS = new FileOutputStream(targetFile);\r
+ try {\r
+ ByteBuffer bb = ByteBuffer.allocate((int)sourceFC.size());\r
+ sourceFC.read(bb);\r
+ bb.flip(); // ready for reading\r
+ targetFOS.getChannel().write(bb);\r
+ } finally {\r
+ sourceFIS.close();\r
+ targetFOS.close();\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return load(trans.info(),targetDir,targetFileName,mediaType,0);\r
+ }\r
+ }\r
+\r
+ public void invalidate(String key) {\r
+ content.remove(key);\r
+ }\r
+ \r
+ private static final Content NULL=new Content() {\r
+ \r
+ @Override\r
+ public void setHeader(HttpServletResponse resp) {\r
+ resp.setStatus(HttpStatus.NOT_FOUND_404);\r
+ resp.setHeader("Content-type","text/plain");\r
+ }\r
+\r
+ @Override\r
+ public void write(Writer writer) throws IOException {\r
+ }\r
+\r
+ @Override\r
+ public void write(OutputStream os) throws IOException {\r
+ }\r
+ \r
+ };\r
+\r
+ private static abstract class Content {\r
+ private long date; // date of the actual artifact (i.e. File modified date)\r
+ private long access; // last accessed\r
+ \r
+ protected String contentType;\r
+ protected boolean attachmentOnly;\r
+ \r
+ public void setHeader(HttpServletResponse resp) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ resp.setHeader("Content-type",contentType);\r
+ resp.setHeader("Cache-Control", MAX_AGE);\r
+ }\r
+ \r
+ public abstract void write(Writer writer) throws IOException;\r
+ public abstract void write(OutputStream os) throws IOException;\r
+\r
+ }\r
+\r
+ private static class DirectFileContent extends Content {\r
+ private File file; \r
+ public DirectFileContent(File f) {\r
+ file = f;\r
+ }\r
+ \r
+ public String toString() {\r
+ return file.getName();\r
+ }\r
+ \r
+ public void write(Writer writer) throws IOException {\r
+ FileReader fr = new FileReader(file);\r
+ char[] buff = new char[1024];\r
+ try {\r
+ int read;\r
+ while((read = fr.read(buff,0,1024))>=0) {\r
+ writer.write(buff,0,read);\r
+ }\r
+ } finally {\r
+ fr.close();\r
+ }\r
+ }\r
+\r
+ public void write(OutputStream os) throws IOException {\r
+ FileInputStream fis = new FileInputStream(file);\r
+ byte[] buff = new byte[1024];\r
+ try {\r
+ int read;\r
+ while((read = fis.read(buff,0,1024))>=0) {\r
+ os.write(buff,0,read);\r
+ }\r
+ } finally {\r
+ fis.close();\r
+ }\r
+ }\r
+\r
+ }\r
+ private static class CachedContent extends Content {\r
+ private byte[] data;\r
+ private int end;\r
+ private char[] cdata; \r
+ \r
+ public CachedContent(File f) throws IOException {\r
+ // Read and Cache\r
+ ByteBuffer bb = ByteBuffer.allocate((int)f.length());\r
+ FileInputStream fis = new FileInputStream(f);\r
+ try {\r
+ fis.getChannel().read(bb);\r
+ } finally {\r
+ fis.close();\r
+ }\r
+\r
+ data = bb.array();\r
+ end = bb.position();\r
+ cdata=null;\r
+ }\r
+ \r
+ public String toString() {\r
+ return data.toString();\r
+ }\r
+ \r
+ public void write(Writer writer) throws IOException {\r
+ synchronized(this) {\r
+ // do the String Transformation once, and only if actually used\r
+ if(cdata==null) {\r
+ cdata = new char[end];\r
+ new String(data).getChars(0, end, cdata, 0);\r
+ }\r
+ }\r
+ writer.write(cdata,0,end);\r
+ }\r
+ public void write(OutputStream os) throws IOException {\r
+ os.write(data,0,end);\r
+ }\r
+\r
+ }\r
+\r
+ public void setEnv(LogTarget env) {\r
+ logT = env;\r
+ }\r
+\r
+ /**\r
+ * Cleanup thread to remove older items if max Cache is reached.\r
+ *\r
+ */\r
+ private static class Cleanup extends TimerTask {\r
+ private int maxSize;\r
+ private NavigableMap<String, Content> content;\r
+ \r
+ public Cleanup(NavigableMap<String, Content> content, int size) {\r
+ maxSize = size;\r
+ this.content = content;\r
+ }\r
+ \r
+ private class Comp implements Comparable<Comp> {\r
+ public Map.Entry<String, Content> entry;\r
+ \r
+ public Comp(Map.Entry<String, Content> en) {\r
+ entry = en;\r
+ }\r
+ \r
+ @Override\r
+ public int compareTo(Comp o) {\r
+ return (int)(entry.getValue().access-o.entry.getValue().access);\r
+ }\r
+ \r
+ }\r
+ @SuppressWarnings("unchecked")\r
+ @Override\r
+ public void run() {\r
+ int size = content.size();\r
+ if(size>maxSize) {\r
+ ArrayList<Comp> scont = new ArrayList<Comp>(size);\r
+ Object[] entries = content.entrySet().toArray();\r
+ for(int i=0;i<size;++i) {\r
+ scont.add(i, new Comp((Map.Entry<String,Content>)entries[i]));\r
+ }\r
+ Collections.sort(scont);\r
+ int end = size - ((maxSize/4)*3); // reduce to 3/4 of max size\r
+ System.out.println("------ Cleanup Cycle ------ " + new Date().toString() + " -------");\r
+ for(int i=0;i<end;++i) {\r
+ Entry<String, Content> entry = scont.get(i).entry;\r
+ content.remove(entry.getKey());\r
+ System.out.println("removed Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());\r
+ }\r
+ for(int i=end;i<size;++i) {\r
+ Entry<String, Content> entry = scont.get(i).entry;\r
+ System.out.println("remaining Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.ServletException;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+// Package on purpose. only want between RServlet and Routes\r
+class CodeSetter<TRANS extends Trans> {\r
+ private HttpCode<TRANS,?> code;\r
+ private TRANS trans;\r
+ private HttpServletRequest req;\r
+ private HttpServletResponse resp;\r
+ public CodeSetter(TRANS trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ this.trans = trans;\r
+ this.req = req;\r
+ this.resp = resp;\r
+ \r
+ }\r
+ public boolean matches(Route<TRANS> route) throws IOException, ServletException {\r
+ // Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)\r
+ return (code = route.getCode(trans, req, resp))!=null;\r
+ }\r
+ \r
+ public HttpCode<TRANS,?> code() {\r
+ return code;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.util.List;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+\r
+/**\r
+ * A Class to hold Service "ContentTypes", and to match incoming "Accept" types from HTTP.\r
+ * \r
+ * This is a multi-use class built to use the same Parser for ContentTypes and Accept.\r
+ * \r
+ * Thus, you would create and use "Content.Type" within your service, and use it to match\r
+ * Accept Strings. What is returned is an Integer (for faster processing), which can be\r
+ * used in a switch statement to act on match different Actions. The server should\r
+ * know which behaviors match.\r
+ * \r
+ * "bestMatch" returns an integer for the best match, or -1 if no matches.\r
+ *\r
+ *\r
+ */\r
+public abstract class Content<TRANS extends Trans> {\r
+ public static final String Q = "q";\r
+ protected abstract Pair<String,Pair<HttpCode<TRANS,?>,List<Pair<String,Object>>>> types(HttpCode<TRANS,?> code, String str);\r
+ protected abstract boolean props(Pair<String, Pair<HttpCode<TRANS,?>,List<Pair<String,Object>>>> type, String tag, String value);\r
+\r
+ /**\r
+ * Parse a Content-Type/Accept. As found, call "types" and "props", which do different\r
+ * things depending on if it's a Content-Type or Accepts. \r
+ * \r
+ * For Content-Type, it builds a tree suitable for Comparison\r
+ * For Accepts, it compares against the tree, and builds an acceptable type list\r
+ * \r
+ * Since this parse code is used for every incoming HTTP transaction, I have removed the implementation\r
+ * that uses String.split, and replaced with integers evaluating the Byte array. This results\r
+ * in only the necessary strings created, resulting in 1/3 better speed, and less \r
+ * Garbage collection.\r
+ * \r
+ * @param trans\r
+ * @param code\r
+ * @param cntnt\r
+ * @return\r
+ */\r
+ protected boolean parse(HttpCode<TRANS,?> code, String cntnt) {\r
+ byte bytes[] = cntnt.getBytes();\r
+ boolean contType=false,contProp=true;\r
+ int cis,cie=-1,cend;\r
+ int sis,sie,send;\r
+ do {\r
+ cis = cie+1;\r
+ cie = cntnt.indexOf(',',cis);\r
+ cend = cie<0?bytes.length:cie;\r
+ // Start SEMIS\r
+ sie=cis-1;\r
+ Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> me = null;\r
+ do {\r
+ sis = sie+1;\r
+ sie = cntnt.indexOf(';',sis);\r
+ send = sie>cend || sie<0?cend:sie;\r
+ if(me==null) {\r
+ String semi = new String(bytes,sis,send-sis);\r
+ // trans.checkpoint(semi);\r
+ // Look at first entity within comma group\r
+ // Is this an acceptable Type?\r
+ me=types(code, semi);\r
+ if(me==null) {\r
+ sie=-1; // skip the rest of the processing... not a type\r
+ } else {\r
+ contType=true;\r
+ }\r
+ } else { // We've looped past the first Semi, now process as properties\r
+ // If there are additional elements (more entities within Semi Colons)\r
+ // apply Propertys\r
+ int eq = cntnt.indexOf('=',sis);\r
+ if(eq>sis && eq<send) {\r
+ String tag = new String(bytes,sis,eq-sis);\r
+ String value = new String(bytes,eq+1,send-(eq+1));\r
+ // trans.checkpoint(" Prop " + tag + "=" + value);\r
+ boolean bool = props(me,tag,value);\r
+ if(!bool) {\r
+ contProp=false;\r
+ }\r
+ }\r
+ }\r
+ // End Property\r
+ } while(sie<=cend && sie>=cis);\r
+ // End SEMIS\r
+ } while(cie>=0);\r
+ return contType && contProp; // for use in finds, True if a type found AND all props matched\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * HTTP Code element, which responds to the essential "handle Method".\r
+ * \r
+ * Use Native HttpServletRe[quest|sponse] calls for questions like QueryParameters (getParameter, etc)\r
+ * \r
+ * Use local "pathParam" method to obtain in an optimized manner the path parameter, which must be interpreted by originating string\r
+ * \r
+ * i.e. my/path/:id/:other/*\r
+ * \r
+ *\r
+ * @param <TRANS>\r
+ * @param <T>\r
+ */\r
+public abstract class HttpCode<TRANS extends Trans, CONTEXT> {\r
+ protected CONTEXT context;\r
+ private String desc;\r
+ protected String [] roles;\r
+ private boolean all;\r
+ \r
+ // Package by design... Set by Route when linked\r
+ Match match;\r
+ \r
+ public HttpCode(CONTEXT context, String description, String ... roles) {\r
+ this.context = context;\r
+ desc = description;\r
+ \r
+ // Evaluate for "*" once...\r
+ all = false;\r
+ for(String srole : roles) {\r
+ if("*".equals(srole)) {\r
+ all = true;\r
+ break;\r
+ }\r
+ }\r
+ this.roles = all?null:roles;\r
+ }\r
+ \r
+ public abstract void handle(TRANS trans, HttpServletRequest req, HttpServletResponse resp) throws Exception;\r
+ \r
+ public String desc() {\r
+ return desc;\r
+ }\r
+ \r
+ /**\r
+ * Get the variable element out of the Path Parameter, as set by initial Code\r
+ * \r
+ * @param req\r
+ * @param key\r
+ * @return\r
+ */\r
+ public String pathParam(HttpServletRequest req, String key) {\r
+ return match.param(req.getPathInfo(), key);\r
+ }\r
+\r
+ // Note: get Query Params from Request\r
+ \r
+ /**\r
+ * Check for Authorization when set.\r
+ * \r
+ * If no Roles set, then accepts all users\r
+ * \r
+ * @param req\r
+ * @return\r
+ */\r
+ public boolean isAuthorized(HttpServletRequest req) {\r
+ if(all)return true;\r
+ if(roles!=null) {\r
+ for(String srole : roles) {\r
+ if(req.isUserInRole(srole)) return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+ \r
+ public boolean no_cache() {\r
+ return false;\r
+ }\r
+ \r
+ public String toString() {\r
+ return desc;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+public enum HttpMethods {\r
+ POST,\r
+ GET,\r
+ PUT,\r
+ DELETE\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.util.HashMap;\r
+import java.util.Map;\r
+import java.util.Set;\r
+\r
+/**\r
+ * This path matching algorithm avoids using split strings during the critical transactional run-time. By pre-analyzing the\r
+ * content at "set Param" time, and storing data in an array-index model which presumably is done once and at the beginning, \r
+ * we can match in much less time when it actually counts.\r
+ * \r
+ *\r
+ */\r
+public class Match {\r
+ private Map<String, Integer> params;\r
+ private byte[] values[];\r
+ private Integer vars[];\r
+ private boolean wildcard;\r
+\r
+ \r
+ /*\r
+ * These two methods are pairs of searching performance for variables Spark Style.\r
+ * setParams evaluates the target path, and sets a HashMap that will return an Integer.\r
+ * the Keys are both :key and key so that there will be no string operations during\r
+ * a transaction\r
+ * \r
+ * For the Integer, if the High Order is 0, then it is just one value. If High Order >0, then it is \r
+ * a multi-field option, i.e. ending with a wild-card.\r
+ */\r
+ public Match(String path) {\r
+ // IF DEBUG: System.out.print("\n[" + path + "]");\r
+ params = new HashMap<String,Integer>();\r
+ if(path!=null) {\r
+ String[] pa = path.split("/");\r
+ values = new byte[pa.length][];\r
+ vars = new Integer[pa.length];\r
+ \r
+ int val = 0;\r
+ String key;\r
+ for(int i=0;i<pa.length && !wildcard;++i) {\r
+ if(pa[i].startsWith(":")) {\r
+ if(pa[i].endsWith("*")) {\r
+ val = i | pa.length<<16; // load end value in high order bits\r
+ key = pa[i].substring(0, pa[i].length()-1);// remove *\r
+ wildcard = true;\r
+ } else {\r
+ val = i;\r
+ key = pa[i];\r
+ }\r
+ params.put(key,val); //put in :key \r
+ params.put(key.substring(1,key.length()), val); // put in just key, better than adding a missing one, like Spark\r
+ // values[i]=null; // null stands for Variable\r
+ vars[i]=val;\r
+ } else {\r
+ values[i]=pa[i].getBytes();\r
+ if(pa[i].endsWith("*")) {\r
+ wildcard = true;\r
+ if(pa[i].length()>1) {\r
+ /* remove * from value */\r
+ int newlength = values[i].length-1;\r
+ byte[] real = new byte[newlength];\r
+ System.arraycopy(values[i],0,real,0,newlength);\r
+ values[i]=real;\r
+ } else {\r
+ vars[i]=0; // this is actually a variable, if it only contains a "*"\r
+ }\r
+ }\r
+ // vars[i]=null;\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ /*\r
+ * This is the second of the param evaluation functions. First, we look up to see if there is\r
+ * any reference by key in the params Map created by the above.\r
+ * \r
+ * The resulting Integer, if not null, is split high/low order into start and end.\r
+ * We evaluate the string for '/', rather than splitting into String[] to avoid the time/mem needed\r
+ * We traverse to the proper field number for slash, evaluate the end (whether wild card or no), \r
+ * and return the substring. \r
+ * \r
+ * The result is something less than .003 milliseconds per evaluation\r
+ * \r
+ */\r
+ public String param(String path,String key) {\r
+ Integer val = params.get(key); // :key or key\r
+ if(val!=null) {\r
+ int start = val & 0xFFFF;\r
+ int end = (val >> 16) & 0xFFFF;\r
+ int idx = -1;\r
+ int i;\r
+ for(i=0;i<start;++i) {\r
+ idx = path.indexOf('/',idx+1);\r
+ if(idx<0)break;\r
+ }\r
+ if(i==start) { \r
+ ++idx;\r
+ if(end==0) {\r
+ end = path.indexOf('/',idx);\r
+ if(end<0)end=path.length();\r
+ } else {\r
+ end=path.length();\r
+ }\r
+ return path.substring(idx,end);\r
+ } else if(i==start-1) { // if last spot was left blank, i.e. :key*\r
+ return "";\r
+ }\r
+ }\r
+ return null;\r
+ }\r
+ \r
+ public boolean match(String path) {\r
+ if(path==null|| path.length()==0 || "/".equals(path) ) {\r
+ if(values==null)return true;\r
+ switch(values.length) {\r
+ case 0: return true;\r
+ case 1: return values[0].length==0;\r
+ default: return false;\r
+ }\r
+ } \r
+ boolean rv = true;\r
+ byte[] pabytes = path.getBytes();\r
+ int field=0;\r
+ int fieldIdx = 0;\r
+\r
+ int lastField = values.length;\r
+ int lastByte = pabytes.length;\r
+ boolean fieldMatched = false; // = lastByte>0?(pabytes[0]=='/'):false;\r
+ // IF DEBUG: System.out.println("\n -- " + path + " --");\r
+ for(int i=0;rv && i<lastByte;++i) {\r
+ if(field>=lastField) { // checking here allows there to be a non-functional ending /\r
+ rv = false;\r
+ break;\r
+ }\r
+ if(values[field]==null) { // it's a variable, just look for /s\r
+ if(wildcard && field==lastField-1) return true;// we've made it this far. We accept all remaining characters\r
+ Integer val = vars[field];\r
+ int start = val & 0xFFFF;\r
+ int end = (val >> 16) & 0xFFFF;\r
+ if(end==0)end=start+1;\r
+ int k = i;\r
+ for(int j=start; j<end && k<lastByte; ++k) {\r
+ // IF DEBUG: System.out.print((char)pabytes[k]);\r
+ if(pabytes[k]=='/') {\r
+ ++field;\r
+ ++j;\r
+ }\r
+ }\r
+ \r
+ if(k==lastByte && pabytes[k-1]!='/')++field;\r
+ if(k>i)i=k-1; // if we've incremented, have to accommodate the outer for loop incrementing as well\r
+ fieldMatched = false; // reset\r
+ fieldIdx = 0;\r
+ } else {\r
+ // IF DEBUG: System.out.print((char)pabytes[i]);\r
+ if(pabytes[i]=='/') { // end of field, eval if Field is matched\r
+ // if double slash, check if supposed to be empty\r
+ if(fieldIdx==0 && values[field].length==0) {\r
+ fieldMatched = true;\r
+ }\r
+ rv = fieldMatched && ++field<lastField;\r
+ // reset\r
+ fieldMatched = false; \r
+ fieldIdx = 0;\r
+ } else if(values[field].length==0) {\r
+ // double slash in path, but content in field. We check specially here to avoid \r
+ // Array out of bounds issues.\r
+ rv = false;\r
+ } else {\r
+ if(fieldMatched) {\r
+ rv =false; // field is already matched, now there's too many bytes\r
+ } else {\r
+ rv = pabytes[i]==values[field][fieldIdx++]; // compare expected (pabytes[i]) with value for particular field\r
+ fieldMatched=values[field].length==fieldIdx; // are all the bytes match in the field?\r
+ if(fieldMatched && (i==lastByte-1 || (wildcard && field==lastField-1)))\r
+ return true; // last field info\r
+ }\r
+ }\r
+ }\r
+ }\r
+ if(field!=lastField || pabytes.length!=lastByte) rv = false; // have we matched all the fields and all the bytes?\r
+ return rv;\r
+ }\r
+ \r
+ public Set<String> getParamNames() {\r
+ return params.keySet();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+/**\r
+ * A pair of generic Objects. \r
+ *\r
+ * @param <X>\r
+ * @param <Y>\r
+ */\r
+public class Pair<X,Y> {\r
+ public X x;\r
+ public Y y;\r
+ \r
+ public Pair(X x, Y y) {\r
+ this.x = x;\r
+ this.y = y;\r
+ }\r
+ \r
+ public String toString() {\r
+ return "X: " + x.toString() + "-->" + y.toString();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+\r
+import javax.servlet.Servlet;\r
+import javax.servlet.ServletConfig;\r
+import javax.servlet.ServletException;\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.ServletResponse;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+public abstract class RServlet<TRANS extends Trans> implements Servlet {\r
+ private Routes<TRANS> routes = new Routes<TRANS>();\r
+\r
+ private ServletConfig config;\r
+\r
+ @Override\r
+ public void init(ServletConfig config) throws ServletException {\r
+ this.config = config;\r
+ }\r
+\r
+ @Override\r
+ public ServletConfig getServletConfig() {\r
+ return config;\r
+ }\r
+\r
+ public void route(Env env, HttpMethods meth, String path, HttpCode<TRANS, ?> code, String ... moreTypes) {\r
+ Route<TRANS> r = routes.findOrCreate(meth,path);\r
+ r.add(code,moreTypes);\r
+ env.init().log(r.report(code),code);\r
+ }\r
+ \r
+ @Override\r
+ public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {\r
+ HttpServletRequest request = (HttpServletRequest)req;\r
+ HttpServletResponse response = (HttpServletResponse)res;\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ TRANS trans = (TRANS)req.getAttribute(TransFilter.TRANS_TAG);\r
+ if(trans==null) {\r
+ response.setStatus(404); // Not Found, because it didn't go through TransFilter\r
+ return;\r
+ }\r
+ \r
+ Route<TRANS> route;\r
+ HttpCode<TRANS,?> code=null;\r
+ String ct = req.getContentType();\r
+ TimeTaken tt = trans.start("Resolve to Code", Env.SUB);\r
+ try {\r
+ // routes have multiple code sets. This object picks the best code set\r
+ // based on Accept or Content-Type\r
+ CodeSetter<TRANS> codesetter = new CodeSetter<TRANS>(trans,request,response);\r
+ // Find declared route\r
+ route = routes.derive(request, codesetter);\r
+ if(route==null) {\r
+ String method = request.getMethod();\r
+ trans.checkpoint("No Route matches "+ method + ' ' + request.getPathInfo());\r
+ response.setStatus(404); // Not Found\r
+ } else {\r
+ // Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)\r
+ code = codesetter.code();// route.getCode(trans, request, response);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ if(route!=null && code!=null) {\r
+ StringBuilder sb = new StringBuilder(72);\r
+ sb.append(route.auditText);\r
+ sb.append(',');\r
+ sb.append(code.desc());\r
+ if(ct!=null) {\r
+ sb.append(", ContentType: ");\r
+ sb.append(ct);\r
+ }\r
+ tt = trans.start(sb.toString(),Env.SUB);\r
+ try {\r
+ /*obj = */\r
+ code.handle(trans, request, response);\r
+ response.flushBuffer();\r
+ } catch (ServletException e) {\r
+ trans.error().log(e);\r
+ throw e;\r
+ } catch (Exception e) {\r
+ trans.error().log(e,request.getMethod(),request.getPathInfo());\r
+ throw new ServletException(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public String getServletInfo() {\r
+ return "RServlet for Jetty";\r
+ }\r
+\r
+ @Override\r
+ public void destroy() {\r
+ }\r
+\r
+ public String applicationJSON(Class<?> cls, String version) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append("application/");\r
+ sb.append(cls.getSimpleName());\r
+ sb.append("+json");\r
+ sb.append(";charset=utf-8");\r
+ sb.append(";version=");\r
+ sb.append(version);\r
+ return sb.toString();\r
+ }\r
+\r
+ public String applicationXML(Class<?> cls, String version) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append("application/");\r
+ sb.append(cls.getSimpleName());\r
+ sb.append("+xml");\r
+ sb.append(";charset=utf-8");\r
+ sb.append(";version=");\r
+ sb.append(version);\r
+ return sb.toString();\r
+ }\r
+\r
+ public List<RouteReport> routeReport() {\r
+ return routes.routeReport();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+\r
+import javax.servlet.ServletException;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+public class Route<TRANS extends Trans> {\r
+ public final String auditText;\r
+ public final HttpMethods meth;\r
+ public final String path;\r
+ \r
+ private Match match;\r
+ // package on purpose\r
+ private final TypedCode<TRANS> content;\r
+ private final boolean isGet;\r
+ \r
+ public Route(HttpMethods meth, String path) {\r
+ this.path = path;\r
+ auditText = meth.name() + ' ' + path;\r
+ this.meth = meth; // Note: Using Spark def for now.\r
+ isGet = meth.compareTo(HttpMethods.GET) == 0;\r
+ match = new Match(path);\r
+ content = new TypedCode<TRANS>();\r
+ }\r
+ \r
+ public void add(HttpCode<TRANS,?> code, String ... others) {\r
+ code.match = match;\r
+ content.add(code, others);\r
+ }\r
+ \r
+// public void add(HttpCode<TRANS,?> code, Class<?> cls, String version, String ... others) {\r
+// code.match = match;\r
+// content.add(code, cls, version, others);\r
+// }\r
+//\r
+ public HttpCode<TRANS,?> getCode(TRANS trans, HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException {\r
+ // Type is associated with Accept for GET (since it is what is being returned\r
+ // We associate the rest with ContentType.\r
+ // FYI, thought about this a long time before implementing this way.\r
+ String compare;\r
+// String special[]; // todo, expose Charset (in special) to outside\r
+ if(isGet) {\r
+ compare = req.getHeader("Accept"); // Accept is used for read, as we want to agree on what caller is ready to handle\r
+ } else {\r
+ compare = req.getContentType(); // Content type used to declare what data is being created, updated or deleted (might be used for key)\r
+ }\r
+\r
+ Pair<String, Pair<HttpCode<TRANS, ?>, List<Pair<String, Object>>>> hl = content.prep(trans, compare);\r
+ if(hl==null) {\r
+ resp.setStatus(406); // NOT_ACCEPTABLE\r
+ } else {\r
+ if(isGet) { // Set Content Type to expected content\r
+ if("*".equals(hl.x) || "*/*".equals(hl.x)) {// if wild-card, then choose first kind of type\r
+ resp.setContentType(content.first());\r
+ } else {\r
+ resp.setContentType(hl.x);\r
+ }\r
+ }\r
+ return hl.y.x;\r
+ }\r
+ return null;\r
+ }\r
+ \r
+ public Route<TRANS> matches(String method, String path) {\r
+ return meth.name().equalsIgnoreCase(method) && match.match(path)?this:null;\r
+ }\r
+ \r
+ public TimeTaken start(Trans trans, String auditText, HttpCode<TRANS,?> code, String type) {\r
+ StringBuilder sb = new StringBuilder(auditText);\r
+ sb.append(", ");\r
+ sb.append(code.desc());\r
+ sb.append(", Content: ");\r
+ sb.append(type);\r
+ return trans.start(sb.toString(), Env.SUB);\r
+ }\r
+\r
+ // Package on purpose.. for "find/Create" routes only\r
+ boolean resolvesTo(HttpMethods hm, String p) {\r
+ return(path.equals(p) && hm.equals(meth));\r
+ }\r
+ \r
+ public String toString() {\r
+ return auditText + ' ' + content; \r
+ }\r
+\r
+ public String report(HttpCode<TRANS, ?> code) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(auditText);\r
+ sb.append(' ');\r
+ content.relatedTo(code, sb);\r
+ return sb.toString();\r
+ }\r
+\r
+ public RouteReport api() {\r
+ RouteReport tr = new RouteReport();\r
+ tr.meth = meth;\r
+ tr.path = path;\r
+ content.api(tr);\r
+ return tr;\r
+ }\r
+\r
+\r
+ /**\r
+ * contentRelatedTo (For reporting) list routes that will end up at a specific Code\r
+ * @return\r
+ */\r
+ public String contentRelatedTo(HttpCode<TRANS, ?> code) {\r
+ StringBuilder sb = new StringBuilder(path);\r
+ sb.append(' ');\r
+ content.relatedTo(code, sb);\r
+ return sb.toString();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+public class RouteReport {\r
+ public HttpMethods meth;\r
+ public String path;\r
+ public String desc;\r
+ public final List<String> contextTypes = new ArrayList<String>();\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import javax.servlet.ServletException;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+public class Routes<TRANS extends Trans> {\r
+ // Since this must be very, very fast, and only needs one creation, we'll use just an array.\r
+ private Route<TRANS>[] routes;\r
+ private int end;\r
+ \r
+\r
+ @SuppressWarnings("unchecked")\r
+ public Routes() {\r
+ routes = new Route[10];\r
+ end = 0;\r
+ }\r
+ \r
+ // This method for setup of Routes only...\r
+ // Package on purpose\r
+ synchronized Route<TRANS> findOrCreate(HttpMethods meth, String path) {\r
+ Route<TRANS> rv = null;\r
+ for(int i=0;i<end;++i) {\r
+ if(routes[i].resolvesTo(meth,path))rv = routes[i];\r
+ }\r
+ \r
+ if(rv==null) {\r
+ if(end>=routes.length) {\r
+ @SuppressWarnings("unchecked")\r
+ Route<TRANS>[] temp = new Route[end+10];\r
+ System.arraycopy(routes, 0, temp, 0, routes.length);\r
+ routes = temp;\r
+ }\r
+ \r
+ routes[end++]=rv=new Route<TRANS>(meth,path);\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ public Route<TRANS> derive(HttpServletRequest req, CodeSetter<TRANS> codeSetter) throws IOException, ServletException {\r
+ Route<TRANS> rv = null;\r
+ String path = req.getPathInfo();\r
+ String meth = req.getMethod();\r
+ //TODO a TREE would be better\r
+ for(int i=0;rv==null && i<end; ++i) {\r
+ rv = routes[i].matches(meth,path);\r
+ if(rv!=null && !codeSetter.matches(rv)) { // potential match, check if has Code \r
+ rv = null; // not quite, keep going\r
+ }\r
+ }\r
+ //TODO a Default?\r
+ return rv;\r
+ }\r
+ \r
+ public List<RouteReport> routeReport() {\r
+ ArrayList<RouteReport> ltr = new ArrayList<RouteReport>();\r
+ for(int i=0;i<end;++i) {\r
+ ltr.add(routes[i].api());\r
+ }\r
+ return ltr;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.security.Principal;\r
+\r
+import javax.servlet.Filter;\r
+import javax.servlet.FilterChain;\r
+import javax.servlet.FilterConfig;\r
+import javax.servlet.ServletException;\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.ServletResponse;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.cadi.Access;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.CadiWrap;\r
+import com.att.cadi.Connector;\r
+import com.att.cadi.Lur;\r
+import com.att.cadi.TrustChecker;\r
+import com.att.cadi.filter.CadiHTTPManip;\r
+import com.att.cadi.taf.TafResp;\r
+import com.att.cadi.taf.TafResp.RESP;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.TransStore;\r
+\r
+/**\r
+ * Create a new Transaction Object for each and every incoming Transaction\r
+ * \r
+ * Attach to Request. User "FilterHolder" mechanism to retain single instance.\r
+ * \r
+ * TransFilter includes CADIFilter as part of the package, so that it can\r
+ * set User Data, etc, as necessary.\r
+ * \r
+ *\r
+ */\r
+public abstract class TransFilter<TRANS extends TransStore> implements Filter {\r
+ public static final String TRANS_TAG = "__TRANS__";\r
+ \r
+ private CadiHTTPManip cadi;\r
+ \r
+ public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {\r
+ cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);\r
+ }\r
+\r
+ @Override\r
+ public void init(FilterConfig filterConfig) throws ServletException {\r
+ }\r
+ \r
+ protected Lur getLur() {\r
+ return cadi.getLur();\r
+ }\r
+\r
+ protected abstract TRANS newTrans();\r
+ protected abstract TimeTaken start(TRANS trans, ServletRequest request);\r
+ protected abstract void authenticated(TRANS trans, Principal p);\r
+ protected abstract void tallyHo(TRANS trans);\r
+ \r
+ @Override\r
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
+ TRANS trans = newTrans();\r
+ \r
+ TimeTaken overall = start(trans,request);\r
+ try {\r
+ request.setAttribute(TRANS_TAG, trans);\r
+ \r
+ HttpServletRequest req = (HttpServletRequest)request;\r
+ HttpServletResponse res = (HttpServletResponse)response;\r
+ \r
+ TimeTaken security = trans.start("CADI Security", Env.SUB);\r
+// TimeTaken ttvalid;\r
+ TafResp resp;\r
+ RESP r;\r
+ CadiWrap cw = null;\r
+ try {\r
+ resp = cadi.validate(req,res);\r
+ switch(r=resp.isAuthenticated()) {\r
+ case IS_AUTHENTICATED:\r
+ cw = new CadiWrap(req,resp,cadi.getLur());\r
+ authenticated(trans, cw.getUserPrincipal());\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+ } finally {\r
+ security.done();\r
+ }\r
+ \r
+ if(r==RESP.IS_AUTHENTICATED) {\r
+ trans.checkpoint(resp.desc());\r
+ chain.doFilter(cw, response);\r
+ } else {\r
+ //TODO this is a good place to check if too many checks recently\r
+ // Would need Cached Counter objects that are cleaned up on \r
+ // use\r
+ trans.checkpoint(resp.desc(),Env.ALWAYS);\r
+ if(resp.isFailedAttempt())\r
+ trans.audit().log(resp.desc());\r
+ }\r
+ } catch(Exception e) {\r
+ trans.error().log(e);\r
+ trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());\r
+ throw new ServletException(e);\r
+ } finally {\r
+ overall.done();\r
+ tallyHo(trans);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void destroy() {\r
+ };\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.security.Principal;\r
+\r
+import javax.servlet.Filter;\r
+import javax.servlet.FilterChain;\r
+import javax.servlet.FilterConfig;\r
+import javax.servlet.ServletException;\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.ServletResponse;\r
+\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.TransStore;\r
+\r
+/**\r
+ * Create a new Transaction Object for each and every incoming Transaction\r
+ * \r
+ * Attach to Request. User "FilterHolder" mechanism to retain single instance.\r
+ * \r
+ * TransFilter includes CADIFilter as part of the package, so that it can\r
+ * set User Data, etc, as necessary.\r
+ * \r
+ *\r
+ */\r
+public abstract class TransOnlyFilter<TRANS extends TransStore> implements Filter {\r
+ @Override\r
+ public void init(FilterConfig filterConfig) throws ServletException {\r
+ }\r
+ \r
+\r
+\r
+ protected abstract TRANS newTrans();\r
+ protected abstract TimeTaken start(TRANS trans, ServletRequest request);\r
+ protected abstract void authenticated(TRANS trans, Principal p);\r
+ protected abstract void tallyHo(TRANS trans);\r
+ \r
+ @Override\r
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
+ TRANS trans = newTrans();\r
+ \r
+ TimeTaken overall = start(trans,request);\r
+ try {\r
+ request.setAttribute(TransFilter.TRANS_TAG, trans);\r
+ chain.doFilter(request, response);\r
+ } finally {\r
+ overall.done();\r
+ }\r
+ tallyHo(trans);\r
+ }\r
+\r
+ @Override\r
+ public void destroy() {\r
+ };\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+\r
+import javax.servlet.ServletException;\r
+\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+\r
+\r
+/**\r
+ * TypedCode organizes implementation code based on the Type and Version of code it works with so that it can\r
+ * be located quickly at runtime based on the "Accept" HTTP Header.\r
+ *\r
+ * FYI: For those in the future wondering why I would create a specialized set of "Pair" for the data content:\r
+ * 1) TypeCode is used in Route, and this code is used for every transaction... it needs to be blazingly fast\r
+ * 2) The actual number of objects accessed is quite small and built at startup. Arrays are best\r
+ * 3) I needed a small, well defined tree where each level is a different Type. Using a "Pair" Generic definitions, \r
+ * I created type-safety at each level, which you can't get from a TreeSet, etc.\r
+ * 4) Chaining through the Network is simply object dereferencing, which is as fast as Java can go.\r
+ * 5) The drawback is that in your code is that all the variables are named "x" and "y", which can be a bit hard to\r
+ * read both in code, and in the debugger. However, TypeSafety allows your IDE (Eclipse) to help you make the \r
+ * choices. Also, make sure you have a good "toString()" method on each object so you can see what's happening\r
+ * in the IDE Debugger.\r
+ * \r
+ * Empirically, this method of obtaining routes proved to be much faster than the HashSet implementations available in otherwise\r
+ * competent Open Source.\r
+ *\r
+ * @param <TRANS>\r
+ */\r
+public class TypedCode<TRANS extends Trans> extends Content<TRANS> {\r
+ private List<Pair<String, Pair<HttpCode<TRANS,?>,List<Pair<String, Object>>>>> types;\r
+\r
+ public TypedCode() {\r
+ types = new ArrayList<Pair<String,Pair<HttpCode<TRANS,?>,List<Pair<String,Object>>>>>();\r
+ }\r
+ \r
+ /**\r
+ * Construct Typed Code based on ContentType parameters passed in\r
+ * \r
+ * @param code\r
+ * @param others\r
+ * @return\r
+ */\r
+ public TypedCode<TRANS> add(HttpCode<TRANS,?> code, String ... others) {\r
+ StringBuilder sb = new StringBuilder();\r
+ boolean first = true;\r
+ for(String str : others) {\r
+ if(first) {\r
+ first = false; \r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(str);\r
+ }\r
+ parse(code, sb.toString());\r
+ \r
+ return this;\r
+ }\r
+ \r
+ @Override\r
+ protected Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> types(HttpCode<TRANS,?> code, String str) {\r
+ Pair<String, Pair<HttpCode<TRANS,?>,List<Pair<String, Object>>>> type = null;\r
+ ArrayList<Pair<String, Object>> props = new ArrayList<Pair<String,Object>>();\r
+ // Want Q percentage is to be first in the array everytime. If not listed, 1.0 is default\r
+ props.add(new Pair<String,Object>(Q,1f));\r
+ Pair<HttpCode<TRANS,?>, List<Pair<String,Object>>> cl = new Pair<HttpCode<TRANS,?>, List<Pair<String,Object>>>(code, props);\r
+// // breakup "plus" stuff, i.e. application/xaml+xml\r
+// int plus = str.indexOf('+');\r
+// if(plus<0) {\r
+ type = new Pair<String, Pair<HttpCode<TRANS,?>,List<Pair<String,Object>>>>(str, cl);\r
+ types.add(type);\r
+ return type;\r
+// } else {\r
+// int prev = str.indexOf('/')+1;\r
+// String first = str.substring(0,prev);\r
+// String nstr;\r
+// while(prev!=0) {\r
+// nstr = first + (plus>-1?str.substring(prev,plus):str.substring(prev));\r
+// type = new Pair<String, Pair<HttpCode<TRANS,?>,List<Pair<String,Object>>>>(nstr, cl);\r
+// types.add(type);\r
+// prev = plus+1;\r
+// plus = str.indexOf('+',prev);\r
+// }\r
+// return type;\r
+// }\r
+ }\r
+\r
+ @Override\r
+ protected boolean props(Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type, String tag, String value) {\r
+ if(tag.equals(Q)) { // reset the Q value (first in array)\r
+ boolean rv = true;\r
+ try {\r
+ type.y.y.get(0).y=Float.parseFloat(value);\r
+ return rv;\r
+ } catch (NumberFormatException e) {\r
+ rv=false; // Note: this awkward syntax forced by Sonar, which doesn't like doing nothing with Exception\r
+ // which is what should happen\r
+ }\r
+ }\r
+ return type.y.y.add(new Pair<String,Object>(tag,"version".equals(tag)?new Version(value):value));\r
+ }\r
+ \r
+ public Pair<String, Pair<HttpCode<TRANS, ?>, List<Pair<String, Object>>>> prep(TRANS trans, String compare) throws IOException, ServletException {\r
+ Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> c,rv=null;\r
+ if(types.size()==1 && "".equals((c=types.get(0)).x)) { // if there are no checks for type, skip\r
+ rv = c;\r
+ } else {\r
+ if(compare==null || compare.length()==0) {\r
+ rv = types.get(0); // first code is used\r
+ } else {\r
+ Acceptor<TRANS> acc = new Acceptor<TRANS>(types);\r
+ boolean accepted;\r
+ TimeTaken tt = trans.start(compare, Env.SUB);\r
+ try {\r
+ accepted = acc.parse(null, compare);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ if(accepted) {\r
+ switch(acc.acceptable.size()) {\r
+ case 0: \r
+// // TODO best Status Code?\r
+// resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);\r
+ break;\r
+ case 1: \r
+ rv = acc.acceptable.get(0);\r
+ break;\r
+ default: // compare Q values to get Best Match\r
+ float bestQ = -1.0f;\r
+ Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> bestT = null;\r
+ for(Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : acc.acceptable) {\r
+ Float f = (Float)type.y.y.get(0).y; // first property is always Q\r
+ if(f>bestQ) {\r
+ bestQ=f;\r
+ bestT = type;\r
+ }\r
+ }\r
+ if(bestT!=null) {\r
+ // When it is a GET, the matched type is what is returned, so set ContentType\r
+// if(isGet)resp.setContentType(bestT.x); // set ContentType of Code<TRANS,?>\r
+// rv = bestT.y.x;\r
+ rv = bestT;\r
+ }\r
+ }\r
+ } else {\r
+ trans.checkpoint("No Match found for Accept");\r
+ }\r
+ }\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ /**\r
+ * Print on String Builder content related to specific Code\r
+ * \r
+ * This is for Reporting and Debugging purposes, so the content is not cached.\r
+ * \r
+ * If code is "null", then all content is matched\r
+ * \r
+ * @param code\r
+ * @return\r
+ */\r
+ public StringBuilder relatedTo(HttpCode<TRANS, ?> code, StringBuilder sb) {\r
+ boolean first = true;\r
+ for(Pair<String, Pair<HttpCode<TRANS, ?>, List<Pair<String, Object>>>> pair : types) {\r
+ if(code==null || pair.y.x == code) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(pair.x);\r
+ for(Pair<String,Object> prop : pair.y.y) {\r
+ // Don't print "Q". it's there for internal use, but it is only meaningful for "Accepts"\r
+ if(!prop.x.equals(Q) || !prop.y.equals(1f) ) {\r
+ sb.append(';');\r
+ sb.append(prop.x);\r
+ sb.append('=');\r
+ sb.append(prop.y);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return sb;\r
+ }\r
+ \r
+ public List<Pair<String, Object>> getContent(HttpCode<TRANS,?> code) {\r
+ for(Pair<String, Pair<HttpCode<TRANS, ?>, List<Pair<String, Object>>>> pair : types) {\r
+ if(pair.y.x == code) {\r
+ return pair.y.y;\r
+ }\r
+ }\r
+ return null;\r
+ }\r
+ \r
+ public String toString() {\r
+ return relatedTo(null,new StringBuilder()).toString();\r
+ }\r
+ \r
+ public void api(RouteReport tr) {\r
+ // Need to build up a map, because Prop entries can be in several places.\r
+ HashMap<HttpCode<?,?>,StringBuilder> psb = new HashMap<HttpCode<?,?>,StringBuilder>();\r
+ StringBuilder temp;\r
+ tr.desc = null;\r
+ \r
+ // Read through Code/TypeCode trees for all accepted Typecodes\r
+ for(Pair<String, Pair<HttpCode<TRANS, ?>, List<Pair<String, Object>>>> tc : types) {\r
+ // If new, then it's new Code set, create prefix content\r
+ if((temp=psb.get(tc.y.x))==null) {\r
+ psb.put(tc.y.x,temp=new StringBuilder());\r
+ if(tr.desc==null) {\r
+ tr.desc = tc.y.x.desc();\r
+ }\r
+ } else {\r
+ temp.append(',');\r
+ }\r
+ temp.append(tc.x);\r
+\r
+ // add all properties\r
+ for(Pair<String, Object> props : tc.y.y) {\r
+ temp.append(';');\r
+ temp.append(props.x);\r
+ temp.append('=');\r
+ temp.append(props.y);\r
+ }\r
+ }\r
+ // Gather all ContentType possibilities for the same code together\r
+ \r
+ for(StringBuilder sb : psb.values()) {\r
+ tr.contextTypes.add(sb.toString());\r
+ }\r
+ }\r
+\r
+ public String first() {\r
+ if(types.size()>0) {\r
+ return types.get(0).x;\r
+ }\r
+ return null;\r
+ }\r
+ \r
+ }\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+\r
+/**\r
+ * Analyze and hold Version information for Code\r
+ * \r
+ *\r
+ */\r
+public class Version {\r
+ private Object[] parts;\r
+\r
+ public Version(String v) {\r
+ String sparts[] = v.split("\\.");\r
+ parts = new Object[sparts.length];\r
+ System.arraycopy(sparts, 0, parts, 0, sparts.length);\r
+ if(parts.length>1) { // has at least a minor\r
+ try {\r
+ parts[1]=Integer.decode(sparts[1]); // minor elements need to be converted to Integer for comparison\r
+ } catch (NumberFormatException e) {\r
+ // it's ok, leave it as a string\r
+ parts[1]=sparts[1]; // This useless piece of code forced by Sonar which calls empty Exceptions "Blockers".\r
+ }\r
+ }\r
+ }\r
+\r
+ public boolean equals(Object obj) {\r
+ if(obj instanceof Version) {\r
+ Version ver = (Version)obj;\r
+ int length = Math.min(parts.length, ver.parts.length);\r
+ for(int i=0;i<length;++i) { // match on declared parts\r
+ if(i==1) {\r
+ if(parts[1] instanceof Integer && ver.parts[1] instanceof Integer) {\r
+ // Match on Minor version if this Version is less than Version to be checked\r
+ if(((Integer)parts[1])<((Integer)ver.parts[1])) {\r
+ return false;\r
+ }\r
+ continue; // don't match next line\r
+ }\r
+ }\r
+ if(!parts[i].equals(ver.parts[i])) {\r
+ return false; // other spots exact match\r
+ }\r
+ }\r
+ return true;\r
+ }\r
+ return false;\r
+ }\r
+ \r
+ \r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#hashCode()\r
+ */\r
+ @Override\r
+ public int hashCode() {\r
+ return super.hashCode();\r
+ }\r
+\r
+ public String toString() {\r
+ StringBuilder sb = new StringBuilder();\r
+ boolean first = true;\r
+ for(Object obj : parts) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append('.');\r
+ }\r
+ sb.append(obj.toString());\r
+ }\r
+ return sb.toString();\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv.doc;\r
+\r
+import java.lang.annotation.ElementType;\r
+import java.lang.annotation.Retention;\r
+import java.lang.annotation.RetentionPolicy;\r
+import java.lang.annotation.Target;\r
+\r
+import com.att.cssa.rserv.HttpMethods;\r
+@Retention(RetentionPolicy.RUNTIME)\r
+@Target({ElementType.METHOD})\r
+public @interface ApiDoc {\r
+ HttpMethods method();\r
+ String path();\r
+ int expectedCode();\r
+ int[] errorCodes();\r
+ String[] text();\r
+ /** Format with name|type|[true|false] */\r
+ String[] params();\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.common;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Matchers;\r
+import org.mockito.Mock;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.config.Config;\r
+import com.att.inno.env.Env;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_Define {\r
+ Define define;\r
+ public static String ROOT_NS="NS.Not.Set";\r
+ public static String ROOT_COMPANY=ROOT_NS;\r
+ \r
+ @Mock \r
+ Env envMock;\r
+ \r
+ \r
+ @Before\r
+ public void setUp(){\r
+ define = new Define();\r
+ }\r
+\r
+ @Test\r
+ public void testSet() throws CadiException {\r
+ PowerMockito.when(envMock.getProperty(Config.AAF_ROOT_NS)).thenReturn("aaf_root_ns");\r
+ PowerMockito.when(envMock.getProperty(Config.AAF_ROOT_COMPANY)).thenReturn("aaf_root_company");\r
+ //PowerMockito.when(envMock.init().log()).thenReturn(null);\r
+ //PowerMockito.doNothing().doThrow(new CadiException()).when(envMock).init().log(Matchers.anyString());\r
+ define.set(envMock);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.cadi.Access.Level;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_AuthzEnv {\r
+ private static final com.att.cadi.Access.Level DEBUG = null;\r
+ AuthzEnv authzEnv;\r
+ enum Level {DEBUG, INFO, AUDIT, INIT, WARN, ERROR};\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ authzEnv = new AuthzEnv();\r
+ }\r
+\r
+ @Test\r
+ public void testTransRate() {\r
+ Long Result = authzEnv.transRate();\r
+ System.out.println("value of result " +Result); //Expected 300000\r
+ assertNotNull(Result); \r
+ }\r
+ \r
+ @Test(expected = IOException.class)\r
+ public void testDecryptException() throws IOException{\r
+ String encrypted = null;\r
+ authzEnv.decrypt(encrypted, true);\r
+ }\r
+ \r
+ @Test\r
+ public void testDecrypt() throws IOException{\r
+ String encrypted = "encrypted";\r
+ String Result = authzEnv.decrypt(encrypted, true);\r
+ System.out.println("value of res " +Result);\r
+ assertEquals("encrypted",Result);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.Connector;\r
+import com.att.cadi.TrustChecker;\r
+\r
+@RunWith(PowerMockRunner.class) \r
+public class JU_AuthzTransFilter {\r
+AuthzTransFilter authzTransFilter;\r
+@Mock\r
+AuthzEnv authzEnvMock;\r
+@Mock\r
+Connector connectorMock;\r
+@Mock\r
+TrustChecker trustCheckerMock;\r
+@Mock\r
+AuthzTrans authzTransMock;\r
+Object additionalTafLurs;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ try {\r
+ authzTransFilter = new AuthzTransFilter(authzEnvMock, connectorMock, trustCheckerMock, additionalTafLurs);\r
+ } catch (CadiException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void test()\r
+ {\r
+ //authzTransFilter.newTrans();\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testTallyHo(){\r
+ PowerMockito.when(authzTransMock.info().isLoggable()).thenReturn(true);\r
+ //if(trans.info().isLoggable())\r
+ authzTransFilter.tallyHo(authzTransMock);\r
+ \r
+ }\r
+ \r
+ \r
+// AuthzTrans at = env.newTrans();\r
+// at.setLur(getLur());\r
+// return at\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.OrganizationFactory;\r
+import com.att.inno.env.LogTarget;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_AuthzTransImpl {\r
+\r
+ AuthzTransImpl authzTransImpl;\r
+ @Mock\r
+ AuthzEnv authzEnvMock;\r
+ \r
+ private Organization org=null;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ authzTransImpl = new AuthzTransImpl(authzEnvMock);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testOrg(){\r
+ Organization result=null;\r
+ result = authzTransImpl.org();\r
+ System.out.println("value of Organization " + result);\r
+ //assertTrue(true); \r
+ }\r
+ \r
+ @Mock\r
+ LogTarget logTargetMock;\r
+ \r
+ @Test\r
+ public void testLogAuditTrail(){\r
+ \r
+ PowerMockito.when(logTargetMock.isLoggable()).thenReturn(false);\r
+ authzTransImpl.logAuditTrail(logTargetMock);\r
+ \r
+ assertTrue(true);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_AuthzTransOnlyFilter {\r
+ AuthzTransOnlyFilter authzTransOnlyFilter;\r
+ @Mock\r
+ AuthzEnv authzEnvMock;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ authzTransOnlyFilter = new AuthzTransOnlyFilter(authzEnvMock);\r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.env;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_NullTrans {\r
+ NullTrans nullTrans;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ nullTrans = new NullTrans();\r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.layer;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+public class JU_Result {\r
+ Result result;\r
+// @Mock\r
+// RV value;\r
+ int status=0;\r
+ String details = "details"; \r
+ String[] variables;\r
+ \r
+ @SuppressWarnings({ "unchecked", "rawtypes" })\r
+ @Before\r
+ public void setUp(){\r
+ result = new Result(result, status, details, variables);\r
+ }\r
+\r
+ @Test\r
+ public void testPartialContent() {\r
+ Result Res = result.partialContent(true);\r
+ System.out.println("Res" +Res);\r
+ assertEquals(details,Res.toString());\r
+ \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.local;\r
+\r
+import java.io.File;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import org.junit.AfterClass;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.local.DataFile;\r
+import com.att.authz.local.DataFile.Token;\r
+import com.att.authz.local.DataFile.Token.Field;\r
+\r
+public class JU_DataFile {\r
+\r
+ @AfterClass\r
+ public static void tearDownAfterClass() throws Exception {\r
+ }\r
+\r
+ @Test\r
+ public void test() throws Exception {\r
+ File file = new File("../authz-batch/data/v1.dat");\r
+ DataFile df = new DataFile(file,"r");\r
+ int count = 0;\r
+ List<String> list = new ArrayList<String>();\r
+ try {\r
+ df.open();\r
+ Token tok = df.new Token(1024000);\r
+ Field fld = tok.new Field('|');\r
+ \r
+ while(tok.nextLine()) {\r
+ ++count;\r
+ fld.reset();\r
+ list.add(fld.at(0));\r
+ }\r
+// Collections.sort(list);\r
+ for(String s: list) {\r
+ System.out.println(s);\r
+\r
+ }\r
+ } finally {\r
+ System.out.printf("%15s:%12d\n","Total",count);\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.local;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.File;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_TextIndex {\r
+ TextIndex textIndex;\r
+ @Mock\r
+ File file;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ textIndex = new TextIndex(file);\r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_OrganizationException {\r
+ \r
+ OrganizationException organizationException;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ organizationException = new OrganizationException();\r
+ }\r
+ \r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.org;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.inno.env.APIException;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_OrganizationFactory {\r
+ private static final String ORG_SLOT = null;\r
+ OrganizationFactory organizationFactory;\r
+ @Mock\r
+ AuthzEnv authzEnvMock;\r
+ String orgClass="orgclass";\r
+ String orgNS="orgns";\r
+ @Before\r
+ public void setUp(){\r
+ organizationFactory = new OrganizationFactory(); \r
+ }\r
+\r
+ @SuppressWarnings("static-access")\r
+ @Test(expected = APIException.class)\r
+ public void testSetDefaultOrg() throws APIException {\r
+ //PowerMockito.when(authzEnvMock.slot(ORG_SLOT)).thenReturn("ORG_SLOT");\r
+ organizationFactory.setDefaultOrg(authzEnvMock, orgClass);\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test(expected = OrganizationException.class)\r
+ public void testObtain() throws OrganizationException{\r
+ PowerMockito.when(authzEnvMock.getProperty("Organization."+orgNS)).thenReturn("notnull");\r
+ organizationFactory.obtain(authzEnvMock, orgNS);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_CachingFileAccess {\r
+ CachingFileAccess cachingFileAccess;\r
+ \r
+ \r
+ @Before\r
+ public void setUp(){\r
+ cachingFileAccess = new CachingFileAccess(null, null);\r
+ \r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.ServletException;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_CodeSetter {\r
+ CodeSetter codeSetter;\r
+ @Mock\r
+ Trans transMock;\r
+ @Mock\r
+ HttpServletRequest reqMock;\r
+ @Mock\r
+ HttpServletResponse respMock;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ codeSetter = new CodeSetter(transMock, reqMock, respMock);\r
+ }\r
+ \r
+ @SuppressWarnings("rawtypes")\r
+ @Mock\r
+ Route routeMock;\r
+ \r
+ @Test\r
+ public void testMatches() throws IOException, ServletException{\r
+ boolean result = codeSetter.matches(routeMock);\r
+ System.out.println("value of res " + codeSetter.matches(routeMock));\r
+ assertFalse(result);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+\r
+public class JU_Pair {\r
+ Pair pair;\r
+ Object x;\r
+ Object y;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ pair = new Pair(x, y);\r
+ }\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+\r
+import javax.servlet.ServletException;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.inno.env.Trans;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_Routes {\r
+ Routes routes;\r
+ @Mock\r
+ HttpServletRequest reqMock;\r
+ CodeSetter<Trans> codeSetterMock;\r
+ Route<Trans> routeObj;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ routes = new Routes();\r
+ }\r
+ \r
+ @Test\r
+ public void testRouteReport(){\r
+ List listVal = routes.routeReport(); \r
+ System.out.println("value of Listval " +listVal);\r
+ assertNotNull(listVal);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testDerive() throws IOException, ServletException{\r
+ routeObj = routes.derive(reqMock, codeSetterMock);\r
+ System.out.println("value of routeObj" +routeObj); \r
+ }\r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_TypedCode {\r
+ TypedCode typedCode;\r
+ @Mock\r
+ RouteReport routeReportMock;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ typedCode = new TypedCode();\r
+ }\r
+ \r
+ @Test\r
+ public void testFirst(){\r
+ String returnVal = typedCode.first();\r
+ assertNull(returnVal);\r
+ }\r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Matchers;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_Version {\r
+ Version version;\r
+\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ version = new Version("String");\r
+ }\r
+\r
+ @Test\r
+ public void testEquals(){\r
+ boolean val = version.equals(version);\r
+ System.out.println("value of val " +val);\r
+ assertTrue(val);\r
+ }\r
+ \r
+ @Test\r
+ public void testToString(){\r
+ String strVal = version.toString();\r
+ System.out.println("value of strVal " +strVal);\r
+ assertNotNull(strVal);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv.test;\r
+\r
+import static junit.framework.Assert.assertEquals;\r
+import static junit.framework.Assert.assertFalse;\r
+import static junit.framework.Assert.assertTrue;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.cssa.rserv.Match;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.Trans;\r
+import com.att.inno.env.impl.EnvFactory;\r
+\r
+\r
+public class JU_BetterMatch {\r
+\r
+ @Test\r
+ public void test() {\r
+ Trans trans = EnvFactory.newTrans();\r
+ // Bad Match\r
+ Match bm = new Match("/req/1.0.0/:var");\r
+\r
+ assertTrue(bm.match("/req/1.0.0/fred"));\r
+ assertTrue(bm.match("/req/1.0.0/wilma"));\r
+ assertTrue(bm.match("/req/1.0.0/wilma/"));\r
+ assertFalse(bm.match("/req/1.0.0/wilma/bambam"));\r
+ assertFalse(bm.match("/not/valid/234"));\r
+ assertFalse(bm.match(""));\r
+ \r
+ TimeTaken tt = trans.start("A", Env.SUB);\r
+ TimeTaken tt2;\r
+ int i = 0;\r
+ try {\r
+ bm = new Match(null);\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match(""));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match(null));\r
+ tt2.done();\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ \r
+ tt = trans.start("B", Env.SUB);\r
+ i = 0;\r
+ try {\r
+ bm = new Match("/req/1.0.0/:urn/:ref");\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/0x12345"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertFalse(bm.match("/req/1.0.0/urn"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/0x12345/"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertFalse(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/0x12345/x"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertFalse(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/0x12345/xyx"));\r
+ } finally {\r
+ tt2.done();\r
+ tt.done(); \r
+ }\r
+ \r
+ tt = trans.start("C", Env.SUB);\r
+ i = 0;\r
+ try {\r
+ String url = "/req/1.0.0/";\r
+ bm = new Match(url+":urn*");\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ String value = "urn:fsdb,1.0,req,newreq/0x12345";\r
+ \r
+ assertTrue(bm.match(url+value));\r
+ assertEquals("urn:fsdb,1.0,req,newreq/0x12345",bm.param(url+value, ":urn"));\r
+ } finally {\r
+ tt2.done();\r
+ tt.done(); \r
+ }\r
+\r
+ tt = trans.start("D", Env.SUB);\r
+ i = 0;\r
+ try {\r
+ bm = new Match("/req/1.0.0/:urn/:ref*");\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/0x12345"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertFalse(bm.match("/req/1.0.0/urn:fsdb,1.0,req,newreq/"));\r
+ } finally {\r
+ tt2.done();\r
+ tt.done(); \r
+ }\r
+\r
+ tt = trans.start("E", Env.SUB);\r
+ i = 0;\r
+ try {\r
+ bm = new Match("this*");\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("this"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("thisandthat"));\r
+ tt2.done();\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("this/1.0.0/urn:fsdb,1.0,req,newreq/0x12345/"));\r
+ } finally {\r
+ tt2.done();\r
+ tt.done(); \r
+ }\r
+\r
+ tt = trans.start("F", Env.SUB);\r
+ i = 0;\r
+ try {\r
+ bm = new Match("*");\r
+ tt2 = trans.start(Integer.toString(++i), Env.SUB);\r
+ assertTrue(bm.match("<pass>/this"));\r
+ } finally {\r
+ tt2.done();\r
+ tt.done(); \r
+ }\r
+ \r
+ StringBuilder sb = new StringBuilder();\r
+ trans.auditTrail(0, sb);\r
+ System.out.println(sb);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void specialTest() {\r
+ Match match = new Match("/sample");\r
+ assertTrue(match.match("/sample"));\r
+ \r
+ match = new Match("/lpeer//lpeer/:key/:item*");\r
+ assertTrue(match.match("/lpeer//lpeer/x/y"));\r
+ assertFalse(match.match("/lpeer/x/lpeer/x/y"));\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.cssa.rserv.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertNotNull;\r
+import static org.junit.Assert.assertNull;\r
+\r
+import java.io.IOException;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.cssa.rserv.HttpCode;\r
+import com.att.cssa.rserv.TypedCode;\r
+import com.att.inno.env.TransJAXB;\r
+import com.att.inno.env.impl.EnvFactory;\r
+\r
+\r
+/**\r
+ * Test the functioning of the "Content" class, which holds, and routes to the right code based on Accept values\r
+ */\r
+public class JU_Content {\r
+ \r
+\r
+ @Test\r
+ public void test() throws Exception {\r
+ final String BOOL = "Boolean";\r
+ final String XML = "XML";\r
+ TransJAXB trans = EnvFactory.newTrans();\r
+ try {\r
+ HttpCode<TransJAXB, String> cBool = new HttpCode<TransJAXB,String>(BOOL,"Standard String") {\r
+ @Override\r
+ public void handle(TransJAXB trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ try {\r
+ resp.getOutputStream().write(context.getBytes());\r
+ } catch (IOException e) {\r
+ }\r
+ }\r
+ };\r
+\r
+ HttpCode<TransJAXB,String> cXML = new HttpCode<TransJAXB,String>(XML, "Standard String") {\r
+ @Override\r
+ public void handle(TransJAXB trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ try {\r
+ resp.getOutputStream().write(context.getBytes());\r
+ } catch (IOException e) {\r
+ }\r
+ }\r
+ };\r
+\r
+ TypedCode<TransJAXB> ct = new TypedCode<TransJAXB>()\r
+ .add(cBool,"application/" + Boolean.class.getName()+"+xml;charset=utf8;version=1.1")\r
+ .add(cXML,"application/xml;q=.9");\r
+ String expected = "application/java.lang.Boolean+xml;charset=utf8;version=1.1,application/xml;q=0.9";\r
+ assertEquals(expected,ct.toString());\r
+\r
+ //BogusReq req = new BogusReq();\r
+ //expected = (expected);\r
+ //HttpServletResponse resp = new BogusResp();\r
+ \r
+ assertNotNull("Same Content String and Accept String",ct.prep(trans,expected));\r
+\r
+ //expects Null (not run)\r
+ // A Boolean xml that must have charset utf8 and match version 1.2 or greater\r
+ expected = ("application/java.lang.Boolean+xml;charset=utf8;version=1.2");\r
+ assertNull("Accept Minor Version greater than Content Minor Version",ct.prep(trans,expected));\r
+\r
+ // Same with (too many) spaces\r
+ expected = (" application/java.lang.Boolean+xml ; charset = utf8 ; version = 1.2 ");\r
+ assertNull("Accept Minor Version greater than Content Minor Version",ct.prep(trans,expected));\r
+\r
+ //expects Null (not run)\r
+ expected = ("application/java.lang.Boolean+xml;charset=utf8;version=2.1");\r
+ assertNull("Major Versions not the same",ct.prep(trans,expected));\r
+\r
+ expected = ("application/java.lang.Boolean+xml;charset=utf8;version=1.0");\r
+ assertNotNull("Content Minor Version is greater than Accept Minor Version",ct.prep(trans,expected));\r
+\r
+ expected = "application/java.lang.Squid+xml;charset=utf8;version=1.0,application/xml;q=.9";\r
+ assertNotNull("2nd one will have to do...",ct.prep(trans,expected));\r
+\r
+ expected = "application/java.lang.Boolean+xml;charset=UTF8;version=1.0";\r
+ assertNotNull("Minor Charset in Caps acceptable",ct.prep(trans,expected));\r
+\r
+ // expects no run \r
+ expected="application/java.lang.Boolean+xml;charset=MyType;version=1.0";\r
+ assertNull("Unknown Minor Charset",ct.prep(trans,expected));\r
+\r
+ expected="";\r
+ assertNotNull("Blank Acceptance",ct.prep(trans,expected));\r
+ \r
+ expected=null;\r
+ assertNotNull("Null Acceptance",ct.prep(trans,expected)); \r
+\r
+ expected = ("text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");\r
+ assertNotNull("Matches application/xml, and other content not known",ct.prep(trans,expected));\r
+ \r
+ // No SemiColon\r
+ expected = ("i/am/bogus,application/xml");\r
+ assertNotNull("Match second entry, with no Semis",ct.prep(trans,expected));\r
+\r
+ } finally { \r
+ StringBuilder sb = new StringBuilder();\r
+ trans.auditTrail(0, sb);\r
+ System.out.println(sb);\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-defOrg</artifactId>\r
+ <name>Default Organization</name>\r
+ <description>Example Organization Module</description>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>false</maven.test.failure.ignore>\r
+ <project.swmVersion>0</project.swmVersion>\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-core</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>javax.mail</groupId>\r
+ <artifactId>mail</artifactId>\r
+ </dependency> \r
+ </dependencies>\r
+\r
+ <build>\r
+ <pluginManagement>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+</project>\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Set;\r
+\r
+import javax.mail.Address;\r
+import javax.mail.Message;\r
+import javax.mail.MessagingException;\r
+import javax.mail.Session;\r
+import javax.mail.Transport;\r
+import javax.mail.internet.InternetAddress;\r
+import javax.mail.internet.MimeMessage;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.org.EmailWarnings;\r
+import com.att.authz.org.Executor;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.OrganizationException;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+public class DefaultOrg implements Organization {\r
+ private static final String PROPERTY_IS_REQUIRED = " property is Required";\r
+ private static final String DOMAIN = "osaaf.com";\r
+ private static final String REALM = "com.osaaf";\r
+ private static final String NAME = "Default Organization";\r
+ private static final String NO_PASS = NAME + " does not support Passwords. Use AAF";\r
+ private final String mailHost,mailFromUserId,supportAddress;\r
+ private String SUFFIX;\r
+ // Possible ID Pattern\r
+ private static final String ID_PATTERN = "a-z[a-z0-9]{5-8}@.*";\r
+\r
+ public DefaultOrg(AuthzEnv env) throws OrganizationException {\r
+ String s;\r
+ mailHost = env.getProperty(s=(REALM + ".mailHost"), null);\r
+ if(mailHost==null) {\r
+ throw new OrganizationException(s + PROPERTY_IS_REQUIRED);\r
+ }\r
+ supportAddress = env.getProperty(s=(REALM + ".supportEmail"), null);\r
+ if(supportAddress==null) {\r
+ throw new OrganizationException(s + PROPERTY_IS_REQUIRED);\r
+ }\r
+ \r
+ String temp = env.getProperty(s=(REALM + ".mailFromUserId"), null);\r
+ mailFromUserId = temp==null?supportAddress:temp;\r
+\r
+ System.getProperties().setProperty("mail.smtp.host",mailHost);\r
+ System.getProperties().setProperty("mail.user", mailFromUserId);\r
+ // Get the default Session object.\r
+ session = Session.getDefaultInstance(System.getProperties());\r
+\r
+ SUFFIX='.'+getDomain();\r
+ \r
+ try {\r
+ String defFile;\r
+ temp=env.getProperty(defFile = (getClass().getName()+".file"));\r
+ File fIdentities=null;\r
+ if(temp==null) {\r
+ temp = env.getProperty("aaf_data_dir");\r
+ if(temp!=null) {\r
+ env.warn().log(defFile, "is not defined. Using default: ",temp+"/identities.dat");\r
+ File dir = new File(temp);\r
+ fIdentities=new File(dir,"identities.dat");\r
+ if(!fIdentities.exists()) {\r
+ env.warn().log("No",fIdentities.getCanonicalPath(),"exists. Creating.");\r
+ if(!dir.exists()) {\r
+ dir.mkdirs();\r
+ }\r
+ fIdentities.createNewFile();\r
+ }\r
+ }\r
+ } else {\r
+ fIdentities = new File(temp);\r
+ if(!fIdentities.exists()) {\r
+ String dataDir = env.getProperty("aaf_data_dir");\r
+ if(dataDir!=null) {\r
+ fIdentities = new File(dataDir,temp);\r
+ }\r
+ }\r
+ }\r
+ \r
+ if(fIdentities!=null && fIdentities.exists()) {\r
+ identities = new Identities(fIdentities);\r
+ } else {\r
+ throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");\r
+ }\r
+ } catch (IOException e) {\r
+ throw new OrganizationException(e);\r
+ }\r
+ }\r
+ \r
+ // Implement your own Delegation System\r
+ static final List<String> NULL_DELEGATES = new ArrayList<String>();\r
+\r
+ public Identities identities;\r
+ private boolean dryRun;\r
+ private Session session;\r
+ public enum Types {Employee, Contractor, Application, NotActive};\r
+ private final static Set<String> typeSet;\r
+ \r
+ static {\r
+ typeSet = new HashSet<String>();\r
+ for(Types t : Types.values()) {\r
+ typeSet.add(t.name());\r
+ }\r
+ }\r
+ \r
+ private static final EmailWarnings emailWarnings = new DefaultOrgWarnings();\r
+\r
+ @Override\r
+ public String getName() {\r
+ return NAME;\r
+ }\r
+\r
+ @Override\r
+ public String getRealm() {\r
+ return REALM;\r
+ }\r
+\r
+ @Override\r
+ public String getDomain() {\r
+ return DOMAIN;\r
+ }\r
+\r
+ @Override\r
+ public DefaultOrgIdentity getIdentity(AuthzTrans trans, String id) throws OrganizationException {\r
+ return new DefaultOrgIdentity(trans,id,this);\r
+ }\r
+\r
+ // Note: Return a null if found; return a String Message explaining why not found. \r
+ @Override\r
+ public String isValidID(String id) {\r
+ Data data;\r
+ try {\r
+ data = identities.find(id, identities.reuse());\r
+ } catch (IOException e) {\r
+ return getName() + " could not lookup " + id + ": " + e.getLocalizedMessage();\r
+ }\r
+ return data==null?id + "is not an Identity in " + getName():null;\r
+ }\r
+\r
+ @Override\r
+ public String isValidPassword(String user, String password, String... prev) {\r
+ // If you have an Organization user/Password scheme, use here, otherwise, just use AAF\r
+ return NO_PASS;\r
+ }\r
+\r
+ @Override\r
+ public Set<String> getIdentityTypes() {\r
+ return typeSet;\r
+ }\r
+\r
+ @Override\r
+ public Response notify(AuthzTrans trans, Notify type, String url, String[] identities, String[] ccs, String summary, Boolean urgent) {\r
+ String system = trans.getProperty("CASS_ENV", "");\r
+\r
+ ArrayList<String> toList = new ArrayList<String>();\r
+ Identity identity;\r
+ if (identities != null) {\r
+ for (String user : identities) {\r
+ try {\r
+ identity = getIdentity(trans, user);\r
+ if (identity == null) {\r
+ trans.error().log(\r
+ "Failure to obtain User " + user + " for "\r
+ + getName());\r
+ } else {\r
+ toList.add(identity.email());\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(\r
+ e,\r
+ "Failure to obtain User " + user + " for "\r
+ + getName());\r
+ }\r
+ }\r
+ }\r
+\r
+ if (toList.isEmpty()) {\r
+ trans.error().log("No Users listed to email");\r
+ return Response.ERR_NotificationFailure;\r
+ }\r
+\r
+ ArrayList<String> ccList = new ArrayList<String>();\r
+\r
+ // If we're sending an urgent email, CC the user's supervisor\r
+ //\r
+ if (urgent) {\r
+ trans.info().log("urgent msg for: " + identities[0]);\r
+ try {\r
+ List<Identity> supervisors = getApprovers(trans, identities[0]);\r
+ for (Identity us : supervisors) {\r
+ trans.info().log("supervisor: " + us.email());\r
+ ccList.add(us.email());\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,\r
+ "Failed to find supervisor for " + identities[0]);\r
+ }\r
+ }\r
+\r
+ if (ccs != null) {\r
+ for (String user : ccs) {\r
+ try {\r
+ identity = getIdentity(trans, user);\r
+ ccList.add(identity.email());\r
+ } catch (Exception e) {\r
+ trans.error().log(\r
+ e,\r
+ "Failure to obtain User " + user + " for "\r
+ + getName());\r
+ }\r
+ }\r
+ }\r
+\r
+ if (summary == null) {\r
+ summary = "";\r
+ }\r
+\r
+ switch (type) {\r
+ case Approval:\r
+ try {\r
+ sendEmail(trans, toList, ccList,\r
+ "AAF Approval Notification "\r
+ + (system.length() == 0 ? "" : "(ENV: "\r
+ + system + ")"),\r
+ "AAF is the "\r
+ + NAME\r
+ + "System for Fine-Grained Authorizations. You are being asked to Approve"\r
+ + (system.length() == 0 ? "" : " in the "\r
+ + system + " environment")\r
+ + " before AAF Actions can be taken.\n\n"\r
+ + "Please follow this link: \n\n\t" + url\r
+ + "\n\n" + summary, urgent);\r
+ } catch (Exception e) {\r
+ trans.error().log(e, "Failure to send Email");\r
+ return Response.ERR_NotificationFailure;\r
+ }\r
+ break;\r
+ case PasswordExpiration:\r
+ try {\r
+ sendEmail(trans,\r
+ toList,\r
+ ccList,\r
+ "AAF Password Expiration Warning "\r
+ + (system.length() == 0 ? "" : "(ENV: "\r
+ + system + ")"),\r
+ "AAF is the "\r
+ + NAME\r
+ + " System for Authorizations.\n\nOne or more passwords will expire soon or have expired"\r
+ + (system.length() == 0 ? "" : " in the "\r
+ + system + " environment")\r
+ + ".\n\nPasswords expired for more than 30 days without action are subject to deletion.\n\n"\r
+ + "Please follow each link to add a New Password with Expiration Date. Either are valid until expiration. "\r
+ + "Use this time to change the passwords on your system. If issues, reply to this email.\n\n"\r
+ + summary, urgent);\r
+ } catch (Exception e) {\r
+ trans.error().log(e, "Failure to send Email");\r
+ return Response.ERR_NotificationFailure;\r
+ }\r
+ break;\r
+\r
+ case RoleExpiration:\r
+ try {\r
+ sendEmail(\r
+ trans,\r
+ toList,\r
+ ccList,\r
+ "AAF Role Expiration Warning "\r
+ + (system.length() == 0 ? "" : "(ENV: "\r
+ + system + ")"),\r
+ "AAF is the "\r
+ + NAME\r
+ + " System for Authorizations. One or more roles will expire soon"\r
+ + (system.length() == 0 ? "" : " in the "\r
+ + system + " environment")\r
+ + ".\n\nRoles expired for more than 30 days are subject to deletion."\r
+ + "Please follow this link the GUI Command line, and either 'extend' or 'del' the user in the role.\n"\r
+ + "If issues, reply to this email.\n\n\t" + url\r
+ + "\n\n" + summary, urgent);\r
+ } catch (Exception e) {\r
+ trans.error().log(e, "Failure to send Email");\r
+ return Response.ERR_NotificationFailure;\r
+ }\r
+ break;\r
+ default:\r
+ return Response.ERR_NotImplemented;\r
+ }\r
+ return Response.OK;\r
+ }\r
+\r
+ @Override\r
+ public int sendEmail(AuthzTrans trans, List<String> toList, List<String> ccList, String subject, String body,\r
+ Boolean urgent) throws OrganizationException {\r
+ int status = 1;\r
+ \r
+ List<String> to = new ArrayList<String>();\r
+ for(String em : toList) {\r
+ if(em.indexOf('@')<0) {\r
+ to.add(new DefaultOrgIdentity(trans, em, this).email());\r
+ } else {\r
+ to.add(em);\r
+ }\r
+ }\r
+ \r
+ List<String> cc = new ArrayList<String>();\r
+ if(ccList!=null && !ccList.isEmpty()) {\r
+ for(String em : ccList) {\r
+ if(em.indexOf('@')<0) {\r
+ cc.add(new DefaultOrgIdentity(trans, em, this).email());\r
+ } else {\r
+ cc.add(em);\r
+ }\r
+ }\r
+ }\r
+ \r
+ \r
+ // for now, I want all emails so we can see what goes out. Remove later\r
+ if (!ccList.contains(supportAddress)) {\r
+ ccList.add(supportAddress);\r
+ }\r
+\r
+ try {\r
+ // Create a default MimeMessage object.\r
+ MimeMessage message = new MimeMessage(session);\r
+\r
+ // Set From: header field of the header.\r
+ message.setFrom(new InternetAddress(mailFromUserId));\r
+\r
+ if (!dryRun) {\r
+ // Set To: header field of the header. This is a required field\r
+ // and calling module should make sure that it is not null or\r
+ // blank\r
+ message.addRecipients(Message.RecipientType.TO,\r
+ getAddresses(to));\r
+\r
+ // Set CC: header field of the header.\r
+ if ((ccList != null) && (ccList.size() > 0)) {\r
+ message.addRecipients(Message.RecipientType.CC,\r
+ getAddresses(cc));\r
+ }\r
+\r
+ // Set Subject: header field\r
+ message.setSubject(subject);\r
+\r
+ if (urgent) {\r
+ message.addHeader("X-Priority", "1");\r
+ }\r
+\r
+ // Now set the actual message\r
+ message.setText(body);\r
+ } else {\r
+ // override recipients\r
+ message.addRecipients(Message.RecipientType.TO,\r
+ InternetAddress.parse(supportAddress));\r
+\r
+ // Set Subject: header field\r
+ message.setSubject("[TESTMODE] " + subject);\r
+\r
+ if (urgent) {\r
+ message.addHeader("X-Priority", "1");\r
+ }\r
+\r
+ ArrayList<String> newBody = new ArrayList<String>();\r
+\r
+ Address temp[] = getAddresses(to);\r
+ String headerString = "TO:\t" + InternetAddress.toString(temp)\r
+ + "\n";\r
+\r
+ temp = getAddresses(cc);\r
+ headerString += "CC:\t" + InternetAddress.toString(temp) + "\n";\r
+\r
+ newBody.add(headerString);\r
+\r
+ newBody.add("Text: \n");\r
+\r
+ newBody.add(body);\r
+ String outString = "";\r
+ for (String s : newBody) {\r
+ outString += s + "\n";\r
+ }\r
+\r
+ message.setText(outString);\r
+ }\r
+ // Send message\r
+ Transport.send(message);\r
+ status = 0;\r
+\r
+ } catch (MessagingException mex) {\r
+ throw new OrganizationException("Exception send email message "\r
+ + mex.getMessage());\r
+ }\r
+\r
+ return status; \r
+ }\r
+\r
+ /**\r
+ * Default Policy is to set to 6 Months for Notification Types.\r
+ * add others/change as required\r
+ */\r
+ @Override\r
+ public Date whenToValidate(Notify type, Date lastValidated) {\r
+ switch(type) {\r
+ case Approval:\r
+ case PasswordExpiration:\r
+ return null;\r
+ default:\r
+ GregorianCalendar gc = new GregorianCalendar();\r
+ gc.setTime(lastValidated);\r
+ gc.add(GregorianCalendar.MONTH, 6); // 6 month policy\r
+ return gc.getTime();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public GregorianCalendar expiration(GregorianCalendar gc, Expiration exp, String... extra) {\r
+ GregorianCalendar rv = gc==null?new GregorianCalendar():(GregorianCalendar)gc.clone();\r
+ switch (exp) {\r
+ case ExtendPassword:\r
+ // Extending Password give 5 extra days\r
+ rv.add(GregorianCalendar.DATE, 5);\r
+ break;\r
+ case Future:\r
+ // Future Requests last 15 days before subject to deletion.\r
+ rv.add(GregorianCalendar.DATE, 15);\r
+ break;\r
+ case Password:\r
+ // Passwords expire in 90 days\r
+ rv.add(GregorianCalendar.DATE, 90);\r
+ break;\r
+ case TempPassword:\r
+ // Temporary Passwords last for 12 hours.\r
+ rv.add(GregorianCalendar.HOUR, 12);\r
+ break;\r
+ case UserDelegate:\r
+ // Delegations expire max in 2 months\r
+ rv.add(GregorianCalendar.MONTH, 2);\r
+ break;\r
+ case UserInRole:\r
+ // Roles expire in 6 months\r
+ rv.add(GregorianCalendar.MONTH, 6);\r
+ break;\r
+ default:\r
+ // Unless other wise set, 6 months is default\r
+ rv.add(GregorianCalendar.MONTH, 6);\r
+ break;\r
+ }\r
+ return rv;\r
+ }\r
+\r
+ @Override\r
+ public EmailWarnings emailWarningPolicy() {\r
+ return emailWarnings;\r
+ }\r
+\r
+ /**\r
+ * Assume the Supervisor is the Approver.\r
+ */\r
+ @Override\r
+ public List<Identity> getApprovers(AuthzTrans trans, String user) throws OrganizationException {\r
+ Identity orgIdentity = getIdentity(trans, user);\r
+ List<Identity> orgIdentitys = new ArrayList<Identity>();\r
+ if(orgIdentity!=null) {\r
+ String supervisorID = orgIdentity.responsibleTo();\r
+ if (supervisorID.indexOf('@') < 0) {\r
+ supervisorID += getDomain();\r
+ }\r
+ Identity supervisor = getIdentity(trans, supervisorID);\r
+ orgIdentitys.add(supervisor);\r
+ }\r
+ return orgIdentitys; \r
+ }\r
+\r
+ @Override\r
+ public String getApproverType() {\r
+ return "supervisor";\r
+ }\r
+\r
+ @Override\r
+ public int startOfDay() {\r
+ // TODO Auto-generated method stub\r
+ return 0;\r
+ }\r
+\r
+ @Override\r
+ public boolean canHaveMultipleCreds(String id) {\r
+ // External entities are likely mono-password... if you change it, it is a global change.\r
+ // This is great for people, but horrible for Applications. \r
+ //\r
+ // AAF's Password can have multiple Passwords, each with their own Expiration Date.\r
+ // For Default Org, we'll assume true for all, but when you add your external\r
+ // Identity stores, you need to return "false" if they cannot support multiple Passwords like AAF\r
+ return true;\r
+ }\r
+\r
+ @Override\r
+ public boolean isValidCred(String id) {\r
+ if(id.endsWith(SUFFIX)) {\r
+ return true;\r
+ }\r
+ return id.matches(ID_PATTERN);\r
+ }\r
+\r
+ @Override\r
+ public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {\r
+ switch(policy) {\r
+ case OWNS_MECHID:\r
+ case CREATE_MECHID:\r
+ if(vars.length>0) {\r
+ Identity requestor = getIdentity(trans, trans.user());\r
+ if(requestor!=null) {\r
+ Identity mechid = getIdentity(trans, vars[0]);\r
+ if(requestor.equals(mechid.owner())) {\r
+ return null;\r
+ }\r
+ }\r
+ }\r
+ return trans.user() + " is not the Sponsor of MechID " + vars[0];\r
+ \r
+ case CREATE_MECHID_BY_PERM_ONLY:\r
+ return getName() + " only allows sponsors to create MechIDs";\r
+ \r
+ default:\r
+ return policy.name() + " is unsupported at " + getName();\r
+ } \r
+ }\r
+\r
+ @Override\r
+ public boolean isTestEnv() {\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public void setTestMode(boolean dryRun) {\r
+ this.dryRun = dryRun;\r
+ }\r
+\r
+ /**\r
+ * Convert the delimiter String into Internet addresses with the default\r
+ * delimiter of ";"\r
+ * @param strAddress\r
+ * @return\r
+ */\r
+ private Address[] getAddresses(List<String> strAddress) throws OrganizationException {\r
+ return this.getAddresses(strAddress,";");\r
+ }\r
+ /**\r
+ * Convert the delimiter String into Internet addresses with the \r
+ * delimiter of provided\r
+ * @param strAddress\r
+ * @param delimiter\r
+ * @return\r
+ */\r
+ private Address[] getAddresses(List<String> strAddresses, String delimiter) throws OrganizationException {\r
+ Address[] addressArray = new Address[strAddresses.size()];\r
+ int count = 0;\r
+ for (String addr : strAddresses)\r
+ {\r
+ try{\r
+ addressArray[count] = new InternetAddress(addr);\r
+ count++;\r
+ }catch(Exception e){\r
+ throw new OrganizationException("Failed to parse the email address "+ addr +": "+e.getMessage());\r
+ }\r
+ }\r
+ return addressArray;\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.local.AbsData.Reuse;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.authz.org.OrganizationException;\r
+import com.att.cadi.config.Config;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+/**\r
+ * Org Users are essential representations of Identities within the Org. Since this is a highly individual \r
+ * thing for most Orgs, i.e. some use LDAP, some need feed, some use something else, this object will allow\r
+ * the Organization to connect to their own Identity systems...\r
+ * \r
+ *\r
+ */\r
+public class DefaultOrgIdentity implements Identity {\r
+ private final static int TIMEOUT = Integer.parseInt(Config.AAF_CONN_TIMEOUT_DEF);\r
+ \r
+ private DefaultOrg org;\r
+ private Data identity;\r
+ private Identity owner;\r
+\r
+ public DefaultOrgIdentity(AuthzTrans trans, String key, DefaultOrg dorg) throws OrganizationException {\r
+ org = dorg;\r
+ identity=null;\r
+ try {\r
+ org.identities.open(trans, TIMEOUT);\r
+ try {\r
+ Reuse r = org.identities.reuse();\r
+ identity = org.identities.find(key, r);\r
+ if(identity==null) {\r
+ identity = Identities.NO_DATA;\r
+ } else {\r
+ if("a".equals(identity.status)) {\r
+ owner = new DefaultOrgIdentity(trans,identity.responsibleTo,org);\r
+ } else {\r
+ owner = null;\r
+ }\r
+ }\r
+ } finally {\r
+ org.identities.close(trans);\r
+ }\r
+ } catch (IOException e) {\r
+ throw new OrganizationException(e);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public boolean equals(Object b) {\r
+ if(b instanceof DefaultOrgIdentity) {\r
+ return identity.id.equals(((DefaultOrgIdentity)b).identity.id);\r
+ }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public String id() {\r
+ return identity.id;\r
+ }\r
+\r
+ @Override\r
+ public String fullID() {\r
+ return identity.id+'@'+org.getDomain();\r
+ }\r
+\r
+ @Override\r
+ public String type() {\r
+ switch(identity.status) {\r
+ case "e": return DefaultOrg.Types.Employee.name();\r
+ case "c": return DefaultOrg.Types.Contractor.name();\r
+ case "a": return DefaultOrg.Types.Application.name();\r
+ case "n": return DefaultOrg.Types.NotActive.name();\r
+ default:\r
+ return "Unknown";\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public String responsibleTo() {\r
+ return identity.responsibleTo;\r
+ }\r
+\r
+ @Override\r
+ public List<String> delegate() {\r
+ //NOTE: implement Delegate system, if desired\r
+ return DefaultOrg.NULL_DELEGATES;\r
+ }\r
+\r
+ @Override\r
+ public String email() {\r
+ return identity.email;\r
+ }\r
+\r
+ @Override\r
+ public String fullName() {\r
+ return identity.name;\r
+ }\r
+\r
+ @Override\r
+ public boolean isResponsible() {\r
+ return "e".equals(identity.status); // Assume only Employees are responsible for Resources. \r
+ }\r
+\r
+ @Override\r
+ public boolean isFound() {\r
+ return identity!=null;\r
+ }\r
+\r
+ @Override\r
+ public Identity owner() throws OrganizationException {\r
+ return owner;\r
+ }\r
+\r
+ @Override\r
+ public Organization org() {\r
+ return org;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import com.att.authz.org.EmailWarnings;\r
+\r
+public class DefaultOrgWarnings implements EmailWarnings {\r
+\r
+ @Override\r
+ public long credEmailInterval()\r
+ {\r
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7\r
+ }\r
+ \r
+ @Override\r
+ public long roleEmailInterval()\r
+ {\r
+ return 604800000L; // 7 days in millis 1000 * 86400 * 7\r
+ }\r
+ \r
+ @Override\r
+ public long apprEmailInterval() {\r
+ return 259200000L; // 3 days in millis 1000 * 86400 * 3\r
+ }\r
+ \r
+ @Override\r
+ public long credExpirationWarning()\r
+ {\r
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds\r
+ }\r
+ \r
+ @Override\r
+ public long roleExpirationWarning()\r
+ {\r
+ return( 2592000000L ); // One month, in milliseconds 1000 * 86400 * 30 in milliseconds\r
+ }\r
+\r
+ @Override\r
+ public long emailUrgentWarning()\r
+ {\r
+ return( 1209600000L ); // Two weeks, in milliseconds 1000 * 86400 * 14 in milliseconds\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+\r
+import com.att.authz.local.AbsData;\r
+import com.att.authz.local.DataFile.Token.Field;\r
+\r
+/*\r
+ * Example User Data file, which can be modified for many different kinds of Data Feeds.\r
+ * \r
+ * Note: This has shown to be extremely effective in AT&T, an acknowledged very large organizations, \r
+ * because there is no need to synchronize records. AAF simply receives a Data Feed in Organization\r
+ * defined intervals. (You might want to check for validity, such as size, etc), then is copied into\r
+ * Data Directory. You will want to do so first creating a "lock" file. Assuming the File name is "users.dat",\r
+ * the Lock File is "users.lock". \r
+ * \r
+ * After the movement of the Datafile into place, it is best to remove the Index File, then remove the lock file.\r
+ * \r
+ * Note, Any AAF Programs needing this data WILL wait on the Lock file, so you should get fresh Data files\r
+ * in a "stage" directory, from WEB, or wherever, and then, after it is correct, do the following as fast as feasible.\r
+ * \r
+ * a) lock\r
+ * b) copy from stage\r
+ * c) remove idx\r
+ * d) unlock\r
+ * \r
+ * If the Index File is either non-existent or out of date from the Data File, it will be reindexed, which\r
+ * has proven to be a very quick function, even with large numbers of entries.\r
+ * \r
+ * This Sample Feed is set for a file with delimiter of "|". 512 is maximum expected line length. The "0" is the\r
+ * field offset for the "key" to the record, which, for user, should be the unique Organization Identity.\r
+ * \r
+ */\r
+public class Identities extends AbsData {\r
+ public final static Data NO_DATA = new Data();\r
+ \r
+ public Identities(File users) {\r
+ super(users,'|',512,0);\r
+ }\r
+\r
+ /*\r
+ * Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split\r
+ * out AppIDs, choose your own status indicators, or whatever you use.\r
+ * 0 - unique ID\r
+ * 1 - full name\r
+ * 2 - first name\r
+ * 3 - last name\r
+ * 4 - phone\r
+ * 5 - official email\r
+ * 6 - employment status e=employee, c=contractor, a=application, n=no longer with company\r
+ * 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)\r
+ */\r
+ public static class Data {\r
+ public final String id;\r
+ public final String name;\r
+ public final String fname;\r
+ public final String lname;\r
+ public final String phone;\r
+ public final String email;\r
+ public final String status;\r
+ public final String responsibleTo;\r
+ \r
+ private Data(Field f) {\r
+ f.reset();\r
+ id=f.next();\r
+ name=f.next();\r
+ fname=f.next();\r
+ lname=f.next();\r
+ phone=f.next();\r
+ email=f.next();\r
+ status=f.next();\r
+ responsibleTo =f.next();\r
+ }\r
+ \r
+ private Data() {\r
+ id = name = fname = lname =\r
+ phone = email = status = responsibleTo \r
+ = "";\r
+ }\r
+\r
+ public String toString() {\r
+ return id + '|' +\r
+ name + '|' +\r
+ lname + '|' +\r
+ fname + '|' +\r
+ phone + '|' +\r
+ email + '|' +\r
+ status + '|' +\r
+ responsibleTo;\r
+ }\r
+ \r
+ // Here, make up your own Methods which help you easily determine your Organization's structure\r
+ // in your Organization Object\r
+ public boolean hasStatus(String possible) {\r
+ return possible.contains(status);\r
+ }\r
+\r
+ public boolean isEmployee() {\r
+ return "e".equals(status);\r
+ }\r
+ \r
+ public boolean isContractor() {\r
+ return "c".equals(status);\r
+ }\r
+ \r
+ public boolean isApplication() {\r
+ return "a".equals(status);\r
+ }\r
+ }\r
+ \r
+ public Data find(Object key,Reuse r) throws IOException {\r
+ r.getFieldData().reset();\r
+ // These are new, to allow for Thread Safety\r
+ int rec = ti.find(key,r.getTokenData(),r.getFieldData(),0);\r
+ if(rec<0) {\r
+ return null;\r
+ }\r
+ r.getTokenData().pos(rec);\r
+ return new Data(r.getFieldData());\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+/**\r
+ * \r
+ */\r
+package com.osaaf.defOrd.test;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+\r
+import org.junit.After;\r
+import org.junit.AfterClass;\r
+import org.junit.Assert;\r
+import org.junit.Before;\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.local.AbsData.Reuse;\r
+import com.osaaf.defOrg.Identities;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+/**\r
+ *\r
+ */\r
+public class JU_Identities {\r
+\r
+ private static final String DATA_IDENTITIES = "../opt/app/aaf/data/identities.dat";\r
+ private static File fids;\r
+ private static Identities ids;\r
+ private static AuthzEnv env;\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @BeforeClass\r
+ public static void setUpBeforeClass() throws Exception {\r
+ env = new AuthzEnv();\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ // Note: utilize TimeTaken, from trans.start if you want to time.\r
+ fids = new File(DATA_IDENTITIES);\r
+ if(fids.exists()) {\r
+ ids = new Identities(fids);\r
+ ids.open(trans, 5000);\r
+ } else {\r
+ \r
+ throw new Exception("Data File for Tests, \"" + DATA_IDENTITIES \r
+ + "\" must exist before test can run. (Current dir is " + System.getProperty("user.dir") + ")");\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @AfterClass\r
+ public static void tearDownAfterClass() throws Exception {\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ if(ids!=null) {\r
+ ids.close(trans);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @Before\r
+ public void setUp() throws Exception {\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @After\r
+ public void tearDown() throws Exception {\r
+ }\r
+ \r
+ @Test\r
+ public void test() throws IOException {\r
+ Reuse reuse = ids.reuse(); // this object can be reused within the same thread.\r
+ Data id = ids.find("osaaf",reuse);\r
+ Assert.assertNotNull(id);\r
+ System.out.println(id);\r
+\r
+ id = ids.find("mmanager",reuse);\r
+ Assert.assertNotNull(id);\r
+ System.out.println(id);\r
+\r
+ //TODO Fill out JUnit with Tests of all Methods in "Data id"\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import java.util.regex.Matcher;\r
+\r
+import javax.mail.Address;\r
+import javax.mail.internet.InternetAddress;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Matchers;\r
+import org.mockito.Mock;\r
+import org.mockito.MockitoAnnotations;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.org.Executor;\r
+import com.att.authz.org.OrganizationException;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.authz.org.Organization.Policy;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DefaultOrg {\r
+\r
+DefaultOrg defaultOrg;\r
+//private DefaultOrg defaultOrgMock;\r
+@Mock\r
+AuthzEnv authzEnvMock;\r
+\r
+private static final String PROPERTY_IS_REQUIRED = " property is Required";\r
+private static final String DOMAIN = "osaaf.com";\r
+private static final String REALM = "com.osaaf";\r
+private static final String NAME = "Default Organization";\r
+private static final String NO_PASS = NAME + " does not support Passwords. Use AAF";\r
+String mailHost,mailFromUserId,supportAddress;\r
+private String SUFFIX;\r
+String s;\r
+String defFile;\r
+@Mock\r
+File fIdentitiesMock;\r
+\r
+@Before\r
+public void setUp() throws OrganizationException{\r
+ MockitoAnnotations.initMocks(this);\r
+ PowerMockito.when(authzEnvMock.getProperty(s=(REALM + ".mailHost"), null)).thenReturn("hello");\r
+ PowerMockito.when(authzEnvMock.getProperty(s=(REALM + ".supportEmail"), null)).thenReturn("notnull");\r
+ PowerMockito.when(authzEnvMock.getProperty(Matchers.anyString())).thenReturn("C:/Users/sv8675/Desktop/AAF-Code-Sai/AAF-master/authz/authz-defOrg/src/main/java/test.txt");\r
+ PowerMockito.when(fIdentitiesMock.exists()).thenReturn(true);\r
+ //PowerMockito.when((fIdentitiesMock!=null && fIdentitiesMock.exists())).thenReturn(true);\r
+ defaultOrg = new DefaultOrg(authzEnvMock);\r
+}\r
+\r
+@Test //(expected=OrganizationException.class)\r
+public void test() throws OrganizationException{\r
+ //PowerMockito.when(authzEnvMock.getProperty(Matchers.anyString())).thenReturn(" ");\r
+ //defaultOrg = new DefaultOrg(authzEnvMock);\r
+ assertTrue(true);\r
+}\r
+\r
+@Test\r
+public void testIsValidID(){ \r
+ String Result = defaultOrg.isValidID(Matchers.anyString());\r
+ System.out.println("value of res " +Result);\r
+ assertNotNull(Result); \r
+}\r
+\r
+@Mock\r
+AuthzTrans authzTransMock;\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.MockitoAnnotations;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.org.OrganizationException;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DefaultOrgIdentity {\r
+\r
+ private DefaultOrgIdentity defaultOrgIdentity;\r
+ private DefaultOrgIdentity defaultOrgIdentityMock;\r
+ \r
+ @Mock\r
+ AuthzTrans authzTransMock;\r
+ \r
+ String key="key";\r
+ \r
+ @Mock\r
+ private DefaultOrg defaultOrgMock;\r
+ @Mock\r
+ private Data dataMock;\r
+ @Mock\r
+ private Identity identityMock;\r
+ \r
+ @Before\r
+ public void setUp() throws OrganizationException{\r
+ MockitoAnnotations.initMocks(this);\r
+ defaultOrgIdentityMock = PowerMockito.mock(DefaultOrgIdentity.class);\r
+ }\r
+ \r
+ @Test\r
+ public void testEquals(){\r
+ Object b = null;\r
+ Boolean res = defaultOrgIdentityMock.equals(b);\r
+ System.out.println("value of res " +res);\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.osaaf.defOrg;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.MockitoAnnotations;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DefaultOrgWarnings {\r
+ \r
+ private DefaultOrgWarnings defaultOrgWarningsMock;\r
+ private DefaultOrgWarnings defaultOrgWarnings;\r
+ \r
+ \r
+ @Before\r
+ public void setUp(){\r
+ MockitoAnnotations.initMocks(this);\r
+ \r
+ defaultOrgWarningsMock = PowerMockito.mock(DefaultOrgWarnings.class);\r
+ \r
+ defaultOrgWarnings = new DefaultOrgWarnings();\r
+ }\r
+\r
+ \r
+ @Test\r
+ public void testApprEmailInterval() {\r
+ \r
+ assertEquals(259200000, defaultOrgWarnings.apprEmailInterval() );\r
+ }\r
+ \r
+ @Test\r
+ public void testCredEmailInterval() {\r
+ assertEquals(604800000, defaultOrgWarnings.credEmailInterval());\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testCredExpirationWarning() {\r
+ assertEquals(2592000000L, defaultOrgWarnings.credExpirationWarning());\r
+ }\r
+ \r
+ @Test\r
+ public void testEmailUrgentWarning() {\r
+ assertEquals(1209600000L, defaultOrgWarnings.emailUrgentWarning());\r
+ }\r
+ \r
+ @Test\r
+ public void testRoleEmailInterval() {\r
+ assertEquals(604800000L, defaultOrgWarnings.roleEmailInterval());\r
+ }\r
+ \r
+ @Test\r
+ public void testRoleExpirationWarning() {\r
+ assertEquals(2592000000L, defaultOrgWarnings.roleExpirationWarning());\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+/**\r
+ * \r
+ */\r
+package com.osaaf.defOrg;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+\r
+import org.junit.After;\r
+import org.junit.AfterClass;\r
+import org.junit.Assert;\r
+import org.junit.Before;\r
+import org.junit.BeforeClass;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.local.AbsData.Reuse;\r
+import com.osaaf.defOrg.Identities;\r
+import com.osaaf.defOrg.Identities.Data;\r
+\r
+/**\r
+ *\r
+ */\r
+public class JU_Identities {\r
+\r
+ private static final String DATA_IDENTITIES = "../opt/app/aaf/data/identities.dat";\r
+ private static File fids;\r
+ private static Identities ids;\r
+ private static AuthzEnv env;\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @BeforeClass\r
+ public static void setUpBeforeClass() throws Exception {\r
+ env = new AuthzEnv();\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ // Note: utilize TimeTaken, from trans.start if you want to time.\r
+ fids = new File(DATA_IDENTITIES);\r
+ if(fids.exists()) {\r
+ ids = new Identities(fids);\r
+ ids.open(trans, 5000);\r
+ } else {\r
+ \r
+ throw new Exception("Data File for Tests, \"" + DATA_IDENTITIES \r
+ + "\" must exist before test can run. (Current dir is " + System.getProperty("user.dir") + ")");\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @AfterClass\r
+ public static void tearDownAfterClass() throws Exception {\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ if(ids!=null) {\r
+ ids.close(trans);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @Before\r
+ public void setUp() throws Exception {\r
+ }\r
+\r
+ /**\r
+ * @throws java.lang.Exception\r
+ */\r
+ @After\r
+ public void tearDown() throws Exception {\r
+ }\r
+ \r
+ @Test\r
+ public void test() throws IOException {\r
+ Reuse reuse = ids.reuse(); // this object can be reused within the same thread.\r
+ Data id = ids.find("osaaf",reuse);\r
+ Assert.assertNotNull(id);\r
+ System.out.println(id);\r
+\r
+ id = ids.find("mmanager",reuse);\r
+ Assert.assertNotNull(id);\r
+ System.out.println(id);\r
+\r
+ //TODO Fill out JUnit with Tests of all Methods in "Data id"\r
+ }\r
+\r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-fs</artifactId>\r
+ <name>Authz File Server</name>\r
+ <description>Independent FileServer via HTTP (not S) for Public Files (i.e. CRLs)</description>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>\r
+ <project.swmVersion>9</project.swmVersion>\r
+ </properties>\r
+ \r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+ <dependency> \r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-core</artifactId>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>com.att.aft</groupId>\r
+ <artifactId>dme2</artifactId>\r
+ </dependency>\r
+ </dependencies>\r
+ \r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-jar-plugin</artifactId>\r
+ <configuration>\r
+ <includes>\r
+ <include>**/*.class</include>\r
+ </includes>\r
+ </configuration>\r
+ <version>2.3.1</version>\r
+ </plugin>\r
+\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <configuration>\r
+ <skip>true</skip>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ \r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins/>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+ <distributionManagement>\r
+ <snapshotRepository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>\r
+ </snapshotRepository>\r
+ <repository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>\r
+ </repository>\r
+ </distributionManagement>\r
+ \r
+ <scm>\r
+ <connection>https://github.com/att/AAF.git</connection>\r
+ <developerConnection>${project.scm.connection}</developerConnection>\r
+ <url>http://github.com/att/AAF/tree/master</url>\r
+ </scm>\r
+</project>\r
--- /dev/null
+##
+## AUTHZ API (authz-service) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+DMEServiceName=service=com.att.authz.authz-fs/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_FS_PORT_RANGE_
+AFT_DME2_SSL_ENABLE=false
+AFT_DME2_DISABLE_PERSISTENT_CACHE=true
+
+CFA_WebPath=_ROOT_DIR_/data
+CFA_ClearCommand=FmzYPpMY918MwE1hyacoiFSt
+CFA_MaxSize=2000000
\ No newline at end of file
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}\r
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+\r
+log4j.appender.FS=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.FS.File=logs/${LOG4J_FILENAME_authz}\r
+log4j.appender.FS.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.FS.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.FS.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.FS.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.FS.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n\r
+\r
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}\r
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.AUDIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.AUDIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.TRACE=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.TRACE.File=logs/${LOG4J_FILENAME_trace}\r
+log4j.appender.TRACE.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.TRACE.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.TRACE.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.TRACE.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.TRACE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN\r
+log4j.logger.org.apache=WARN,INIT\r
+log4j.logger.dme2=WARN,INIT\r
+log4j.logger.init=INFO,INIT\r
+log4j.logger.authz=_LOG4J_LEVEL_,FS\r
+log4j.logger.audit=INFO,AUDIT\r
+log4j.logger.trace=TRACE,TRACE\r
+\r
+\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">\r
+ <ns2:ManagedResource>\r
+ <ResourceDescriptor>\r
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>\r
+ <ResourceVersion>\r
+ <Major>_MAJOR_VER_</Major>\r
+ <Minor>_MINOR_VER_</Minor>\r
+ <Patch>_PATCH_VER_</Patch> \r
+ </ResourceVersion>\r
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>\r
+ </ResourceDescriptor>\r
+ <ResourceType>Java</ResourceType>\r
+ <ResourcePath>com.att.authz.fs.FileServer</ResourcePath>\r
+ <ResourceProps>\r
+ <Tag>process.workdir</Tag>\r
+ <Value>_ROOT_DIR_</Value>\r
+ </ResourceProps> \r
+ <ResourceProps>\r
+ <Tag>jvm.version</Tag>\r
+ <Value>1.8</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.args</Tag>\r
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.classpath</Tag>\r
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.min</Tag>\r
+ <Value>1024m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.max</Tag>\r
+ <Value>2048m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>start.class</Tag>\r
+ <Value>com.att.authz.fs.FileServer</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stdout.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stderr.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>\r
+ </ResourceProps>\r
+ <ResourceOSID>aft</ResourceOSID>\r
+ <ResourceStartType>AUTO</ResourceStartType>\r
+ <ResourceStartPriority>2</ResourceStartPriority>\r
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>\r
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount> \r
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>\r
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>\r
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>\r
+ </ns2:ManagedResource>\r
+</ns2:ManagedResourceList>\r
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+<html>\r
+ <head> <!-- begin head -->\r
+ <meta charset="utf-8">\r
+ <title>AT&T Authentication/Authorization Tool</title>\r
+ <!-- \r
+ <link rel="stylesheet" href="_AUTHZ_GUI_URL_/theme/aaf5.css">\r
+ <script type="text/javascript" src="_AUTHZ_GUI_URL_/theme/comm.js"></script>\r
+ <script type="text/javascript" src="_AUTHZ_GUI_URL_/theme/console.js"></script>\r
+ <script type="text/javascript" src="_AUTHZ_GUI_URL_/theme/common.js"></script>\r
+ <link rel="stylesheet" href="_AUTHZ_GUI_URL_/theme/aaf5Desktop.css">\r
+ -->\r
+ </head> <!-- end head -->\r
+ <body> <!-- begin body -->\r
+ <header> <!-- begin header -->\r
+ <h1>AT&T Auth Tool on _ENV_CONTEXT_</h1>\r
+ <p id="version">AAF Version: _ARTIFACT_VERSION_</p>\r
+ </header>\r
+ <h1>Success for File Server Access</h1>\r
+ </body>\r
+</html>\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.fs;\r
+\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+\r
+import java.io.IOException;\r
+import java.io.InputStream;\r
+import java.net.URL;\r
+import java.util.ArrayList;\r
+import java.util.EnumSet;\r
+import java.util.List;\r
+import java.util.Properties;\r
+\r
+import com.att.aft.dme2.api.DME2Manager;\r
+import com.att.aft.dme2.api.DME2Server;\r
+import com.att.aft.dme2.api.DME2ServerProperties;\r
+import com.att.aft.dme2.api.DME2ServiceHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.util.DME2ServletHolder;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.env.AuthzTransOnlyFilter;\r
+import com.att.cssa.rserv.CachingFileAccess;\r
+import com.att.cssa.rserv.RServlet;\r
+import com.att.inno.env.APIException;\r
+\r
+\r
+public class FileServer extends RServlet<AuthzTrans> {\r
+ public FileServer(final AuthzEnv env) throws APIException, IOException {\r
+ try {\r
+ /////////////////////// \r
+ // File Server \r
+ ///////////////////////\r
+ \r
+ CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);\r
+ route(env,GET,"/:key", cfa); \r
+ route(env,GET,"/:key/:cmd", cfa); \r
+ ///////////////////////\r
+ \r
+ \r
+ } catch (Exception e) {\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ public static void main(String[] args) {\r
+ try {\r
+ // Load Properties from authFramework.properties. Needed for DME2 and AuthzEnv\r
+ Properties props = new Properties();\r
+ URL rsrc = ClassLoader.getSystemResource("FileServer.props");\r
+ if(rsrc==null) {\r
+ System.err.println("Folder containing FileServer.props must be on Classpath");\r
+ System.exit(1);\r
+ }\r
+ InputStream is = rsrc.openStream();\r
+ try {\r
+ props.load(is);\r
+ } finally {\r
+ is.close();\r
+ }\r
+ \r
+ // Load Properties into AuthzEnv\r
+ AuthzEnv env = new AuthzEnv(props); \r
+ env.setLog4JNames("log4j.properties","authz","fs","audit","init",null);\r
+ \r
+ // AFT Discovery Libraries only read System Props\r
+ env.loadToSystemPropsStartsWith("AFT_","DME2_");\r
+ env.init().log("DME2 using " + env.getProperty("DMEServiceName","unknown") + " URI");\r
+ \r
+ // Start DME2 (DME2 needs Properties form of props)\r
+ DME2Manager dme2 = new DME2Manager("RServDME2Manager",props);\r
+ \r
+ DME2ServiceHolder svcHolder;\r
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();\r
+ svcHolder = new DME2ServiceHolder();\r
+ String serviceName = env.getProperty("DMEServiceName",null);\r
+ if(serviceName!=null) {\r
+ svcHolder.setServiceURI(serviceName);\r
+ svcHolder.setManager(dme2);\r
+ svcHolder.setContext("/");\r
+ \r
+ FileServer fs = new FileServer(env);\r
+ DME2ServletHolder srvHolder = new DME2ServletHolder(fs);\r
+ srvHolder.setContextPath("/*");\r
+ slist.add(srvHolder);\r
+ \r
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(\r
+ RequestDispatcherType.REQUEST,\r
+ RequestDispatcherType.FORWARD,\r
+ RequestDispatcherType.ASYNC\r
+ );\r
+\r
+ ///////////////////////\r
+ // Apply Filters\r
+ ///////////////////////\r
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();\r
+ \r
+ // Need TransFilter\r
+ flist.add(new DME2FilterHolder(new AuthzTransOnlyFilter(env),"/*",edlist));\r
+ svcHolder.setFilters(flist);\r
+ svcHolder.setServletHolders(slist);\r
+ \r
+ DME2Server dme2svr = dme2.getServer();\r
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();\r
+ dsprops.setGracefulShutdownTimeMs(1000);\r
+\r
+ env.init().log("Starting AAF FileServer with Jetty/DME2 server...");\r
+ dme2svr.start();\r
+ try {\r
+// if(env.getProperty("NO_REGISTER",null)!=null)\r
+ dme2.bindService(svcHolder);\r
+ env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());\r
+\r
+ while(true) { // Per DME2 Examples...\r
+ Thread.sleep(5000);\r
+ }\r
+ } catch(InterruptedException e) {\r
+ env.init().log("AAF Jetty Server interrupted!");\r
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process\r
+ env.init().log(e,"DME2 Initialization Error");\r
+ dme2svr.stop();\r
+ System.exit(1);\r
+ }\r
+ } else {\r
+ env.init().log("Properties must contain DMEServiceName");\r
+ }\r
+\r
+ } catch (Exception e) {\r
+ e.printStackTrace(System.err);\r
+ System.exit(1);\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.fs;\r
+\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static org.junit.Assert.*;\r
+\r
+import java.io.File;\r
+import java.io.IOException;\r
+import java.net.URL;\r
+import java.util.Properties;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.InjectMocks;\r
+import org.mockito.Matchers;\r
+import org.mockito.Mock;\r
+import org.mockito.Mockito;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+import org.powermock.api.mockito.PowerMockito;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.cssa.rserv.CachingFileAccess;\r
+import com.att.inno.env.APIException;\r
+import com.att.authz.fs.*;\r
+\r
+@RunWith(MockitoJUnitRunner.class)\r
+public class JU_FileServer { \r
+ @Mock\r
+ AuthzEnv authzEnvMock;\r
+ AuthzEnv authzEnv = new AuthzEnv();\r
+ \r
+ @Before\r
+ public void setUp() throws APIException, IOException{\r
+\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testMain() throws Exception{\r
+ \r
+ String[] args = null;\r
+ Properties props = new Properties();\r
+ ClassLoader classLoader = getClass().getClassLoader();\r
+ File file = new File(classLoader.getResource("FileServer.props").getFile());\r
+\r
+//PowerMockito.whenNew(Something.class).withArguments(argument).thenReturn(mockSomething);\r
+ // env.setLog4JNames("log4j.properties","authz","fs","audit","init",null);\r
+ // PowerMockito.whenNew(AuthzEnv.class).withArguments(props).thenReturn(authzEnvMock);\r
+ // PowerMockito.doNothing().when(authzEnvMock.setLog4JNames(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString()));\r
+ // PowerMockito.when(new AuthzEnv(props)).thenReturn(authzEnvMock);\r
+ //PowerMockito.doNothing().when(authzEnv).setLog4JNames(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.anyString());\r
+ //PowerMockito.doNothing().when(authzEnvMock).setLog4JNames(" "," "," "," "," "," ");\r
+\r
+ FileServer.main(args);\r
+ //assertTrue(true);\r
+ \r
+ }\r
+ \r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>com.att.authz</groupId>
+ <artifactId>parent</artifactId>
+ <version>2.0.15</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>authz-gui</artifactId>
+ <name>Authz GUI (Mobile First)</name>
+ <description>GUI for Authz Management</description>
+ <url>https://github.com/att/AAF</url>
+ <licenses>
+ <license>
+ <name>BSD License</name>
+ <url> </url>
+ </license>
+ </licenses>
+ <developers>
+ <developer>
+ <name>Jonathan Gathman</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl></organizationUrl>
+ </developer>
+ </developers>
+
+
+ <properties>
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>
+ <project.swmVersion>28</project.swmVersion>
+ </properties>
+
+
+ <dependencies>
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-client</artifactId>
+ </dependency>
+
+ <!-- <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-att</artifactId>
+ </dependency> -->
+
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-cmd</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-tguard</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-client</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>gso</groupId>
+ <artifactId>GLCookieDecryption</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>xgen</artifactId>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <includes>
+ <include>**/*.class</include>
+ </includes>
+ </configuration>
+ <version>2.3.1</version>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>swm</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <finalName>authz-gui-${project.version}.${project.swmVersion}</finalName>
+
+ <descriptors>
+ <descriptor>../authz-service/src/main/assemble/swm.xml</descriptor>
+ </descriptors>
+ <archive>
+ </archive>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <failOnError>false</failOnError>
+ </configuration>
+ <executions>
+ <execution>
+ <id>attach-javadocs</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.2.1</version>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.5</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <serverId>ossrhdme</serverId>
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>
+ </configuration>
+ </plugin>
+
+
+ </plugins>
+ <pluginManagement>
+ <plugins/>
+ </pluginManagement>
+ </build>
+
+ <distributionManagement>
+ <snapshotRepository>
+ <id>ossrhdme</id>
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+ </snapshotRepository>
+ <repository>
+ <id>ossrhdme</id>
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+ </repository>
+ </distributionManagement>
+
+ <scm>
+ <connection>https://github.com/att/AAF.git</connection>
+ <developerConnection>${project.scm.connection}</developerConnection>
+ <url>http://github.com/att/AAF/tree/master</url>
+ </scm>
+</project>
--- /dev/null
+##
+## AUTHZ GUI (authz-gui) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_GUI_PORT_RANGE_
+
+# Turn on both AAF TAF & LUR 2.0
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+
+## URLs
+aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding
+aaf_url.aaf_help=http://wiki.web.att.com/display/aaf
+aaf_url.cadi_help=http://wiki.web.att.com/display/cadi
+aaf_tools=swm,scamper,dme2,soacloud
+aaf_url.tool.swm=http://wiki.web.att.com/display/swm
+aaf_url.tool.scamper=https://wiki.web.att.com/display/scamper/Home
+aaf_url.tool.soacloud=https://wiki.web.att.com/display/soacloud/SOA+Cloud+Management+Platform
+aaf_url.tool.dme2=https://wiki.web.att.com/display/soacloud/User+Guide+-+DME2
+
+
--- /dev/null
+###############################################################################
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+###############################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.GUI=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.GUI.File=_LOG_DIR_/${LOG4J_FILENAME_gui}
+log4j.appender.GUI.DatePattern='.'yyyy-MM-dd
+#log4j.appender.GUI.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.GUI.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.GUI.layout=org.apache.log4j.PatternLayout
+log4j.appender.GUI.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
+#log4j.appender.GUI.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.GUI.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n
+
+# General Apache libraries
+log4j.rootLogger=WARN
+log4j.logger.org.apache=WARN,INIT
+log4j.logger.dme2=WARN,INIT
+log4j.logger.init=INFO,INIT
+log4j.logger.gui=_LOG4J_LEVEL_,GUI
+log4j.logger.audit=INFO,AUDIT
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ -->
+
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">
+ <ns2:ManagedResource>
+ <ResourceDescriptor>
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>
+ <ResourceVersion>
+ <Major>_MAJOR_VER_</Major>
+ <Minor>_MINOR_VER_</Minor>
+ <Patch>_PATCH_VER_</Patch>
+ </ResourceVersion>
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>
+ </ResourceDescriptor>
+ <ResourceType>Java</ResourceType>
+ <ResourcePath>com.att.authz.gui.AuthGUI</ResourcePath>
+ <ResourceProps>
+ <Tag>process.workdir</Tag>
+ <Value>_ROOT_DIR_</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.version</Tag>
+ <Value>1.8</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.args</Tag>
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.classpath</Tag>
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.heap.min</Tag>
+ <Value>512m</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.heap.max</Tag>
+ <Value>2048m</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>start.class</Tag>
+ <Value>com.att.authz.gui.AuthGUI</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>stdout.redirect</Tag>
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>stderr.redirect</Tag>
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>
+ </ResourceProps>
+ <ResourceOSID>aft</ResourceOSID>
+ <ResourceStartType>AUTO</ResourceStartType>
+ <ResourceStartPriority>3</ResourceStartPriority>
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount>
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>
+ </ns2:ManagedResource>
+</ns2:ManagedResourceList>
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.cui;
+
+import java.io.PrintWriter;
+import java.security.Principal;
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.cadi.config.Config;
+import com.att.cadi.http.HTransferSS;
+import com.att.cmd.AAFcli;
+import com.att.cssa.rserv.HttpCode;
+
+public class CUI extends HttpCode<AuthzTrans, Void> {
+ private final AuthGUI gui;
+ public CUI(AuthGUI gui) {
+ super(null,"Command Line");
+ this.gui = gui;
+ }
+
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req,HttpServletResponse resp) throws Exception {
+ ServletInputStream isr = req.getInputStream();
+ PrintWriter pw = resp.getWriter();
+ int c;
+ StringBuilder cmd = new StringBuilder();
+
+ while((c=isr.read())>=0) {
+ cmd.append((char)c);
+ }
+
+ Principal p = trans.getUserPrincipal();
+ trans.env().setProperty(Config.AAF_DEFAULT_REALM, trans.env().getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()));
+ AAFcli aafcli = new AAFcli(trans.env(), pw,
+ gui.aafCon.hman(),
+ gui.aafCon.securityInfo(), new HTransferSS(p,AuthGUI.app,
+ gui.aafCon.securityInfo()));
+
+ aafcli.verbose(false);
+ aafcli.gui(true);
+ String cmdStr = cmd.toString();
+ if (!cmdStr.contains("--help")) {
+ cmdStr = cmdStr.replaceAll("help", "--help");
+ }
+ if (!cmdStr.contains("--version")) {
+ cmdStr = cmdStr.replaceAll("version", "--version");
+ }
+ try {
+ aafcli.eval(cmdStr);
+ pw.flush();
+ } catch (Exception e) {
+ pw.flush();
+ pw.println(e.getMessage());
+ } finally {
+ aafcli.close();
+ }
+
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import static com.att.cssa.rserv.HttpMethods.GET;
+import static com.att.cssa.rserv.HttpMethods.POST;
+import static com.att.cssa.rserv.HttpMethods.PUT;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Properties;
+
+import com.att.aft.dme2.api.DME2Exception;
+import com.att.aft.dme2.api.DME2Manager;
+import com.att.aft.dme2.api.DME2Server;
+import com.att.aft.dme2.api.DME2ServerProperties;
+import com.att.aft.dme2.api.DME2ServiceHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
+import com.att.aft.dme2.api.util.DME2ServletHolder;
+import com.att.authz.common.Define;
+import com.att.authz.cui.CUI;
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.env.AuthzTransFilter;
+import com.att.authz.env.AuthzTransOnlyFilter;
+import com.att.authz.gui.pages.ApiDocs;
+import com.att.authz.gui.pages.ApiExample;
+import com.att.authz.gui.pages.ApprovalAction;
+import com.att.authz.gui.pages.ApprovalForm;
+import com.att.authz.gui.pages.Home;
+import com.att.authz.gui.pages.LoginLanding;
+import com.att.authz.gui.pages.LoginLandingAction;
+import com.att.authz.gui.pages.NsDetail;
+import com.att.authz.gui.pages.NsHistory;
+import com.att.authz.gui.pages.NsInfoAction;
+import com.att.authz.gui.pages.NsInfoForm;
+import com.att.authz.gui.pages.NssShow;
+import com.att.authz.gui.pages.PassChangeAction;
+import com.att.authz.gui.pages.PassChangeForm;
+import com.att.authz.gui.pages.PendingRequestsShow;
+import com.att.authz.gui.pages.PermDetail;
+import com.att.authz.gui.pages.PermGrantAction;
+import com.att.authz.gui.pages.PermGrantForm;
+import com.att.authz.gui.pages.PermHistory;
+import com.att.authz.gui.pages.PermsShow;
+import com.att.authz.gui.pages.RequestDetail;
+import com.att.authz.gui.pages.RoleDetail;
+import com.att.authz.gui.pages.RoleHistory;
+import com.att.authz.gui.pages.RolesShow;
+import com.att.authz.gui.pages.UserRoleExtend;
+import com.att.authz.gui.pages.UserRoleRemove;
+import com.att.authz.gui.pages.WebCommand;
+import com.att.authz.org.OrganizationFactory;
+import com.att.authz.server.AbsServer;
+import com.att.cadi.CadiException;
+import com.att.cadi.aaf.v2_0.AAFTrustChecker;
+import com.att.cadi.client.Future;
+import com.att.cadi.config.Config;
+import com.att.cssa.rserv.CachingFileAccess;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.rosetta.env.RosettaDF;
+import com.att.xgen.html.HTMLGen;
+import com.att.xgen.html.State;
+
+import aaf.v2_0.Api;
+import aaf.v2_0.Approvals;
+import aaf.v2_0.CredRequest;
+import aaf.v2_0.Error;
+import aaf.v2_0.History;
+import aaf.v2_0.Nss;
+import aaf.v2_0.Perms;
+import aaf.v2_0.RolePermRequest;
+import aaf.v2_0.Roles;
+import aaf.v2_0.UserRoles;
+import aaf.v2_0.Users;
+
+public class AuthGUI extends AbsServer implements State<Env>{
+ public static final int TIMEOUT = 60000;
+ public static final String app = "AAF GUI";
+
+ public RosettaDF<Perms> permsDF;
+ public RosettaDF<Roles> rolesDF;
+ public RosettaDF<Users> usersDF;
+ public RosettaDF<UserRoles> userrolesDF;
+ public RosettaDF<CredRequest> credReqDF;
+ public RosettaDF<RolePermRequest> rolePermReqDF;
+ public RosettaDF<Approvals> approvalsDF;
+ public RosettaDF<Nss> nssDF;
+ public RosettaDF<Api> apiDF;
+ public RosettaDF<Error> errDF;
+ public RosettaDF<History> historyDF;
+
+ public final AuthzEnv env;
+ public final Slot slot_httpServletRequest;
+
+ public AuthGUI(final AuthzEnv env) throws CadiException, GeneralSecurityException, IOException, APIException {
+ super(env,app);
+ this.env = env;
+
+ env.setLog4JNames("log4j.properties","authz","gui","audit","init","trace ");
+ OrganizationFactory.setDefaultOrg(env, "com.att.authz.org.att.ATT");
+
+
+ slot_httpServletRequest = env.slot("HTTP_SERVLET_REQUEST");
+
+ permsDF = env.newDataFactory(Perms.class);
+ rolesDF = env.newDataFactory(Roles.class);
+// credsDF = env.newDataFactory(Cred.class);
+ usersDF = env.newDataFactory(Users.class);
+ userrolesDF = env.newDataFactory(UserRoles.class);
+ credReqDF = env.newDataFactory(CredRequest.class);
+ rolePermReqDF = env.newDataFactory(RolePermRequest.class);
+ approvalsDF = env.newDataFactory(Approvals.class);
+ nssDF = env.newDataFactory(Nss.class);
+ apiDF = env.newDataFactory(Api.class);
+ errDF = env.newDataFactory(Error.class);
+ historyDF = env.newDataFactory(History.class);
+
+ /////////////////////////
+ // Screens
+ /////////////////////////
+ // Start Screen
+ final Page start = new Display(this, GET, new Home(this)).page();
+
+ // MyPerms Screens
+ final Page myPerms = new Display(this, GET, new PermsShow(this, start)).page();
+ Page permDetail = new Display(this, GET, new PermDetail(this, start, myPerms)).page();
+ new Display(this, GET, new PermHistory(this,start,myPerms,permDetail));
+
+ // MyRoles Screens
+ final Page myRoles = new Display(this, GET, new RolesShow(this, start)).page();
+ Page roleDetail = new Display(this, GET, new RoleDetail(this, start, myRoles)).page();
+ new Display(this, GET, new RoleHistory(this,start,myRoles,roleDetail));
+
+ // MyNameSpace
+ final Page myNamespaces = new Display(this, GET, new NssShow(this, start)).page();
+ Page nsDetail = new Display(this, GET, new NsDetail(this, start, myNamespaces)).page();
+ new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail));
+
+ // Password Change Screens
+ final Page pwc = new Display(this, GET, new PassChangeForm(this, start)).page();
+ new Display(this, POST, new PassChangeAction(this, start, pwc));
+
+ // Validation Change Screens
+ final Page validate = new Display(this, GET, new ApprovalForm(this, start)).page();
+ new Display(this, POST, new ApprovalAction(this, start, validate));
+
+ // Onboard, Detailed Edit Screens
+ final Page onb = new Display(this, GET, new NsInfoForm(this, start)).page();
+ new Display(this, POST, new NsInfoAction(this, start, onb));
+
+ // Web Command Screens
+ /* final Page webCommand =*/ new Display(this, GET, new WebCommand(this, start)).page();
+
+ // API Docs
+ final Page apidocs = new Display(this, GET, new ApiDocs(this, start)).page();
+ new Display(this, GET, new ApiExample(this,start, apidocs)).page();
+
+ // Permission Grant Page
+ final Page permGrant = new Display(this, GET, new PermGrantForm(this, start)).page();
+ new Display(this, POST, new PermGrantAction(this, start, permGrant)).page();
+
+ // Login Landing if no credentials detected
+ final Page loginLanding = new Display(this, GET, new LoginLanding(this, start)).page();
+ new Display(this, POST, new LoginLandingAction(this, start, loginLanding));
+
+ // User Role Request Extend and Remove
+ new Display(this, GET, new UserRoleExtend(this, start,myRoles)).page();
+ new Display(this, GET, new UserRoleRemove(this, start,myRoles)).page();
+
+ // See my Pending Requests
+ final Page requestsShow = new Display(this, GET, new PendingRequestsShow(this, start)).page();
+ new Display(this, GET, new RequestDetail(this, start, requestsShow));
+
+ // Command line Mechanism
+ route(env, PUT, "/gui/cui", new CUI(this),"text/plain;charset=utf-8","*/*");
+
+ ///////////////////////
+ // WebContent Handler
+ ///////////////////////
+ route(env,GET,"/theme/:key", new CachingFileAccess<AuthzTrans>(env,
+ CachingFileAccess.CFA_WEB_DIR,"theme"));
+ ///////////////////////
+ }
+
+ public static void main(String[] args) {
+ setup(AuthGUI.class, "authGUI.props");
+ }
+
+ /**
+ * Start up AuthzAPI as DME2 Service
+ * @param env
+ * @param props
+ * @throws DME2Exception
+ * @throws CadiException
+ */
+ public void startDME2(Properties props) throws DME2Exception, CadiException {
+
+ DME2Manager dme2 = new DME2Manager("AAF GUI DME2Manager", props);
+ DME2ServiceHolder svcHolder;
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
+ svcHolder = new DME2ServiceHolder();
+ String serviceName = env.getProperty("DMEServiceName",null);
+ if(serviceName!=null) {
+ svcHolder.setServiceURI(serviceName);
+ svcHolder.setManager(dme2);
+ svcHolder.setContext("/");
+
+
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/gui"});
+ srvHolder.setContextPath("/*");
+ slist.add(srvHolder);
+
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(
+ RequestDispatcherType.REQUEST,
+ RequestDispatcherType.FORWARD,
+ RequestDispatcherType.ASYNC
+ );
+
+ ///////////////////////
+ // Apply Filters
+ ///////////////////////
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
+
+ // Secure all GUI interactions with AuthzTransFilter
+ flist.add(new DME2FilterHolder(new AuthzTransFilter(env, aafCon, new AAFTrustChecker(
+ env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),
+ Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"
+ )),"/gui/*", edlist));
+
+ // Don't need security for display Artifacts or login page
+ AuthzTransOnlyFilter atof;
+ flist.add(new DME2FilterHolder(atof =new AuthzTransOnlyFilter(env),"/theme/*", edlist));
+ flist.add(new DME2FilterHolder(atof,"/js/*", edlist));
+ flist.add(new DME2FilterHolder(atof,"/login/*", edlist));
+
+ svcHolder.setFilters(flist);
+ svcHolder.setServletHolders(slist);
+
+ DME2Server dme2svr = dme2.getServer();
+// dme2svr.setGracefulShutdownTimeMs(1000);
+
+ env.init().log("Starting AAF GUI with Jetty/DME2 server...");
+ dme2svr.start();
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();
+ try {
+// if(env.getProperty("NO_REGISTER",null)!=null)
+ dme2.bindService(svcHolder);
+ env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
+
+ while(true) { // Per DME2 Examples...
+ Thread.sleep(5000);
+ }
+ } catch(InterruptedException e) {
+ env.init().log("AAF Jetty Server interrupted!");
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
+ env.init().log(e,"DME2 Initialization Error");
+ dme2svr.stop();
+ System.exit(1);
+ }
+ } else {
+ env.init().log("Properties must contain DMEServiceName");
+ }
+ }
+
+
+ public AuthzEnv env() {
+ return env;
+ }
+
+ /**
+ * Derive API Error Class from AAF Response (future)
+ */
+ public Error getError(AuthzTrans trans, Future<?> fp) {
+// try {
+ String text = fp.body();
+ Error err = new Error();
+ err.setMessageId(Integer.toString(fp.code()));
+ if(text==null || text.length()==0) {
+ err.setText("**No Message**");
+ } else {
+ err.setText(fp.body());
+ }
+ return err;
+// } catch (APIException e) {
+// Error err = new Error();
+// err.setMessageId(Integer.toString(fp.code()));
+// err.setText("Could not obtain response from AAF Message: " + e.getMessage());
+// return err;
+// }
+ }
+
+ public void writeError(AuthzTrans trans, Future<?> fp, HTMLGen hgen) {
+ Error err = getError(trans,fp);
+
+ String messageBody = err.getText();
+ List<String> vars = err.getVariables();
+ for (int varCounter=0;varCounter<vars.size();) {
+ String var = vars.get(varCounter++);
+ if (messageBody.indexOf("%" + varCounter) >= 0) {
+ messageBody = messageBody.replace("%" + varCounter, var);
+ }
+ }
+
+ String msg = "[" + err.getMessageId() + "] " + messageBody;
+ if(hgen!=null) {
+ hgen.text(msg);
+ }
+ trans.checkpoint("AAF Error: " + msg);
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import static com.att.xgen.html.HTMLGen.A;
+import static com.att.xgen.html.HTMLGen.LI;
+import static com.att.xgen.html.HTMLGen.UL;
+
+import java.io.IOException;
+
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+public class BreadCrumbs extends NamedCode {
+ private Page[] breadcrumbs;
+
+ public BreadCrumbs(Page ... pages) {
+ super(false,"breadcrumbs");
+ breadcrumbs = pages;
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ // BreadCrumbs
+ Mark mark = new Mark();
+ hgen.incr(mark, UL);
+ for(Page p : breadcrumbs) {
+ hgen.incr(LI,true)
+ .leaf(A,"href="+p.url()).text(p.name())
+ .end(2);
+ }
+ hgen.end(mark);
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import java.io.IOException;
+
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.html.HTMLGen;
+
+public class Controls extends NamedCode {
+ public Controls() {
+ super(false,"controls");
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ hgen.incr("form","method=post")
+ .incr("input", true, "type=checkbox", "name=vehicle", "value=Bike").text("I have a bike").end()
+ .text("Password: ")
+ .incr("input", true, "type=password", "id=password1").end()
+ .tagOnly("input", "type=submit", "value=Submit")
+ .end();
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.cssa.rserv.HttpCode;
+import com.att.cssa.rserv.HttpMethods;
+import com.att.inno.env.Slot;
+
+public class Display {
+ private final Page get;
+ public Display(final AuthGUI gui, final HttpMethods meth, final Page page) {
+ get = page;
+ final String[] fields = page.fields();
+ final Slot slots[] = new Slot[fields.length];
+ String prefix = page.name() + '.';
+ for(int i=0;i<slots.length;++i) {
+ slots[i] = gui.env.slot(prefix + fields[i]);
+ }
+
+ /*
+ * We handle all the "Form POST" calls here with a naming convention that allows us to create arrays from strings.
+ *
+ * On the HTTP side, elements concatenate their name with their Index number (if multiple). In this code,
+ * we turn such names into arrays with same index number. Then, we place them in the Transaction "Properties" so that
+ * it can be transferred to subclasses easily.
+ */
+ if(meth.equals(HttpMethods.POST)) {
+ // Here, we'll expect FORM URL Encoded Data, which we need to get from the body
+ gui.route(gui.env, meth, page.url(),
+ new HttpCode<AuthzTrans,AuthGUI>(gui,page.name()) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ trans.put(gui.slot_httpServletRequest, req);
+ for(int i=0; i<fields.length;++i) {
+ int idx = fields[i].indexOf("[]");
+ if(idx<0) { // single value
+ trans.put(slots[i], req.getParameter(fields[i])); // assume first value
+ } else { // multi value
+ String field=fields[i].substring(0, idx);
+ String[] array = new String[30];
+ for(Enumeration<String> names = req.getParameterNames(); names.hasMoreElements();) {
+ String key = names.nextElement();
+ if(key.subSequence(0, idx).equals(field)) {
+ try {
+ int x = Integer.parseInt(key.substring(field.length()));
+ if(x>=array.length) {
+ String[] temp = new String[x+10];
+ System.arraycopy(temp, 0, temp, 0, array.length);
+ array = temp;
+ }
+ array[x]=req.getParameter(key);
+ } catch (NumberFormatException e) {
+ trans.debug().log(e);
+ }
+ }
+ }
+ trans.put(slots[i], array);
+ }
+ }
+ page.replay(context,trans,resp.getOutputStream(),"general");
+ }
+ }, "application/x-www-form-urlencoded","*/*");
+
+ } else {
+ // Transfer whether Page shouldn't be cached to local Final var.
+ final boolean no_cache = page.no_cache;
+
+ gui.route(gui.env, meth, page.url(),
+ new HttpCode<AuthzTrans,AuthGUI>(gui,page.name()) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ trans.put(gui.slot_httpServletRequest, req);
+ for(int i=0; i<slots.length;++i) {
+ int idx = fields[i].indexOf("[]");
+ if(idx<0) { // single value
+ trans.put(slots[i], req.getParameter(fields[i]));
+ } else { // multi value
+ String[] array = new String[30];
+ String field=fields[i].substring(0, idx);
+
+ for(Enumeration<String> mm = req.getParameterNames();mm.hasMoreElements();) {
+ String key = mm.nextElement();
+ if(key.startsWith(field)) {
+ try {
+ int x = Integer.parseInt(key.substring(field.length()));
+ if(x>=array.length) {
+ String[] temp = new String[x+10];
+ System.arraycopy(temp, 0, temp, 0, array.length);
+ array = temp;
+ }
+ array[x]=req.getParameter(key);
+ } catch (NumberFormatException e) {
+ trans.debug().log(e);
+ }
+ }
+ }
+ trans.put(slots[i], array);
+ }
+ }
+ page.replay(context,trans,resp.getOutputStream(),"general");
+ }
+
+ @Override
+ public boolean no_cache() {
+ return no_cache;
+ }
+ }, "text/html","*/*");
+ }
+
+ }
+
+ public Page page() {
+ return get;
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import java.io.IOException;
+
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.html.HTMLGen;
+
+public class Form extends NamedCode {
+ private String preamble;
+ private NamedCode content;
+
+ public Form(boolean no_cache, NamedCode content) {
+ super(no_cache,content.idattrs());
+ this.content = content;
+ preamble=null;
+ idattrs = content.idattrs();
+ }
+
+ public Form preamble(String preamble) {
+ this.preamble = preamble;
+ return this;
+ }
+
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ if(preamble!=null) {
+ hgen.incr("p","class=preamble").text(preamble).end();
+ }
+ hgen.incr("form","method=post");
+
+ content.code(cache, hgen);
+
+ hgen.tagOnly("input", "type=submit", "value=Submit")
+ .tagOnly("input", "type=reset", "value=Reset")
+ .end();
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.gui.NamedCode#idattrs()
+ */
+ @Override
+ public String[] idattrs() {
+ return content.idattrs();
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import com.att.xgen.Code;
+import com.att.xgen.html.HTMLGen;
+
+
+
+public abstract class NamedCode implements Code<HTMLGen> {
+ public final boolean no_cache;
+ protected String[] idattrs;
+
+ /*
+ * Mark whether this code should not be cached, and any attributes
+ */
+ public NamedCode(final boolean no_cache, String ... idattrs) {
+ this.idattrs = idattrs;
+ this.no_cache = no_cache;
+ }
+
+ /**
+ * Return ID and Any Attributes needed to create a "div" section of this code
+ * @return
+ */
+ public String[] idattrs() {
+ return idattrs;
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import static com.att.xgen.html.HTMLGen.A;
+import static com.att.xgen.html.HTMLGen.H1;
+import static com.att.xgen.html.HTMLGen.LI;
+import static com.att.xgen.html.HTMLGen.TITLE;
+import static com.att.xgen.html.HTMLGen.UL;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.cadi.config.Config;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Slot;
+import com.att.inno.env.util.Split;
+import com.att.xgen.Cache;
+import com.att.xgen.CacheGen;
+import com.att.xgen.Code;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLCacheGen;
+import com.att.xgen.html.HTMLGen;
+import com.att.xgen.html.Imports;
+
+/**
+ * A Base "Mobile First" Page
+ *
+ *
+ */
+public class Page extends HTMLCacheGen {
+ public static enum BROWSER {iPhone,html5,ie,ieOld};
+
+ public static final int MAX_LINE=20;
+
+ protected static final String[] NO_FIELDS = new String[0];
+
+ private static final String ENV_CONTEXT = "envContext";
+ private static final String DME_SERVICE_NAME = "DMEServiceName";
+ private static final String ROUTE_OFFER = "routeOffer";
+ private static final String BROWSER_TYPE = "BROWSER_TYPE";
+
+ private final String bcName, bcUrl;
+ private final String[] fields;
+
+ public final boolean no_cache;
+
+ public String name() {
+ return bcName;
+ }
+
+ public String url() {
+ return bcUrl;
+ }
+
+ public String[] fields() {
+ return fields;
+ }
+
+ public Page(AuthzEnv env, String name, String url, String [] fields, final NamedCode ... content) throws APIException,IOException {
+ this(env,name,url,1,fields,content);
+ }
+
+ public Page(AuthzEnv env, String name, String url, int backdots, String [] fields, final NamedCode ... content) throws APIException,IOException {
+ super(CacheGen.PRETTY, new PageCode(env, backdots, content));
+ bcName = name;
+ bcUrl = url;
+ this.fields = fields;
+ // Mark which fields must be "no_cache"
+ boolean no_cacheTemp=false;
+ for(NamedCode nc : content) {
+ if(nc.no_cache) {
+ no_cacheTemp=true;
+ break;
+ }
+ }
+ no_cache=no_cacheTemp;
+ }
+
+ private static class PageCode implements Code<HTMLGen> {
+ private final NamedCode[] content;
+ private final Slot browserSlot;
+ private final int backdots;
+ protected AuthzEnv env;
+
+ public PageCode(AuthzEnv env, int backdots, final NamedCode[] content) {
+ this.content = content;
+ this.backdots = backdots;
+ browserSlot = env.slot(BROWSER_TYPE);
+ this.env = env;
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ // Note: I found that App Storage saves everything about the page, or not. Thus, if you declare the page uncacheable, none of the
+ // Artifacts, like JPGs are stored, which makes this feature useless for Server driven elements
+ //hgen.html("manifest=../theme/aaf.appcache");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI,AuthzTrans>() {
+ @Override
+ public void code(AuthGUI state, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ switch(browser(trans,browserSlot)) {
+ case ieOld:
+ case ie:
+ hgen.directive("!DOCTYPE html");
+ hgen.directive("meta", "http-equiv=X-UA-Compatible","content=IE=11");
+ default:
+ }
+ }
+ });
+ hgen.html();
+ Mark head = hgen.head();
+ hgen.leaf(TITLE).text("AT&T Authentication/Authorization Tool").end();
+ hgen.imports(new Imports(backdots).css("theme/aaf5.css")
+ .js("theme/comm.js")
+ .js("theme/console.js")
+ .js("theme/common.js"));
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI,AuthzTrans>() {
+ @Override
+ public void code(AuthGUI state, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ switch(browser(trans,browserSlot)) {
+ case iPhone:
+ hgen.imports(new Imports(backdots).css("theme/aaf5iPhone.css"));
+ break;
+ case ie:
+ case ieOld:
+ hgen.js().text("document.createElement('header');")
+ .text("document.createElement('nav');")
+ .done();
+ case html5:
+ hgen.imports(new Imports(backdots).css("theme/aaf5Desktop.css"));
+ break;
+ }
+ }
+ });
+ hgen.end(head);
+
+ Mark body = hgen.body();
+ Mark header = hgen.header();
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI,AuthzTrans>() {
+ @Override
+ public void code(AuthGUI state, AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen xgen)
+ throws APIException, IOException {
+ // Obtain Server Info, and print
+ String DMEServiceName = trans.getProperty(DME_SERVICE_NAME);
+ String env = DMEServiceName.substring(
+ DMEServiceName.indexOf(ENV_CONTEXT),
+ DMEServiceName.indexOf(ROUTE_OFFER) -1).split("=")[1];
+
+ xgen.leaf(H1).text("AT&T Auth Tool on " + env).end();
+ xgen.leaf("p","id=version").text("AAF Version: " + trans.getProperty(Config.AAF_DEPLOYED_VERSION, "N/A")).end();
+
+ // Obtain User Info, and print
+ Principal p = trans.getUserPrincipal();
+ String user;
+ if(p==null) {
+ user = "please choose a Login Authority";
+ } else {
+ user = p.getName();
+ }
+ xgen.leaf("p","id=welcome").text("Welcome, " + user).end();
+
+ switch(browser(trans,browserSlot)) {
+ case ieOld:
+ case ie:
+ xgen.incr("h5").text("This app is Mobile First HTML5. Internet Explorer "
+ + " does not support all HTML5 standards. Old, non TSS-Standard versions may not function correctly.").br()
+ .text(" For best results, use a highly compliant HTML5 browser like Firefox.")
+ .end();
+ break;
+ default:
+ }
+ }
+ });
+
+ hgen.hr();
+
+ int cIdx;
+ NamedCode nc;
+ // If BreadCrumbs, put here
+ if(content.length>0 && content[0] instanceof BreadCrumbs) {
+ nc = content[0];
+ Mark ctnt = hgen.divID(nc.idattrs());
+ nc.code(cache, hgen);
+ hgen.end(ctnt);
+ cIdx = 1;
+ } else {
+ cIdx = 0;
+ }
+
+ hgen.end(header);
+
+ Mark inner = hgen.divID("inner");
+ // Content
+ for(int i=cIdx;i<content.length;++i) {
+ nc = content[i];
+ Mark ctnt = hgen.divID(nc.idattrs());
+ nc.code(cache, hgen);
+ hgen.end(ctnt);
+ }
+
+ hgen.end(inner);
+
+ // Navigation - Using older Nav to work with decrepit IE versions
+
+ Mark nav = hgen.divID("nav");
+ hgen.incr("h2").text("Related Links").end();
+ hgen.incr(UL)
+ .leaf(LI).leaf(A,"href="+env.getProperty("aaf_url.aaf_help")).text("AAF WIKI").end(2)
+ .leaf(LI).leaf(A,"href="+env.getProperty("aaf_url.cadi_help")).text("CADI WIKI").end(2);
+ String tools = env.getProperty("aaf_tools");
+ if(tools!=null) {
+ hgen.hr()
+ .incr(HTMLGen.UL,"style=margin-left:5%")
+ .leaf(HTMLGen.H3).text("Related Tools").end();
+
+ for(String tool : Split.splitTrim(',',tools)) {
+ hgen.leaf(LI).leaf(A,"href="+env.getProperty("aaf_url.tool."+tool)).text(tool.toUpperCase() + " Help").end(2);
+ }
+ hgen.end();
+ }
+ hgen.end();
+
+ hgen.hr();
+
+ hgen.end(nav);
+ // Footer - Using older Footer to work with decrepit IE versions
+ Mark footer = hgen.divID("footer");
+ hgen.textCR(1, "(c) 2014-6 AT&T Inc. All Rights Reserved")
+ .end(footer);
+
+ hgen.end(body);
+ hgen.endAll();
+ }
+ }
+
+ public static String getBrowserType() {
+ return BROWSER_TYPE;
+ }
+
+ /**
+ * It's IE if int >=0
+ *
+ * Use int found in "ieVersion"
+ *
+ * Official IE 7
+ * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322;
+ * .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
+ * Official IE 8
+ * Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2;
+ * .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ATT)
+ *
+ * IE 11 Compatibility
+ * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727;
+ * .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; HVD; ATT)
+ *
+ * IE 11 (not Compatiblity)
+ * Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727;
+ * .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; HVD; ATT)
+ *
+ * @param trans
+ * @return
+ */
+ public static BROWSER browser(AuthzTrans trans, Slot slot) {
+ BROWSER br = trans.get(slot, null);
+ if(br==null) {
+ String agent = trans.agent();
+ int msie;
+ if(agent.contains("iPhone") /* other phones? */) {
+ br=BROWSER.iPhone;
+ } else if ((msie = agent.indexOf("MSIE"))>=0) {
+ msie+=5;
+ int end = agent.indexOf(";",msie);
+ float ver;
+ try {
+ ver = Float.valueOf(agent.substring(msie,end));
+ br = ver<8f?BROWSER.ieOld:BROWSER.ie;
+ } catch (Exception e) {
+ br = BROWSER.ie;
+ }
+ } else {
+ br = BROWSER.html5;
+ }
+ trans.put(slot,br);
+ }
+ return br;
+ }
+}
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui;
+
+import static com.att.xgen.html.HTMLGen.TABLE;
+import static com.att.xgen.html.HTMLGen.TD;
+import static com.att.xgen.html.HTMLGen.TR;
+
+import java.io.IOException;
+import java.util.ArrayList;
+
+import com.att.authz.gui.table.AbsCell;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.Trans;
+import com.att.inno.env.TransStore;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+import com.att.xgen.html.State;
+
+public class Table<S extends State<Env>, TRANS extends TransStore> extends NamedCode {
+ private final Slot ROW_MSG_SLOT, EMPTY_TABLE_SLOT;
+ private final String title;
+ private final String[] columns;
+ private final Rows rows;
+
+ public Table(String title, TRANS trans, Data<S,TRANS> data, String ... attrs) {
+ super(true,attrs);
+ ROW_MSG_SLOT=trans.slot("TABLE_ROW_MSG");
+ EMPTY_TABLE_SLOT=trans.slot("TABLE_EMPTY");
+ this.columns = data.headers();
+ boolean alt = false;
+ for(String s : attrs) {
+ if("class=std".equals(s) || "class=stdform".equals(s)) {
+ alt=true;
+ }
+ }
+ rows = new Rows(data,alt?1:0);
+ this.title = title;
+
+ // Derive an ID from title (from no spaces, etc), and prepend to IDAttributes (Protected from NamedCode)
+ idattrs = new String[attrs.length+1];
+ idattrs[0] = title.replaceAll("\\s","");
+ System.arraycopy(attrs, 0, idattrs, 1, attrs.length);
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ Mark table = new Mark();
+ Mark tr = new Mark();
+ hgen.incr(table,TABLE)
+ .leaf("caption", "class=title").text(title).end()
+ .incr(tr,TR);
+ for(String column : columns) {
+ hgen.leaf("th").text(column).end();
+ }
+ hgen.end(tr);
+
+ // Load Rows Dynamically
+ cache.dynamic(hgen, rows);
+ // End Table
+ hgen.end(table);
+
+ // Print Message from Row Gathering, if available
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,S,TRANS>() {
+ @Override
+ public void code(S state, TRANS trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String msg;
+ if((msg = trans.get(EMPTY_TABLE_SLOT, null))!=null) {
+ hgen.incr("style").text("#inner tr,caption,input,p.preamble {display: none;}#inner p.notfound {margin: 0px 0px 0px 20px}").end();
+ hgen.incr(HTMLGen.P,"class=notfound").text(msg).end().br();
+ } else if((msg=trans.get(ROW_MSG_SLOT,null))!=null) {
+ hgen.p(msg).br();
+ }
+ }
+ });
+ }
+
+ public static class Cells {
+ public static final Cells EMPTY = new Cells();
+ private Cells() {
+ cells = new AbsCell[0][0];
+ msg = "No Data Found";
+ }
+
+ public Cells(ArrayList<AbsCell[]> arrayCells, String msg) {
+ cells = new AbsCell[arrayCells.size()][];
+ arrayCells.toArray(cells);
+ this.msg = msg;
+ }
+ public AbsCell[][] cells;
+ public String msg;
+ }
+
+ public interface Data<S extends State<Env>, TRANS extends Trans> {
+ public Cells get(S state,TRANS trans);
+ public String[] headers();
+ }
+
+ private class Rows extends DynamicCode<HTMLGen,S,TRANS> {
+ private Data<S,TRANS> data;
+ private int alt;
+
+ public Rows(Data<S,TRANS> data, int alt) {
+ this.data = data;
+ this.alt = alt;
+ }
+
+ @Override
+ public void code(S state, TRANS trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ Mark tr = new Mark();
+ Mark td = new Mark();
+
+ int alt = this.alt;
+ Cells cells = data.get(state, trans);
+ if(cells.cells.length>0) {
+ for(AbsCell[] row : cells.cells) {
+ switch(alt) {
+ case 1:
+ alt=2;
+ case 0:
+ hgen.incr(tr,TR);
+ break;
+ default:
+ alt=1;
+ hgen.incr(tr,TR,"class=alt");
+ }
+ for(AbsCell cell :row) {
+ hgen.leaf(td, TD,cell.attrs());
+ cell.write(hgen);
+ hgen.end(td);
+ }
+ hgen.end(tr);
+ }
+ // Pass Msg back to Table code, in order to place after Table Complete
+ if(cells.msg!=null) {
+ trans.put(ROW_MSG_SLOT,cells.msg);
+ }
+
+ } else {
+ trans.put(EMPTY_TABLE_SLOT,cells.msg);
+ }
+ }
+ }
+}
--- /dev/null
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.Symm;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.cssa.rserv.HttpMethods;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Api;
+import aaf.v2_0.Api.Route;
+
+public class ApiDocs extends Page {
+ // Package on purpose
+ private static final String HREF = "/gui/api";
+ private static final String NAME = "AAF RESTful API";
+ private static final String fields[] = {};
+ private static final String ERROR_LINK = "<a href=\"./example/"
+ + "YXBwbGljYXRpb24vRXJyb3IranNvbg=="
+// + Symm.base64noSplit().encode("application/Error+json")
+ + "\">JSON</a> "
+ + "<a href=\"./example/"
+ + "YXBwbGljYXRpb24vRXJyb3IreG1s"
+// + Symm.base64noSplit().encode("application/Error+xml")
+ + "\">XML</a> ";
+
+
+ public ApiDocs(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new Preamble(),
+ new Table<AuthGUI,AuthzTrans>("AAF API Reference",gui.env.newTransNoAvg(),new Model(), "class=std")
+ );
+ }
+
+ private static class Preamble extends NamedCode {
+
+ private static final String I = "i";
+
+ public Preamble() {
+ super(false, "preamble");
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
+ xgen.leaf(HTMLGen.H1).text("AAF 2.0 RESTful interface").end()
+ .hr();
+ xgen.leaf(HTMLGen.H2).text("Accessing RESTful").end();
+ xgen.incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).text("AAF RESTful service is secured by the following:").end()
+ .incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).text("The Client must utilize HTTP/S. Non Secure HTTP is not acceptable").end()
+ .leaf(HTMLGen.LI).text("The Client MUST supply an Identity validated by one of the following mechanisms").end()
+ .incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).text("(Near Future) Application level Certificate").end()
+ .end()
+ .end()
+ .leaf(HTMLGen.LI).text("Responses").end()
+ .incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).text("Each API Entity listed shows what structure will be accepted by service (ContentType) "
+ + "or responded with by service (Accept). Therefore, use these in making your call. Critical for PUT/POST.").end()
+ .leaf(HTMLGen.LI).text("Each API call may respond with JSON or XML. Choose the ContentType/Accept that has "
+ + "+json after the type for JSON or +xml after the Type for XML").end()
+ .leaf(HTMLGen.LI).text("XSDs for Versions").end()
+ .incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).leaf(HTMLGen.A,"href=../theme/aaf_2_0.xsd").text("API 2.0").end().end()
+ .end()
+ .leaf(HTMLGen.LI).text("AAF can support multiple Versions of the API. Choose the ContentType/Accept that has "
+ + "the appropriate version=?.?").end()
+ .leaf(HTMLGen.LI).text("All Errors coming from AAF return AT&T Standard Error Message as a String: " + ERROR_LINK
+ + " (does not apply to errors from Container)").end()
+ .end()
+ .leaf(HTMLGen.LI).text("Character Restrictions").end()
+ .incr(HTMLGen.UL)
+ .leaf(HTMLGen.LI).text("Character Restrictions must depend on the Enforcement Point used").end()
+ .leaf(HTMLGen.LI).text("Most AAF usage will be AAF Enforcement Point Characters for Instance and Action are:")
+ .br().br().leaf(I).text("a-zA-Z0-9,.()_-=%").end()
+ .br().br().text("For Instance, you may declare a multi-dimensional key with : (colon) separator, example:").end()
+ .br().leaf(I).text(":myCluster:myKeyspace").end()
+ .br().br().text("The * (asterix) may be used as a wild-card by itself or within the multi-dimensional key, example:")
+ .br().leaf(I).text(":myCluster:*").end()
+ .br().br().text("The % (percent) character can be used as an Escape Character. Applications can use % followed by 2 hexadecimal "
+ + "digits to cover odd keys. It is their code, however, which must translate.")
+ .br().br().text("The = (equals) is allowed so that Applications can pass Base64 encodations of binary keys").end()
+ .leaf(HTMLGen.LI).text("Ask for a Consultation on how these are typically used, or, if your tool is the only Enforcement Point, if set may be expanded").end()
+ .end()
+ .end();
+ /*
+
+ The Content is defined in the AAF XSD - TODO Add aaf.xsd�;
+ Character Restrictions
+
+ URLs impose restrictions on characters which have specific meanings. This means you cannot have these characters in the Field Content you send
+ “#� is a “Fragment URL�, or anchor. Content after this Character is not sent. AAF cannot do anything about this… don’t use it.
+ “?=&�. These are used to delineate Parameters.
+ “/“ is used to separate fields
+ */
+ }
+
+ };
+ /**
+ * Implement the Table Content for Permissions by User
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ public static final String[] HEADERS = new String[] {"Entity","Method","Path Info","Description"};
+ private static final TextCell BLANK = new TextCell("");
+
+ @Override
+ public String[] headers() {
+ return HEADERS;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ ArrayList<AbsCell[]> ns = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> perms = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> roles = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> user = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> aafOnly = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+
+
+ TimeTaken tt = trans.start("AAF APIs",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Api> fa = client.read("/api",gui.apiDF);
+ if(fa.get(5000)) {
+ tt.done();
+ TimeTaken tt2 = trans.start("Load Data", Env.SUB);
+ try {
+ if(fa.value!=null)for(Route r : fa.value.getRoute()) {
+ String path = r.getPath();
+ // Build info
+ StringBuilder desc = new StringBuilder();
+
+ desc.append("<p class=double>");
+ desc.append(r.getDesc());
+
+ if(r.getComments().size()>0) {
+ for(String ct : r.getComments()) {
+ desc.append("</p><p class=api_comment>");
+ desc.append(ct);
+ }
+ }
+
+ if(r.getParam().size()>0) {
+ desc.append("<hr><p class=api_label>Parameters</p>");
+
+ for(String params : r.getParam()) {
+ String param[] = params.split("\\s*\\|\\s*");
+ desc.append("</p><p class=api_contentType>");
+ desc.append(param[0]);
+ desc.append(" : ");
+ desc.append(param[1]);
+ if("true".equalsIgnoreCase(param[2])) {
+ desc.append(" (Required)");
+ }
+ }
+ }
+
+
+ if(r.getExpected()!=0) {
+ desc.append("</p><p class=api_label>Expected HTTP Code</p><p class=api_comment>");
+ desc.append(r.getExpected());
+ }
+
+ if(r.getExplicitErr().size()!=0) {
+ desc.append("</p><p class=api_label>Explicit HTTP Error Codes</p><p class=api_comment>");
+ boolean first = true;
+ for(int ee : r.getExplicitErr()) {
+ if(first) {
+ first = false;
+ } else {
+ desc.append(", ");
+ }
+ desc.append(ee);
+ }
+ }
+
+ desc.append("</p><p class=api_label>");
+ desc.append("GET".equals(r.getMeth())?"Accept:":"ContentType:");
+ Collections.sort(r.getContentType());
+ if(r.getPath().startsWith("/authn/basicAuth")) {
+ desc.append("</p><p class=api_contentType>text/plain");
+ }
+ for(String ct : r.getContentType()) {
+ if(ct.contains("version=2")) {
+ desc.append("</p><p class=api_contentType><a href=\"./example/");
+ try {
+ desc.append(Symm.base64noSplit.encode(ct));
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ desc.append("\"/>");
+ desc.append(ct);
+ desc.append("</a>");
+ }
+ }
+ desc.append("</p>");
+
+
+ AbsCell[] sa = new AbsCell[] {
+ null,
+ new TextCell(r.getMeth(),"class=right"),
+ new TextCell(r.getPath()),
+ new TextCell(desc.toString()),
+ };
+
+ if(path.startsWith("/authz/perm")) {
+ sa[0] = perms.size()==0?new TextCell("PERMISSION"):BLANK;
+ perms.add(sa);
+ } else if(path.startsWith("/authz/role") || path.startsWith("/authz/userRole")) {
+ sa[0] = roles.size()==0?new TextCell("ROLE"):BLANK;
+ roles.add(sa);
+ } else if(path.startsWith("/authz/ns")) {
+ sa[0] = ns.size()==0?new TextCell("NAMESPACE"):BLANK;
+ ns.add(sa);
+ } else if(path.startsWith("/authn/basicAuth")
+ || path.startsWith("/authn/validate")
+ || path.startsWith("/authz/user")) {
+ sa[0] = user.size()==0?new TextCell("USER"):BLANK;
+ user.add(sa);
+ } else {
+ sa[0] = aafOnly.size()==0?new TextCell("AAF ONLY"):BLANK;
+ aafOnly.add(sa);
+ }
+ }
+ //TODO if(trans.fish(p))
+ prepare(rv, perms,roles,ns,user);
+ } finally {
+ tt2.done();
+ }
+ } else {
+ gui.writeError(trans, fa, null);
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e.getMessage());
+ } finally {
+ tt.done();
+ }
+
+ return new Cells(rv,null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private void prepare(ArrayList<AbsCell[]> rv, ArrayList<AbsCell[]> ... all) {
+ AbsCell lead;
+ AbsCell[] row;
+ for(ArrayList<AbsCell[]> al : all) {
+ if(al.size()>1) {
+ row = al.get(0);
+ lead = row[0];
+ row[0]=BLANK;
+ al.get(0).clone()[0]=BLANK;
+ Collections.sort(al, new Comparator<AbsCell[]>() {
+ @Override
+ public int compare(AbsCell[] ca1, AbsCell[] ca2) {
+ int meth = ((TextCell)ca1[2]).name.compareTo(
+ ((TextCell)ca2[2]).name);
+ if(meth == 0) {
+ return (HttpMethods.valueOf(((TextCell)ca1[1]).name).compareTo(
+ HttpMethods.valueOf(((TextCell)ca2[1]).name)));
+ } else {
+ return meth;
+ }
+ }
+ });
+ // set new first row
+ al.get(0)[0]=lead;
+
+ rv.addAll(al);
+ }
+ }
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.Symm;
+import com.att.cadi.client.Future;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Data.TYPE;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Error;
+
+/**
+ * Detail Page for Permissions
+ *
+ *
+ */
+public class ApiExample extends Page {
+ public static final String HREF = "/gui/example/:tc";
+ public static final String NAME = "APIExample";
+
+ public ApiExample(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME, HREF, 2/*backdots*/, new String[] {"API Code Example"},
+ new BreadCrumbs(breadcrumbs),
+ new Model()
+ );
+ }
+
+ private static class Model extends NamedCode {
+ private static final String WITH_OPTIONAL_PARAMETERS = "\n\n////////////\n Data with Optional Parameters \n////////////\n\n";
+
+ public Model() {
+ super(false);
+ }
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
+ Mark inner = xgen.divID("inner");
+ xgen.divID("example","class=std");
+ cache.dynamic(xgen, new DynamicCode<HTMLGen,AuthGUI,AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
+ TimeTaken tt = trans.start("Code Example",Env.REMOTE);
+ try {
+ final String typecode;
+ int prefix = trans.path().lastIndexOf('/')+1;
+ String encoded = trans.path().substring(prefix);
+ typecode = Symm.base64noSplit.decode(encoded);
+ Future<String> fp = gui.client().read("/api/example/" + encoded,
+ "application/Void+json"
+ );
+ Future<String> fs2;
+ if(typecode.contains("Request+")) {
+ fs2 = gui.client().read("/api/example/" + typecode+"?optional=true",
+ "application/Void+json"
+ );
+ } else {
+ fs2=null;
+ }
+
+
+ if(fp.get(5000)) {
+ xgen.incr(HTMLGen.H1).text("Sample Code").end()
+ .incr(HTMLGen.H5).text(typecode).end();
+ xgen.incr("pre");
+ if(typecode.contains("+xml")) {
+ xgen.xml(fp.body());
+ if(fs2!=null && fs2.get(5000)) {
+ xgen.text(WITH_OPTIONAL_PARAMETERS);
+ xgen.xml(fs2.body());
+ }
+ } else {
+ xgen.text(fp.body());
+ if(fs2!=null && fs2.get(5000)) {
+ xgen.text(WITH_OPTIONAL_PARAMETERS);
+ xgen.text(fs2.body());
+ }
+ }
+ xgen.end();
+ } else {
+ Error err = gui.errDF.newData().in(TYPE.JSON).load(fp.body()).asObject();
+ xgen.incr(HTMLGen.H3)
+ .textCR(2,"Error from AAF Service")
+ .end();
+
+ xgen.p("Error Code: ",err.getMessageId())
+ .p(err.getText())
+ .end();
+
+ }
+
+ } catch (APIException e) {
+ throw e;
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new APIException(e);
+ }finally {
+ tt.done();
+ }
+ }
+
+ });
+ xgen.end(inner);
+ }
+ }
+
+}
+
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Approval;
+import aaf.v2_0.Approvals;
+
+public class ApprovalAction extends Page {
+ public ApprovalAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,"Approvals",ApprovalForm.HREF, ApprovalForm.FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ final Slot sAppr = gui.env.slot(ApprovalForm.NAME+'.'+ApprovalForm.FIELDS[0]);
+ final Slot sUser = gui.env.slot(ApprovalForm.NAME+'.'+ApprovalForm.FIELDS[1]);
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, final AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ boolean fail = true;
+ String[] appr = trans.get(sAppr,null);
+ String user = trans.get(sUser,null);
+ String lastPage = ApprovalForm.HREF;
+ if (user != null) {
+ lastPage += "?user="+user;
+ }
+
+ if(appr==null) {
+ hgen.p("No Approvals have been selected.");
+ } else {
+ Approval app;
+ final Approvals apps = new Approvals();
+ int count = 0;
+ for(String a : appr) {
+ if(a!=null) {
+ int idx = a.indexOf('|');
+ if(idx>=0) {
+ app = new Approval();
+ app.setStatus(a.substring(0,idx));
+ app.setTicket(a.substring(++idx));
+ app.setApprover(trans.getUserPrincipal().getName());
+ apps.getApprovals().add(app);
+ ++count;
+ }
+ }
+ }
+ if(apps.getApprovals().isEmpty()) {
+ hgen.p("No Approvals have been sent.");
+ } else {
+ TimeTaken tt = trans.start("AAF Update Approvals",Env.REMOTE);
+ try {
+ final int total = count;
+ fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Boolean>() {
+ @Override
+ public Boolean code(Rcli<?> client) throws APIException, CadiException {
+ boolean fail2 = true;
+ Future<Approvals> fa = client.update("/authz/approval",gui.approvalsDF,apps);
+ if(fa.get(AuthGUI.TIMEOUT)) {
+ // Do Remote Call
+ fail2 = false;
+ hgen.p(total + (total==1?" Approval has":" Approvals have") + " been Saved");
+ } else {
+ gui.writeError(trans, fa, hgen);
+ }
+ return fail2;
+ }
+ });
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+ }
+
+ hgen.br();
+ if(fail) {
+ hgen.incr("a",true,"href="+lastPage).text("Try again").end();
+ } else {
+ hgen.incr("a",true,"href="+Home.HREF).text("Home").end();
+ }
+ }
+ }
+ });
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Form;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.ButtonCell;
+import com.att.authz.gui.table.RadioCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextAndRefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.authz.org.Organization;
+import com.att.authz.org.Organization.Identity;
+import com.att.authz.org.OrganizationFactory;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Approval;
+
+public class ApprovalForm extends Page {
+ // Package on purpose
+ static final String NAME="Approvals";
+ static final String HREF = "/gui/approve";
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ static final String[] FIELDS = new String[] {"line[]","user"};
+
+
+ public ApprovalForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, FIELDS,
+
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(false, "filterByUser") {
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String user = trans.get(trans.env().slot(NAME+".user"),"");
+ hgen.incr("p", "class=userFilter")
+ .text("Filter by User:")
+ .tagOnly("input", "type=text", "value="+user, "id=userTextBox")
+ .tagOnly("input", "type=button", "onclick=userFilter('"+HREF+"');", "value=Go!")
+ .end();
+ }
+ });
+ }
+ },
+ new Form(true,new Table<AuthGUI,AuthzTrans>("Approval Requests", gui.env.newTransNoAvg(),new Model(gui.env()),"class=stdform"))
+ .preamble("The following requires your Approval to proceed in the AAF System.</p><p class=subtext>Hover on Identity for Name; click for WebPhone"),
+ new NamedCode(false, "selectAlljs") {
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ Mark jsStart = new Mark();
+ hgen.js(jsStart);
+ hgen.text("function selectAll(radioClass) {");
+ hgen.text("var radios = document.querySelectorAll(\".\"+radioClass);");
+ hgen.text("for (i = 0; i < radios.length; i++) {");
+ hgen.text("radios[i].checked = true;");
+ hgen.text("}");
+ hgen.text("}");
+ hgen.end(jsStart);
+ }
+ });
+
+ }
+
+ /**
+ * Implement the Table Content for Approvals
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[] {"Identity","Request","Approve","Deny"};
+ private static final Object THE_DOMAIN = null;
+ private Slot sUser;
+
+ public Model(AuthzEnv env) {
+ sUser = env.slot(NAME+".user");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String userParam = trans.get(sUser, null);
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ String msg = null;
+ TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE);
+ try {
+ final List<Approval> pendingApprovals = new ArrayList<Approval>();
+ final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>();
+ int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() {
+ @Override
+ public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<aaf.v2_0.Approvals> fa = client.read("/authz/approval/approver/"+trans.user(),gui.approvalsDF);
+ int numLeft = 0;
+ if(fa.get(AuthGUI.TIMEOUT)) {
+
+ if(fa.value!=null) {
+ for (Approval appr : fa.value.getApprovals()) {
+ if (appr.getStatus().equals("pending")) {
+ if (userParam!=null) {
+ if (!appr.getUser().equalsIgnoreCase(userParam)) {
+ numLeft++;
+ continue;
+ }
+ }
+ pendingApprovals.add(appr);
+ }
+ }
+ }
+
+ String prevApprover = null;
+ int overallIndex = 0;
+
+ for (Approval appr : pendingApprovals) {
+ String currApprover = appr.getApprover();
+ if (!currApprover.equals(prevApprover)) {
+ prevApprover = currApprover;
+ beginIndicesPerApprover.add(overallIndex);
+ }
+ overallIndex++;
+ }
+ }
+ return numLeft;
+ }
+ });
+
+ if (pendingApprovals.size() > 0) {
+ // Only add select all links if we have approvals
+ AbsCell[] selectAllRow = new AbsCell[] {
+ AbsCell.Null,
+ AbsCell.Null,
+ new ButtonCell("all", "onclick=selectAll('approve')", "class=selectAllButton"),
+ new ButtonCell("all", "onclick=selectAll('deny')", "class=selectAllButton")
+ };
+ rv.add(selectAllRow);
+ }
+
+ int line=-1;
+
+ while (beginIndicesPerApprover.size() > 0) {
+ int beginIndex = beginIndicesPerApprover.remove(0);
+ int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0));
+ List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex);
+
+ String currApproverFull = currApproverList.get(0).getApprover();
+ String currApproverShort = currApproverFull.substring(0,currApproverFull.indexOf('@'));
+ String currApprover = (trans.user().indexOf('@')<0?currApproverShort:currApproverFull);
+ if (!currApprover.equals(trans.user())) {
+ AbsCell[] approverHeader;
+ if (currApproverFull.substring(currApproverFull.indexOf('@')).equals(THE_DOMAIN)) {
+ approverHeader = new AbsCell[] {
+ new TextAndRefCell("Approvals Delegated to Me by ", currApprover,
+ WEBPHONE + currApproverShort,
+ new String[] {"colspan=4", "class=head"})
+ };
+ } else {
+ approverHeader = new AbsCell[] {
+ new TextCell("Approvals Delegated to Me by " + currApprover,
+ new String[] {"colspan=4", "class=head"})
+ };
+ }
+ rv.add(approverHeader);
+ }
+
+ // Sort by User Requesting
+ Collections.sort(currApproverList, new Comparator<Approval>() {
+ @Override
+ public int compare(Approval a1, Approval a2) {
+ return a1.getUser().compareTo(a2.getUser());
+ }
+ });
+
+ String prevUser = null;
+ for (Approval appr : currApproverList) {
+ if(++line<MAX_LINE) { // limit number displayed at one time.
+ AbsCell userCell;
+ String user = appr.getUser();
+ if(user.equals(prevUser)) {
+ userCell = AbsCell.Null;
+ } else {
+ String title;
+ Organization org = OrganizationFactory.obtain(trans.env(), user);
+ if(org==null) {
+ title="";
+ } else {
+ Identity au = org.getIdentity(trans, user);
+ if(au!=null) {
+ if(au.type().equals("MECHID")) {
+ title="title=Sponsor is " + au.responsibleTo();
+ } else {
+ title="title=" + au.fullName();
+ }
+ } else {
+ title="";
+ }
+ }
+ userCell = new RefCell(prevUser=user,
+ "" //TODO add Organization Link ability
+ ,title);
+ }
+ AbsCell[] sa = new AbsCell[] {
+ userCell,
+ new TextCell(appr.getMemo()),
+ new RadioCell("line"+ line,"approve", "approved|"+appr.getTicket()),
+ new RadioCell("line"+ line,"deny", "denied|"+appr.getTicket())
+ };
+ rv.add(sa);
+ } else {
+ ++numLeft;
+ }
+ }
+ }
+ if(numLeft>0) {
+ msg = "After these, there will be " + numLeft + " approvals left to process";
+ }
+ if(rv.size()==0) {
+ if (numLeft>0) {
+ msg = "No Approvals to process at this time for user " + userParam +". You have "
+ + numLeft + " other approvals to process.";
+ } else {
+ msg = "No Approvals to process at this time";
+ }
+ }
+ } catch (Exception e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,msg);
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import static com.att.xgen.html.HTMLGen.A;
+import static com.att.xgen.html.HTMLGen.H3;
+
+import java.io.IOException;
+
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+
+public class Home extends Page {
+ public static final String HREF = "/gui/home";
+ public Home(final AuthGUI gui) throws APIException, IOException {
+ super(gui.env,"Home",HREF, NO_FIELDS, new NamedCode(false,"content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen xgen) throws APIException, IOException {
+// // TEMP
+// JSGen jsg = xgen.js();
+// jsg.function("httpPost","sURL","sParam")
+// .text("var oURL = new java.net.URL(sURL)")
+// .text("var oConn = oURL.openConnection();")
+// .text("oConn.setDoInput(true);")
+// .text("oConn.setDoOutpu(true);")
+// .text("oConn.setUseCaches(false);")
+// .text("oConn.setRequestProperty(\"Content-Type\",\"application/x-www-form-urlencoded\");")
+// .text(text)
+// jsg.done();
+ // TEMP
+ final Mark pages = xgen.divID("Pages");
+ xgen.leaf(H3).text("Choose from the following:").end()
+ .leaf(A,"href=myperms").text("My Permissions").end()
+ .leaf(A,"href=myroles").text("My Roles").end()
+ // TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page
+ .leaf(A,"href=mynamespaces").text("My Namespaces").end()
+ .leaf(A,"href=approve").text("My Approvals").end()
+ .leaf(A, "href=myrequests").text("My Pending Requests").end()
+ // Enable later
+// .leaf(A, "href=onboard").text("Onboarding").end()
+ // Password Change. If logged in as CSP/GSO, go to their page
+ .leaf(A,"href=passwd").text("Password Management").end()
+ .leaf(A,"href=cui").text("Command Prompt").end()
+ .leaf(A,"href=api").text("AAF API").end()
+ ;
+
+ xgen.end(pages);
+ }
+ });
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.URLDecoder;
+
+import javax.servlet.http.HttpServletRequest;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.config.Config;
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+public class LoginLanding extends Page {
+ public static final String HREF = "/login";
+ static final String NAME = "Login";
+ static final String fields[] = {"id","password","environment"};
+ static final String envs[] = {"DEV","TEST","PROD"};
+
+ public LoginLanding(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME,HREF, fields, new NamedCode(true, "content") {
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ hgen.leaf("p").text("No login credentials are found in your current session. " +
+ "Choose your preferred login option to continue.").end();
+
+ Mark loginPaths = hgen.divID("Pages");
+
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI authGUI, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException {
+ HttpServletRequest req = trans.get(gui.slot_httpServletRequest, null);
+ if(req!=null) {
+ String query = req.getQueryString();
+ if(query!=null) {
+ for(String qs : query.split("&")) {
+ int equals = qs.indexOf('=');
+ xgen.leaf(HTMLGen.A, "href="+URLDecoder.decode(qs.substring(equals+1),Config.UTF_8)).text(qs.substring(0,equals).replace('_', ' ')).end();
+ }
+ }
+ }
+ xgen.leaf(HTMLGen.A, "href=gui/home?Authentication=BasicAuth").text("AAF Basic Auth").end();
+ }
+ });
+// hgen.leaf("a", "href=#","onclick=divVisibility('cso');").text("Global Login").end()
+// .incr("p", "id=cso","style=display:none").text("this will redirect to global login").end()
+// .leaf("a", "href=#","onclick=divVisibility('tguard');").text("tGuard").end()
+// .incr("p", "id=tguard","style=display:none").text("this will redirect to tGuard login").end()
+// hgen.leaf("a", "href=#","onclick=divVisibility('basicauth');").text("AAF Basic Auth").end();
+ hgen.end(loginPaths);
+
+// hgen.incr("form","method=post","style=display:none","id=basicauth","gui/home?Authentication=BasicAuth");
+// Mark table = new Mark(TABLE);
+// hgen.incr(table);
+// cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+// @Override
+// public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen)
+// throws APIException, IOException {
+// hgen
+// .input(fields[0],"Username",true)
+// .input(fields[1],"Password",true, "type=password");
+// Mark selectRow = new Mark();
+// hgen
+// .incr(selectRow, "tr")
+// .incr("td")
+// .incr("label", "for=envs", "required").text("Environment").end()
+// .end()
+// .incr("td")
+// .incr("select", "name=envs", "id=envs", "required")
+// .incr("option", "value=").text("Select Environment").end();
+// for (String env : envs) {
+// hgen.incr("option", "value="+env).text(env).end();
+// }
+// hgen
+// .end(selectRow)
+
+// hgen.end();
+// }
+// });
+// hgen.end();
+// hgen.tagOnly("input", "type=submit", "value=Submit")
+// .tagOnly("input", "type=reset", "value=Reset")
+// .end();
+
+
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Slot;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+public class LoginLandingAction extends Page {
+ public LoginLandingAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,"Login",LoginLanding.HREF, LoginLanding.fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ final Slot sID = gui.env.slot(LoginLanding.NAME+'.'+LoginLanding.fields[0]);
+// final Slot sPassword = gui.env.slot(LoginLanding.NAME+'.'+LoginLanding.fields[1]);
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, final AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String username = trans.get(sID,null);
+// String password = trans.get(sPassword,null);
+
+ hgen.p("User: "+username);
+ hgen.p("Pass: ********");
+
+ // TODO: clarification from JG
+ // put in request header?
+ // then pass through authn/basicAuth call?
+
+ }
+ });
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.cmd.AAFcli;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+
+import aaf.v2_0.Nss;
+import aaf.v2_0.Nss.Ns;
+import aaf.v2_0.Perm;
+import aaf.v2_0.Perms;
+import aaf.v2_0.Role;
+import aaf.v2_0.Roles;
+import aaf.v2_0.Users;
+import aaf.v2_0.Users.User;
+
+public class NsDetail extends Page {
+
+ public static final String HREF = "/gui/nsdetail";
+ public static final String NAME = "NsDetail";
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ public static enum NS_FIELD { OWNERS, ADMINS, ROLES, PERMISSIONS, CREDS};
+ private static final String BLANK = "";
+
+ public NsDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME, HREF, new String[] {"name"},
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Namespace Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail")
+ );
+ }
+
+ /**
+ * Implement the table content for Namespace Detail
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[0];
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ private Slot name;
+ public Model(AuthzEnv env) {
+ name = env.slot(NAME+".name");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String nsName = trans.get(name, null);
+ if(nsName==null) {
+ return Cells.EMPTY;
+ }
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ rv.add(new AbsCell[]{new TextCell("Name:"),new TextCell(nsName)});
+
+ final TimeTaken tt = trans.start("AAF Namespace Details",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(),new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Nss> fn = client.read("/authz/nss/"+nsName,gui.nssDF);
+
+ if(fn.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ try {
+// TimeTaken tt = trans.start("Load Data", Env.SUB);
+
+ for(Ns n : fn.value.getNs()) {
+ String desc = (n.getDescription()!=null?n.getDescription():BLANK);
+ rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)});
+
+ addField(trans, rv, n.getAdmin(), NS_FIELD.ADMINS);
+ addField(trans, rv, n.getResponsible(), NS_FIELD.OWNERS);
+
+ Future<Users> fu = client.read(
+ "/authn/creds/ns/"+nsName,
+ gui.usersDF
+ );
+ List<String> creds = new ArrayList<String>();
+ if(fu.get(AAFcli.timeout())) {
+ for (User u : fu.value.getUser()) {
+ StringBuilder sb = new StringBuilder(u.getId());
+ switch(u.getType()) {
+ case 1: sb.append(" (U/Pass) "); break;
+ case 10: sb.append(" (Cert) "); break;
+ case 200: sb.append(" (x509) "); break;
+ default:
+ sb.append(" ");
+ }
+ sb.append(Chrono.niceDateStamp(u.getExpires()));
+ creds.add(sb.toString());
+ }
+ }
+ addField(trans, rv, creds, NS_FIELD.CREDS);
+
+ Future<Roles> fr = client.read(
+ "/authz/roles/ns/"+nsName,
+ gui.rolesDF
+ );
+ List<String> roles = new ArrayList<String>();
+ if(fr.get(AAFcli.timeout())) {
+ for (Role r : fr.value.getRole()) {
+ roles.add(r.getName());
+ }
+ }
+ addField(trans, rv, roles, NS_FIELD.ROLES);
+
+
+ Future<Perms> fp = client.read(
+ "/authz/perms/ns/"+nsName,
+ gui.permsDF
+ );
+ List<String> perms = new ArrayList<String>();
+
+ if(fp.get(AAFcli.timeout())) {
+ for (Perm p : fp.value.getPerm()) {
+ perms.add(p.getType() + "|" + p.getInstance() + "|" + p.getAction());
+ }
+ }
+ addField(trans, rv, perms, NS_FIELD.PERMISSIONS);
+ }
+ String historyLink = NsHistory.HREF
+ + "?name=" + nsName;
+ rv.add(new AbsCell[] {new RefCell("See History",historyLink)});
+ } finally {
+ tt.done();
+ }
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")});
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,null);
+ }
+
+ private void addField(AuthzTrans trans, ArrayList<AbsCell[]> rv, List<String> values, NS_FIELD field) {
+ if (!values.isEmpty()) {
+ switch(field) {
+ case OWNERS:
+ case ADMINS:
+ case CREDS:
+ for (int i=0; i< values.size(); i++) {
+ AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null);
+ String user = values.get(i);
+ AbsCell userCell = (user.endsWith(CSP_ATT_COM)?
+ new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user));
+ rv.add(new AbsCell[] {
+ label,
+ userCell
+ });
+ }
+ break;
+ case ROLES:
+ for (int i=0; i< values.size(); i++) {
+ AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null);
+ rv.add(new AbsCell[] {
+ label,
+ new TextCell(values.get(i))
+ });
+ }
+ break;
+ case PERMISSIONS:
+ for (int i=0; i< values.size(); i++) {
+ AbsCell label = (i==0?new TextCell(sentenceCase(field)+":"):AbsCell.Null);
+ String perm = values.get(i);
+ String[] fields = perm.split("\\|");
+ String grantLink = PermGrantForm.HREF
+ + "?type=" + fields[0].trim()
+ + "&instance=" + fields[1].trim()
+ + "&action=" + fields[2].trim();
+
+ rv.add(new AbsCell[] {
+ label,
+ new TextCell(perm),
+ new RefCell("Grant This Perm", grantLink)
+ });
+ }
+ break;
+ }
+
+ }
+ }
+
+ private String sentenceCase(NS_FIELD field) {
+ String sField = field.toString();
+ return sField.substring(0, 1).toUpperCase() + sField.substring(1).toLowerCase();
+ }
+
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Comparator;
+import java.util.List;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.History;
+import aaf.v2_0.History.Item;
+
+public class NsHistory extends Page {
+ static final String NAME="NsHistory";
+ static final String HREF = "/gui/nsHistory";
+ static final String FIELDS[] = {"name","dates"};
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
+ AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
+
+ public NsHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot name = gui.env.slot(NAME+".name");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String obName = trans.get(name, null);
+
+ // Use Javascript to make the table title more descriptive
+ hgen.js()
+ .text("var caption = document.querySelector(\".title\");")
+ .text("caption.innerHTML='History for Namespace [ " + obName + " ]';")
+ .done();
+
+ // Use Javascript to change Link Target to our last visited Detail page
+ String lastPage = NsDetail.HREF + "?name=" + obName;
+ hgen.js()
+ .text("alterLink('nsdetail', '"+lastPage + "');")
+ .done();
+
+ hgen.br();
+ hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ .divID("advanced_search", "style=display:none");
+ hgen.incr("table");
+
+ addDateRow(hgen,"Start Date");
+ addDateRow(hgen,"End Date");
+ hgen.incr("tr").incr("td");
+ hgen.tagOnly("input", "type=button","value=Get History",
+ "onclick=datesURL('"+HREF+"?name=" + obName+"');");
+ hgen.end().end();
+ hgen.end();
+ hgen.end();
+
+ }
+ });
+ }
+ }
+
+ );
+ }
+
+ private static void addDateRow(HTMLGen hgen, String s) {
+ hgen
+ .incr("tr")
+ .incr("td")
+ .incr("label", "for=month", "required").text(s+"*").end()
+ .end()
+ .incr("td")
+ .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
+ .incr("option", "value=").text("Month").end();
+ for (Month m : Month.values()) {
+ if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
+ hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
+ } else {
+ hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end();
+ }
+ }
+ hgen.end()
+ .end()
+ .incr("td")
+ .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required",
+ "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900",
+ "max="+Calendar.getInstance().get(Calendar.YEAR),
+ "placeholder=Year").end()
+ .end();
+ }
+
+
+
+
+ /**
+ * Implement the Table Content for History
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ private static final String[] headers = new String[] {"Date","User","Memo"};
+ private Slot name;
+ private Slot dates;
+
+ public Model(AuthzEnv env) {
+ name = env.slot(NAME+".name");
+ dates = env.slot(NAME+".dates");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String oName = trans.get(name,null);
+ final String oDates = trans.get(dates,null);
+
+ if(oName==null) {
+ return Cells.EMPTY;
+ }
+
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ String msg = null;
+ final TimeTaken tt = trans.start("AAF Get History for Namespace ["+oName+"]",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ if (oDates != null) {
+ client.setQueryParams("yyyymm="+oDates);
+ }
+ Future<History> fh = client.read("/authz/hist/ns/"+oName,gui.historyDF);
+ if (fh.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ TimeTaken tt2 = trans.start("Load History Data", Env.SUB);
+ try {
+ List<Item> histItems = fh.value.getItem();
+
+ java.util.Collections.sort(histItems, new Comparator<Item>() {
+ @Override
+ public int compare(Item o1, Item o2) {
+ return o2.getTimestamp().compare(o1.getTimestamp());
+ }
+ });
+
+ for (Item i : histItems) {
+ String user = i.getUser();
+ AbsCell userCell = (user.endsWith(CSP_ATT_COM)?
+ new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user));
+
+ rv.add(new AbsCell[] {
+ new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
+ userCell,
+ new TextCell(i.getMemo())
+ });
+ }
+ } finally {
+ tt2.done();
+ }
+ } else {
+ if (fh.code()==403) {
+ rv.add(new AbsCell[] {new TextCell("You may not view History of Namespace [" + oName + "]", "colspan = 3", "class=center")});
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")});
+ }
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,msg);
+ }
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.text.ParseException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.CredRequest;
+
+public class NsInfoAction extends Page {
+ public NsInfoAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,"Onboard",PassChangeForm.HREF, PassChangeForm.fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]);
+ final Slot sCurrPass = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[1]);
+ final Slot sPassword = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[2]);
+ final Slot sPassword2 = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[3]);
+ final Slot startDate = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[4]);
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, final AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String id = trans.get(sID,null);
+ String currPass = trans.get(sCurrPass,null);
+ String password = trans.get(sPassword,null);
+ String password2 = trans.get(sPassword2,null);
+
+ // Run Validations
+ boolean fail = true;
+
+ if (id==null || id.indexOf('@')<=0) {
+ hgen.p("Data Entry Failure: Please enter a valid ID, including domain.");
+ } else if(password == null || password2 == null || currPass == null) {
+ hgen.p("Data Entry Failure: Both Password Fields need entries.");
+ } else if(!password.equals(password2)) {
+ hgen.p("Data Entry Failure: Passwords do not match.");
+ } else { // everything else is checked by Server
+ final CredRequest cred = new CredRequest();
+ cred.setId(id);
+ cred.setPassword(currPass);
+ try {
+ fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Boolean>() {
+ @Override
+ public Boolean code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("Check Current Password",Env.REMOTE);
+ try {
+ Future<CredRequest> fcr = client.create( // Note: Need "Post", because of hiding password in SSL Data
+ "/authn/validate",
+ gui.credReqDF,
+ cred
+ );
+ boolean go;
+ boolean fail = true;
+ fcr.get(5000);
+ if(fcr.code() == 200) {
+ hgen.p("Current Password validated");
+ go = true;
+ } else {
+ hgen.p(String.format("Invalid Current Password: %d %s",fcr.code(),fcr.body()));
+ go = false;
+ }
+ if(go) {
+ tt.done();
+ tt = trans.start("AAF Change Password",Env.REMOTE);
+ try {
+ // Change over Cred to reset mode
+ cred.setPassword(password);
+ String start = trans.get(startDate, null);
+ if(start!=null) {
+ try {
+ cred.setStart(Chrono.timeStamp(Chrono.dateOnlyFmt.parse(start)));
+ } catch (ParseException e) {
+ throw new CadiException(e);
+ }
+ }
+
+ fcr = client.create(
+ "/authn/cred",
+ gui.credReqDF,
+ cred
+ );
+
+ if(fcr.get(5000)) {
+ // Do Remote Call
+ hgen.p("New Password has been added.");
+ fail = false;
+ } else {
+ gui.writeError(trans, fcr, hgen);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ return fail;
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ } catch (Exception e) {
+ hgen.p("Unknown Error");
+ e.printStackTrace();
+ }
+ }
+ hgen.br();
+ if(fail) {
+ hgen.incr("a",true,"href="+PassChangeForm.HREF+"?id="+id).text("Try again").end();
+ } else {
+ hgen.incr("a",true,"href="+Home.HREF).text("Home").end();
+ }
+ }
+ });
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import static com.att.xgen.html.HTMLGen.A;
+import static com.att.xgen.html.HTMLGen.TABLE;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Nss;
+import aaf.v2_0.Nss.Ns;
+import aaf.v2_0.Nss.Ns.Attrib;
+
+public class NsInfoForm extends Page {
+ // Package on purpose
+ static final String HREF = "/gui/onboard";
+ static final String NAME = "Onboarding";
+ static final String fields[] = {"ns","description","mots","owners","admins"};
+
+ public NsInfoForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+
+ private final Slot sID = gui.env.slot(NsInfoForm.NAME+'.'+NsInfoForm.fields[0]);
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment
+ hgen.leaf(HTMLGen.H2).text("Namespace Info").end()
+ .leaf("p").text("Hover over Fields for Tool Tips, or click ")
+ .leaf(A,"href="+gui.env.getProperty("aaf_url.gui_onboard","")).text("Here").end()
+ .text(" for more information")
+ .end()
+ .incr("form","method=post");
+ Mark table = new Mark(TABLE);
+ hgen.incr(table);
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @SuppressWarnings("unchecked")
+ @Override
+ public void code(final AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ final String incomingID= trans.get(sID, "");
+ final String[] info = new String[fields.length];
+ final Object own_adm[] = new Object[2];
+ for(int i=0;i<info.length;++i) {
+ info[i]="";
+ }
+ if(incomingID.length()>0) {
+ TimeTaken tt = trans.start("AAF Namespace Info",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Nss> fn = client.read("/authz/nss/"+incomingID,gui.nssDF);
+ if(fn.get(AuthGUI.TIMEOUT)) {
+ for(Ns ns : fn.value.getNs()) {
+ info[0]=ns.getName();
+ info[1]=ns.getDescription();
+ for(Attrib attr: ns.getAttrib()) {
+ switch(attr.getKey()) {
+ case "mots":
+ info[2]=attr.getValue();
+ default:
+ }
+ }
+ own_adm[0]=ns.getResponsible();
+ own_adm[1]=ns.getAdmin();
+ }
+ } else {
+ trans.error().log(fn.body());
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log("Unable to access AAF for NS Info",incomingID);
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+ }
+ hgen.input(fields[0],"Namespace",false,"value="+info[0],"title=AAF Namespace")
+ .input(fields[1],"Description*",true,"value="+info[1],"title=Full Application Name, Tool Name or Group")
+ .input(fields[2],"MOTS ID",false,"value="+info[2],"title=MOTS ID if this is an Application, and has MOTS");
+ Mark endTD = new Mark(),endTR=new Mark();
+ // Owners
+ hgen.incr(endTR,HTMLGen.TR)
+ .incr(endTD,HTMLGen.TD)
+ .leaf("label","for="+fields[3]).text("Responsible Party")
+ .end(endTD)
+ .incr(endTD,HTMLGen.TD)
+ .tagOnly("input","id="+fields[3],"title=Owner of App, must be an Non-Bargained Employee");
+ if(own_adm[0]!=null) {
+ for(String s : (List<String>)own_adm[0]) {
+ hgen.incr("label",true).text(s).end();
+ }
+ }
+ hgen.end(endTR);
+
+ // Admins
+ hgen.incr(endTR,HTMLGen.TR)
+ .incr(endTD,HTMLGen.TD)
+ .leaf("label","for="+fields[4]).text("Administrators")
+ .end(endTD)
+ .incr(endTD,HTMLGen.TD)
+ .tagOnly("input","id="+fields[4],"title=Admins may be employees, contractors or mechIDs");
+ if(own_adm[1]!=null) {
+ for(String s : (List<String>)own_adm[1]) {
+ hgen.incr(HTMLGen.P,true).text(s).end();
+ }
+ }
+ hgen.end(endTR)
+ .end();
+ }
+ });
+ hgen.end();
+ hgen.tagOnly("input", "type=submit", "value=Submit")
+ .end();
+
+ }
+ });
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+
+import aaf.v2_0.Nss;
+import aaf.v2_0.Nss.Ns;
+
+public class NssShow extends Page {
+ public static final String HREF = "/gui/mynamespaces";
+
+ public NssShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, "MyNamespaces",HREF, NO_FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Namespaces I administer",gui.env.newTransNoAvg(),new Model("admin",gui.env),
+ "class=std", "style=display: inline-block; width: 45%; margin: 10px;"),
+ new Table<AuthGUI,AuthzTrans>("Namespaces I own",gui.env.newTransNoAvg(),new Model("responsible",gui.env),
+ "class=std", "style=display: inline-block; width: 45%; margin: 10px;"));
+ }
+
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private String[] headers;
+ private String privilege = null;
+ public final Slot sNssByUser;
+ private boolean isAdmin;
+
+ public Model(String privilege,AuthzEnv env) {
+ super();
+ headers = new String[] {privilege};
+ this.privilege = privilege;
+ isAdmin = "admin".equals(privilege);
+ sNssByUser = env.slot("NSS_SHOW_MODEL_DATA");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ List<Ns> nss = trans.get(sNssByUser, null);
+ if(nss==null) {
+ TimeTaken tt = trans.start("AAF Nss by User for " + privilege,Env.REMOTE);
+ try {
+ nss = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<List<Ns>>() {
+ @Override
+ public List<Ns> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ List<Ns> nss = null;
+ Future<Nss> fp = client.read("/authz/nss/either/" + trans.user(),gui.nssDF);
+ if(fp.get(AuthGUI.TIMEOUT)) {
+ TimeTaken tt = trans.start("Load Data for " + privilege, Env.SUB);
+ try {
+ if(fp.value!=null) {
+ nss = fp.value.getNs();
+ Collections.sort(nss, new Comparator<Ns>() {
+ public int compare(Ns ns1, Ns ns2) {
+ return ns1.getName().compareToIgnoreCase(ns2.getName());
+ }
+ });
+ trans.put(sNssByUser,nss);
+ }
+ } finally {
+ tt.done();
+ }
+ }else {
+ gui.writeError(trans, fp, null);
+ }
+ return nss;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+
+ if(nss!=null) {
+ for(Ns n : nss) {
+ if((isAdmin && !n.getAdmin().isEmpty())
+ || (!isAdmin && !n.getResponsible().isEmpty())) {
+ AbsCell[] sa = new AbsCell[] {
+ new RefCell(n.getName(),NsDetail.HREF
+ +"?name="+n.getName()),
+ };
+ rv.add(sa);
+ }
+ }
+ }
+
+ return new Cells(rv,null);
+ }
+ }
+
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.text.ParseException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.CredRequest;
+
+public class PassChangeAction extends Page {
+ public PassChangeAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,"PassChange",PassChangeForm.HREF, PassChangeForm.fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]);
+ final Slot sCurrPass = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[1]);
+ final Slot sPassword = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[2]);
+ final Slot sPassword2 = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[3]);
+ final Slot startDate = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[4]);
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, final AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String id = trans.get(sID,null);
+ String currPass = trans.get(sCurrPass,null);
+ String password = trans.get(sPassword,null);
+ String password2 = trans.get(sPassword2,null);
+
+ // Run Validations
+ boolean fail = true;
+
+ if (id==null || id.indexOf('@')<=0) {
+ hgen.p("Data Entry Failure: Please enter a valid ID, including domain.");
+ } else if(password == null || password2 == null || currPass == null) {
+ hgen.p("Data Entry Failure: Both Password Fields need entries.");
+ } else if(!password.equals(password2)) {
+ hgen.p("Data Entry Failure: Passwords do not match.");
+ } else { // everything else is checked by Server
+ final CredRequest cred = new CredRequest();
+ cred.setId(id);
+ cred.setPassword(currPass);
+ try {
+ fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Boolean>() {
+ @Override
+ public Boolean code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ boolean fail = true;
+ boolean go = false;
+ TimeTaken tt = trans.start("Check Current Password",Env.REMOTE);
+ try {
+ Future<CredRequest> fcr = client.create( // Note: Need "Post", because of hiding password in SSL Data
+ "/authn/validate",gui.credReqDF,cred);
+
+ fcr.get(5000);
+ if(fcr.code() == 200) {
+ hgen.p("Current Password validated");
+ go = true;
+ } else {
+ hgen.p(String.format("Invalid Current Password: %d %s",fcr.code(),fcr.body()));
+ go = false;
+ }
+ } finally {
+ tt.done();
+ }
+ if(go) {
+ tt = trans.start("AAF Change Password",Env.REMOTE);
+ try {
+ // Change over Cred to reset mode
+ cred.setPassword(password);
+ String start = trans.get(startDate, null);
+ if(start!=null) {
+ try {
+ cred.setStart(Chrono.timeStamp(Chrono.dateOnlyFmt.parse(start)));
+ } catch (ParseException e) {
+ throw new CadiException(e);
+ }
+ }
+
+ Future<CredRequest> fcr = client.create(
+ "/authn/cred",
+ gui.credReqDF,
+ cred
+ );
+
+ if(fcr.get(5000)) {
+ // Do Remote Call
+ hgen.p("New Password has been added.");
+ fail = false;
+ } else {
+ gui.writeError(trans, fcr, hgen);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ return fail;
+ }
+
+ });
+ } catch (Exception e) {
+ hgen.p("Unknown Error");
+ e.printStackTrace();
+ }
+
+ }
+ hgen.br();
+ if(fail) {
+ hgen.incr("a",true,"href="+PassChangeForm.HREF+"?id="+id).text("Try again").end();
+ } else {
+ hgen.incr("a",true,"href="+Home.HREF).text("Home").end();
+ }
+ }
+ });
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import static com.att.xgen.html.HTMLGen.TABLE;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Slot;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+public class PassChangeForm extends Page {
+ // Package on purpose
+ static final String HREF = "/gui/passwd";
+ static final String NAME = "PassChange";
+ static final String fields[] = {"id","current","password","password2","startDate"};
+
+ public PassChangeForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ private final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]);
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment
+ hgen.leaf("p").text("You are requesting a new Mechanical Password in the AAF System. " +
+ "So that you can perform clean migrations, you will be able to use both this " +
+ "new password and the old one until their respective expiration dates.").end()
+ .leaf("p").text("Note: You must be a Namespace Admin where the MechID resides.").end()
+ .incr("form","method=post");
+ Mark table = new Mark(TABLE);
+ hgen.incr(table);
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+// GregorianCalendar gc = new GregorianCalendar();
+// System.out.println(gc.toString());
+ String incomingID= trans.get(sID, "");
+ hgen
+ .input(fields[0],"ID*",true,"value="+incomingID)
+ .input(fields[1],"Current Password*",true,"type=password")
+ .input(fields[2],"New Password*",true, "type=password")
+ .input(fields[3], "Reenter New Password*",true, "type=password")
+// .input(fields[3],"Start Date",false,"type=date", "value="+
+// Chrono.dateOnlyFmt.format(new Date(System.currentTimeMillis()))
+// )
+ .end();
+ }
+ });
+ hgen.end();
+ hgen.tagOnly("input", "type=submit", "value=Submit")
+ .end();
+
+ }
+ });
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.UUID;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Approval;
+import aaf.v2_0.Approvals;
+
+public class PendingRequestsShow extends Page {
+ public static final String HREF = "/gui/myrequests";
+ public static final String NAME = "MyRequests";
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ private static final String DATE_TIME_FORMAT = "yyyy-MM-dd";
+
+ public PendingRequestsShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME,HREF, NO_FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"expedite") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ hgen
+ .leaf("p", "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ")
+ .br()
+ .text("To Expedite a Request: ")
+ .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');")
+ .text("Click Here").end()
+ .divID("expedite_directions", "style=display:none");
+ hgen
+ .incr(HTMLGen.OL)
+ .incr(HTMLGen.LI)
+ .leaf("a","href="+ApprovalForm.HREF+"?user="+trans.user(), "id=userApprove")
+ .text("Copy This Link")
+ .end()
+ .end()
+ .incr(HTMLGen.LI)
+ .text("Send it to the Approver Listed")
+ .end()
+ .end()
+ .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!")
+ .end()
+ .end();
+ }
+ });
+ }
+ },
+ new Table<AuthGUI,AuthzTrans>("Pending Requests",gui.env.newTransNoAvg(),new Model(), "class=std")
+ );
+
+
+ }
+
+ /**
+ * Implement the Table Content for Requests by User
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L;
+ private static final String[] headers = new String[] {"Request Date","Status","Memo","Approver"};
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ DateFormat createdDF = new SimpleDateFormat(DATE_TIME_FORMAT);
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("AAF Get Approvals by User",Env.REMOTE);
+ try {
+ Future<Approvals> fa = client.read("/authz/approval/user/"+trans.user(),gui.approvalsDF);
+ if(fa.get(5000)) {
+ tt.done();
+ tt = trans.start("Load Data", Env.SUB);
+ if(fa.value!=null) {
+ List<Approval> approvals = fa.value.getApprovals();
+ Collections.sort(approvals, new Comparator<Approval>() {
+ @Override
+ public int compare(Approval a1, Approval a2) {
+ UUID id1 = UUID.fromString(a1.getId());
+ UUID id2 = UUID.fromString(a2.getId());
+ return id1.timestamp()<=id2.timestamp()?1:-1;
+ }
+ });
+
+ String prevTicket = null;
+ for(Approval a : approvals) {
+ String approver = a.getApprover();
+ String approverShort = approver.substring(0,approver.indexOf('@'));
+
+ AbsCell tsCell = null;
+ String ticket = a.getTicket();
+ if (ticket.equals(prevTicket)) {
+ tsCell = AbsCell.Null;
+ } else {
+ UUID id = UUID.fromString(a.getId());
+ tsCell = new RefCell(createdDF.format((id.timestamp() - NUM_100NS_INTERVALS_SINCE_UUID_EPOCH)/10000),
+ RequestDetail.HREF + "?ticket=" + a.getTicket());
+ prevTicket = ticket;
+ }
+
+ AbsCell approverCell = null;
+ if (approver.endsWith(CSP_ATT_COM)) {
+ approverCell = new RefCell(approver, WEBPHONE + approverShort);
+ } else {
+ approverCell = new TextCell(approver);
+ }
+ AbsCell[] sa = new AbsCell[] {
+ tsCell,
+ new TextCell(a.getStatus()),
+ new TextCell(a.getMemo()),
+ approverCell
+ };
+ rv.add(sa);
+ }
+ }
+ } else {
+ gui.writeError(trans, fa, null);
+ }
+ } finally {
+ tt.done();
+ }
+
+
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ return new Cells(rv,null);
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+
+import aaf.v2_0.Perm;
+import aaf.v2_0.Perms;
+
+/**
+ * Detail Page for Permissions
+ *
+ */
+public class PermDetail extends Page {
+ public static final String HREF = "/gui/permdetail";
+ public static final String NAME = "PermDetail";
+ private static final String BLANK = "";
+
+ public PermDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME, HREF, new String[] {"type","instance","action"},
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Permission Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail")
+ );
+ }
+
+ /**
+ * Implement the table content for Permissions Detail
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[0];
+ private Slot type, instance, action;
+ public Model(AuthzEnv env) {
+ type = env.slot(NAME+".type");
+ instance = env.slot(NAME+".instance");
+ action = env.slot(NAME+".action");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String pType = trans.get(type, null);
+ final String pInstance = trans.get(instance, null);
+ final String pAction = trans.get(action, null);
+ if(pType==null || pInstance==null || pAction==null) {
+ return Cells.EMPTY;
+ }
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ rv.add(new AbsCell[]{new TextCell("Type:"),new TextCell(pType)});
+ rv.add(new AbsCell[]{new TextCell("Instance:"),new TextCell(pInstance)});
+ rv.add(new AbsCell[]{new TextCell("Action:"),new TextCell(pAction)});
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("AAF Perm Details",Env.REMOTE);
+ try {
+ Future<Perms> fp= client.read("/authz/perms/"+pType + '/' + pInstance + '/' + pAction,gui.permsDF);
+
+ if(fp.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ tt = trans.start("Load Data", Env.SUB);
+ List<Perm> ps = fp.value.getPerm();
+ if(!ps.isEmpty()) {
+ Perm perm = fp.value.getPerm().get(0);
+ String desc = (perm.getDescription()!=null?perm.getDescription():BLANK);
+ rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)});
+ boolean first=true;
+ for(String r : perm.getRoles()) {
+ if(first){
+ first=false;
+ rv.add(new AbsCell[] {
+ new TextCell("Associated Roles:"),
+ new TextCell(r)
+ });
+ } else {
+ rv.add(new AbsCell[] {
+ AbsCell.Null,
+ new TextCell(r)
+ });
+ }
+ }
+ }
+ String historyLink = PermHistory.HREF
+ + "?type=" + pType + "&instance=" + pInstance + "&action=" + pAction;
+
+ rv.add(new AbsCell[] {new RefCell("See History",historyLink)});
+ } else {
+ rv.add(new AbsCell[] {new TextCell(
+ fp.code()==HttpStatus.NOT_FOUND_404?
+ "*** Implicit Permission ***":
+ "*** Data Unavailable ***"
+ )});
+ }
+ } finally {
+ tt.done();
+ }
+
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return new Cells(rv,null);
+ }
+ }
+}
+
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Pkey;
+import aaf.v2_0.RolePermRequest;
+
+public class PermGrantAction extends Page {
+
+
+ public PermGrantAction(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,PermGrantForm.NAME, PermGrantForm.HREF, PermGrantForm.fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ final Slot sType = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[0]);
+ final Slot sInstance = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[1]);
+ final Slot sAction = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[2]);
+ final Slot sRole = gui.env.slot(PermGrantForm.NAME+'.'+PermGrantForm.fields[3]);
+
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(final AuthGUI gui, final AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+
+ String type = trans.get(sType,null);
+ String instance = trans.get(sInstance,null);
+ String action = trans.get(sAction,null);
+ String role = trans.get(sRole,null);
+
+ String lastPage = PermGrantForm.HREF
+ + "?type=" + type + "&instance=" + instance + "&action=" + action;
+
+ // Run Validations
+ boolean fail = true;
+
+ TimeTaken tt = trans.start("AAF Grant Permission to Role",Env.REMOTE);
+ try {
+
+ final RolePermRequest grantReq = new RolePermRequest();
+ Pkey pkey = new Pkey();
+ pkey.setType(type);
+ pkey.setInstance(instance);
+ pkey.setAction(action);
+ grantReq.setPerm(pkey);
+ grantReq.setRole(role);
+
+ fail = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Boolean>() {
+ @Override
+ public Boolean code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ boolean fail = true;
+ Future<RolePermRequest> fgrant = client.create(
+ "/authz/role/perm",
+ gui.rolePermReqDF,
+ grantReq
+ );
+
+ if(fgrant.get(5000)) {
+ hgen.p("Permission has been granted to role.");
+ fail = false;
+ } else {
+ if (202==fgrant.code()) {
+ hgen.p("Permission Grant Request sent, but must be Approved before actualizing");
+ fail = false;
+ } else {
+ gui.writeError(trans, fgrant, hgen);
+ }
+ }
+ return fail;
+ }
+ });
+ } catch (Exception e) {
+ hgen.p("Unknown Error");
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+
+ hgen.br();
+ hgen.incr("a",true,"href="+lastPage);
+ if (fail) {
+ hgen.text("Try again");
+ } else {
+ hgen.text("Grant this Permission to Another Role");
+ }
+ hgen.end();
+ hgen.js()
+ .text("alterLink('permgrant', '"+lastPage + "');")
+ .done();
+
+ }
+ });
+ }
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import static com.att.xgen.html.HTMLGen.TABLE;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.Role;
+import aaf.v2_0.Roles;
+
+public class PermGrantForm extends Page {
+ static final String HREF = "/gui/permgrant";
+ static final String NAME = "Permission Grant";
+ static final String fields[] = {"type","instance","action","role"};
+
+ public PermGrantForm(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true,"content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot type = gui.env.slot(NAME+".type");
+ final Slot instance = gui.env.slot(NAME+".instance");
+ final Slot action = gui.env.slot(NAME+".action");
+ final Slot role = gui.env.slot(NAME+".role");
+ // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment
+ hgen.leaf("p").text("Choose a role to grant to this permission").end()
+ .incr("form","method=post");
+ Mark table = new Mark(TABLE);
+ hgen.incr(table);
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+
+ Mark copyRoleJS = new Mark();
+ hgen.js(copyRoleJS);
+ hgen.text("function copyRole(role) {");
+ hgen.text("var txtRole = document.querySelector(\"#role\");");
+// hgen.text("if (role==;");
+ hgen.text("txtRole.value=role;");
+ hgen.text("}");
+ hgen.end(copyRoleJS);
+
+ String typeValue = trans.get(type, "");
+ String instanceValue = trans.get(instance, "");
+ String actionValue = trans.get(action, "");
+ String roleValue = trans.get(role,null);
+ List<String> myRoles = getMyRoles(gui, trans);
+ hgen
+ .input(fields[0],"Perm Type",true,"value="+typeValue,"disabled")
+ .input(fields[1],"Perm Instance",true,"value="+instanceValue,"disabled")
+ .input(fields[2],"Perm Action",true,"value="+actionValue,"disabled");
+
+ // select & options are not an input type, so we must create table row & cell tags
+ Mark selectRow = new Mark();
+ hgen
+ .incr(selectRow, "tr")
+ .incr("td")
+ .incr("label", "for=myroles", "required").text("My Roles").end()
+ .end()
+ .incr("td")
+ .incr("select", "name=myroles", "id=myroles", "onchange=copyRole(this.value)")
+ .incr("option", "value=").text("Select one of my roles").end();
+ for (String role : myRoles) {
+ hgen.incr("option", "value="+role).text(role).end();
+ }
+ hgen
+ .incr("option", "value=").text("Other").end()
+ .end(selectRow);
+ if(roleValue==null) {
+ hgen.input(fields[3],"Role", true, "placeholder=or type a role here");
+ } else {
+ hgen.input(fields[3],"Role",true, "value="+roleValue);
+ }
+ hgen.end();
+ }
+ });
+ hgen.end();
+ hgen.tagOnly("input", "type=submit", "value=Submit")
+ .end();
+
+ }
+ });
+ }
+
+ private static List<String> getMyRoles(final AuthGUI gui, final AuthzTrans trans) {
+ List<String> myRoles = new ArrayList<String>();
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("AAF get my roles",Env.REMOTE);
+ try {
+ Future<Roles> fr = client.read("/authz/roles/user/"+trans.user(),gui.rolesDF);
+ if(fr.get(5000)) {
+ tt.done();
+ tt = trans.start("Load Data", Env.SUB);
+ if (fr.value != null) for (Role r : fr.value.getRole()) {
+ myRoles.add(r.getName());
+ }
+ } else {
+ gui.writeError(trans, fr, null);
+ }
+ } finally {
+ tt.done();
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ return myRoles;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Comparator;
+import java.util.List;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.History;
+import aaf.v2_0.History.Item;
+
+
+public class PermHistory extends Page {
+ static final String NAME="PermHistory";
+ static final String HREF = "/gui/permHistory";
+ static final String FIELDS[] = {"type","instance","action","dates"};
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
+ AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
+
+ public PermHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot sType = gui.env.slot(NAME+".type");
+ final Slot sInstance = gui.env.slot(NAME+".instance");
+ final Slot sAction = gui.env.slot(NAME+".action");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String type = trans.get(sType, null);
+ String instance = trans.get(sInstance,null);
+ String action = trans.get(sAction,null);
+
+ // Use Javascript to make the table title more descriptive
+ hgen.js()
+ .text("var caption = document.querySelector(\".title\");")
+ .text("caption.innerHTML='History for Permission [ " + type + " ]';")
+ .done();
+
+ // Use Javascript to change Link Target to our last visited Detail page
+ String lastPage = PermDetail.HREF + "?type=" + type
+ + "&instance=" + instance
+ + "&action=" + action;
+ hgen.js()
+ .text("alterLink('permdetail', '"+lastPage + "');")
+ .done();
+
+ hgen.br();
+ hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ .divID("advanced_search", "style=display:none");
+ hgen.incr("table");
+
+ addDateRow(hgen,"Start Date");
+ addDateRow(hgen,"End Date");
+ hgen.incr("tr").incr("td");
+ hgen.tagOnly("input", "type=button","value=Get History",
+ "onclick=datesURL('"+HREF+"?type=" + type
+ + "&instance=" + instance
+ + "&action=" + action+"');");
+ hgen.end().end();
+ hgen.end();
+ hgen.end();
+ }
+ });
+ }
+ }
+
+ );
+
+ }
+
+ private static void addDateRow(HTMLGen hgen, String s) {
+ hgen
+ .incr("tr")
+ .incr("td")
+ .incr("label", "for=month", "required").text(s+"*").end()
+ .end()
+ .incr("td")
+ .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
+ .incr("option", "value=").text("Month").end();
+ for (Month m : Month.values()) {
+ if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
+ hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
+ } else {
+ hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end();
+ }
+ }
+ hgen.end()
+ .end()
+ .incr("td")
+ .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required",
+ "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900",
+ "max="+Calendar.getInstance().get(Calendar.YEAR),
+ "placeholder=Year").end()
+ .end();
+ }
+
+ /**
+ * Implement the Table Content for History
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ private static final String[] headers = new String[] {"Date","User","Memo"};
+ private Slot sType;
+ private Slot sDates;
+
+ public Model(AuthzEnv env) {
+ sType = env.slot(NAME+".type");
+ sDates = env.slot(NAME+".dates");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String oName = trans.get(sType,null);
+ final String oDates = trans.get(sDates,null);
+
+ if(oName==null) {
+ return Cells.EMPTY;
+ }
+
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ String msg = null;
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("AAF Get History for Permission ["+oName+"]",Env.REMOTE);
+ try {
+ if (oDates != null) {
+ client.setQueryParams("yyyymm="+oDates);
+ }
+ Future<History> fh = client.read(
+ "/authz/hist/perm/"+oName,
+ gui.historyDF
+ );
+
+
+ if (fh.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ tt = trans.start("Load History Data", Env.SUB);
+ List<Item> histItems = fh.value.getItem();
+
+ java.util.Collections.sort(histItems, new Comparator<Item>() {
+ @Override
+ public int compare(Item o1, Item o2) {
+ return o2.getTimestamp().compare(o1.getTimestamp());
+ }
+ });
+
+ for (Item i : histItems) {
+ String user = i.getUser();
+ AbsCell userCell = (user.endsWith(CSP_ATT_COM)?
+ new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user));
+
+ rv.add(new AbsCell[] {
+ new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
+ userCell,
+ new TextCell(i.getMemo())
+ });
+ }
+
+ } else {
+ if (fh.code()==403) {
+ rv.add(new AbsCell[] {new TextCell("You may not view History of Permission [" + oName + "]", "colspan = 3", "class=center")});
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")});
+ }
+ }
+ } finally {
+ tt.done();
+ }
+
+ return null;
+ }
+ });
+
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ return new Cells(rv,msg);
+ }
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+import aaf.v2_0.Perm;
+import aaf.v2_0.Perms;
+
+/**
+ * Page content for My Permissions
+ *
+ *
+ */
+public class PermsShow extends Page {
+ public static final String HREF = "/gui/myperms";
+
+ public PermsShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, "MyPerms",HREF, NO_FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Permissions",gui.env.newTransNoAvg(),new Model(), "class=std"));
+ }
+
+ /**
+ * Implement the Table Content for Permissions by User
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[] {"Type","Instance","Action"};
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ TimeTaken tt = trans.start("AAF Perms by User",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Perms> fp = client.read("/authz/perms/user/"+trans.user(), gui.permsDF);
+ if(fp.get(5000)) {
+ TimeTaken ttld = trans.start("Load Data", Env.SUB);
+ try {
+ if(fp.value!=null) {
+ for(Perm p : fp.value.getPerm()) {
+ AbsCell[] sa = new AbsCell[] {
+ new RefCell(p.getType(),PermDetail.HREF
+ +"?type="+p.getType()
+ +"&instance="+p.getInstance()
+ +"&action="+p.getAction()),
+ new TextCell(p.getInstance()),
+ new TextCell(p.getAction())
+ };
+ rv.add(sa);
+ }
+ } else {
+ gui.writeError(trans, fp, null);
+ }
+ } finally {
+ ttld.done();
+ }
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,null);
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.UUID;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+
+import aaf.v2_0.Approval;
+import aaf.v2_0.Approvals;
+
+public class RequestDetail extends Page {
+ public static final String HREF = "/gui/requestdetail";
+ public static final String NAME = "RequestDetail";
+ private static final String DATE_TIME_FORMAT = "yyyy-MM-dd HH:mm:ss";
+ public static final String[] FIELDS = {"ticket"};
+
+ public RequestDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME, HREF, FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Request Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail")
+ );
+ }
+
+ /**
+ * Implement the table content for Request Detail
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L;
+ private static final String[] headers = new String[0];
+ private Slot sTicket;
+ public Model(AuthzEnv env) {
+ sTicket = env.slot(NAME+".ticket");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ Cells rv=Cells.EMPTY;
+ final String ticket = trans.get(sTicket, null);
+ if(ticket!=null) {
+ try {
+ rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
+ @Override
+ public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ TimeTaken tt = trans.start("AAF Approval Details",Env.REMOTE);
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ try {
+ Future<Approvals> fa = client.read(
+ "/authz/approval/ticket/"+ticket,
+ gui.approvalsDF
+ );
+
+ if(fa.get(AuthGUI.TIMEOUT)) {
+ if (!trans.user().equals(fa.value.getApprovals().get(0).getUser())) {
+ return Cells.EMPTY;
+ }
+ tt.done();
+ tt = trans.start("Load Data", Env.SUB);
+ boolean first = true;
+ for ( Approval approval : fa.value.getApprovals()) {
+ AbsCell[] approverLine = new AbsCell[4];
+ // only print common elements once
+ if (first) {
+ DateFormat createdDF = new SimpleDateFormat(DATE_TIME_FORMAT);
+ UUID id = UUID.fromString(approval.getId());
+
+ rv.add(new AbsCell[]{new TextCell("Ticket ID:"),new TextCell(approval.getTicket(),"colspan=3")});
+ rv.add(new AbsCell[]{new TextCell("Memo:"),new TextCell(approval.getMemo(),"colspan=3")});
+ rv.add(new AbsCell[]{new TextCell("Requested On:"),
+ new TextCell(createdDF.format((id.timestamp() - NUM_100NS_INTERVALS_SINCE_UUID_EPOCH)/10000),"colspan=3")
+ });
+ rv.add(new AbsCell[]{new TextCell("Operation:"),new TextCell(decodeOp(approval.getOperation()),"colspan=3")});
+ String user = approval.getUser();
+ if (user.endsWith(CSP_ATT_COM)) {
+ rv.add(new AbsCell[]{new TextCell("User:"),
+ new RefCell(user,WEBPHONE + user.substring(0, user.indexOf("@")),"colspan=3")});
+ } else {
+ rv.add(new AbsCell[]{new TextCell("User:"),new TextCell(user,"colspan=3")});
+ }
+
+ // headers for listing each approver
+ rv.add(new AbsCell[]{new TextCell(" ","colspan=4","class=blank_line")});
+ rv.add(new AbsCell[]{AbsCell.Null,
+ new TextCell("Approver","class=bold"),
+ new TextCell("Type","class=bold"),
+ new TextCell("Status","class=bold")});
+ approverLine[0] = new TextCell("Approvals:");
+
+ first = false;
+ } else {
+ approverLine[0] = AbsCell.Null;
+ }
+
+ String approver = approval.getApprover();
+ String approverShort = approver.substring(0,approver.indexOf('@'));
+
+ if (approver.endsWith(CSP_ATT_COM)) {
+ approverLine[1] = new RefCell(approver, WEBPHONE + approverShort);
+ } else {
+ approverLine[1] = new TextCell(approval.getApprover());
+ }
+
+ String type = approval.getType();
+ if ("owner".equalsIgnoreCase(type)) {
+ type = "resource owner";
+ }
+
+ approverLine[2] = new TextCell(type);
+ approverLine[3] = new TextCell(approval.getStatus());
+ rv.add(approverLine);
+
+ }
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")});
+ }
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,null);
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ }
+ return rv;
+ }
+
+ private String decodeOp(String operation) {
+ if ("C".equalsIgnoreCase(operation)) {
+ return "Create";
+ } else if ("D".equalsIgnoreCase(operation)) {
+ return "Delete";
+ } else if ("U".equalsIgnoreCase(operation)) {
+ return "Update";
+ } else if ("G".equalsIgnoreCase(operation)) {
+ return "Grant";
+ } else if ("UG".equalsIgnoreCase(operation)) {
+ return "Un-Grant";
+ }
+ return operation;
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+
+import aaf.v2_0.Pkey;
+import aaf.v2_0.Role;
+import aaf.v2_0.Roles;
+
+/**
+ * Detail Page for Permissions
+ *
+ *
+ */
+public class RoleDetail extends Page {
+ public static final String HREF = "/gui/roledetail";
+ public static final String NAME = "RoleDetail";
+ private static final String BLANK = "";
+
+ public RoleDetail(final AuthGUI gui, Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, NAME, HREF, new String[] {"role"},
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Role Details",gui.env.newTransNoAvg(),new Model(gui.env()),"class=detail")
+ );
+ }
+
+ /**
+ * Implement the table content for Permissions Detail
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[0];
+ private Slot role;
+ public Model(AuthzEnv env) {
+ role = env.slot(NAME+".role");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String pRole = trans.get(role, null);
+ Cells rv = Cells.EMPTY;
+ if(pRole!=null) {
+ try {
+ rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
+ @Override
+ public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ rv.add(new AbsCell[]{new TextCell("Role:"),new TextCell(pRole)});
+
+ TimeTaken tt = trans.start("AAF Role Details",Env.REMOTE);
+ try {
+
+ Future<Roles> fr = client.read("/authz/roles/"+pRole,gui.rolesDF);
+ if(fr.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ tt = trans.start("Load Data", Env.SUB);
+ Role role = fr.value.getRole().get(0);
+ String desc = (role.getDescription()!=null?role.getDescription():BLANK);
+ rv.add(new AbsCell[]{new TextCell("Description:"),new TextCell(desc)});
+ boolean first=true;
+ for(Pkey r : role.getPerms()) {
+ if(first){
+ first=false;
+ rv.add(new AbsCell[] {
+ new TextCell("Associated Permissions:"),
+ new TextCell(r.getType() +
+ " | " + r.getInstance() +
+ " | " + r.getAction()
+ )
+ });
+ } else {
+ rv.add(new AbsCell[] {
+ AbsCell.Null,
+ new TextCell(r.getType() +
+ " | " + r.getInstance() +
+ " | " + r.getAction()
+ )
+ });
+ }
+ }
+ String historyLink = RoleHistory.HREF
+ + "?role=" + pRole;
+ rv.add(new AbsCell[] {new RefCell("See History",historyLink)});
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***")});
+ }
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,null);
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ }
+ return rv;
+ }
+ }
+}
+
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Comparator;
+import java.util.List;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+import aaf.v2_0.History;
+import aaf.v2_0.History.Item;
+
+
+public class RoleHistory extends Page {
+ static final String NAME="RoleHistory";
+ static final String HREF = "/gui/roleHistory";
+ static final String FIELDS[] = {"role","dates"};
+ static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY,
+ AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER };
+
+ public RoleHistory(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME,HREF, FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("History", gui.env.newTransNoAvg(),new Model(gui.env()),"class=std"),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot role = gui.env.slot(NAME+".role");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ String obRole = trans.get(role, null);
+
+ // Use Javascript to make the table title more descriptive
+ hgen.js()
+ .text("var caption = document.querySelector(\".title\");")
+ .text("caption.innerHTML='History for Role [ " + obRole + " ]';")
+ .done();
+
+ // Use Javascript to change Link Target to our last visited Detail page
+ String lastPage = RoleDetail.HREF + "?role=" + obRole;
+ hgen.js()
+ .text("alterLink('roledetail', '"+lastPage + "');")
+ .done();
+
+ hgen.br();
+ hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end()
+ .divID("advanced_search", "style=display:none");
+ hgen.incr("table");
+
+ addDateRow(hgen,"Start Date");
+ addDateRow(hgen,"End Date");
+ hgen.incr("tr").incr("td");
+ hgen.tagOnly("input", "type=button","value=Get History",
+ "onclick=datesURL('"+HREF+"?role=" + obRole+"');");
+ hgen.end().end();
+ hgen.end();
+ hgen.end();
+ }
+ });
+ }
+ }
+
+ );
+
+ }
+
+ private static void addDateRow(HTMLGen hgen, String s) {
+ hgen
+ .incr("tr")
+ .incr("td")
+ .incr("label", "for=month", "required").text(s+"*").end()
+ .end()
+ .incr("td")
+ .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required")
+ .incr("option", "value=").text("Month").end();
+ for (Month m : Month.values()) {
+ if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) {
+ hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end();
+ } else {
+ hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end();
+ }
+ }
+ hgen.end()
+ .end()
+ .incr("td")
+ .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required",
+ "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900",
+ "max="+Calendar.getInstance().get(Calendar.YEAR),
+ "placeholder=Year").end()
+ .end();
+ }
+
+
+ /**
+ * Implement the Table Content for History
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String CSP_ATT_COM = "@csp.att.com";
+ private static final String[] headers = new String[] {"Date","User","Memo"};
+ private Slot role;
+ private Slot dates;
+
+ public Model(AuthzEnv env) {
+ role = env.slot(NAME+".role");
+ dates = env.slot(NAME+".dates");
+ }
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ final String oName = trans.get(role,null);
+ final String oDates = trans.get(dates,null);
+
+ Cells rv = Cells.EMPTY;
+ if(oName!=null) {
+
+ try {
+ rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
+ @Override
+ public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ TimeTaken tt = trans.start("AAF Get History for Namespace ["+oName+"]",Env.REMOTE);
+ String msg = null;
+ try {
+ if (oDates != null) {
+ client.setQueryParams("yyyymm="+oDates);
+ }
+ Future<History> fh = client.read("/authz/hist/role/"+oName,gui.historyDF);
+ if (fh.get(AuthGUI.TIMEOUT)) {
+ tt.done();
+ tt = trans.start("Load History Data", Env.SUB);
+ List<Item> histItems = fh.value.getItem();
+
+ java.util.Collections.sort(histItems, new Comparator<Item>() {
+ @Override
+ public int compare(Item o1, Item o2) {
+ return o2.getTimestamp().compare(o1.getTimestamp());
+ }
+ });
+
+ for (Item i : histItems) {
+ String user = i.getUser();
+ AbsCell userCell = (user.endsWith(CSP_ATT_COM)?
+ new RefCell(user,WEBPHONE + user.substring(0,user.indexOf('@'))):new TextCell(user));
+
+ rv.add(new AbsCell[] {
+ new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
+ userCell,
+ new TextCell(i.getMemo())
+ });
+ }
+ } else {
+ if (fh.code()==403) {
+ rv.add(new AbsCell[] {new TextCell("You may not view History of Permission [" + oName + "]", "colspan = 3", "class=center")});
+ } else {
+ rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")});
+ }
+ }
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,msg);
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ }
+ return rv;
+ }
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.Page;
+import com.att.authz.gui.Table;
+import com.att.authz.gui.Table.Cells;
+import com.att.authz.gui.table.AbsCell;
+import com.att.authz.gui.table.RefCell;
+import com.att.authz.gui.table.TextCell;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+
+import aaf.v2_0.UserRole;
+import aaf.v2_0.UserRoles;
+
+
+/**
+ * Page content for My Roles
+ *
+ *
+ */
+public class RolesShow extends Page {
+ public static final String HREF = "/gui/myroles";
+ private static final String DATE_TIME_FORMAT = "yyyy-MM-dd";
+ private static SimpleDateFormat expiresDF;
+
+ static {
+ expiresDF = new SimpleDateFormat(DATE_TIME_FORMAT);
+ }
+
+ public RolesShow(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, "MyRoles",HREF, NO_FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new Table<AuthGUI,AuthzTrans>("Roles",gui.env.newTransNoAvg(),new Model(), "class=std"));
+ }
+
+ /**
+ * Implement the Table Content for Permissions by User
+ *
+ *
+ */
+ private static class Model implements Table.Data<AuthGUI,AuthzTrans> {
+ private static final String[] headers = new String[] {"Role","Expires","Remediation","Actions"};
+
+ @Override
+ public String[] headers() {
+ return headers;
+ }
+
+ @Override
+ public Cells get(final AuthGUI gui, final AuthzTrans trans) {
+ Cells rv = Cells.EMPTY;
+
+ try {
+ rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
+ @Override
+ public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ TimeTaken tt = trans.start("AAF Roles by User",Env.REMOTE);
+ try {
+ Future<UserRoles> fur = client.read("/authz/userRoles/user/"+trans.user(),gui.userrolesDF);
+ if (fur.get(5000)) {
+ if(fur.value != null) for (UserRole u : fur.value.getUserRole()) {
+ if(u.getExpires().compare(Chrono.timeStamp()) < 0) {
+ AbsCell[] sa = new AbsCell[] {
+ new TextCell(u.getRole() + "*", "class=expired"),
+ new TextCell(expiresDF.format(u.getExpires().toGregorianCalendar().getTime()),"class=expired"),
+ new RefCell("Extend",
+ UserRoleExtend.HREF + "?user="+trans.user()+"&role="+u.getRole(),
+ new String[]{"class=expired"}),
+ new RefCell("Remove",
+ UserRoleRemove.HREF + "?user="+trans.user()+"&role="+u.getRole(),
+ new String[]{"class=expired"})
+
+ };
+ rv.add(sa);
+ } else {
+ AbsCell[] sa = new AbsCell[] {
+ new RefCell(u.getRole(),
+ RoleDetail.HREF+"?role="+u.getRole()),
+ new TextCell(expiresDF.format(u.getExpires().toGregorianCalendar().getTime())),
+ AbsCell.Null,
+ new RefCell("Remove",
+ UserRoleRemove.HREF + "?user="+trans.user()+"&role="+u.getRole())
+ };
+ rv.add(sa);
+ }
+ }
+ }
+
+ } finally {
+ tt.done();
+ }
+ return new Cells(rv,null);
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ }
+ return rv;
+ }
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+public class UserRoleExtend extends Page {
+ public static final String HREF = "/gui/urExtend";
+ static final String NAME = "Extend User Role";
+ static final String fields[] = {"user","role"};
+
+ public UserRoleExtend(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME, HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot sUser = gui.env.slot(NAME+".user");
+ final Slot sRole = gui.env.slot(NAME+".role");
+
+
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ final String user = trans.get(sUser, "");
+ final String role = trans.get(sRole, "");
+
+ TimeTaken tt = trans.start("Request to extend user role",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ Future<Void> fv = client.setQueryParams("request=true").update("/authz/userRole/extend/"+user+"/"+role);
+ if(fv.get(5000)) {
+ // not sure if we'll ever hit this
+ hgen.p("Extended User ["+ user+"] in Role [" +role+"]");
+ } else {
+ if (fv.code() == 202 ) {
+ hgen.p("User ["+ user+"] in Role [" +role+"] Extension sent for Approval");
+ } else {
+ gui.writeError(trans, fv, hgen);
+ }
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ trans.error().log(e);
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+
+
+ }
+ });
+ }
+
+ });
+ }
+}
+
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+import java.net.ConnectException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.cadi.CadiException;
+import com.att.cadi.client.Future;
+import com.att.cadi.client.Rcli;
+import com.att.cadi.client.Retryable;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.Slot;
+import com.att.inno.env.TimeTaken;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.html.HTMLGen;
+
+public class UserRoleRemove extends Page {
+ public static final String HREF = "/gui/urRemove";
+ static final String NAME = "Remove User Role";
+ static final String fields[] = {"user","role"};
+
+ public UserRoleRemove(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env,NAME, HREF, fields,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ final Slot sUser = gui.env.slot(NAME+".user");
+ final Slot sRole = gui.env.slot(NAME+".role");
+
+
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AuthGUI, AuthzTrans>() {
+ @Override
+ public void code(AuthGUI gui, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ final String user = trans.get(sUser, "");
+ final String role = trans.get(sRole, "");
+
+ TimeTaken tt = trans.start("Request a user role delete",Env.REMOTE);
+ try {
+ gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> fv = client.setQueryParams("request=true").delete(
+ "/authz/userRole/"+user+"/"+role,Void.class);
+
+ if(fv.get(5000)) {
+ // not sure if we'll ever hit this
+ hgen.p("User ["+ user+"] Removed from Role [" +role+"]");
+ } else {
+ if (fv.code() == 202 ) {
+ hgen.p("User ["+ user+"] Removal from Role [" +role+"] sent for Approval");
+ } else {
+ gui.writeError(trans, fv, hgen);
+ }
+ }
+ return null;
+ }
+ });
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ tt.done();
+ }
+ }
+ });
+ }
+
+ });
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.pages;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.gui.AuthGUI;
+import com.att.authz.gui.BreadCrumbs;
+import com.att.authz.gui.NamedCode;
+import com.att.authz.gui.Page;
+import com.att.inno.env.APIException;
+import com.att.xgen.Cache;
+import com.att.xgen.DynamicCode;
+import com.att.xgen.Mark;
+import com.att.xgen.html.HTMLGen;
+
+public class WebCommand extends Page {
+ public static final String HREF = "/gui/cui";
+
+ public WebCommand(final AuthGUI gui, final Page ... breadcrumbs) throws APIException, IOException {
+ super(gui.env, "Web Command Client",HREF, NO_FIELDS,
+ new BreadCrumbs(breadcrumbs),
+ new NamedCode(true, "content") {
+ @Override
+ public void code(Cache<HTMLGen> cache, HTMLGen hgen) throws APIException, IOException {
+ hgen.leaf("p","id=help_msg")
+ .text("Questions about this page? ")
+ .leaf("a", "href=http://wiki.web.att.com/display/aaf/Web+CUI+Usage", "target=_blank")
+ .text("Click here")
+ .end()
+ .text(". Type 'help' below for a list of AAF commands")
+ .end()
+
+ .divID("console_and_options");
+ hgen.divID("console_area");
+ hgen.end(); //console_area
+
+ hgen.divID("options_link", "class=closed");
+ hgen.img("src=../../theme/options_down.png", "onclick=handleDivHiding('options',this);",
+ "id=options_img", "alt=Options", "title=Options")
+ .end(); //options_link
+
+ hgen.divID("options");
+ cache.dynamic(hgen, new DynamicCode<HTMLGen,AuthGUI,AuthzTrans>() {
+ @Override
+ public void code(AuthGUI state, AuthzTrans trans, Cache<HTMLGen> cache, HTMLGen xgen)
+ throws APIException, IOException {
+ switch(browser(trans,trans.env().slot(getBrowserType()))) {
+ case ie:
+ case ieOld:
+ // IE doesn't support file save
+ break;
+ default:
+ xgen.img("src=../../theme/AAFdownload.png", "onclick=saveToFile();",
+ "alt=Save log to file", "title=Save log to file");
+ }
+// xgen.img("src=../../theme/AAFemail.png", "onclick=emailLog();",
+// "alt=Email log to me", "title=Email log to me");
+ xgen.img("src=../../theme/AAF_font_size.png", "onclick=handleDivHiding('text_slider',this);",
+ "id=fontsize_img", "alt=Change text size", "title=Change text size");
+ xgen.img("src=../../theme/AAF_details.png", "onclick=selectOption(this,0);",
+ "id=details_img", "alt=Turn on/off details mode", "title=Turn on/off details mode");
+ xgen.img("src=../../theme/AAF_maximize.png", "onclick=maximizeConsole(this);",
+ "id=maximize_img", "alt=Maximize Console Window", "title=Maximize Console Window");
+ }
+ });
+
+ hgen.divID("text_slider");
+ hgen.tagOnly("input", "type=button", "class=change_font", "onclick=buttonChangeFontSize('dec')", "value=-")
+ .tagOnly("input", "id=text_size_slider", "type=range", "min=75", "max=200", "value=100",
+ "oninput=changeFontSize(this.value)", "onchange=changeFontSize(this.value)", "title=Change Text Size")
+ .tagOnly("input", "type=button", "class=change_font", "onclick=buttonChangeFontSize('inc')", "value=+")
+ .end(); //text_slider
+
+ hgen.end(); //options
+ hgen.end(); //console_and_options
+
+ hgen.divID("input_area");
+ hgen.tagOnly("input", "type=text", "id=command_field",
+ "autocomplete=off", "autocorrect=off", "autocapitalize=off", "spellcheck=false",
+ "onkeypress=keyPressed()", "placeholder=Type your AAFCLI commands here", "autofocus")
+ .tagOnly("input", "id=submit", "type=button", "value=Submit",
+ "onclick=http('put','../../gui/cui',getCommand(),callCUI);")
+ .end();
+
+ Mark callCUI = new Mark();
+ hgen.js(callCUI);
+ hgen.text("function callCUI(resp) {")
+ .text("moveCommandToDiv();")
+ .text("printResponse(resp);")
+ .text("}");
+ hgen.end(callCUI);
+
+ }
+ });
+
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import com.att.xgen.html.HTMLGen;
+
+public abstract class AbsCell {
+ private static final String[] NONE = new String[0];
+ protected static final String[] CENTER = new String[]{"class=center"};
+
+ /**
+ * Write Cell Data with HTMLGen generator
+ * @param hgen
+ */
+ public abstract void write(HTMLGen hgen);
+
+ public final static AbsCell Null = new AbsCell() {
+ @Override
+ public void write(final HTMLGen hgen) {
+ }
+ };
+
+ public String[] attrs() {
+ return NONE;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import com.att.xgen.html.HTMLGen;
+
+public class ButtonCell extends AbsCell {
+ private String[] attrs;
+
+ public ButtonCell(String value, String ... attributes) {
+ attrs = new String[2+attributes.length];
+ attrs[0]="type=button";
+ attrs[1]="value="+value;
+ System.arraycopy(attributes, 0, attrs, 2, attributes.length);
+ }
+ @Override
+ public void write(HTMLGen hgen) {
+ hgen.incr("input",true,attrs).end();
+
+ }
+
+ @Override
+ public String[] attrs() {
+ return AbsCell.CENTER;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import com.att.xgen.html.HTMLGen;
+
+public class RadioCell extends AbsCell {
+ private String[] attrs;
+
+ public RadioCell(String name, String radioClass, String value, String ... attributes) {
+ attrs = new String[4+attributes.length];
+ attrs[0]="type=radio";
+ attrs[1]="name="+name;
+ attrs[2]="class="+radioClass;
+ attrs[3]="value="+value;
+ System.arraycopy(attributes, 0, attrs, 4, attributes.length);
+ }
+
+ @Override
+ public void write(HTMLGen hgen) {
+ hgen.incr("input",true,attrs).end();
+ }
+
+ @Override
+ public String[] attrs() {
+ return AbsCell.CENTER;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import static com.att.xgen.html.HTMLGen.A;
+
+import com.att.xgen.html.HTMLGen;
+
+/**
+ * Write a Reference Link into a Cell
+ *
+ */
+public class RefCell extends AbsCell {
+ public final String name;
+ public final String href;
+ private String[] attrs;
+
+ public RefCell(String name, String href, String... attributes) {
+ attrs = new String[attributes.length];
+ System.arraycopy(attributes, 0, attrs, 0, attributes.length);
+ this.name = name;
+ this.href = href;
+ }
+
+ @Override
+ public void write(HTMLGen hgen) {
+ hgen.leaf(A,"href="+href).text(name);
+ }
+
+ @Override
+ public String[] attrs() {
+ return attrs;
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import static com.att.xgen.html.HTMLGen.A;
+
+import com.att.xgen.html.HTMLGen;
+
+public class TextAndRefCell extends RefCell {
+
+ private String text;
+
+ public TextAndRefCell(String text, String name, String href, String[] attributes) {
+ super(name, href, attributes);
+ this.text = text;
+ }
+
+ @Override
+ public void write(HTMLGen hgen) {
+ hgen.text(text);
+ hgen.leaf(A,"href="+href).text(name);
+ }
+
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.gui.table;
+
+import com.att.xgen.html.HTMLGen;
+
+/**
+ * Write Simple Text into a Cell
+ *
+ */
+public class TextCell extends AbsCell {
+ public final String name;
+ private String[] attrs;
+
+ public TextCell(String name, String... attributes) {
+ attrs = new String[attributes.length];
+ System.arraycopy(attributes, 0, attrs, 0, attributes.length);
+ this.name = name;
+ }
+
+ @Override
+ public void write(HTMLGen hgen) {
+ hgen.text(name);
+ }
+
+ @Override
+ public String[] attrs() {
+ return attrs;
+ }
+}
--- /dev/null
+/*
+ Standard CSS for AAF
+*/
+
+html {
+ height: 100%;
+}
+
+body {
+ background-image:url('t_bubbles.jpg');
+ background-color: #FFFFFF;
+ background-repeat:no-repeat;
+ background-position: right top;
+ background-size:15em 4.3em;
+ color:#606060;
+ font-family: Verdana,Arial,Helvetica,sans-serif;
+ overflow: scroll;
+ }
+
+header h1,p {
+ margin: 4px auto;
+}
+
+header h1 {
+ display: inline;
+}
+
+header {
+ display: block;
+ color: #F13099;
+}
+
+p#version {
+ margin:0;
+ display:inline;
+ font-size: 0.75em;
+ float:right;
+ color: orange;
+ padding-right:4.2em;
+}
+
+header hr {
+ margin: 0;
+}
+
+hr {
+ border: 1px solid #C0C0C0;
+}
+
+#breadcrumbs {
+ padding: 5px 0 12px 0;
+}
+
+
+#breadcrumbs ul {
+ color: #DFEFFC;
+ margin: 0;
+ list-style-type:none;
+ padding: 0;
+}
+
+#breadcrumbs li {
+ border-width:2px;
+ margin: 3px 1px;
+ padding: 2px 9px;
+ border-style:solid;
+ border-top-left-radius: .8em;
+ border-bottom-left-radius: .8em;
+ background-color:#80C337;
+ display:inline;
+}
+
+#breadcrumbs a {
+ text-decoration:none;
+ color: white;
+}
+
+caption {
+ color:#FF7241;
+ text-align: center;
+ font-size:1.3em;
+ font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
+}
+
+#Pages {
+ padding: 3px 2px 10px 4px;
+ background: linear-gradient(to right, #147AB3,#FFFFFF);
+}
+
+#Pages h3,
+#Pages h4,
+h5{
+ color: #909090;
+}
+
+form {
+ padding: 10px;
+ margin: 4px;
+}
+
+
+form input[id],select#myroles {
+ margin: 4px 0;
+ width: 150%;
+}
+
+form label {
+ margin: 4px 0;
+}
+
+form label[required] {
+ color: red;
+}
+
+form input[type=submit], form input[type=reset] {
+ font-size: 1.0em;
+ margin: 12px 0 0px 0;
+ color: #F13099;
+}
+
+p.preamble, p.notfound,.expedite_request {
+ display: block;
+ margin: 30px 0px 10px 0px;
+ font: italic bold 20px/30px Georgia, serif;
+ font-size: 110%;
+ color: #0079B8;
+}
+.expedite_request {
+ margin-top: 0;
+ color: #FF7241;
+}
+
+.subtext {
+ margin-left: 10px;
+ font-size: 75%;
+ font-style: italic;
+}
+
+#Pages a {
+ display:block;
+ font-weight:bold;
+ color:#FFFFFF;
+ background-color:#80C337;
+ text-decoration:none;
+ border-top-right-radius: .8em;
+ border-bottom-right-radius: .8em;
+ border-top-left-radius: .2em;
+ border-bottom-left-radius: .2em;
+ padding: 3px 40px 3px 10px;
+ margin: 4px;
+ width: 50%;
+}
+
+#footer {
+ background-color: #FF7200;
+ color: #FFFFFF;
+ text-align:right;
+ font-size: 60%;
+ padding: 5px;
+ position:fixed;
+ bottom: 0px;
+ left: 0px;
+ right: 0px;
+}
+
+/*
+ Standard Table, with Alternating Colors
+*/
+div.std {
+ vertical-align: top;
+}
+
+div.std table, div.stdform table {
+ position: relative;
+ border-collapse:collapse;
+ table-layout:auto;
+ left: 1.3%;
+ width: 98%;
+ margin-top: 5px;
+ bottom: 4px;
+ border-radius: 4px;
+}
+
+div.std td, div.stdform td {
+ font-size:.9em;
+}
+
+.center {
+ text-align: center;
+}
+
+.right {
+ text-align: right;
+ padding-right: 4px;
+}
+
+p.double {
+ line-height: 2em;
+}
+
+p.api_comment {
+ font-size: .9em;
+ text-indent: 6px;
+}
+
+p.api_contentType {
+ font-size: .8em;
+ text-indent: 6px;
+}
+
+p.api_label {
+ font-size: .9em;
+ font-style: italic;
+}
+
+div.std h1, div.std h2, div.std h3, div.std h4, div.std h5 {
+ text-indent: 7px;
+}
+
+div.std td {
+ border:1px solid #A6C9E2;
+}
+
+div.std th, div.stdform th {
+ background-color:#6FA7D1;
+ color:#FFFFFF;
+ }
+
+div.std tr.alt, div.stdform tr.alt {
+ background-color:#DFEFFC;
+}
+
+div.std a, div.stdform a {
+ /*color: #606060;*/
+ color: #147AB3;
+}
+
+td.head {
+ font-weight:bold;
+ text-align: center;
+}
+
+td.head a {
+ color:blue;
+}
+
+/*
+ A Table representing 1 or more columns of text, i.e. Detail lists
+*/
+div.detail table {
+ width: 100%;
+}
+
+div.detail caption {
+ border-bottom: solid 1px #C0C0C0;
+}
+
+/*
+ Approval Form select all
+
+*/
+.selectAllButton {
+ background: transparent;
+ border:none;
+ color:blue;
+ text-decoration:underline;
+ font-weight:bold;
+ cursor:pointer;
+}
+
+
+/*
+ Begin Web Command Styling
+*/
+#console_and_options {
+ position:relative;
+}
+
+.maximized {
+ position:absolute;
+ top:0px;
+ bottom:50px;
+ left:0px;
+ right:0px;
+ z-index:1000;
+ background-color:white;
+}
+
+#console_area {
+ -webkit-border-radius: 15px;
+ -moz-border-radius: 15px;
+ border-radius: 15px;
+ background-color: black;
+ color: white;
+ font-family: "Lucida Console", Monaco, monospace;
+ overflow-y: scroll;
+ height: 300px;
+ min-width: 600px;
+ padding: 5px;
+ resize: vertical;
+}
+
+.command,.bold {
+ font-weight: bold;
+}
+
+.command:before {
+ content: "> ";
+}
+
+.response{
+ font-style: italic;
+ font-size: 150%;
+}
+
+#input_area {
+ margin-top: 10px;
+ clear: both;
+}
+
+#command_field, #submit {
+ font-size: 125%;
+ background-color: #333333;
+ color: white;
+ font-family: "Lucida Console", Monaco, monospace;
+ -webkit-border-radius: 1em;
+ -moz-border-radius: 1em;
+ border-radius: 1em;
+}
+
+#command_field {
+ width: 75%;
+ padding-left: 1em;
+}
+
+#submit {
+ background-color: #80C337;
+ padding: 0 5%;
+ float: right;
+}
+
+/*
+ Options Menu Styling for Web Command
+*/
+#options_link {
+ -webkit-border-radius: 0 0 20% 20%;
+ -moz-border-radius: 0 0 20% 20%;
+ border-radius: 0 0 20% 20%;
+ -webkit-transition: opacity 0.5s ease-in-out;
+ -moz-transition: opacity 0.5s ease-in-out;
+ -ms-transition: opacity 0.5s ease-in-out;
+ -o-transition: opacity 0.5s ease-in-out;
+ transition: opacity 0.5s ease-in-out;
+}
+
+.closed {
+ opacity: 0.5;
+ filter: alpha(opacity=50);
+}
+
+#options_link:hover, .open {
+ opacity: 1.0;
+ filter: alpha(opacity=100);
+}
+
+#options_link, #options {
+ background: white;
+ position:absolute;
+ top:0;
+ right:2em;
+ padding:0.1em;
+}
+
+#options > img {
+ cursor: pointer;
+ float: right;
+ padding: 0.2em;
+}
+
+.selected {
+ border: 3px solid orange;
+}
+
+#options, #text_slider {
+ display:none;
+ padding:0.5em;
+ -webkit-border-radius: 0 0 0 10px;
+ -moz-border-radius: 0 0 0 10px;
+ border-radius: 0 0 0 10px;
+}
+#text_slider {
+ clear:both;
+}
+
+/*
+ Button styling for changing text size
+*/
+.change_font {
+ border-top: 1px solid #96d1f8;
+ background: #65a9d7;
+ background: -webkit-gradient(linear, left top, left bottom, from(#3e779d), to(#65a9d7));
+ background: -webkit-linear-gradient(top, #3e779d, #65a9d7);
+ background: -moz-linear-gradient(top, #3e779d, #65a9d7);
+ background: -ms-linear-gradient(top, #3e779d, #65a9d7);
+ background: -o-linear-gradient(top, #3e779d, #65a9d7);
+ padding: 0 2px;
+ -webkit-border-radius: 50%;
+ -moz-border-radius: 50%;
+ border-radius: 50%;
+ -webkit-box-shadow: rgba(0,0,0,1) 0 1px 0;
+ -moz-box-shadow: rgba(0,0,0,1) 0 1px 0;
+ box-shadow: rgba(0,0,0,1) 0 1px 0;
+ text-shadow: rgba(0,0,0,.4) 0 1px 0;
+ color: white;
+ font-size: 14px;
+ font-family: monospace;
+ text-decoration: none;
+ vertical-align: middle;
+}
+.change_font:hover {
+ border-top-color: #28597a;
+ background: #28597a;
+ color: #ccc;
+}
+
+/*
+ Text Size Slider styling
+*/
+
+input[type=range] {
+ -webkit-appearance: none;
+ width: 60%;
+ margin: 0;
+}
+input[type=range]:focus {
+ outline: none;
+}
+input[type=range]::-webkit-slider-runnable-track {
+ width: 100%;
+ height: 4px;
+ cursor: pointer;
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+ background: #3071a9;
+ border-radius: 0.6px;
+ border: 0.5px solid #010101;
+}
+input[type=range]::-webkit-slider-thumb {
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+ border: 1px solid #000000;
+ height: 16px;
+ width: 16px;
+ border-radius: 30px;
+ background: #efffff;
+ cursor: pointer;
+ -webkit-appearance: none;
+ margin-top: -7.15px;
+}
+input[type=range]:focus::-webkit-slider-runnable-track {
+ background: #367ebd;
+}
+input[type=range]::-moz-range-track {
+ width: 100%;
+ height: 2.7px;
+ cursor: pointer;
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+ background: #3071a9;
+ border-radius: 0.6px;
+ border: 0.5px solid #010101;
+}
+input[type=range]::-moz-range-thumb {
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+ border: 1px solid #000000;
+ height: 16px;
+ width: 16px;
+ border-radius: 30px;
+ background: #efffff;
+ cursor: pointer;
+}
+input[type=range]::-ms-track {
+ width: 100%;
+ height: 2.7px;
+ cursor: pointer;
+ background: transparent;
+ border-color: transparent;
+ color: transparent;
+}
+input[type=range]::-ms-fill-lower {
+ background: #2a6495;
+ border: 0.5px solid #010101;
+ border-radius: 1.2px;
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+}
+input[type=range]::-ms-fill-upper {
+ background: #3071a9;
+ border: 0.5px solid #010101;
+ border-radius: 1.2px;
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+}
+input[type=range]::-ms-thumb {
+ box-shadow: 1px 1px 1px #000000, 0px 0px 1px #0d0d0d;
+ border: 1px solid #000000;
+ height: 16px;
+ width: 16px;
+ border-radius: 30px;
+ background: #efffff;
+ cursor: pointer;
+ height: 2.7px;
+}
+input[type=range]:focus::-ms-fill-lower {
+ background: #3071a9;
+}
+input[type=range]:focus::-ms-fill-upper {
+ background: #367ebd;
+}
+.expired {
+ color: red;
+ background-color: pink;
+}
+.blank_line {
+ padding: 10px;
+}
+#filterByUser input {
+ display: inline;
+}
--- /dev/null
+/*
+ Modifications for Desktop
+*/
+body {
+ background-size:23em 4.7em;
+}
+
+
+#breadcrumbs a:visited, #breadcrumbs a:link {
+ transition: padding .5s;
+}
+
+#breadcrumbs a:hover {
+ padding: 2px 2px 2px 30px;
+ transition: padding .5s;
+}
+
+#breadcrumbs, #inner {
+ margin: 3px;
+ width: 77%;
+ float: left;
+ min-width:500px;
+ background-color: #FFFFFF;
+
+}
+
+#breadcrumbs li {
+ box-shadow: 3px 3px 2px #888888;
+}
+
+#Pages {
+ margin: 20px;
+ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#147AB3', endColorstr='#ffffff',GradientType=1 ); /*linear gradient for IE 6-9*/
+}
+
+#Pages a:visited, #Pages a:link {
+ padding: 3px 40px 3px 10px;
+ transition: padding .5s;
+ margin: 6px;
+ box-shadow: 3px 3px 2px #888888;
+}
+
+#Pages a:hover {
+ padding: 4px 80px 4px 15px;
+ transition: box-shadow padding .5s;
+ box-shadow: 4px 4px 3px #888888;
+}
+
+
+#inner {
+ padding: 7px;
+ background: #FFFFFF;
+ overflow: hidden;
+}
+
+div.std, form {
+ border: solid 2px #D0D0D0;
+ border-radius: 5px;
+ box-shadow: 10px 10px 5px #888888;
+}
+
+div.detail {
+ border: solid 2px #C0C0C0;
+ border-radius: 14px;
+ box-shadow: 10px 10px 5px #888888;
+}
+
+#nav {
+ display: inline-block;
+ position: absolute;
+ right: 2%;
+ left: 81%;
+}
+
+#nav h2 {
+ color: #FF7200;
+ font-size: 1.2em;
+ font-family: Verdana,Arial,Helvetica,sans-serif;
+ font-style: italic;
+ font-weight: normal;
+
+}
+
+#nav ul {
+ font-style:italic;
+ font-size: .8em;
+ font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
+ color: #067ab4;
+ list-style-type: square;
+ margin: 0;
+ padding: 0;
+}
--- /dev/null
+/*
+ Modifications for iPhone
+*/
+body {
+ zoom: 210%;
+}
+
+#breadcrumbs {
+ font-size: .9em;
+}
+
+
+div.std table {
+ margin: 0 0 20px 0;
+ zoom: 130%
+}
+
+
+div.stdform th {
+ font-size: 9px;
+}
+
+#content input {
+ font-size: 1.3em;
+}
+
+
+#Pages a {
+ font-size: 1.3em;
+ width: 75%;
+ height:35px;
+}
+
+#nav {
+ display: none;
+}
+
+
--- /dev/null
+/*
+ Modifications for non-html5 IE
+*/
+body {
+ background-size:23em 4.7em;
+}
+
+
+body h1 {
+ margin: 4px auto;
+ color: #F13099;
+}
+
+#footer {
+ background-color: #FF7200;
+ color: #FFFFFF;
+ text-align:right;
+ font-size: 60%;
+ padding: 5px;
+ position:fixed;
+ bottom: 0px;
+ left: 0px;
+ right: 0px;
+}
+
+#breadcrumbs a:visited, #breadcrumbs a:link {
+ transition: padding .5s;
+}
+
+#breadcrumbs a:hover {
+ padding: 2px 2px 2px 30px;
+ transition: padding .5s;
+}
+
+#breadcrumbs, #content {
+ margin: 3px;
+}
+
+#breadcrumbs, #inner {
+ margin: 3px;
+ width: 77%;
+ float: left;
+ min-width:500px;
+ background-color: #FFFFFF;
+}
+
+
+#breadcrumbs li {
+ box-shadow: 3px 3px 2px #888888;
+}
+
+#inner {
+ padding: 10px;
+ overflow: hidden;
+}
+
+#inner form {
+ border: solid 2px #D0D0D0;
+}
+
+#inner form input[id] {
+ margin: 4px 0;
+}
+
+#inner form label {
+ margin: 4px 0;
+}
+
+#inner form label[required] {
+ color: red;
+}
+
+#inner form input[type=submit] {
+ font-size: 1.0em;
+ margin: 12px 0 0px 0;
+ color: #F13099;
+}
+
+p.preamble, p.notfound {
+ display: block;
+ margin: 30px 0px 10px 0px;
+ font: italic bold 20px/30px Georgia, serif;
+ font-size: 110%;
+ color: #0079B8;
+}
+
+
+#Pages {
+ margin: 20px;
+ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#147AB3', endColorstr='#ffffff',GradientType=1 ); /*linear gradient for IE 6-9*/
+}
+
+#Pages a:visited, #Pages a:link {
+ display: block;
+ padding: 3px 40px 3px 10px;
+ transition: padding .5s;
+ margin: 6px;
+ box-shadow: 3px 3px 2px #888888;
+ background-color: #98bf21;
+ text-decoration: none;
+ color: white;
+ font-weight: bold;
+}
+
+#Pages a:hover {
+ padding: 4px 80px 4px 20px;
+ transition: box-shadow padding 1s;
+ box-shadow: 4px 4px 3px #888888;
+}
+
+tr {
+ font-size: .9em;
+}
+
+tr.alt {
+ background-color: #EEF0F0;
+}
+
+#nav {
+
+ display: block;
+ position: absolute;
+ top: 175px;
+ right: 2%;
+ left: 81%;
+ z-index=1;
+ clear: both;
+}
+
+
+#nav h2 {
+ color: #FF7200;
+ font-size: 1.2em;
+ font-family: Verdana,Arial,Helvetica,sans-serif;
+ font-style: italic;
+ font-weight: normal;
+
+}
+
+#nav ul {
+ font-style:italic;
+ font-size: .8em;
+ font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
+ color: #067ab4;
+ list-style-type: square;
+ margin: 0;
+ padding: 0;
+}
+
+div.std {
+ border: solid 2px #D0D0D0;
+ border-radius: 5px;
+ box-shadow: 10px 10px 5px #888888;
+}
+
+
+div.detail {
+ border: solid 2px #C0C0C0;
+ border-radius: 14px;
+ box-shadow: 10px 10px 5px #888888;
+}
+
--- /dev/null
+<!-- Used by AAF (ATT inc 2013) -->
+<xs:schema xmlns:aaf="urn:aaf:v1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:aaf:v1_0" elementFormDefault="qualified">
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="response_data" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="bool">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="value" type="xs:boolean"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="permkey">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="permkeys">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="keys" type="aaf:permkey" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="user">
+ <xs:sequence>
+ <xs:element name="userName" type="xs:string"/>
+ <xs:element name="roleName" type="xs:string"/>
+ <xs:element name="userType" type="xs:string"/>
+ <xs:element name="createUser" type="xs:string"/>
+ <xs:element name="createTimestamp" type="xs:string"/>
+ <xs:element name="modifyUser" type="xs:string"/>
+ <xs:element name="modifyTimestamp" type="xs:string"/>
+ <xs:element ref="aaf:roles" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="role">
+ <xs:sequence>
+ <xs:element name="userName" type="xs:string"/>
+ <xs:element name="roleName" type="xs:string"/>
+ <xs:element name="userType" type="xs:string"/>
+ <xs:element name="createUser" type="xs:string"/>
+ <xs:element name="createTimestamp" type="xs:string"/>
+ <xs:element name="modifyUser" type="xs:string"/>
+ <xs:element name="modifyTimestamp" type="xs:string"/>
+ <xs:element ref="aaf:permissions" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="roles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="roles" type="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="permission">
+ <xs:complexContent>
+ <xs:extension base="aaf:permkey">
+ <xs:sequence>
+ <xs:element name="grantedRole" type="xs:string"/>
+ <xs:element name="createUser" type="xs:string"/>
+ <xs:element name="createTimestamp" type="xs:string"/>
+ <xs:element name="modifyUser" type="xs:string"/>
+ <xs:element name="modifyTimestamp" type="xs:string"/>
+ <xs:element name="grantingRole" type="xs:string"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:element name="permissions">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="permissions" type="aaf:permission" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="delg">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="delegate" type="xs:string"/>
+ <xs:element name="start" type="xs:date"/>
+ <xs:element name="end" type="xs:date"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="delgs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="cred">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string"/>
+ <xs:choice >
+ <xs:element name="password" type="xs:string" />
+ <xs:element name="cert" type = "xs:hexBinary" />
+ </xs:choice>
+ <xs:element name="start" type="xs:date" />
+ <xs:element name="end" type="xs:date" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!--
+ Approvals
+ -->
+ <xs:complexType name="approval">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="role" type="xs:string"/>
+ <xs:element name="status">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="approve"/>
+ <xs:enumeration value="reject"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="approvals">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!--
+ Users
+ -->
+ <xs:element name="users">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+</xs:schema>
+
--- /dev/null
+<!-- Used by AAF (ATT inc 2013) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:aaf="urn:aaf:v2_0"
+ targetNamespace="urn:aaf:v2_0"
+ elementFormDefault="qualified">
+
+<!--
+ Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
+ with Query Params.
+
+ Eliminate in 3.0
+ -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+
+
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ <!-- Deprecated. Use Query Command
+ <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ Permissions
+-->
+ <xs:complexType name = "pkey">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="permKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perm">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey">
+ <xs:sequence>
+ <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perms">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="permRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Roles
+-->
+ <xs:complexType name="rkey">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="roleKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="role">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey">
+ <xs:sequence>
+ <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="userRoleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="rolePermRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+ <xs:element name="nsRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name = "nss">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Users
+-->
+ <xs:element name="users">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Credentials
+-->
+ <xs:element name="credRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="id" type="xs:string"/>
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
+ <xs:choice >
+ <xs:element name="password" type="xs:string" />
+ <xs:element name="entry" type="xs:string" />
+ </xs:choice>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ History
+ -->
+ <xs:element name="history">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Approvals
+ -->
+ <xs:complexType name="approval">
+ <xs:sequence>
+ <!-- Note, id is set by system -->
+ <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="ticket" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="approver" type="xs:string"/>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="memo" type="xs:string"/>
+ <xs:element name="updated" type="xs:dateTime"/>
+ <xs:element name="status">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="approve"/>
+ <xs:enumeration value="reject"/>
+ <xs:enumeration value="pending"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="operation">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="C"/>
+ <xs:enumeration value="U"/>
+ <xs:enumeration value="D"/>
+ <xs:enumeration value="G"/>
+ <xs:enumeration value="UG"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="approvals">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Delegates
+-->
+ <xs:complexType name="delg">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="delegate" type="xs:string"/>
+ <xs:element name="expires" type="xs:date"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="delgRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="delgs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- jg 3/11/2015 New for 2.0.8 -->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+function http(meth, sURL, sInput, func) {
+ if (sInput != "") {
+ var http;
+ if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
+ http=new XMLHttpRequest();
+ } else {// code for IE6, IE5
+ http=new ActiveXObject('Microsoft.XMLHTTP');
+ }
+
+ http.onreadystatechange=function() {
+ if(http.readyState==4 && http.status == 200) {
+ func(http.responseText)
+ }
+ // Probably want Exception code too.
+ }
+
+ http.open(meth,sURL,false);
+ http.setRequestHeader('Content-Type','text/plain;charset=UTF-8');
+ http.send(sInput);
+ }
+}
\ No newline at end of file
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+Object.defineProperty(Element.prototype, 'outerHeight', {
+ 'get': function(){
+ var height = this.clientHeight;
+ height += getStyle(this,'marginTop');
+ height += getStyle(this,'marginBottom');
+ height += getStyle(this,'borderTopWidth');
+ height += getStyle(this,'borderBottomWidth');
+ return height;
+ }
+});
+
+if (document.addEventListener) {
+ document.addEventListener('DOMContentLoaded', function () {
+ var height = document.querySelector("#footer").outerHeight;
+ document.querySelector("#inner").setAttribute("style",
+ "margin-bottom:" + height.toString()+ "px");
+ });
+} else {
+ window.attachEvent("onload", function () {
+ var height = document.querySelector("#footer").outerHeight;
+ document.querySelector("#inner").setAttribute("style",
+ "margin-bottom:" + height.toString()+ "px");
+ });
+}
+
+
+
+function getStyle(el, prop) {
+ var result = el.currentStyle ? el.currentStyle[prop] :
+ document.defaultView.getComputedStyle(el,"")[prop];
+ if (parseInt(result,10))
+ return parseInt(result,10);
+ else
+ return 0;
+}
+
+function divVisibility(divID) {
+ var element = document.querySelector("#"+divID);
+ if (element.style.display=="block")
+ element.style.display="none";
+ else
+ element.style.display="block";
+}
+
+function datesURL(histPage) {
+ var validated=true;
+ var yearStart = document.querySelector('#yearStart').value;
+ var yearEnd = document.querySelector('#yearEnd').value;
+ var monthStart = document.querySelector('#monthStart').value;
+ var monthEnd = document.querySelector('#monthEnd').value;
+ if (monthStart.length == 1) monthStart = 0 + monthStart;
+ if (monthEnd.length == 1) monthEnd = 0 + monthEnd;
+
+ validated &= validateYear(yearStart);
+ validated &= validateYear(yearEnd);
+ validated &= validateMonth(monthStart);
+ validated &= validateMonth(monthEnd);
+
+ if (validated) window.location=histPage+"&dates="+yearStart+monthStart+"-"+yearEnd+monthEnd;
+ else alert("Please correct your date selections");
+}
+
+function userFilter(approvalPage) {
+ var user = document.querySelector('#userTextBox').value;
+ if (user != "")
+ window.location=approvalPage+"?user="+user;
+ else
+ window.location=approvalPage;
+}
+
+function validateYear(year) {
+ var today = new Date();
+ if (year >= 1900 && year <= today.getFullYear()) return true;
+ else return false;
+}
+
+function validateMonth(month) {
+ if (month) return true;
+ else return false;
+}
+
+function alterLink(breadcrumbToFind, newTarget) {
+ var breadcrumbs = document.querySelector("#breadcrumbs").getElementsByTagName("A");
+ for (var i=0; i< breadcrumbs.length;i++) {
+ var breadcrumbHref = breadcrumbs[i].getAttribute('href');
+ if (breadcrumbHref.indexOf(breadcrumbToFind)>-1)
+ breadcrumbs[i].setAttribute('href', newTarget);
+ }
+}
+
+// clipBoardData object not cross-browser supported. Only IE it seems
+function copyToClipboard(controlId) {
+ var control = document.getElementById(controlId);
+ if (control == null) {
+ alert("ERROR - control not found - " + controlId);
+ } else {
+ var controlValue = control.href;
+ window.clipboardData.setData("text/plain", controlValue);
+ alert("Copied text to clipboard : " + controlValue);
+ }
+}
--- /dev/null
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+function getCommand() {
+ if(typeof String.prototype.trim !== 'function') {
+ String.prototype.trim = function() {
+ return this.replace(/^\s+|\s+$/g, '');
+ };
+ }
+
+ var cmds = [];
+ cmds = document.querySelector("#command_field").value.split(" ");
+ var cleanCmd = "";
+ if (document.querySelector("#details_img").getAttribute("class") == "selected")
+ cleanCmd += "set details=true ";
+ for (var i = 0; i < cmds.length;i++) {
+ var trimmed = cmds[i].trim();
+ if (trimmed != "")
+ cleanCmd += trimmed + " ";
+ }
+
+ return cleanCmd.trim();
+}
+
+function moveCommandToDiv() {
+
+ var textInput = document.querySelector("#command_field");
+ var content = document.createTextNode(textInput.value);
+ var parContent = document.createElement("p");
+ var consoleDiv = document.querySelector("#console_area");
+ var commandCount = consoleDiv.querySelectorAll(".command").length;
+ parContent.setAttribute("class", "command");
+ parContent.appendChild(content);
+ consoleDiv.appendChild(parContent);
+
+ textInput.value = "";
+}
+
+function printResponse(response) {
+ var parContent = document.createElement("p");
+ parContent.setAttribute("class", "response");
+ var preTag = document.createElement("pre");
+ parContent.appendChild(preTag);
+ var content = document.createTextNode(response);
+ preTag.appendChild(content);
+ var consoleDiv = document.querySelector("#console_area");
+ consoleDiv.appendChild(parContent);
+
+ consoleDiv.scrollTop = consoleDiv.scrollHeight;
+}
+
+function clearHistory() {
+ var consoleDiv = document.querySelector("#console_area");
+ var curr;
+ while (curr=consoleDiv.firstChild) {
+ consoleDiv.removeChild(curr);
+ }
+ document.querySelector("#command_field").value = "";
+ currentCmd = 0;
+}
+
+function buttonChangeFontSize(direction) {
+ var slider = document.querySelector("#text_size_slider");
+ var currentSize = parseInt(slider.value);
+ var newSize;
+ if (direction == "inc") {
+ newSize = currentSize + 10;
+ } else {
+ newSize = currentSize - 10;
+ }
+ if (newSize > slider.max) newSize = parseInt(slider.max);
+ if (newSize < slider.min) newSize = parseInt(slider.min);
+ slider.value = newSize;
+ changeFontSize(newSize);
+}
+
+function changeFontSize(size) {
+ var consoleDiv = document.querySelector("#console_area");
+ consoleDiv.style.fontSize = size + "%";
+}
+
+function handleDivHiding(id, img) {
+ var options_link = document.querySelector("#options_link");
+ var divHeight = toggleVisibility(document.querySelector("#"+id));
+
+ if (id == 'options') {
+ if (options_link.getAttribute("class") == "open") {
+ changeImg(document.querySelector("#options_img"), "../../theme/options_down.png");
+ options_link.setAttribute("class", "closed");
+ } else {
+ changeImg(document.querySelector("#options_img"), "../../theme/options_up.png");
+ options_link.setAttribute("class", "open");
+ }
+ moveToggleImg(options_link, divHeight);
+ } else { //id=text_slider
+ selectOption(img,divHeight);
+ }
+
+}
+
+function selectOption(img, divHeight) {
+ var options_link = document.querySelector("#options_link");
+ var anySelected;
+ if (img.getAttribute("class") != "selected") {
+ anySelected = document.querySelectorAll(".selected").length>0;
+ if (anySelected == false)
+ divHeight += 4;
+ img.setAttribute("class", "selected");
+ } else {
+ img.setAttribute("class", "");
+ anySelected = document.querySelectorAll(".selected").length>0;
+ if (anySelected == false)
+ divHeight -= 4;
+
+ }
+
+ moveToggleImg(options_link, divHeight);
+}
+
+function toggleVisibility(element) {
+ var divHeight;
+ if(element.style.display == 'block') {
+ divHeight = 0 - element.clientHeight;
+ element.style.display = 'none';
+ } else {
+ element.style.display = 'block';
+ divHeight = element.clientHeight;
+ }
+ return divHeight;
+}
+
+function moveToggleImg(element, height) {
+ var curTop = (element.style.top == "" ? 0 : parseInt(element.style.top));
+ element.style.top = curTop + height;
+}
+
+function changeImg(img, loc) {
+ img.src = loc;
+}
+
+var currentCmd = 0;
+function keyPressed() {
+ document.querySelector("#command_field").onkeyup=function(e) {
+ if (!e) e = window.event;
+ var keyCode = e.which || e.keyCode;
+ if (keyCode == 38 || keyCode == 40 || keyCode == 13 || keyCode == 27) {
+ var cmdHistoryList = document.querySelectorAll(".command");
+ switch (keyCode) {
+ case 13:
+ // press enter
+
+ if (getCommand().toLowerCase()=="clear") {
+ clearHistory();
+ } else {
+ currentCmd = cmdHistoryList.length + 1;
+ document.querySelector("#submit").click();
+ }
+ break;
+
+ case 27:
+ //press escape
+ currentCmd = cmdHistoryList.length;
+ document.querySelector("#command_field").value = "";
+ break;
+
+ case 38:
+ // press arrow up
+ if (currentCmd != 0)
+ currentCmd -= 1;
+ if (cmdHistoryList.length != 0)
+ document.querySelector("#command_field").value = cmdHistoryList[currentCmd].innerHTML;
+ break;
+ case 40:
+ // press arrow down
+ var cmdText = "";
+ currentCmd = (currentCmd == cmdHistoryList.length) ? currentCmd : currentCmd + 1;
+ if (currentCmd < cmdHistoryList.length)
+ cmdText = cmdHistoryList[currentCmd].innerHTML;
+
+ document.querySelector("#command_field").value = cmdText;
+ break;
+ }
+ }
+ }
+}
+
+function saveToFile() {
+ var commands = document.querySelectorAll(".command");
+ var responses = document.querySelectorAll(".response");
+ var textToWrite = "";
+ for (var i = 0; i < commands.length; i++) {
+ textToWrite += "> " + commands[i].innerHTML + "\r\n";
+ textToWrite += prettyResponse(responses[i].firstChild.innerHTML);
+ }
+
+ var ie = navigator.userAgent.match(/MSIE\s([\d.]+)/);
+ var ie11 = navigator.userAgent.match(/Trident\/7.0/) && navigator.userAgent.match(/rv:11/);
+ var ieVer=(ie ? ie[1] : (ie11 ? 11 : -1));
+
+// if (ie && ieVer<10) {
+// console.log("No blobs on IE ver<10");
+// return;
+// }
+
+ var textFileAsBlob = new Blob([textToWrite], {type:'text/plain'});
+ var fileName = "AAFcommands.log";
+
+ if (ieVer >= 10) {
+// window.navigator.msSaveBlob(textFileAsBlob, fileName);
+ window.navigator.msSaveOrOpenBlob(textFileAsBlob, fileName);
+ } else {
+ var downloadLink = document.createElement("a");
+ downloadLink.download = fileName;
+ downloadLink.innerHTML = "Download File";
+ if (window.webkitURL != null) {
+ // Chrome allows the link to be clicked
+ // without actually adding it to the DOM.
+ downloadLink.href = window.webkitURL.createObjectURL(textFileAsBlob);
+ } else {
+ // Firefox requires the link to be added to the DOM
+ // before it can be clicked.
+ downloadLink.href = window.URL.createObjectURL(textFileAsBlob);
+ downloadLink.onclick = destroyClickedElement;
+ downloadLink.style.display = "none";
+ document.body.appendChild(downloadLink);
+ }
+
+ downloadLink.click();
+ }
+}
+
+function prettyResponse(response) {
+ var lines = response.split('\n');
+ var cleanResponse = "";
+ for (var i=0; i < lines.length; i++) {
+ cleanResponse += lines[i] + "\r\n";
+ }
+ cleanResponse = cleanResponse.replace(/(<)/g,"<").replace(/(>)/g,">");
+ return cleanResponse;
+}
+
+function destroyClickedElement(event){
+ document.body.removeChild(event.target);
+}
+
+function fakePlaceholder() {
+ document.querySelector("#command_field").setAttribute("value", "Type your AAFCLI commands here");
+}
+
+function maximizeConsole(img) {
+ var footer = document.querySelector("#footer");
+ var console_area = document.querySelector("#console_area");
+ var content = document.querySelector("#content");
+ var input_area = document.querySelector("#input_area");
+ var help_msg = document.querySelector("#help_msg");
+ var console_space = document.documentElement.clientHeight;
+ console_space -= input_area.outerHeight;
+ console_space -= help_msg.outerHeight;
+ var height = getStyle(console_area,'paddingTop') + getStyle(console_area,'paddingBottom');
+ console_space -= height;
+
+
+ if (content.getAttribute("class") != "maximized") {
+ content.setAttribute("class", "maximized");
+ footer.style.display="none";
+ console_area.style.resize="none";
+ console_area.style.height=console_space.toString()+"px";
+ } else {
+ content.removeAttribute("class");
+ footer.style.display="";
+ console_area.style.resize="vertical";
+ console_area.style.height="300px";
+ }
+ selectOption(img,0);
+}
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-gw</artifactId>\r
+ <name>Authz Gate/Wall</name>\r
+ <description>GW API</description>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>\r
+ <project.swmVersion>30</project.swmVersion>\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ \r
+ <exclusions>\r
+ <exclusion> \r
+ <groupId>javax.servlet</groupId>\r
+ <artifactId>servlet-api</artifactId>\r
+ </exclusion>\r
+ </exclusions> \r
+ </dependency>\r
+ \r
+ <dependency> \r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+\r
+ <!-- <dependency> \r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-tguard</artifactId>\r
+ </dependency> -->\r
+ \r
+ </dependencies>\r
+ \r
+ <build>\r
+ <plugins>\r
+ <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->\r
+ <plugin>\r
+ <groupId>org.codehaus.mojo</groupId>\r
+ <artifactId>jaxb2-maven-plugin</artifactId>\r
+ </plugin>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-jar-plugin</artifactId>\r
+ <configuration>\r
+ <includes>\r
+ <include>**/*.class</include>\r
+ </includes>\r
+ </configuration>\r
+ <version>2.3.1</version>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <configuration>\r
+ <skip>true</skip>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins/>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+ <distributionManagement>\r
+ <snapshotRepository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>\r
+ </snapshotRepository>\r
+ <repository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>\r
+ </repository>\r
+ </distributionManagement>\r
+ \r
+ <scm>\r
+ <connection>https://github.com/att/AAF.git</connection>\r
+ <developerConnection>${project.scm.connection}</developerConnection>\r
+ <url>http://github.com/att/AAF/tree/master</url>\r
+ </scm>\r
+</project>\r
--- /dev/null
+##
+## AUTHZ GateWall (authz-gw) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+AFT_ENV_CONTEXT=_ENV_CONTEXT_
+
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.authz-gw/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_GW_PORT_RANGE_
+
+# Turn on both AAF TAF & LUR 2.0
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+
+# CSP
+csp_domain=PROD
+
+# GUI Login Page
+cadi_loginpage_url=https://DME2RESOLVE/service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_/login
+
+
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}\r
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+log4j.appender.GW=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.GW.File=_LOG_DIR_/${LOG4J_FILENAME_gw}\r
+log4j.appender.GW.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.GW.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.GW.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}\r
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN\r
+log4j.logger.org.apache=WARN,INIT\r
+log4j.logger.dme2=WARN,INIT\r
+log4j.logger.init=INFO,INIT\r
+log4j.logger.gw=_LOG4J_LEVEL_,GW\r
+log4j.logger.audit=INFO,AUDIT\r
+\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">\r
+ <ns2:ManagedResource>\r
+ <ResourceDescriptor>\r
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>\r
+ <ResourceVersion>\r
+ <Major>_MAJOR_VER_</Major>\r
+ <Minor>_MINOR_VER_</Minor>\r
+ <Patch>_PATCH_VER_</Patch> \r
+ </ResourceVersion>\r
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>\r
+ </ResourceDescriptor>\r
+ <ResourceType>Java</ResourceType>\r
+ <ResourcePath>com.att.authz.gw.GwAPI</ResourcePath>\r
+ <ResourceProps>\r
+ <Tag>process.workdir</Tag>\r
+ <Value>_ROOT_DIR_</Value>\r
+ </ResourceProps> \r
+ <ResourceProps>\r
+ <Tag>jvm.version</Tag>\r
+ <Value>1.8</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.args</Tag>\r
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.classpath</Tag>\r
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.min</Tag>\r
+ <Value>512m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.max</Tag>\r
+ <Value>2048m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>start.class</Tag>\r
+ <Value>com.att.authz.gw.GwAPI</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stdout.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stderr.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>\r
+ </ResourceProps>\r
+ <ResourceOSID>aft</ResourceOSID>\r
+ <ResourceStartType>AUTO</ResourceStartType>\r
+ <ResourceStartPriority>4</ResourceStartPriority>\r
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>\r
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount> \r
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>\r
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>\r
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>\r
+ </ns2:ManagedResource>\r
+</ns2:ManagedResourceList>\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw;\r
+\r
+import java.net.HttpURLConnection;\r
+import java.util.ArrayList;\r
+import java.util.EnumSet;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Properties;\r
+\r
+import com.att.aft.dme2.api.DME2Exception;\r
+\r
+import com.att.aft.dme2.api.DME2Manager;\r
+import com.att.aft.dme2.api.DME2Server;\r
+import com.att.aft.dme2.api.DME2ServerProperties;\r
+import com.att.aft.dme2.api.DME2ServiceHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.util.DME2ServletHolder;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.gw.api.API_AAFAccess;\r
+import com.att.authz.gw.api.API_Api;\r
+import com.att.authz.gw.api.API_Find;\r
+import com.att.authz.gw.api.API_Proxy;\r
+import com.att.authz.gw.api.API_TGuard;\r
+import com.att.authz.gw.facade.GwFacade_1_0;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.server.AbsServer;\r
+import com.att.cache.Cache;\r
+import com.att.cache.Cache.Dated;\r
+import com.att.cadi.CadiException;\r
+//import com.att.cadi.PropAccess;\r
+import com.att.cadi.aaf.v2_0.AAFAuthn;\r
+import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
+import com.att.cadi.config.Config;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+\r
+public class GwAPI extends AbsServer {\r
+ private static final String USER_PERMS = "userPerms";\r
+ private GwFacade_1_0 facade; // this is the default Facade\r
+ private GwFacade_1_0 facade_1_0_XML;\r
+ public Map<String, Dated> cacheUser;\r
+ public final String aafurl;\r
+ public final AAFAuthn<HttpURLConnection> aafAuthn;\r
+ public final AAFLurPerm aafLurPerm;\r
+ public DME2Manager dme2Man;\r
+\r
+ \r
+ /**\r
+ * Construct AuthzAPI with all the Context Supporting Routes that Authz needs\r
+ * \r
+ * @param env\r
+ * @param si \r
+ * @param dm \r
+ * @param decryptor \r
+ * @throws APIException \r
+ */\r
+ public GwAPI(AuthzEnv env) throws Exception {\r
+ super(env,"AAF GW");\r
+ aafurl = env.getProperty(Config.AAF_URL); \r
+\r
+ // Setup Logging\r
+ //env.setLog4JNames("log4j.properties","authz","gw","audit","init","trace");\r
+\r
+ aafLurPerm = aafCon.newLur();\r
+ // Note: If you need both Authn and Authz construct the following:\r
+ aafAuthn = aafCon.newAuthn(aafLurPerm);\r
+\r
+ // Initialize Facade for all uses\r
+ //AuthzTrans trans = env.newTrans();\r
+\r
+ // facade = GwFacadeFactory.v1_0(env,trans,Data.TYPE.JSON); // Default Facade\r
+ // facade_1_0_XML = GwFacadeFactory.v1_0(env,trans,Data.TYPE.XML);\r
+\r
+ synchronized(env) {\r
+ if(cacheUser == null) {\r
+ cacheUser = Cache.obtain(USER_PERMS);\r
+ //Cache.startCleansing(env, USER_PERMS);\r
+ Cache.addShutdownHook(); // Setup Shutdown Hook to close cache\r
+ }\r
+ }\r
+ \r
+ ////////////////////////////////////////////////////////////////////////////\r
+ // Time Critical\r
+ // These will always be evaluated first\r
+ ////////////////////////////////////////////////////////////////////////\r
+ API_AAFAccess.init(this,facade);\r
+ API_Find.init(this, facade);\r
+ API_TGuard.init(this, facade);\r
+ API_Proxy.init(this, facade);\r
+ \r
+ ////////////////////////////////////////////////////////////////////////\r
+ // Management APIs\r
+ ////////////////////////////////////////////////////////////////////////\r
+ // There are several APIs around each concept, and it gets a bit too\r
+ // long in this class to create. The initialization of these Management\r
+ // APIs have therefore been pushed to StandAlone Classes with static\r
+ // init functions\r
+ API_Api.init(this, facade);\r
+\r
+ ////////////////////////////////////////////////////////////////////////\r
+ // Default Function\r
+ ////////////////////////////////////////////////////////////////////////\r
+ API_AAFAccess.initDefault(this,facade);\r
+\r
+ }\r
+ \r
+ /**\r
+ * Setup XML and JSON implementations for each supported Version type\r
+ * \r
+ * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties\r
+ * to do Versions and Content switches\r
+ * \r
+ */\r
+ public void route(HttpMethods meth, String path, API api, GwCode code) throws Exception {\r
+ String version = "1.0";\r
+ // Get Correct API Class from Mapper\r
+ Class<?> respCls = facade.mapper().getClass(api); \r
+ if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());\r
+ // setup Application API HTML ContentTypes for JSON and Route\r
+ String application = applicationJSON(respCls, version);\r
+ //route(env,meth,path,code,application,"application/json;version="+version,"*/*");\r
+\r
+ // setup Application API HTML ContentTypes for XML and Route\r
+ application = applicationXML(respCls, version);\r
+ //route(env,meth,path,code.clone(facade_1_0_XML,false),application,"text/xml;version="+version);\r
+ \r
+ // Add other Supported APIs here as created\r
+ }\r
+ \r
+ public void routeAll(HttpMethods meth, String path, API api, GwCode code) throws Exception {\r
+ //route(env,meth,path,code,""); // this will always match\r
+ }\r
+\r
+\r
+ /**\r
+ * Start up AuthzAPI as DME2 Service\r
+ * @param env\r
+ * @param props\r
+ * @throws DME2Exception\r
+ * @throws CadiException \r
+ */\r
+ public void startDME2(Properties props) throws DME2Exception, CadiException {\r
+ \r
+ dme2Man = new DME2Manager("GatewayDME2Manager",props);\r
+\r
+ DME2ServiceHolder svcHolder;\r
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();\r
+ svcHolder = new DME2ServiceHolder();\r
+ String serviceName = env.getProperty("DMEServiceName",null);\r
+ if(serviceName!=null) {\r
+ svcHolder.setServiceURI(serviceName);\r
+ svcHolder.setManager(dme2Man);\r
+ svcHolder.setContext("/");\r
+ \r
+ \r
+ \r
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[] {"/dme2","/api"});\r
+ srvHolder.setContextPath("/*");\r
+ slist.add(srvHolder);\r
+ \r
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(\r
+ RequestDispatcherType.REQUEST,\r
+ RequestDispatcherType.FORWARD,\r
+ RequestDispatcherType.ASYNC\r
+ );\r
+\r
+ ///////////////////////\r
+ // Apply Filters\r
+ ///////////////////////\r
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();\r
+ \r
+ // Leave Login page un secured\r
+ // AuthzTransOnlyFilter atof = new AuthzTransOnlyFilter(env);\r
+ // flist.add(new DME2FilterHolder(atof,"/login", edlist));\r
+\r
+ // Secure all other interactions with AuthzTransFilter\r
+// flist.add(new DME2FilterHolder(\r
+// new AuthzTransFilter(env, aafCon, new AAFTrustChecker(\r
+// env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),\r
+// Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"\r
+// )),\r
+// "/*", edlist));\r
+// \r
+\r
+ svcHolder.setFilters(flist);\r
+ svcHolder.setServletHolders(slist);\r
+ \r
+ DME2Server dme2svr = dme2Man.getServer();\r
+// dme2svr.setGracefulShutdownTimeMs(1000);\r
+ \r
+ // env.init().log("Starting GW Jetty/DME2 server...");\r
+ dme2svr.start();\r
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();\r
+ try {\r
+// if(env.getProperty("NO_REGISTER",null)!=null)\r
+ dme2Man.bindService(svcHolder);\r
+// env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());\r
+\r
+ while(true) { // Per DME2 Examples...\r
+ Thread.sleep(5000);\r
+ }\r
+ } catch(InterruptedException e) {\r
+ // env.init().log("AAF Jetty Server interrupted!");\r
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process\r
+ // env.init().log(e,"DME2 Initialization Error");\r
+ dme2svr.stop();\r
+ System.exit(1);\r
+ }\r
+ } else {\r
+ //env.init().log("Properties must contain DMEServiceName");\r
+ }\r
+ }\r
+\r
+ public static void main(String[] args) {\r
+ setup(GwAPI.class,"authGW.props");\r
+ }\r
+\r
+// public void route(PropAccess env, HttpMethods get, String string, GwCode gwCode, String string2, String string3,\r
+// String string4) {\r
+// // TODO Auto-generated method stub\r
+// \r
+// }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.cssa.rserv.HttpCode;\r
+\r
+public abstract class GwCode extends HttpCode<AuthzTrans, GwFacade> implements Cloneable {\r
+ public boolean useJSON;\r
+\r
+ public GwCode(GwFacade facade, String description, boolean useJSON, String ... roles) {\r
+ super(facade, description, roles);\r
+ this.useJSON = useJSON;\r
+ }\r
+ \r
+ public <D extends GwCode> D clone(GwFacade facade, boolean useJSON) throws Exception {\r
+ @SuppressWarnings("unchecked")\r
+ D d = (D)clone();\r
+ d.useJSON = useJSON;\r
+ d.context = facade;\r
+ return d;\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.api;\r
+\r
+import java.io.IOException;\r
+import java.net.ConnectException;\r
+import java.net.MalformedURLException;\r
+import java.net.URI;\r
+import java.security.Principal;\r
+\r
+import javax.servlet.ServletOutputStream;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.GwAPI;\r
+import com.att.authz.gw.GwCode;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.layer.Result;\r
+import com.att.cache.Cache.Dated;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.Locator;\r
+import com.att.cadi.Locator.Item;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.aaf.AAFPermission;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.dme2.DME2Locator;\r
+import com.att.cadi.principal.BasicPrincipal;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+\r
+public class API_AAFAccess {\r
+ private static final String AUTHZ_DME2_GUI = "com.att.authz.authz-gui";\r
+ static final String AFT_ENVIRONMENT="AFT_ENVIRONMENT";\r
+ static final String AFT_ENV_CONTEXT="AFT_ENV_CONTEXT";\r
+ static final String AFTUAT="AFTUAT";\r
+ \r
+ private static final String PROD = "PROD";\r
+ private static final String IST = "IST"; // main NONPROD system\r
+ private static final String PERF = "PERF";\r
+ private static final String TEST = "TEST";\r
+ private static final String DEV = "DEV";\r
+ \r
+// private static String service, version, envContext; \r
+ private static String routeOffer;\r
+\r
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";\r
+ private static final String USER_HAS_PERM ="User Has Perm";\r
+// private static final String USER_IN_ROLE ="User Has Role";\r
+ private static final String BASIC_AUTH ="AAF Basic Auth";\r
+ \r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param gwAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);\r
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");\r
+ \r
+ int equals, count=0;\r
+ for(int slash = gwAPI.aafurl.indexOf('/');slash>0;++count) {\r
+ equals = gwAPI.aafurl.indexOf('=',slash)+1;\r
+ slash = gwAPI.aafurl.indexOf('/',slash+1);\r
+ switch(count) {\r
+ case 2:\r
+// service = gwAPI.aafurl.substring(equals, slash);\r
+ break;\r
+ case 3:\r
+// version = gwAPI.aafurl.substring(equals, slash);\r
+ break;\r
+ case 4:\r
+// envContext = gwAPI.aafurl.substring(equals, slash);\r
+ break;\r
+ case 5:\r
+ routeOffer = gwAPI.aafurl.substring(equals);\r
+ break;\r
+ }\r
+ }\r
+ if(count<6) throw new MalformedURLException(gwAPI.aafurl);\r
+ \r
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new GwCode(facade,GET_PERMS_BY_USER, true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {\r
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);\r
+ try {\r
+ final String accept = req.getHeader("ACCEPT");\r
+ final String user = pathParam(req,":user");\r
+ if(!user.contains("@")) {\r
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);\r
+ return;\r
+ }\r
+ String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");\r
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);\r
+ Dated d;\r
+ try {\r
+ d = gwAPI.cacheUser.get(key);\r
+ } finally {\r
+ tt2.done();\r
+ }\r
+ \r
+ if(d==null || d.data.isEmpty()) {\r
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);\r
+ try {\r
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {\r
+ @Override\r
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);\r
+ if(fp.get(5000)) {\r
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ ServletOutputStream sos;\r
+ try {\r
+ sos = resp.getOutputStream();\r
+ sos.print(fp.value);\r
+ } catch (IOException e) {\r
+ throw new CadiException(e);\r
+ }\r
+ } else {\r
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));\r
+ context.error(trans,resp,fp.code(),fp.body());\r
+ }\r
+ return null;\r
+ }\r
+ });\r
+ } finally {\r
+ tt2.done();\r
+ }\r
+ } else {\r
+ User u = (User)d.data.get(0);\r
+ resp.setStatus(u.code);\r
+ ServletOutputStream sos = resp.getOutputStream();\r
+ sos.print(u.resp);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ });\r
+\r
+ gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new GwCode(facade,BASIC_AUTH, true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Principal p = trans.getUserPrincipal();\r
+ if(p == null) {\r
+ trans.error().log("Transaction not Authenticated... no Principal");\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ } else if (p instanceof BasicPrincipal) {\r
+ // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok\r
+ // otherwise, it wouldn't have gotten here.\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");\r
+ // For Auth Security questions, we don't give any info to client on why failed\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ }\r
+ }\r
+ },"text/plain","*/*","*");\r
+\r
+ /**\r
+ * Query User Has Perm\r
+ */\r
+ gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new GwCode(facade,USER_HAS_PERM, true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ resp.getOutputStream().print(\r
+ gwAPI.aafLurPerm.fish(pathParam(req,":user"), new AAFPermission(\r
+ pathParam(req,":type"),\r
+ pathParam(req,":instance"),\r
+ pathParam(req,":action"))));\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } catch(Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+\r
+ if(AFTUAT.equals(aftenv)) {\r
+ gwAPI.route(HttpMethods.GET,"/ist/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access UAT GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try{\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), IST, routeOffer), \r
+ pathParam(req,":path"));\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+\r
+ gwAPI.route(HttpMethods.GET,"/test/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access TEST GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try{\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), TEST, routeOffer), \r
+ pathParam(req,":path"));\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+\r
+ gwAPI.route(HttpMethods.GET,"/perf/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access PERF GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try{\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PERF, routeOffer), \r
+ pathParam(req,":path"));\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+\r
+ gwAPI.route(HttpMethods.GET,"/dev/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access DEV GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), DEV, routeOffer), \r
+ pathParam(req,":path"));\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+ } else {\r
+ gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access PROD GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PROD, routeOffer), \r
+ pathParam(req,":path"));\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+ }\r
+ \r
+ }\r
+ \r
+ public static void initDefault(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);\r
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");\r
+ \r
+ String aftctx = gwAPI.env.getProperty(AFT_ENV_CONTEXT);\r
+ if(aftctx==null) throw new Exception(AFT_ENV_CONTEXT + " must be set");\r
+\r
+ /**\r
+ * "login" url\r
+ */\r
+ gwAPI.route(HttpMethods.GET,"/login",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), \r
+ "login");\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Default URL\r
+ */\r
+ gwAPI.route(HttpMethods.GET,"/",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ redirect(trans, req, resp, context, \r
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), \r
+ "gui/home");\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());\r
+ } catch (Exception e) {\r
+ context.error(trans, resp, Result.ERR_General, e.getMessage());\r
+ }\r
+ }\r
+ });\r
+ }\r
+\r
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, GwFacade context, Locator loc, String path) throws IOException {\r
+ try {\r
+ if(loc.hasItems()) {\r
+ Item item = loc.best();\r
+ URI uri = (URI) loc.get(item);\r
+ StringBuilder redirectURL = new StringBuilder(uri.toString()); \r
+ redirectURL.append('/');\r
+ redirectURL.append(path);\r
+ String str = req.getQueryString();\r
+ if(str!=null) {\r
+ redirectURL.append('?');\r
+ redirectURL.append(str);\r
+ }\r
+ trans.info().log("Redirect to",redirectURL);\r
+ resp.sendRedirect(redirectURL.toString());\r
+ } else {\r
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));\r
+ }\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));\r
+ }\r
+ }\r
+\r
+ private static class User {\r
+ public final int code;\r
+ public final String resp;\r
+ \r
+ public User(int code, String resp) {\r
+ this.code = code;\r
+ this.resp = resp;\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.GwAPI;\r
+import com.att.authz.gw.GwCode;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.Symm;\r
+import com.att.cssa.rserv.HttpMethods;\r
+\r
+/**\r
+ * API Apis\r
+ *\r
+ */\r
+public class API_Api {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param gwAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ ////////\r
+ // Overall APIs\r
+ ///////\r
+ gwAPI.route(HttpMethods.GET,"/api",API.VOID,new GwCode(facade,"Document API", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+\r
+ }\r
+ });\r
+\r
+ ////////\r
+ // Overall Examples\r
+ ///////\r
+ gwAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new GwCode(facade,"Document API", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String pathInfo = req.getPathInfo();\r
+ int question = pathInfo.lastIndexOf('?');\r
+ \r
+ pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"\r
+ String nameOrContextType=Symm.base64noSplit.decode(pathInfo);\r
+// String param = req.getParameter("optional");\r
+ Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,\r
+ question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1))\r
+ );\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.api;\r
+\r
+import java.net.URI;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.GwAPI;\r
+import com.att.authz.gw.GwCode;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.Locator;\r
+import com.att.cadi.Locator.Item;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.dme2.DME2Locator;\r
+import com.att.cssa.rserv.HttpMethods;\r
+\r
+/**\r
+ * API Apis.. using Redirect for mechanism\r
+ * \r
+ *\r
+ */\r
+public class API_Find {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param gwAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ ////////\r
+ // Overall APIs\r
+ ///////\r
+ gwAPI.route(HttpMethods.GET,"/dme2/:service/:version/:envContext/:routeOffer/:path*",API.VOID,new GwCode(facade,"Document API", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ //TODO cache this...\r
+ try {\r
+ Locator loc = new DME2Locator(gwAPI.env, gwAPI.dme2Man, \r
+ pathParam(req,":service"),\r
+ pathParam(req,":version"),\r
+ pathParam(req,":envContext"),\r
+ pathParam(req,":routeOffer")\r
+ );\r
+ if(loc.hasItems()) {\r
+ Item item = loc.best();\r
+ URI uri = (URI) loc.get(item);\r
+ String redirectURL = uri.toString() + '/' + pathParam(req,":path");\r
+ trans.warn().log("Redirect to",redirectURL);\r
+ resp.sendRedirect(redirectURL);\r
+ } else {\r
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));\r
+ }\r
+ } catch (LocatorException e) {\r
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));\r
+ }\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.api;\r
+\r
+import java.net.ConnectException;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.GwAPI;\r
+import com.att.authz.gw.GwCode;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.client.Future;\r
+import com.att.cadi.client.Rcli;\r
+import com.att.cadi.client.Retryable;\r
+import com.att.cadi.config.Config;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+\r
+/**\r
+ * API Apis.. using Redirect for mechanism\r
+ * \r
+ *\r
+ */\r
+public class API_Proxy {\r
+\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param gwAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ \r
+ String aafurl = gwAPI.env.getProperty(Config.AAF_URL);\r
+ if(aafurl==null) {\r
+ } else {\r
+\r
+ ////////\r
+ // Transferring APIs\r
+ ///////\r
+ gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy GET", true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {\r
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);\r
+ try {\r
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {\r
+ @Override\r
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);\r
+ ft.get(10000); // Covers return codes and err messages\r
+ return null;\r
+ }\r
+ });\r
+ \r
+ } catch (CadiException | APIException e) {\r
+ trans.error().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ });\r
+ \r
+ gwAPI.routeAll(HttpMethods.POST,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy POST", true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {\r
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);\r
+ try {\r
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {\r
+ @Override\r
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.CREATED_201);\r
+ ft.get(10000); // Covers return codes and err messages\r
+ return null;\r
+ }\r
+ });\r
+ } catch (CadiException | APIException e) {\r
+ trans.error().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ });\r
+ \r
+ gwAPI.routeAll(HttpMethods.PUT,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy PUT", true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {\r
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);\r
+ try {\r
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {\r
+ @Override\r
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);\r
+ ft.get(10000); // Covers return codes and err messages\r
+ return null;\r
+ }\r
+ });\r
+ } catch (CadiException | APIException e) {\r
+ trans.error().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ });\r
+ \r
+ gwAPI.routeAll(HttpMethods.DELETE,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy DELETE", true) {\r
+ @Override\r
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {\r
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);\r
+ try {\r
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {\r
+ @Override\r
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);\r
+ ft.get(10000); // Covers return codes and err messages\r
+ return null;\r
+ }\r
+ });\r
+ } catch (CadiException | APIException e) {\r
+ trans.error().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ });\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.GwAPI;\r
+import com.att.authz.gw.GwCode;\r
+import com.att.authz.gw.facade.GwFacade;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.layer.Result;\r
+import com.att.cssa.rserv.HttpMethods;\r
+\r
+/**\r
+ * API Apis\r
+ *\r
+ */\r
+public class API_TGuard {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param gwAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {\r
+ String aftenv = gwAPI.env.getProperty(API_AAFAccess.AFT_ENVIRONMENT);\r
+ if(aftenv==null) throw new Exception(API_AAFAccess.AFT_ENVIRONMENT + " must be set");\r
+\r
+ ////////\r
+ // Do not deploy these to PROD\r
+ ///////\r
+ if(API_AAFAccess.AFTUAT.equals(aftenv)) {\r
+ gwAPI.route(HttpMethods.GET,"/tguard/:path*",API.VOID,new GwCode(facade,"TGuard Test", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.facade;\r
+\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cssa.rserv.RServlet;\r
+\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public interface GwFacade {\r
+\r
+///////////////////// STANDARD ELEMENTS //////////////////\r
+ /** \r
+ * @param trans\r
+ * @param response\r
+ * @param result\r
+ */\r
+ void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param response\r
+ * @param status\r
+ */\r
+ void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... detail);\r
+\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param resp\r
+ * @param rservlet\r
+ * @return\r
+ */\r
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param resp\r
+ * @param typeCode\r
+ * @param optional\r
+ * @return\r
+ */\r
+ public abstract Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional);\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.facade;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.mapper.Mapper_1_0;\r
+import com.att.authz.gw.service.GwServiceImpl;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+import gw.v1_0.Error;\r
+import gw.v1_0.InRequest;\r
+import gw.v1_0.Out;\r
+\r
+\r
+public class GwFacadeFactory {\r
+ public static GwFacade_1_0 v1_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type) throws APIException {\r
+ return new GwFacade_1_0(env,\r
+ new GwServiceImpl<\r
+ InRequest,\r
+ Out,\r
+ Error>(trans,new Mapper_1_0()),\r
+ type); \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.facade;\r
+\r
+\r
+import static com.att.authz.layer.Result.ERR_ActionNotCompleted;\r
+import static com.att.authz.layer.Result.ERR_BadData;\r
+import static com.att.authz.layer.Result.ERR_ConflictAlreadyExists;\r
+import static com.att.authz.layer.Result.ERR_Denied;\r
+import static com.att.authz.layer.Result.ERR_NotFound;\r
+import static com.att.authz.layer.Result.ERR_NotImplemented;\r
+import static com.att.authz.layer.Result.ERR_Policy;\r
+import static com.att.authz.layer.Result.ERR_Security;\r
+\r
+import java.lang.reflect.Method;\r
+\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.mapper.Mapper;\r
+import com.att.authz.gw.mapper.Mapper.API;\r
+import com.att.authz.gw.service.GwService;\r
+import com.att.authz.gw.service.GwServiceImpl;\r
+import com.att.authz.layer.FacadeImpl;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.aaf.client.Examples;\r
+import com.att.cssa.rserv.RServlet;\r
+import com.att.cssa.rserv.RouteReport;\r
+import com.att.cssa.rserv.doc.ApiDoc;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Data.TYPE;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.rosetta.env.RosettaDF;\r
+\r
+import gw.v1_0.Api;\r
+\r
+/**\r
+ * AuthzFacade\r
+ * \r
+ * This Service Facade encapsulates the essence of the API Service can do, and provides\r
+ * a single created object for elements such as RosettaDF.\r
+ *\r
+ * The Responsibilities of this class are to:\r
+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)\r
+ * 2) Validate incoming data (if applicable)\r
+ * 3) Convert the Service response into the right Format, and mark the Content Type\r
+ * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.\r
+ * 4) Log Service info, warnings and exceptions as necessary\r
+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream\r
+ * \r
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be \r
+ * clearly coordinated with the API Documentation\r
+ * \r
+ *\r
+ */\r
+public abstract class GwFacadeImpl<IN,OUT,ERROR> extends FacadeImpl implements GwFacade \r
+ {\r
+ private GwService<IN,OUT,ERROR> service;\r
+\r
+ private final RosettaDF<ERROR> errDF;\r
+ private final RosettaDF<Api> apiDF;\r
+\r
+ public GwFacadeImpl(AuthzEnv env, GwService<IN,OUT,ERROR> service, Data.TYPE dataType) throws APIException {\r
+ this.service = service;\r
+ (errDF = env.newDataFactory(mapper().getClass(API.ERROR))).in(dataType).out(dataType);\r
+ (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType);\r
+ }\r
+ \r
+ public Mapper<IN,OUT,ERROR> mapper() {\r
+ return service.mapper();\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#error(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)\r
+ * \r
+ * Note: Conforms to AT&T TSS RESTful Error Structure\r
+ */\r
+ @Override\r
+ public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {\r
+ String msg = result.details==null?"":result.details.trim();\r
+ String[] detail;\r
+ if(result.variables==null) {\r
+ detail = new String[1];\r
+ } else {\r
+ int l = result.variables.length;\r
+ detail=new String[l+1];\r
+ System.arraycopy(result.variables, 0, detail, 1, l);\r
+ }\r
+ error(trans, response, result.status,msg,detail);\r
+ }\r
+ \r
+ @Override\r
+ public void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... _detail) {\r
+ String[] detail = _detail;\r
+ if(detail.length==0) {\r
+ detail=new String[1];\r
+ }\r
+ String msgId;\r
+ switch(status) {\r
+ case 202:\r
+ case ERR_ActionNotCompleted:\r
+ msgId = "SVC1202";\r
+ detail[0] = "Accepted, Action not complete";\r
+ response.setStatus(/*httpstatus=*/202);\r
+ break;\r
+\r
+ case 403:\r
+ case ERR_Policy:\r
+ case ERR_Security:\r
+ case ERR_Denied:\r
+ msgId = "SVC1403";\r
+ detail[0] = "Forbidden";\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ \r
+ case 404:\r
+ case ERR_NotFound:\r
+ msgId = "SVC1404";\r
+ detail[0] = "Not Found";\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+\r
+ case 406:\r
+ case ERR_BadData:\r
+ msgId="SVC1406";\r
+ detail[0] = "Not Acceptable";\r
+ response.setStatus(/*httpstatus=*/406);\r
+ break;\r
+ \r
+ case 409:\r
+ case ERR_ConflictAlreadyExists:\r
+ msgId = "SVC1409";\r
+ detail[0] = "Conflict Already Exists";\r
+ response.setStatus(/*httpstatus=*/409);\r
+ break;\r
+ \r
+ case 501:\r
+ case ERR_NotImplemented:\r
+ msgId = "SVC1501";\r
+ detail[0] = "Not Implemented"; \r
+ response.setStatus(/*httpstatus=*/501);\r
+ break;\r
+ \r
+\r
+ default:\r
+ msgId = "SVC1500";\r
+ detail[0] = "General Service Error";\r
+ response.setStatus(/*httpstatus=*/500);\r
+ break;\r
+ }\r
+\r
+ try {\r
+ StringBuilder holder = new StringBuilder();\r
+ errDF.newData(trans).load(\r
+ mapper().errorFromMessage(holder,msgId,msg,detail)).to(response.getOutputStream());\r
+ trans.checkpoint(\r
+ "ErrResp [" + \r
+ msgId +\r
+ "] " +\r
+ holder.toString(),\r
+ Env.ALWAYS);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,"unable to send response for",msg);\r
+ }\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getAPI(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ public final static String API_REPORT = "apiReport";\r
+ @Override\r
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet) {\r
+ TimeTaken tt = trans.start(API_REPORT, Env.SUB);\r
+ try {\r
+ Api api = new Api();\r
+ Api.Route ar;\r
+ Method[] meths = GwServiceImpl.class.getDeclaredMethods();\r
+ for(RouteReport rr : rservlet.routeReport()) {\r
+ api.getRoute().add(ar = new Api.Route());\r
+ ar.setMeth(rr.meth.name());\r
+ ar.setPath(rr.path);\r
+ ar.setDesc(rr.desc);\r
+ ar.getContentType().addAll(rr.contextTypes);\r
+ for(Method m : meths) {\r
+ ApiDoc ad;\r
+ if((ad = m.getAnnotation(ApiDoc.class))!=null &&\r
+ rr.meth.equals(ad.method()) &&\r
+ rr.path.equals(ad.path())) {\r
+ for(String param : ad.params()) {\r
+ ar.getParam().add(param);\r
+ }\r
+ for(String text : ad.text()) {\r
+ ar.getComments().add(text);\r
+ }\r
+ ar.setExpected(ad.expectedCode());\r
+ for(int ec : ad.errorCodes()) {\r
+ ar.getExplicitErr().add(ec);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ apiDF.newData(trans).load(api).to(resp.getOutputStream());\r
+ setContentType(resp,apiDF.getOutType());\r
+ return Result.ok();\r
+\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,API_REPORT);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ public final static String API_EXAMPLE = "apiExample";\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getAPIExample(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {\r
+ TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);\r
+ try {\r
+ String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); \r
+ resp.getOutputStream().print(content);\r
+ setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);\r
+ return Result.ok();\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,API_EXAMPLE);\r
+ return Result.err(Result.ERR_NotImplemented,e.getMessage());\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.facade;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.gw.service.GwService;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+import gw.v1_0.Error;\r
+import gw.v1_0.InRequest;\r
+import gw.v1_0.Out;\r
+\r
+public class GwFacade_1_0 extends GwFacadeImpl<InRequest,Out,Error>\r
+{\r
+ public GwFacade_1_0(AuthzEnv env, GwService<InRequest,Out,Error> service, Data.TYPE type) throws APIException {\r
+ super(env, service, type);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.mapper;\r
+\r
+public interface Mapper<IN,OUT,ERROR>\r
+{\r
+ public enum API{IN_REQ,OUT,ERROR,VOID};\r
+ public Class<?> getClass(API api);\r
+ public<A> A newInstance(API api);\r
+\r
+ public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.mapper;\r
+\r
+import com.att.cadi.util.Vars;\r
+\r
+import gw.v1_0.Error;\r
+import gw.v1_0.InRequest;\r
+import gw.v1_0.Out;\r
+\r
+public class Mapper_1_0 implements Mapper<InRequest,Out,Error> {\r
+ \r
+ @Override\r
+ public Class<?> getClass(API api) {\r
+ switch(api) {\r
+ case IN_REQ: return InRequest.class;\r
+ case OUT: return Out.class;\r
+ case ERROR: return Error.class;\r
+ case VOID: return Void.class;\r
+ }\r
+ return null;\r
+ }\r
+\r
+ @SuppressWarnings("unchecked")\r
+ @Override\r
+ public <A> A newInstance(API api) {\r
+ switch(api) {\r
+ case IN_REQ: return (A) new InRequest();\r
+ case OUT: return (A) new Out();\r
+ case ERROR: return (A)new Error();\r
+ case VOID: return null;\r
+ }\r
+ return null;\r
+ }\r
+\r
+ ////////////// Mapping Functions /////////////\r
+ @Override\r
+ public gw.v1_0.Error errorFromMessage(StringBuilder holder, String msgID, String text,String... var) {\r
+ Error err = new Error();\r
+ err.setMessageId(msgID);\r
+ // AT&T Restful Error Format requires numbers "%" placements\r
+ err.setText(Vars.convert(holder, text, var));\r
+ for(String s : var) {\r
+ err.getVariables().add(s);\r
+ }\r
+ return err;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.service;\r
+\r
+import com.att.authz.gw.mapper.Mapper;\r
+\r
+public interface GwService<IN,OUT,ERROR> {\r
+ public Mapper<IN,OUT,ERROR> mapper();\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw.service;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.gw.mapper.Mapper;\r
+\r
+public class GwServiceImpl<IN,OUT,ERROR> \r
+ implements GwService<IN,OUT,ERROR> {\r
+ \r
+ private Mapper<IN,OUT,ERROR> mapper;\r
+ \r
+ public GwServiceImpl(AuthzTrans trans, Mapper<IN,OUT,ERROR> mapper) {\r
+ this.mapper = mapper;\r
+ }\r
+ \r
+ public Mapper<IN,OUT,ERROR> mapper() {return mapper;}\r
+\r
+//////////////// APIs ///////////////////\r
+};\r
--- /dev/null
+<!-- Used by gw (ATT 2015) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:gw="urn:gw:v1_0"
+ targetNamespace="urn:gw:v1_0"
+ elementFormDefault="qualified">
+
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ In
+-->
+ <xs:element name="inRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="gw:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Out
+-->
+ <xs:element name="out">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!-- **************** STANDARD ELEMENTS ******************* -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ API
+-->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
\ No newline at end of file
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.gw;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Test;\r
+\r
+public class JU_GwAPI {\r
+\r
+ @Test\r
+ public void test() {\r
+ fail("Not yet implemented");\r
+ }\r
+ \r
+ @Test\r
+ public void testRoute() {\r
+ fail("Not yet implemented");\r
+ }\r
+ \r
+ @Test\r
+ public void testRouteAll() {\r
+ fail("Not yet implemented");\r
+ }\r
+ \r
+ @Test\r
+ public void testStartDME2() {\r
+ fail("Not yet implemented");\r
+ }\r
+\r
+}\r
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
+/dme2reg/
+/logs/
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-service</artifactId>\r
+ <name>Authz Service</name>\r
+ <description>API for Authorization and Authentication</description>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>\r
+ <project.swmVersion>1</project.swmVersion>\r
+ </properties>\r
+ \r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-client</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ <exclusions>\r
+ <exclusion> \r
+ <groupId>javax.servlet</groupId>\r
+ <artifactId>servlet-api</artifactId>\r
+ </exclusion>\r
+ </exclusions> \r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-cass</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-defOrg</artifactId>\r
+ <version>${project.version}</version>\r
+ </dependency>\r
+ \r
+ \r
+ <!-- <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-att</artifactId>\r
+ </dependency> --> \r
+\r
+ \r
+ <dependency > \r
+ <groupId>com.att.inno</groupId>\r
+ <artifactId>env</artifactId>\r
+ </dependency>\r
+\r
+\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-core</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.aft</groupId>\r
+ <artifactId>dme2</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.inno</groupId>\r
+ <artifactId>rosetta</artifactId>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+\r
+ \r
+ \r
+ <!-- \r
+ <dependency>\r
+ <groupId>com.att.aft</groupId>\r
+ <artifactId>aft-notifymgr-api</artifactId>\r
+ <version>1.0.1</version>\r
+ </dependency>\r
+ -->\r
+ \r
+ </dependencies>\r
+ \r
+ <build>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.codehaus.mojo</groupId>\r
+ <artifactId>exec-maven-plugin</artifactId>\r
+ <version>1.5.0</version>\r
+ <configuration>\r
+ <executable>java</executable>\r
+ <arguments>\r
+ <argument>-DAFT_LATITUDE=33</argument>\r
+ <argument>-DAFT_LONGITUDE=-84</argument>\r
+ <argument>-DAFT_ENVIRONMENT=AFTUAT</argument>\r
+ \r
+ <argument>-XX:NewRatio=3</argument>\r
+ <argument>-XX:+PrintGCTimeStamps</argument>\r
+ <argument>-XX:+PrintGCDetails</argument>\r
+ <argument>-Xloggc:gc.log</argument>\r
+ <argument>-classpath</argument>\r
+ \r
+ <classpath>\r
+ \r
+ </classpath>\r
+ <argument>com.att.authz.service.AuthAPI</argument>\r
+ \r
+ <argument>service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=Dev</argument>\r
+ </arguments>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-jar-plugin</artifactId>\r
+ <configuration>\r
+ <excludes>\r
+ <exclude>*.properties</exclude>\r
+ </excludes>\r
+ </configuration>\r
+ <version>2.3.1</version>\r
+ </plugin>\r
+\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-deploy-plugin</artifactId>\r
+ <configuration>\r
+ <skip>true</skip>\r
+ </configuration>\r
+ </plugin> \r
+\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+\r
+ \r
+ </plugins>\r
+ <pluginManagement>\r
+ <plugins/>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+ <distributionManagement>\r
+ <snapshotRepository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>\r
+ </snapshotRepository>\r
+ <repository>\r
+ <id>ossrhdme</id>\r
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>\r
+ </repository>\r
+ </distributionManagement>\r
+ \r
+ <scm>\r
+ <connection>https://github.com/att/AAF.git</connection>\r
+ <developerConnection>${project.scm.connection}</developerConnection>\r
+ <url>http://github.com/att/AAF/tree/master</url>\r
+ </scm>\r
+</project>\r
--- /dev/null
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<assembly>\r
+ <id>swm</id>\r
+ <formats>\r
+ <format>zip</format>\r
+ </formats>\r
+ \r
+ <baseDirectory>${artifactId}</baseDirectory>\r
+ <fileSets>\r
+ <fileSet>\r
+ <directory>target/swm</directory>\r
+ </fileSet>\r
+ </fileSets>\r
+</assembly>\r
--- /dev/null
+##
+## AUTHZ API (authz-service) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+##DME2 related parameters
+
+DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_SERVICE_PORT_RANGE_
+
+
+CACHE_HIGH_COUNT=20000
+CACHE_CLEAN_INTERVAL=60000
\ No newline at end of file
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+###############################################################################\r
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
+###############################################################################\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}\r
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+\r
+log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender \r
+log4j.appender.SRVR.File=logs/${LOG4J_FILENAME_authz}\r
+log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.SRVR.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.SRVR.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n\r
+\r
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}\r
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.AUDIT.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.AUDIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.TRACE=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.TRACE.File=logs/${LOG4J_FILENAME_trace}\r
+log4j.appender.TRACE.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.TRACE.MaxFileSize=_MAX_LOG_FILE_SIZE_\r
+#log4j.appender.TRACE.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_\r
+log4j.appender.TRACE.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.TRACE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN\r
+log4j.logger.org.apache=WARN,INIT\r
+log4j.logger.dme2=WARN,INIT\r
+log4j.logger.init=INFO,INIT\r
+log4j.logger.authz=_LOG4J_LEVEL_,SRVR\r
+log4j.logger.audit=INFO,AUDIT\r
+log4j.logger.trace=TRACE,TRACE\r
+\r
+\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">\r
+ <ns2:ManagedResource>\r
+ <ResourceDescriptor>\r
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>\r
+ <ResourceVersion>\r
+ <Major>_MAJOR_VER_</Major>\r
+ <Minor>_MINOR_VER_</Minor>\r
+ <Patch>_PATCH_VER_</Patch> \r
+ </ResourceVersion>\r
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>\r
+ </ResourceDescriptor>\r
+ <ResourceType>Java</ResourceType>\r
+ <ResourcePath>com.att.authz.service.AuthzAPI</ResourcePath>\r
+ <ResourceProps>\r
+ <Tag>process.workdir</Tag>\r
+ <Value>_ROOT_DIR_</Value>\r
+ </ResourceProps> \r
+ <ResourceProps>\r
+ <Tag>jvm.version</Tag>\r
+ <Value>1.8</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.args</Tag>\r
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.classpath</Tag>\r
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.min</Tag>\r
+ <Value>1024m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.max</Tag>\r
+ <Value>2048m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>start.class</Tag>\r
+ <Value>com.att.authz.service.AuthAPI</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stdout.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stderr.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>\r
+ </ResourceProps>\r
+ <ResourceOSID>aft</ResourceOSID>\r
+ <ResourceStartType>AUTO</ResourceStartType>\r
+ <ResourceStartPriority>2</ResourceStartPriority>\r
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>\r
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount> \r
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>\r
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>\r
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>\r
+ </ns2:ManagedResource>\r
+</ns2:ManagedResourceList>\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import java.security.Principal;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.Lur;\r
+import com.att.cadi.Permission;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.PermDAO.Data;\r
+import com.att.dao.aaf.hl.Question;\r
+\r
+public class DirectAAFLur implements Lur {\r
+ private final AuthzEnv env;\r
+ private final Question question;\r
+ \r
+ public DirectAAFLur(AuthzEnv env, Question question) {\r
+ this.env = env;\r
+ this.question = question;\r
+ }\r
+\r
+ @Override\r
+ public boolean fish(Principal bait, Permission pond) {\r
+ return fish(env.newTransNoAvg(),bait,pond);\r
+ }\r
+ \r
+ public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {\r
+ Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);\r
+ switch(pdr.status) {\r
+ case OK:\r
+ for(PermDAO.Data d : pdr.value) {\r
+ if(new PermPermission(d).match(pond)) return true;\r
+ }\r
+ break;\r
+ default:\r
+ trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);\r
+ }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public void fishAll(Principal bait, List<Permission> permissions) {\r
+ Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);\r
+ switch(pdr.status) {\r
+ case OK:\r
+ for(PermDAO.Data d : pdr.value) {\r
+ permissions.add(new PermPermission(d));\r
+ }\r
+ break;\r
+ default:\r
+ env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public void destroy() {\r
+ }\r
+\r
+ @Override\r
+ public boolean handlesExclusively(Permission pond) {\r
+ return false;\r
+ }\r
+ \r
+ /**\r
+ * Small Class implementing CADI's Permission with Cassandra Data\r
+ *\r
+ */\r
+ public static class PermPermission implements Permission {\r
+ private PermDAO.Data data;\r
+ \r
+ public PermPermission(PermDAO.Data d) {\r
+ data = d;\r
+ }\r
+ \r
+ public PermPermission(AuthzTrans trans, Question q, String p) {\r
+ data = PermDAO.Data.create(trans, q, p);\r
+ }\r
+ \r
+ public PermPermission(String ns, String type, String instance, String action) {\r
+ data = new PermDAO.Data();\r
+ data.ns = ns;\r
+ data.type = type;\r
+ data.instance = instance;\r
+ data.action = action;\r
+ }\r
+\r
+ @Override\r
+ public String getKey() {\r
+ return data.type;\r
+ }\r
+\r
+ @Override\r
+ public boolean match(Permission p) {\r
+ if(p==null)return false;\r
+ PermDAO.Data pd;\r
+ if(p instanceof DirectAAFLur.PermPermission) {\r
+ pd = ((DirectAAFLur.PermPermission)p).data;\r
+ if(data.ns.equals(pd.ns))\r
+ if(data.type.equals(pd.type))\r
+ if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))\r
+ if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))\r
+ return true;\r
+ } else{\r
+ String[] lp = p.getKey().split("\\|");\r
+ if(lp.length<3)return false;\r
+ if(data.fullType().equals(lp[0]))\r
+ if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))\r
+ if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))\r
+ return true;\r
+ }\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ public String permType() {\r
+ return "AAFLUR";\r
+ }\r
+ \r
+ }\r
+ \r
+ public String toString() {\r
+ return "DirectAAFLur is enabled";\r
+ \r
+ }\r
+\r
+ @Override\r
+ public boolean supports(String userName) {\r
+ //TODO\r
+ return true;\r
+ }\r
+\r
+ @Override\r
+ public Permission createPerm(String p) {\r
+ // TODO Auto-generated method stub\r
+ return null;\r
+ }\r
+\r
+ @Override\r
+ public void clear(Principal p, StringBuilder report) {\r
+ // TODO Auto-generated method stub\r
+ \r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+\r
+import java.util.Date;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.CredVal;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.hl.Question;\r
+\r
+/**\r
+ * DirectAAFUserPass is intended to provide password Validation directly from Cassandra Database, and is only\r
+ * intended for use in AAF itself. The normal "AAF Taf" objects are, of course, clients.\r
+ * \r
+ *\r
+ */\r
+public class DirectAAFUserPass implements CredVal {\r
+ private final AuthzEnv env;\r
+ private final Question question;\r
+ \r
+ public DirectAAFUserPass(AuthzEnv env, Question question, String appPass) {\r
+ this.env = env;\r
+ this.question = question;\r
+ }\r
+ \r
+ @Override\r
+ public boolean validate(String user, Type type, byte[] pass) {\r
+ try {\r
+ AuthzTrans trans = env.newTransNoAvg();\r
+ Result<Date> result = question.doesUserCredMatch(trans, user, pass);\r
+ trans.logAuditTrail(env.info());\r
+ switch(result.status) {\r
+ case OK:\r
+ return true;\r
+ default:\r
+ \r
+ env.warn().log(user, "failed Password Validation:",result.errorString());\r
+ }\r
+ } catch (DAOException e) {\r
+ System.out.println(" exception in DirectAAFUserPass class ");\r
+ e.printStackTrace();\r
+ env.error().log(e,"Cannot validate User/Pass from Cassandra");\r
+ }\r
+ return false;\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.security.Principal;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+import java.util.List;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cadi.principal.X509Principal;\r
+import com.att.cadi.taf.cert.CertIdentity;\r
+import com.att.cadi.taf.cert.X509Taf;\r
+import com.att.cssa.rserv.TransFilter;\r
+import com.att.dao.aaf.cached.CachedCertDAO;\r
+import com.att.dao.aaf.cass.CertDAO.Data;\r
+\r
+/**\r
+ * Direct view of CertIdentities\r
+ * \r
+ * Warning: this class is difficult to instantiate. The only service that can use it is AAF itself, and is thus \r
+ * entered in the "init" after the CachedCertDAO is created.\r
+ * \r
+ *\r
+ */\r
+public class DirectCertIdentity implements CertIdentity {\r
+ private static CachedCertDAO certDAO;\r
+\r
+ @Override\r
+ public Principal identity(HttpServletRequest req, X509Certificate cert, byte[] _certBytes) throws CertificateException {\r
+ byte[] certBytes = _certBytes;\r
+ if(cert==null && certBytes==null) {\r
+ return null;\r
+ }\r
+ if(certBytes==null) {\r
+ certBytes = cert.getEncoded();\r
+ }\r
+ byte[] fingerprint = X509Taf.getFingerPrint(certBytes);\r
+\r
+ AuthzTrans trans = (AuthzTrans) req.getAttribute(TransFilter.TRANS_TAG);\r
+ \r
+ Result<List<Data>> cresp = certDAO.read(trans, ByteBuffer.wrap(fingerprint));\r
+ if(cresp.isOKhasData()) {\r
+ Data cdata = cresp.value.get(0);\r
+ return new X509Principal(cdata.id,cert,certBytes);\r
+ }\r
+ return null;\r
+ }\r
+\r
+ public static void set(CachedCertDAO ccd) {\r
+ certDAO = ccd;\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.facade;\r
+\r
+import java.util.Date;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.cssa.rserv.RServlet;\r
+import com.att.dao.aaf.cass.NsType;\r
+\r
+/**\r
+ * AuthzFacade\r
+ * This layer is responsible for covering the Incoming Messages, be they XML, JSON or just entries on the URL,\r
+ * and converting them to data that can be called on the Service Layer.\r
+ * \r
+ * Upon response, this layer, because it knew the incoming Data Formats (i.e. XML/JSON), the HTTP call types\r
+ * are set on "ContentType" on Response.\r
+ * \r
+ * Finally, we wrap the call in Time Stamps with explanation of what is happing for Audit trails.\r
+ * \r
+ *\r
+ */\r
+public interface AuthzFacade {\r
+ public static final int PERM_DEPEND_424 = -1000;\r
+ public static final int ROLE_DEPEND_424 = -1001;\r
+\r
+ /*\r
+ * Namespaces\r
+ */\r
+ public abstract Result<Void> requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type);\r
+ \r
+ public abstract Result<Void> getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns);\r
+ \r
+ public abstract Result<Void> getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);\r
+ \r
+ public abstract Result<Void> getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);\r
+ \r
+ public abstract Result<Void> getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);\r
+\r
+ public abstract Result<Void> getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String pathParam);\r
+\r
+ public abstract Result<Void> addAdminToNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);\r
+\r
+ public abstract Result<Void> delAdminFromNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);\r
+\r
+ public abstract Result<Void> addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);\r
+\r
+ public abstract Result<Void> delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);\r
+ \r
+ public abstract Result<Void> updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns);\r
+\r
+ // NS Attribs\r
+ public abstract Result<Void> createAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value);\r
+\r
+ public abstract Result<Void> readNsByAttrib(AuthzTrans trans, HttpServletResponse resp, String key);\r
+\r
+ public abstract Result<Void> updAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value);\r
+\r
+ public abstract Result<Void> delAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key);\r
+\r
+ /*\r
+ * Permissions\r
+ */\r
+ public abstract Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); \r
+ \r
+ public abstract Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, \r
+ String type, String instance, String action);\r
+\r
+ public abstract Result<Void> getPermsByUser(AuthzTrans trans, HttpServletResponse response, String user);\r
+ \r
+ public abstract Result<Void> getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest request, HttpServletResponse response, String user);\r
+\r
+ public abstract Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String type);\r
+\r
+ public abstract Result<Void> getPermsForRole(AuthzTrans trans, HttpServletResponse response, String roleName);\r
+\r
+ public abstract Result<Void> getPermsByNS(AuthzTrans trans, HttpServletResponse response, String ns);\r
+ \r
+ public abstract Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp,\r
+ String type, String instance, String action);\r
+ \r
+ public abstract Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp, \r
+ String perm, String type, String action);\r
+\r
+ /*\r
+ * Roles\r
+ */\r
+ public abstract Result<Void> createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse response);\r
+ \r
+ public abstract Result<Void> getRolesByName(AuthzTrans trans,HttpServletResponse resp, String name);\r
+\r
+ public abstract Result<Void> getRolesByNS(AuthzTrans trans, HttpServletResponse resp, String ns);\r
+\r
+ public abstract Result<Void> getRolesByNameOnly(AuthzTrans trans, HttpServletResponse resp, String nameOnly);\r
+\r
+ public abstract Result<Void> getRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user);\r
+\r
+ public abstract Result<Void> getRolesByPerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action);\r
+\r
+ public abstract Result<Void> updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> addPermToRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> delPermFromRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> deleteRole(AuthzTrans trans, HttpServletResponse resp, String role);\r
+\r
+ /*\r
+ * Users\r
+ */\r
+ \r
+ public abstract Result<Void> getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role);\r
+ \r
+ public abstract Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, \r
+ String type, String instance, String action);\r
+\r
+\r
+\r
+ /*\r
+ * Delegates\r
+ */\r
+ public abstract Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> deleteDelegate(AuthzTrans trans, String user);\r
+ \r
+ public abstract Result<Void> getDelegatesByUser(AuthzTrans trans, String userName, HttpServletResponse resp);\r
+\r
+ public abstract Result<Void> getDelegatesByDelegate(AuthzTrans trans, String userName, HttpServletResponse resp);\r
+\r
+ /*\r
+ * Credentials\r
+ */\r
+ public abstract Result<Void> createUserCred(AuthzTrans trans, HttpServletRequest req);\r
+\r
+ public abstract Result<Void> changeUserCred(AuthzTrans trans, HttpServletRequest req);\r
+\r
+ public abstract Result<Void> extendUserCred(AuthzTrans trans, HttpServletRequest req, String days);\r
+\r
+ public abstract Result<Void> getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns);\r
+\r
+ public abstract Result<Void> getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id);\r
+\r
+ public abstract Result<Void> deleteUserCred(AuthzTrans trans, HttpServletRequest req);\r
+\r
+ public abstract Result<Void> validBasicAuth(AuthzTrans trans, HttpServletResponse resp, String basicAuth);\r
+\r
+ public abstract Result<Date> doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+\r
+ /*\r
+ * Miscellaneous\r
+ */\r
+ /**\r
+ * Place Standard Messages based on HTTP Code onto Error Data Structure, and write to OutputStream\r
+ * Log message\r
+ */\r
+ public abstract void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);\r
+\r
+ /*\r
+ * UserRole\r
+ */\r
+ public abstract Result<Void> requestUserRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role);\r
+ \r
+ public abstract Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role);\r
+ \r
+ public abstract Result<Void> getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user);\r
+\r
+ public abstract Result<Void> deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role);\r
+ \r
+ public abstract Result<Void> resetUsersForRole(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req);\r
+\r
+ public abstract Result<Void> resetRolesForUser(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req);\r
+ \r
+ public abstract Result<Void> extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user,\r
+ String role);\r
+\r
+ /*\r
+ * Approval \r
+ */\r
+ public abstract Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);\r
+ \r
+ public abstract Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user);\r
+ \r
+ public abstract Result<Void> getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket);\r
+ \r
+ public abstract Result<Void> getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver);\r
+\r
+\r
+ /*\r
+ * History\r
+ */\r
+ public abstract Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort);\r
+ \r
+ public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);\r
+\r
+ public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);\r
+\r
+ public abstract Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort);\r
+\r
+ /*\r
+ * Cache \r
+ */\r
+ public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam);\r
+\r
+ public abstract Result<Void> cacheClear(AuthzTrans trans, String string,String segments);\r
+ \r
+ public abstract void dbReset(AuthzTrans trans);\r
+\r
+\r
+\r
+ /*\r
+ * API\r
+ */\r
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet);\r
+\r
+ public abstract Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional);\r
+\r
+ public abstract Result<Void> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id);\r
+\r
+\r
+\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.facade;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.service.AuthzCassServiceImpl;\r
+import com.att.authz.service.mapper.Mapper_2_0;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+\r
+public class AuthzFacadeFactory {\r
+ public static AuthzFacade_2_0 v2_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type, Question question) throws APIException {\r
+ return new AuthzFacade_2_0(env,\r
+ new AuthzCassServiceImpl<\r
+ aaf.v2_0.Nss,\r
+ aaf.v2_0.Perms,\r
+ aaf.v2_0.Pkey,\r
+ aaf.v2_0.Roles,\r
+ aaf.v2_0.Users,\r
+ aaf.v2_0.UserRoles,\r
+ aaf.v2_0.Delgs,\r
+ aaf.v2_0.Certs,\r
+ aaf.v2_0.Keys,\r
+ aaf.v2_0.Request,\r
+ aaf.v2_0.History,\r
+ aaf.v2_0.Error,\r
+ aaf.v2_0.Approvals>\r
+ (trans,new Mapper_2_0(question),question),\r
+ type);\r
+ }\r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.facade;\r
+\r
+import static com.att.authz.layer.Result.ERR_ActionNotCompleted;\r
+import static com.att.authz.layer.Result.ERR_Backend;\r
+import static com.att.authz.layer.Result.ERR_BadData;\r
+import static com.att.authz.layer.Result.ERR_ConflictAlreadyExists;\r
+import static com.att.authz.layer.Result.ERR_Denied;\r
+import static com.att.authz.layer.Result.ERR_NotFound;\r
+import static com.att.authz.layer.Result.ERR_NotImplemented;\r
+import static com.att.authz.layer.Result.ERR_Policy;\r
+import static com.att.authz.layer.Result.ERR_Security;\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.dao.aaf.cass.Status.ERR_ChoiceNeeded;\r
+import static com.att.dao.aaf.cass.Status.ERR_DelegateNotFound;\r
+import static com.att.dao.aaf.cass.Status.ERR_DependencyExists;\r
+import static com.att.dao.aaf.cass.Status.ERR_FutureNotRequested;\r
+import static com.att.dao.aaf.cass.Status.ERR_InvalidDelegate;\r
+import static com.att.dao.aaf.cass.Status.ERR_NsNotFound;\r
+import static com.att.dao.aaf.cass.Status.ERR_PermissionNotFound;\r
+import static com.att.dao.aaf.cass.Status.ERR_RoleNotFound;\r
+import static com.att.dao.aaf.cass.Status.ERR_UserNotFound;\r
+import static com.att.dao.aaf.cass.Status.ERR_UserRoleNotFound;\r
+\r
+import java.io.IOException;\r
+import java.lang.reflect.Method;\r
+import java.util.Date;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.FacadeImpl;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthzCassServiceImpl;\r
+import com.att.authz.service.AuthzService;\r
+import com.att.authz.service.mapper.Mapper;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.aaf.client.Examples;\r
+import com.att.cssa.rserv.RServlet;\r
+import com.att.cssa.rserv.RouteReport;\r
+import com.att.cssa.rserv.doc.ApiDoc;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Data.TYPE;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.util.Chrono;\r
+import com.att.rosetta.Marshal;\r
+import com.att.rosetta.env.RosettaDF;\r
+import com.att.rosetta.env.RosettaData;\r
+\r
+import aaf.v2_0.Api;\r
+\r
+/**\r
+ * AuthzFacade\r
+ * \r
+ * This Service Facade encapsulates the essence of the API Service can do, and provides\r
+ * a single created object for elements such as RosettaDF.\r
+ *\r
+ * The Responsibilities of this class are to:\r
+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)\r
+ * 2) Validate incoming data (if applicable)\r
+ * 3) Convert the Service response into the right Format, and mark the Content Type\r
+ * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.\r
+ * 4) Log Service info, warnings and exceptions as necessary\r
+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream\r
+ * \r
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be \r
+ * clearly coordinated with the API Documentation\r
+ * \r
+ *\r
+ */\r
+public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> extends FacadeImpl implements AuthzFacade \r
+ {\r
+ private static final String FORBIDDEN = "Forbidden";\r
+ private static final String NOT_FOUND = "Not Found";\r
+ private static final String NOT_ACCEPTABLE = "Not Acceptable";\r
+ private static final String GENERAL_SERVICE_ERROR = "General Service Error";\r
+ private static final String NO_DATA = "***No Data***";\r
+ private AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> service = null;\r
+ private final RosettaDF<NSS> nssDF;\r
+ private final RosettaDF<PERMS> permsDF;\r
+ private final RosettaDF<ROLES> roleDF;\r
+ private final RosettaDF<USERS> usersDF;\r
+ private final RosettaDF<USERROLES> userrolesDF;\r
+ private final RosettaDF<CERTS> certsDF;\r
+ private final RosettaDF<DELGS> delgDF;\r
+ private final RosettaDF<REQUEST> permRequestDF;\r
+ private final RosettaDF<REQUEST> roleRequestDF;\r
+ private final RosettaDF<REQUEST> userRoleRequestDF;\r
+ private final RosettaDF<REQUEST> rolePermRequestDF;\r
+ private final RosettaDF<REQUEST> nsRequestDF;\r
+ private final RosettaDF<REQUEST> credRequestDF;\r
+ private final RosettaDF<REQUEST> delgRequestDF;\r
+ private final RosettaDF<HISTORY> historyDF;\r
+ private final RosettaDF<KEYS> keysDF;\r
+\r
+ private final RosettaDF<ERR> errDF;\r
+ private final RosettaDF<APPROVALS> approvalDF;\r
+ // Note: Api is not different per Version\r
+ private final RosettaDF<Api> apiDF;\r
+\r
+\r
+ @SuppressWarnings("unchecked")\r
+ public AuthzFacadeImpl(AuthzEnv env, AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> service, Data.TYPE dataType) throws APIException {\r
+ this.service = service;\r
+ (nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType);\r
+ (permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType);\r
+ (permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType);\r
+// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType);\r
+ (roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType);\r
+ (roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType);\r
+ (usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType);\r
+ (userrolesDF = env.newDataFactory(service.mapper().getClass(API.USER_ROLES))).in(dataType).out(dataType);\r
+ (certsDF = env.newDataFactory(service.mapper().getClass(API.CERTS))).in(dataType).out(dataType)\r
+ .rootMarshal((Marshal<CERTS>) service.mapper().getMarshal(API.CERTS));\r
+ ;\r
+ (userRoleRequestDF = env.newDataFactory(service.mapper().getClass(API.USER_ROLE_REQ))).in(dataType).out(dataType);\r
+ (rolePermRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_PERM_REQ))).in(dataType).out(dataType);\r
+ (nsRequestDF = env.newDataFactory(service.mapper().getClass(API.NS_REQ))).in(dataType).out(dataType);\r
+ (credRequestDF = env.newDataFactory(service.mapper().getClass(API.CRED_REQ))).in(dataType).out(dataType);\r
+ (delgRequestDF = env.newDataFactory(service.mapper().getClass(API.DELG_REQ))).in(dataType).out(dataType);\r
+ (historyDF = env.newDataFactory(service.mapper().getClass(API.HISTORY))).in(dataType).out(dataType);\r
+ ( keysDF = env.newDataFactory(service.mapper().getClass(API.KEYS))).in(dataType).out(dataType);\r
+ (delgDF = env.newDataFactory(service.mapper().getClass(API.DELGS))).in(dataType).out(dataType);\r
+ (approvalDF = env.newDataFactory(service.mapper().getClass(API.APPROVALS))).in(dataType).out(dataType);\r
+ (errDF = env.newDataFactory(service.mapper().getClass(API.ERROR))).in(dataType).out(dataType);\r
+ (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType);\r
+ }\r
+ \r
+ public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {\r
+ return service.mapper();\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#error(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)\r
+ * \r
+ * Note: Conforms to AT&T TSS RESTful Error Structure\r
+ */\r
+ @Override\r
+ public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {\r
+ String msg = result.details==null?"%s":"%s - " + result.details.trim();\r
+ String msgId;\r
+ String[] detail;\r
+ if(result.variables==null) {\r
+ detail = new String[1];\r
+ } else {\r
+ int l = result.variables.length;\r
+ detail=new String[l+1];\r
+ System.arraycopy(result.variables, 0, detail, 1, l);\r
+ }\r
+ //int httpstatus;\r
+ \r
+ switch(result.status) {\r
+ case ERR_ActionNotCompleted:\r
+ msgId = "SVC1202";\r
+ detail[0] = "Accepted, Action not complete";\r
+ response.setStatus(/*httpstatus=*/202);\r
+ break;\r
+\r
+ case ERR_Policy:\r
+ msgId = "SVC3403";\r
+ detail[0] = FORBIDDEN;\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ case ERR_Security:\r
+ msgId = "SVC2403";\r
+ detail[0] = FORBIDDEN;\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ case ERR_Denied:\r
+ msgId = "SVC1403";\r
+ detail[0] = FORBIDDEN;\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ // This is still forbidden to directly impact, but can be Requested when passed\r
+ // with "request=true" query Param\r
+ case ERR_FutureNotRequested:\r
+ msgId = "SVC2403";\r
+ detail[0] = msg;\r
+ response.setStatus(/*httpstatus=*/403);\r
+ break;\r
+ \r
+ case ERR_NsNotFound:\r
+ msgId = "SVC2404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_RoleNotFound:\r
+ msgId = "SVC3404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_PermissionNotFound:\r
+ msgId = "SVC4404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_UserNotFound:\r
+ msgId = "SVC5404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_UserRoleNotFound:\r
+ msgId = "SVC6404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_DelegateNotFound:\r
+ msgId = "SVC7404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+ case ERR_NotFound:\r
+ msgId = "SVC1404";\r
+ detail[0] = NOT_FOUND;\r
+ response.setStatus(/*httpstatus=*/404);\r
+ break;\r
+\r
+ case ERR_InvalidDelegate:\r
+ msgId="SVC2406";\r
+ detail[0] = NOT_ACCEPTABLE;\r
+ response.setStatus(/*httpstatus=*/406);\r
+ break;\r
+ case ERR_BadData:\r
+ msgId="SVC1406";\r
+ detail[0] = NOT_ACCEPTABLE;\r
+ response.setStatus(/*httpstatus=*/406);\r
+ break;\r
+ \r
+ case ERR_ConflictAlreadyExists:\r
+ msgId = "SVC1409";\r
+ detail[0] = "Conflict Already Exists";\r
+ response.setStatus(/*httpstatus=*/409);\r
+ break;\r
+ \r
+ case ERR_DependencyExists:\r
+ msgId = "SVC1424";\r
+ detail[0] = "Failed Dependency";\r
+ response.setStatus(/*httpstatus=*/424);\r
+ break;\r
+ \r
+ case ERR_NotImplemented:\r
+ msgId = "SVC1501";\r
+ detail[0] = "Not Implemented"; \r
+ response.setStatus(/*httpstatus=*/501);\r
+ break;\r
+ \r
+ case Status.ACC_Future:\r
+ msgId = "SVC1202";\r
+ detail[0] = "Accepted for Future, pending Approvals";\r
+ response.setStatus(/*httpstatus=*/202);\r
+ break;\r
+ case ERR_ChoiceNeeded:\r
+ msgId = "SVC1300";\r
+ detail = result.variables;\r
+ response.setStatus(/*httpstatus=*/300);\r
+ break;\r
+ case ERR_Backend: \r
+ msgId = "SVC2500";\r
+ detail[0] = GENERAL_SERVICE_ERROR;\r
+ response.setStatus(/*httpstatus=*/500);\r
+ break;\r
+\r
+ default: \r
+ msgId = "SVC1500";\r
+ detail[0] = GENERAL_SERVICE_ERROR;\r
+ response.setStatus(/*httpstatus=*/500);\r
+ break;\r
+ }\r
+\r
+ try {\r
+ StringBuilder holder = new StringBuilder();\r
+ errDF.newData(trans).load(\r
+ service.mapper()\r
+ .errorFromMessage(holder,msgId,msg,detail))\r
+ .to(response.getOutputStream());\r
+ trans.checkpoint(\r
+ holder.toString(),\r
+// String.format("ErrResp [" + msgId + "] " + msg,(Object[])detail),\r
+ Env.ALWAYS);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,"unable to send response for",msg);\r
+ }\r
+ }\r
+ \r
+ ///////////////////////////\r
+ // Namespace\r
+ ///////////////////////////\r
+ public static final String CREATE_NS = "createNamespace";\r
+ public static final String ADD_NS_ADMIN = "addNamespaceAdmin";\r
+ public static final String DELETE_NS_ADMIN = "delNamespaceAdmin";\r
+ public static final String ADD_NS_RESPONSIBLE = "addNamespaceResponsible";\r
+ public static final String DELETE_NS_RESPONSIBLE = "delNamespaceResponsible";\r
+ public static final String GET_NS_BY_NAME = "getNamespaceByName";\r
+ public static final String GET_NS_BY_ADMIN = "getNamespaceByAdmin";\r
+ public static final String GET_NS_BY_RESPONSIBLE = "getNamespaceByResponsible";\r
+ public static final String GET_NS_BY_EITHER = "getNamespaceByEither";\r
+ public static final String GET_NS_CHILDREN = "getNamespaceChildren";\r
+ public static final String UPDATE_NS_DESC = "updateNamespaceDescription";\r
+ public static final String DELETE_NS = "deleteNamespace";\r
+ \r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#createNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ @Override\r
+ public Result<Void> requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type) {\r
+ TimeTaken tt = trans.start(CREATE_NS, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST request;\r
+ try {\r
+ Data<REQUEST> rd = nsRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,rd.asString());\r
+ }\r
+ request = rd.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_NS);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.createNS(trans,request,type);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CREATE_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#addAdminToNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> addAdminToNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) {\r
+ TimeTaken tt = trans.start(ADD_NS_ADMIN + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.addAdminNS(trans,ns,id);\r
+ switch(rp.status) {\r
+ case OK: \r
+ //TODO Perms??\r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,ADD_NS_ADMIN);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#delAdminFromNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> delAdminFromNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) {\r
+ TimeTaken tt = trans.start(DELETE_NS_ADMIN + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.delAdminNS(trans, ns, id);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_NS_ADMIN);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#addAdminToNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) {\r
+ TimeTaken tt = trans.start(ADD_NS_RESPONSIBLE + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.addResponsibleNS(trans,ns,id);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,ADD_NS_RESPONSIBLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#delAdminFromNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id) {\r
+ TimeTaken tt = trans.start(DELETE_NS_RESPONSIBLE + ' ' + ns + ' ' + id, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.delResponsibleNS(trans, ns, id);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_NS_RESPONSIBLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getNSsByName(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns) {\r
+ TimeTaken tt = trans.start(GET_NS_BY_NAME + ' ' + ns, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<NSS> rp = service.getNSbyName(trans, ns);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,nssDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_NS_BY_NAME);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getNSsByAdmin(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){\r
+ TimeTaken tt = trans.start(GET_NS_BY_ADMIN + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<NSS> rp = service.getNSbyAdmin(trans, user, full);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,nssDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_NS_BY_ADMIN);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getNSsByResponsible(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){\r
+ TimeTaken tt = trans.start(GET_NS_BY_RESPONSIBLE + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<NSS> rp = service.getNSbyResponsible(trans, user, full);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+\r
+ setContentType(resp,nssDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_NS_BY_RESPONSIBLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getNSsByResponsible(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full){\r
+ TimeTaken tt = trans.start(GET_NS_BY_EITHER + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<NSS> rp = service.getNSbyEither(trans, user, full);\r
+ \r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+\r
+ setContentType(resp,nssDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_NS_BY_EITHER);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getNSsByResponsible(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String parent){\r
+ TimeTaken tt = trans.start(GET_NS_CHILDREN + ' ' + parent, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<NSS> rp = service.getNSsChildren(trans, parent);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,nssDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_NS_CHILDREN);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_NS_DESC, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = nsRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,UPDATE_NS_DESC);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.updateNsDescription(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_NS_DESC);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#requestNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ @Override\r
+ public Result<Void> deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns) {\r
+ TimeTaken tt = trans.start(DELETE_NS + ' ' + ns, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.deleteNS(trans,ns);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,nsRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ private final static String NS_CREATE_ATTRIB = "nsCreateAttrib";\r
+ private final static String NS_UPDATE_ATTRIB = "nsUpdateAttrib";\r
+ private final static String READ_NS_BY_ATTRIB = "readNsByAttrib";\r
+ private final static String NS_DELETE_ATTRIB = "nsDeleteAttrib";\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#createAttribForNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> createAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value) {\r
+ TimeTaken tt = trans.start(NS_CREATE_ATTRIB + ' ' + ns + ':'+key+':'+value, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<?> rp = service.createNsAttrib(trans,ns,key,value);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp, keysDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,NS_CREATE_ATTRIB);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#readAttribForNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> readNsByAttrib(AuthzTrans trans, HttpServletResponse resp, String key) {\r
+ TimeTaken tt = trans.start(READ_NS_BY_ATTRIB + ' ' + key, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<KEYS> rp = service.readNsByAttrib(trans, key);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<KEYS> data = keysDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,keysDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,READ_NS_BY_ATTRIB);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#updAttribForNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> updAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key, String value) {\r
+ TimeTaken tt = trans.start(NS_UPDATE_ATTRIB + ' ' + ns + ':'+key+':'+value, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<?> rp = service.updateNsAttrib(trans,ns,key,value);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp, keysDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,NS_UPDATE_ATTRIB);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#delAttribForNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> delAttribForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String key) {\r
+ TimeTaken tt = trans.start(NS_DELETE_ATTRIB + ' ' + ns + ':'+key, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<?> rp = service.deleteNsAttrib(trans,ns,key);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp, keysDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,NS_DELETE_ATTRIB);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+//\r
+// PERMISSION\r
+//\r
+ public static final String CREATE_PERMISSION = "createPermission";\r
+ public static final String GET_PERMS_BY_TYPE = "getPermsByType";\r
+ public static final String GET_PERMS_BY_NAME = "getPermsByName";\r
+ public static final String GET_PERMISSIONS_BY_USER = "getPermissionsByUser";\r
+ public static final String GET_PERMISSIONS_BY_USER_WITH_QUERY = "getPermissionsByUserWithQuery";\r
+ public static final String GET_PERMISSIONS_BY_ROLE = "getPermissionsByRole";\r
+ public static final String GET_PERMISSIONS_BY_NS = "getPermissionsByNS";\r
+ public static final String UPDATE_PERMISSION = "updatePermission";\r
+ public static final String UPDATE_PERM_DESC = "updatePermissionDescription";\r
+ public static final String SET_PERMISSION_ROLES_TO = "setPermissionRolesTo";\r
+ public static final String DELETE_PERMISSION = "deletePermission";\r
+ \r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#createOrUpdatePerm(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS); \r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = permRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject(); \r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_PERMISSION);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.createPerm(trans,rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CREATE_PERMISSION);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getChildPerms(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String perm) {\r
+ TimeTaken tt = trans.start(GET_PERMS_BY_TYPE + ' ' + perm, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ \r
+ Result<PERMS> rp = service.getPermsByType(trans, perm);\r
+ switch(rp.status) {\r
+ case OK:\r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMS_BY_TYPE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, \r
+ String type, String instance, String action) {\r
+ \r
+ TimeTaken tt = trans.start(GET_PERMS_BY_NAME + ' ' + type\r
+ + '|' + instance + '|' + action, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ \r
+ Result<PERMS> rp = service.getPermsByName(trans, type, instance, action);\r
+ switch(rp.status) {\r
+ case OK:\r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMS_BY_TYPE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getPermissionByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getPermsByUser(AuthzTrans trans, HttpServletResponse resp, String user) {\r
+ TimeTaken tt = trans.start(GET_PERMISSIONS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<PERMS> rp = service.getPermsByUser(trans, user);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMISSIONS_BY_USER, user);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getPermissionByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String user) {\r
+ TimeTaken tt = trans.start(GET_PERMISSIONS_BY_USER_WITH_QUERY + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ PERMS perms;\r
+ try {\r
+ RosettaData<PERMS> data = permsDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ perms = data.asObject(); \r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_PERMISSION);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+\r
+ Result<PERMS> rp = service.getPermsByUser(trans, perms, user);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMISSIONS_BY_USER_WITH_QUERY , user);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getPermissionsForRole(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getPermsForRole(AuthzTrans trans, HttpServletResponse resp, String roleName) {\r
+ TimeTaken tt = trans.start(GET_PERMISSIONS_BY_ROLE + ' ' + roleName, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<PERMS> rp = service.getPermsByRole(trans, roleName);\r
+ switch(rp.status) {\r
+ case OK:\r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMISSIONS_BY_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getPermsByNS(AuthzTrans trans,HttpServletResponse resp,String ns) {\r
+ TimeTaken tt = trans.start(GET_PERMISSIONS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<PERMS> rp = service.getPermsByNS(trans, ns);\r
+ switch(rp.status) {\r
+ case OK:\r
+ RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_PERMISSIONS_BY_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#createOrUpdatePerm(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp,\r
+ String origType, String origInstance, String origAction) {\r
+ String cmdDescription = UPDATE_PERMISSION;\r
+ TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS); \r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = permRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject(); \r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,cmdDescription);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.renamePerm(trans,rreq, origType, origInstance, origAction);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,cmdDescription);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_PERM_DESC, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = permRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,UPDATE_PERM_DESC);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.updatePermDescription(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_PERM_DESC);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ \r
+ @Override\r
+ public Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(SET_PERMISSION_ROLES_TO, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = rolePermRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN, SET_PERMISSION_ROLES_TO);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.resetPermRoles(trans, rreq);\r
+ \r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,SET_PERMISSION_ROLES_TO);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DELETE_PERMISSION, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = permRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,DELETE_PERMISSION);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+\r
+ Result<Void> rp = service.deletePerm(trans,rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_PERMISSION);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action) {\r
+ TimeTaken tt = trans.start(DELETE_PERMISSION + type + ' ' + instance + ' ' + action, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.deletePerm(trans,type,instance,action);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_PERMISSION);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static final String CREATE_ROLE = "createRole";\r
+ public static final String GET_ROLES_BY_USER = "getRolesByUser";\r
+ public static final String GET_ROLES_BY_NS = "getRolesByNS";\r
+ public static final String GET_ROLES_BY_NAME_ONLY = "getRolesByNameOnly";\r
+ public static final String GET_ROLES_BY_NAME = "getRolesByName";\r
+ public static final String GET_ROLES_BY_PERM = "getRolesByPerm";\r
+ public static final String UPDATE_ROLE_DESC = "updateRoleDescription"; \r
+ public static final String ADD_PERM_TO_ROLE = "addPermissionToRole";\r
+ public static final String DELETE_PERM_FROM_ROLE = "deletePermissionFromRole";\r
+ public static final String UPDATE_MGTPERM_ROLE = "updateMgtPermRole";\r
+ public static final String DELETE_ROLE = "deleteRole";\r
+ public static final String GET_CERT_BY_ID = "getCertByID";\r
+\r
+ @Override\r
+ public Result<Void> createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(CREATE_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = roleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_ROLE);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.createRole(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,roleRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CREATE_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getRolesByName(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getRolesByName(AuthzTrans trans, HttpServletResponse resp, String role) {\r
+ TimeTaken tt = trans.start(GET_ROLES_BY_NAME + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<ROLES> rp = service.getRolesByName(trans, role);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,roleDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_ROLES_BY_NAME);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getRolesByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getRolesByUser(AuthzTrans trans,HttpServletResponse resp, String user) {\r
+ TimeTaken tt = trans.start(GET_ROLES_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<ROLES> rp = service.getRolesByUser(trans, user);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,roleDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_ROLES_BY_USER, user);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getRolesByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getRolesByNS(AuthzTrans trans,HttpServletResponse resp, String ns) {\r
+ TimeTaken tt = trans.start(GET_ROLES_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<ROLES> rp = service.getRolesByNS(trans, ns);\r
+ switch(rp.status) {\r
+ case OK: \r
+ if(!rp.isEmpty()) {\r
+ RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ } else {\r
+ Question.logEncryptTrace(trans, NO_DATA);\r
+ }\r
+ setContentType(resp,roleDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_ROLES_BY_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getRolesByNameOnly(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getRolesByNameOnly(AuthzTrans trans,HttpServletResponse resp, String nameOnly) {\r
+ TimeTaken tt = trans.start(GET_ROLES_BY_NAME_ONLY + ' ' + nameOnly, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<ROLES> rp = service.getRolesByNameOnly(trans, nameOnly);\r
+ switch(rp.status) {\r
+ case OK: \r
+ if(!rp.isEmpty()) {\r
+ RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ } else {\r
+ Question.logEncryptTrace(trans, NO_DATA);\r
+ }\r
+ setContentType(resp,roleDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_ROLES_BY_NAME_ONLY);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getRolesByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getRolesByPerm(AuthzTrans trans,HttpServletResponse resp, String type, String instance, String action) {\r
+ TimeTaken tt = trans.start(GET_ROLES_BY_PERM + type +' '+instance+' '+action, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<ROLES> rp = service.getRolesByPerm(trans, type,instance,action);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,roleDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_ROLES_BY_PERM);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#updateDescription(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ @Override\r
+ public Result<Void> updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_ROLE_DESC, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = roleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,UPDATE_ROLE_DESC);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.updateRoleDescription(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,roleRequestDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return rp;\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_ROLE_DESC);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> addPermToRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(ADD_PERM_TO_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = rolePermRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,ADD_PERM_TO_ROLE);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.addPermToRole(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,ADD_PERM_TO_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> delPermFromRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DELETE_PERM_FROM_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = rolePermRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,DELETE_PERM_FROM_ROLE);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+\r
+ }\r
+ Result<Void> rp = service.delPermFromRole(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ resp.getOutputStream().println();\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_PERM_FROM_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteRole(AuthzTrans trans, HttpServletResponse resp, String role) {\r
+ TimeTaken tt = trans.start(DELETE_ROLE + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.deleteRole(trans, role);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DELETE_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = roleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN,CREATE_ROLE);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+\r
+ Result<Void> rp = service.deleteRole(trans, rreq);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static final String CREATE_CRED = "createUserCred";\r
+ private static final String GET_CREDS_BY_NS = "getCredsByNS";\r
+ private static final String GET_CREDS_BY_ID = "getCredsByID";\r
+ public static final String UPDATE_CRED = "updateUserCred";\r
+ public static final String EXTEND_CRED = "extendUserCred";\r
+ public static final String DELETE_CRED = "deleteUserCred";\r
+ public static final String DOES_CRED_MATCH = "doesCredMatch";\r
+ public static final String VALIDATE_BASIC_AUTH = "validateBasicAuth";\r
+\r
+\r
+\r
+ @Override\r
+ /**\r
+ * Create Credential\r
+ * \r
+ */\r
+ public Result<Void> createUserCred(AuthzTrans trans, HttpServletRequest req) {\r
+ TimeTaken tt = trans.start(CREATE_CRED, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ RosettaData<REQUEST> data = credRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ return service.createUserCred(trans, data.asObject());\r
+ } catch(APIException e) {\r
+ trans.error().log(e,"Bad Input data");\r
+ return Result.err(Status.ERR_BadData, e.getLocalizedMessage());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CREATE_CRED);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> changeUserCred(AuthzTrans trans, HttpServletRequest req) {\r
+ TimeTaken tt = trans.start(UPDATE_CRED, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ RosettaData<REQUEST> data = credRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.changeUserCred(trans, data.asObject());\r
+ } catch(APIException e) {\r
+ trans.error().log(e,"Bad Input data");\r
+ return Result.err(Status.ERR_BadData, e.getLocalizedMessage());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_CRED);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#extendUserCred(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, int)\r
+ */\r
+ @Override\r
+ public Result<Void> extendUserCred(AuthzTrans trans, HttpServletRequest req, String days) {\r
+ TimeTaken tt = trans.start(EXTEND_CRED, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ RosettaData<REQUEST> data = credRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.extendUserCred(trans, data.asObject(), days);\r
+ } catch(APIException e) {\r
+ trans.error().log(e,"Bad Input data");\r
+ return Result.err(Status.ERR_BadData, e.getLocalizedMessage());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,EXTEND_CRED);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns) {\r
+ TimeTaken tt = trans.start(GET_CREDS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS);\r
+ \r
+ try {\r
+ Result<USERS> ru = service.getCredsByNS(trans,ns);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans,trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_CREDS_BY_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+ \r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getCredsByID(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id) {\r
+ TimeTaken tt = trans.start(GET_CREDS_BY_ID + ' ' + id, Env.SUB|Env.ALWAYS);\r
+ \r
+ try {\r
+ Result<USERS> ru = service.getCredsByID(trans,id);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_CREDS_BY_ID);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteUserCred(AuthzTrans trans, HttpServletRequest req) {\r
+ TimeTaken tt = trans.start(DELETE_CRED, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ RosettaData<REQUEST> data = credRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.deleteUserCred(trans, data.asObject());\r
+ } catch(APIException e) {\r
+ trans.error().log(e,"Bad Input data");\r
+ return Result.err(Status.ERR_BadData, e.getLocalizedMessage());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_CRED);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ } \r
+ }\r
+ \r
+ \r
+ @Override\r
+ public Result<Date> doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DOES_CRED_MATCH, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ RosettaData<REQUEST> data = credRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.doesCredentialMatch(trans, data.asObject());\r
+ } catch(APIException e) {\r
+ trans.error().log(e,"Bad Input data");\r
+ return Result.err(Status.ERR_BadData, e.getLocalizedMessage());\r
+ } catch (IOException e) {\r
+ trans.error().log(e,IN,DOES_CRED_MATCH);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ } \r
+ }\r
+\r
+\r
+ @Override\r
+ public Result<Void> validBasicAuth(AuthzTrans trans, HttpServletResponse resp, String basicAuth) {\r
+ TimeTaken tt = trans.start(VALIDATE_BASIC_AUTH, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Date> result = service.validateBasicAuth(trans,basicAuth);\r
+ switch(result.status){\r
+ case OK:\r
+ resp.getOutputStream().write(Chrono.utcStamp(result.value).getBytes());\r
+ return Result.ok();\r
+ }\r
+ return Result.err(result);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,VALIDATE_BASIC_AUTH);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getCertInfoByID(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id) {\r
+ TimeTaken tt = trans.start(GET_CERT_BY_ID, Env.SUB|Env.ALWAYS);\r
+ try { \r
+ Result<CERTS> rci = service.getCertInfoByID(trans,req,id);\r
+ \r
+ switch(rci.status) {\r
+ case OK: \r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ RosettaData<CERTS> data = certsDF.newData(trans).load(rci.value);\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ data.to(resp.getOutputStream());\r
+ } else {\r
+ certsDF.direct(trans, rci.value, resp.getOutputStream());\r
+ }\r
+ setContentType(resp,certsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rci);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_CERT_BY_ID);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public static final String CREATE_DELEGATE = "createDelegate";\r
+ public static final String UPDATE_DELEGATE = "updateDelegate";\r
+ public static final String DELETE_DELEGATE = "deleteDelegate";\r
+ public static final String GET_DELEGATE_USER = "getDelegatesByUser";\r
+ public static final String GET_DELEGATE_DELG = "getDelegatesByDelegate";\r
+ \r
+ @Override\r
+ public Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(CREATE_DELEGATE, Env.SUB|Env.ALWAYS);\r
+ try { \r
+ Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.createDelegate(trans, data.asObject());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CREATE_DELEGATE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_DELEGATE, Env.SUB|Env.ALWAYS);\r
+ try { \r
+ Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.updateDelegate(trans, data.asObject());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_DELEGATE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(DELETE_DELEGATE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ return service.deleteDelegate(trans, data.asObject());\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_DELEGATE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, String userName) {\r
+ TimeTaken tt = trans.start(DELETE_DELEGATE + ' ' + userName, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ return service.deleteDelegate(trans, userName);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_DELEGATE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getDelegatesByUser(AuthzTrans trans, String user, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(GET_DELEGATE_USER, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<DELGS> rd = service.getDelegatesByUser(trans, user);\r
+ \r
+ switch(rd.status) {\r
+ case OK: \r
+ RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,delgDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rd);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_DELEGATE_USER);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> getDelegatesByDelegate(AuthzTrans trans, String delegate, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(GET_DELEGATE_DELG, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<DELGS> rd = service.getDelegatesByDelegate(trans, delegate);\r
+ switch(rd.status) {\r
+ case OK: \r
+ RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,delgDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rd);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_DELEGATE_DELG);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ private static final String REQUEST_USER_ROLE = "createUserRole";\r
+ private static final String GET_USERROLES = "getUserRoles";\r
+ private static final String GET_USERROLES_BY_ROLE = "getUserRolesByRole";\r
+ private static final String GET_USERROLES_BY_USER = "getUserRolesByUser";\r
+ private static final String SET_ROLES_FOR_USER = "setRolesForUser";\r
+ private static final String SET_USERS_FOR_ROLE = "setUsersForRole";\r
+ private static final String EXTEND_USER_ROLE = "extendUserRole";\r
+ private static final String DELETE_USER_ROLE = "deleteUserRole";\r
+ @Override\r
+ public Result<Void> requestUserRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(REQUEST_USER_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST request;\r
+ try {\r
+ Data<REQUEST> data = userRoleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ request = data.asObject();\r
+ } catch(APIException e) {\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.createUserRole(trans,request);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,REQUEST_USER_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) {\r
+ TimeTaken tt = trans.start(GET_USERROLES + ' ' + user + '|' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<USERS> ru = service.getUserInRole(trans,user,role);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_USERROLES);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user) {\r
+ TimeTaken tt = trans.start(GET_USERROLES_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<USERROLES> ru = service.getUserRolesByUser(trans,user);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_USERROLES_BY_USER);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role) {\r
+ TimeTaken tt = trans.start(GET_USERROLES_BY_ROLE + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<USERROLES> ru = service.getUserRolesByRole(trans,role);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_USERROLES_BY_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+ \r
+\r
+ @Override\r
+ public Result<Void> resetUsersForRole(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req) {\r
+ TimeTaken tt = trans.start(SET_USERS_FOR_ROLE, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = userRoleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN, SET_USERS_FOR_ROLE);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.resetUsersForRole(trans, rreq);\r
+ \r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,SET_USERS_FOR_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+\r
+ @Override\r
+ public Result<Void> resetRolesForUser(AuthzTrans trans, HttpServletResponse resp, HttpServletRequest req) {\r
+ TimeTaken tt = trans.start(SET_ROLES_FOR_USER, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ REQUEST rreq;\r
+ try {\r
+ RosettaData<REQUEST> data = userRoleRequestDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ rreq = data.asObject();\r
+ } catch(APIException e) {\r
+ trans.error().log("Invalid Input",IN, SET_ROLES_FOR_USER);\r
+ return Result.err(Status.ERR_BadData,"Invalid Input");\r
+ }\r
+ \r
+ Result<Void> rp = service.resetRolesForUser(trans, rreq);\r
+ \r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,SET_ROLES_FOR_USER);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#extendUserRoleExpiration(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user, String role) {\r
+ TimeTaken tt = trans.start(EXTEND_USER_ROLE + ' ' + user + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ return service.extendUserRole(trans,user,role);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,EXTEND_USER_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) {\r
+ TimeTaken tt = trans.start(DELETE_USER_ROLE + ' ' + user + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<Void> rp = service.deleteUserRole(trans,user,role);\r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,DELETE_USER_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ private static final String UPDATE_APPROVAL = "updateApproval";\r
+ private static final String GET_APPROVALS_BY_USER = "getApprovalsByUser.";\r
+ private static final String GET_APPROVALS_BY_TICKET = "getApprovalsByTicket.";\r
+ private static final String GET_APPROVALS_BY_APPROVER = "getApprovalsByApprover.";\r
+ \r
+ @Override\r
+ public Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {\r
+ TimeTaken tt = trans.start(UPDATE_APPROVAL, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Data<APPROVALS> data = approvalDF.newData().load(req.getInputStream());\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ Result<Void> rp = service.updateApproval(trans, data.asObject());\r
+ \r
+ switch(rp.status) {\r
+ case OK: \r
+ setContentType(resp,approvalDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,UPDATE_APPROVAL);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user) {\r
+ TimeTaken tt = trans.start(GET_APPROVALS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<APPROVALS> rp = service.getApprovalsByUser(trans, user);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+ data.to(resp.getOutputStream());\r
+ \r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_APPROVALS_BY_USER, user);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver) {\r
+ TimeTaken tt = trans.start(GET_APPROVALS_BY_APPROVER + ' ' + approver, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<APPROVALS> rp = service.getApprovalsByApprover(trans, approver);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_APPROVALS_BY_APPROVER,approver);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket) {\r
+ TimeTaken tt = trans.start(GET_APPROVALS_BY_TICKET, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<APPROVALS> rp = service.getApprovalsByTicket(trans, ticket);\r
+ switch(rp.status) {\r
+ case OK: \r
+ RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,permsDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rp);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_APPROVALS_BY_TICKET);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+\r
+ \r
+ public static final String GET_USERS_PERMISSION = "getUsersByPermission";\r
+ public static final String GET_USERS_ROLE = "getUsersByRole";\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getUsersByRole(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role) {\r
+ TimeTaken tt = trans.start(GET_USERS_ROLE + ' ' + role, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<USERS> ru = service.getUsersByRole(trans,role);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_USERS_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getUsersByPermission(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, \r
+ String type, String instance, String action) {\r
+ TimeTaken tt = trans.start(GET_USERS_PERMISSION + ' ' + type + ' ' + instance + ' ' +action, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<USERS> ru = service.getUsersByPermission(trans,type,instance,action);\r
+ switch(ru.status) {\r
+ case OK: \r
+ RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,usersDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(ru);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_USERS_PERMISSION);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ \r
+ public static final String GET_HISTORY_USER = "getHistoryByUser";\r
+ public static final String GET_HISTORY_ROLE = "getHistoryByRole";\r
+ public static final String GET_HISTORY_PERM = "getHistoryByPerm";\r
+ public static final String GET_HISTORY_NS = "getHistoryByNS";\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getHistoryByUser(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ @Override\r
+ public Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(GET_HISTORY_USER);\r
+ sb.append(' ');\r
+ sb.append(user);\r
+ sb.append(" for ");\r
+ boolean first = true;\r
+ for(int i : yyyymm) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS);\r
+\r
+ try {\r
+ Result<HISTORY> rh = service.getHistoryByUser(trans,user,yyyymm,sort);\r
+ switch(rh.status) {\r
+ case OK: \r
+ RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,historyDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rh);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_HISTORY_USER);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getHistoryByRole(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[])\r
+ */\r
+ @Override\r
+ public Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(GET_HISTORY_ROLE);\r
+ sb.append(' ');\r
+ sb.append(role);\r
+ sb.append(" for ");\r
+ boolean first = true;\r
+ for(int i : yyyymm) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<HISTORY> rh = service.getHistoryByRole(trans,role,yyyymm,sort);\r
+ switch(rh.status) {\r
+ case OK: \r
+ RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,historyDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rh);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_HISTORY_ROLE);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getHistoryByNS(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[])\r
+ */\r
+ @Override\r
+ public Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String ns, int[] yyyymm, final int sort) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(GET_HISTORY_NS);\r
+ sb.append(' ');\r
+ sb.append(ns);\r
+ sb.append(" for ");\r
+ boolean first = true;\r
+ for(int i : yyyymm) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<HISTORY> rh = service.getHistoryByNS(trans,ns,yyyymm,sort);\r
+ switch(rh.status) {\r
+ case OK: \r
+ RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,historyDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rh);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_HISTORY_NS);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getHistoryByPerm(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, int[])\r
+ */\r
+ @Override\r
+ public Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort) {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(GET_HISTORY_PERM);\r
+ sb.append(' ');\r
+ sb.append(perm);\r
+ sb.append(" for ");\r
+ boolean first = true;\r
+ for(int i : yyyymm) {\r
+ if(first) {\r
+ first = false;\r
+ } else {\r
+ sb.append(',');\r
+ }\r
+ sb.append(i);\r
+ }\r
+ TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS);\r
+ try {\r
+ Result<HISTORY> rh = service.getHistoryByPerm(trans,perm,yyyymm,sort);\r
+ switch(rh.status) {\r
+ case OK: \r
+ RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,historyDF.getOutType());\r
+ return Result.ok();\r
+ default:\r
+ return Result.err(rh);\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,GET_HISTORY_PERM);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ public final static String CACHE_CLEAR = "cacheClear "; \r
+// public final static String CACHE_VALIDATE = "validateCache";\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#cacheClear(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname) {\r
+ TimeTaken tt = trans.start(CACHE_CLEAR + cname, Env.SUB|Env.ALWAYS);\r
+ try {\r
+ return service.cacheClear(trans,cname);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CACHE_CLEAR);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#cacheClear(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.Integer)\r
+ */\r
+ @Override\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname, String segments) {\r
+ TimeTaken tt = trans.start(CACHE_CLEAR + cname + ", segments[" + segments + ']', Env.SUB|Env.ALWAYS);\r
+ try {\r
+ String[] segs = segments.split("\\s*,\\s*");\r
+ int isegs[] = new int[segs.length];\r
+ for(int i=0;i<segs.length;++i) {\r
+ try {\r
+ isegs[i] = Integer.parseInt(segs[i]);\r
+ } catch(NumberFormatException nfe) {\r
+ isegs[i] = -1;\r
+ }\r
+ }\r
+ return service.cacheClear(trans,cname, isegs);\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,CACHE_CLEAR);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#dbReset(com.att.authz.env.AuthzTrans)\r
+ */\r
+ @Override\r
+ public void dbReset(AuthzTrans trans) {\r
+ service.dbReset(trans);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getAPI(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse)\r
+ */\r
+ public final static String API_REPORT = "apiReport";\r
+ @Override\r
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet) {\r
+ TimeTaken tt = trans.start(API_REPORT, Env.SUB);\r
+ try {\r
+ Api api = new Api();\r
+ Api.Route ar;\r
+ Method[] meths = AuthzCassServiceImpl.class.getDeclaredMethods();\r
+ for(RouteReport rr : rservlet.routeReport()) {\r
+ api.getRoute().add(ar = new Api.Route());\r
+ ar.setMeth(rr.meth.name());\r
+ ar.setPath(rr.path);\r
+ ar.setDesc(rr.desc);\r
+ ar.getContentType().addAll(rr.contextTypes);\r
+ for(Method m : meths) {\r
+ ApiDoc ad;\r
+ if((ad = m.getAnnotation(ApiDoc.class))!=null &&\r
+ rr.meth.equals(ad.method()) &&\r
+ rr.path.equals(ad.path())) {\r
+ for(String param : ad.params()) {\r
+ ar.getParam().add(param);\r
+ }\r
+ for(String text : ad.text()) {\r
+ ar.getComments().add(text);\r
+ }\r
+ ar.setExpected(ad.expectedCode());\r
+ for(int ec : ad.errorCodes()) {\r
+ ar.getExplicitErr().add(ec);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ RosettaData<Api> data = apiDF.newData(trans).load(api);\r
+ if(Question.willSpecialLog(trans, trans.user())) {\r
+ Question.logEncryptTrace(trans,data.asString());\r
+ }\r
+\r
+ data.to(resp.getOutputStream());\r
+ setContentType(resp,apiDF.getOutType());\r
+ return Result.ok();\r
+\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,API_REPORT);\r
+ return Result.err(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+\r
+ public final static String API_EXAMPLE = "apiExample";\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.facade.AuthzFacade#getAPIExample(com.att.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {\r
+ TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);\r
+ try {\r
+ String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); \r
+ resp.getOutputStream().print(content);\r
+ setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);\r
+ return Result.ok();\r
+ } catch (Exception e) {\r
+ trans.error().log(e,IN,API_EXAMPLE);\r
+ return Result.err(Status.ERR_NotImplemented,e.getMessage());\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.facade;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.service.AuthzService;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+\r
+import aaf.v2_0.Approvals;\r
+import aaf.v2_0.Certs;\r
+import aaf.v2_0.Delgs;\r
+import aaf.v2_0.Error;\r
+import aaf.v2_0.History;\r
+import aaf.v2_0.Keys;\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.Request;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.UserRoles;\r
+import aaf.v2_0.Users;\r
+\r
+public class AuthzFacade_2_0 extends AuthzFacadeImpl<\r
+ Nss,\r
+ Perms,\r
+ Pkey,\r
+ Roles,\r
+ Users,\r
+ UserRoles,\r
+ Delgs,\r
+ Certs,\r
+ Keys,\r
+ Request,\r
+ History,\r
+ Error,\r
+ Approvals>\r
+{\r
+ public AuthzFacade_2_0(AuthzEnv env,\r
+ AuthzService<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> service,\r
+ Data.TYPE type) throws APIException {\r
+ super(env, service, type);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import java.io.IOException;\r
+import java.net.HttpURLConnection;\r
+import java.security.GeneralSecurityException;\r
+import java.util.ArrayList;\r
+import java.util.EnumSet;\r
+import java.util.List;\r
+import java.util.Properties;\r
+\r
+import com.att.aft.dme2.api.DME2Exception;\r
+//import com.att.aft.dme2.api.DME2FilterHolder;\r
+//import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.DME2Manager;\r
+import com.att.aft.dme2.api.DME2Server;\r
+import com.att.aft.dme2.api.DME2ServerProperties;\r
+import com.att.aft.dme2.api.DME2ServiceHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder;\r
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;\r
+import com.att.aft.dme2.api.util.DME2ServletHolder;\r
+//import com.att.aft.dme2.api.DME2ServletHolder;\r
+import com.att.authz.cadi.DirectAAFLur;\r
+import com.att.authz.cadi.DirectAAFUserPass;\r
+import com.att.authz.cadi.DirectCertIdentity;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.env.AuthzTransFilter;\r
+import com.att.authz.facade.AuthzFacadeFactory;\r
+import com.att.authz.facade.AuthzFacade_2_0;\r
+import com.att.authz.org.OrganizationFactory;\r
+import com.att.authz.server.AbsServer;\r
+import com.att.authz.service.api.API_Api;\r
+import com.att.authz.service.api.API_Approval;\r
+import com.att.authz.service.api.API_Creds;\r
+import com.att.authz.service.api.API_Delegate;\r
+import com.att.authz.service.api.API_History;\r
+import com.att.authz.service.api.API_Mgmt;\r
+import com.att.authz.service.api.API_NS;\r
+import com.att.authz.service.api.API_Perms;\r
+import com.att.authz.service.api.API_Roles;\r
+import com.att.authz.service.api.API_User;\r
+import com.att.authz.service.api.API_UserRole;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.CadiException;\r
+import com.att.cadi.LocatorException;\r
+import com.att.cadi.SecuritySetter;\r
+import com.att.cadi.aaf.v2_0.AAFTrustChecker;\r
+import com.att.cadi.config.Config;\r
+import com.att.cadi.config.SecurityInfoC;\r
+import com.att.cadi.http.HBasicAuthSS;\r
+import com.att.cadi.http.HMangr;\r
+import com.att.cadi.http.HX509SS;\r
+import com.att.cadi.locator.DME2Locator;\r
+import com.att.cadi.taf.basic.BasicHttpTaf;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.dao.CassAccess;\r
+import com.att.dao.aaf.cass.CacheInfoDAO;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.inno.env.APIException;\r
+import com.att.inno.env.Data;\r
+import com.att.inno.env.Env;\r
+import com.datastax.driver.core.Cluster;\r
+\r
+public class AuthAPI extends AbsServer {\r
+\r
+ private static final String ORGANIZATION = "Organization.";\r
+ private static final String DOMAIN = "openecomp.org";\r
+\r
+// TODO Add Service Metrics\r
+// private Metric serviceMetric;\r
+ public final Question question;\r
+// private final SessionFilter sessionFilter;\r
+ private AuthzFacade_2_0 facade;\r
+ private AuthzFacade_2_0 facade_XML;\r
+ private DirectAAFUserPass directAAFUserPass;\r
+ \r
+ /**\r
+ * Construct AuthzAPI with all the Context Supporting Routes that Authz needs\r
+ * \r
+ * @param env\r
+ * @param decryptor \r
+ * @throws APIException \r
+ */\r
+ public AuthAPI(AuthzEnv env) throws Exception {\r
+ super(env,"AAF");\r
+ \r
+ // Set "aaf_url" for peer communication based on Service DME2 URL\r
+ env.setProperty(Config.AAF_URL, "https://DME2RESOLVE/"+env.getProperty("DMEServiceName"));\r
+ \r
+ // Setup Log Names\r
+ env.setLog4JNames("log4j.properties","authz","authz|service","audit","init","trace");\r
+\r
+ final Cluster cluster = com.att.dao.CassAccess.cluster(env,null);\r
+\r
+ // jg 4/2015 SessionFilter unneeded... DataStax already deals with Multithreading well\r
+ \r
+ // Setup Shutdown Hooks for Cluster and Pooled Sessions\r
+ Runtime.getRuntime().addShutdownHook(new Thread() {\r
+ @Override\r
+ public void run() {\r
+// sessionFilter.destroy();\r
+ cluster.close();\r
+ }\r
+ }); \r
+ \r
+ // Initialize Facade for all uses\r
+ AuthzTrans trans = env.newTrans();\r
+\r
+ // Initialize Organizations... otherwise, first pass may miss\r
+ int org_size = ORGANIZATION.length();\r
+ for(String n : env.existingStaticSlotNames()) {\r
+ if(n.startsWith(ORGANIZATION)) {\r
+ OrganizationFactory.obtain(env, n.substring(org_size));\r
+ }\r
+ }\r
+ \r
+ // Need Question for Security purposes (direct User/Authz Query in Filter)\r
+ // Start Background Processing\r
+ question = new Question(trans, cluster, CassAccess.KEYSPACE, true);\r
+ \r
+ DirectCertIdentity.set(question.certDAO);\r
+ \r
+ facade = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.JSON,question);\r
+ facade_XML = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.XML,question);\r
+\r
+ directAAFUserPass = new DirectAAFUserPass(\r
+ trans.env(),question,trans.getProperty("Unknown"));\r
+\r
+ \r
+ // Print results and cleanup\r
+ StringBuilder sb = new StringBuilder();\r
+ trans.auditTrail(0, sb);\r
+ if(sb.length()>0)env.init().log(sb);\r
+ trans = null;\r
+ sb = null;\r
+\r
+ ////////////////////////////////////////////////////////////////////////////\r
+ // Time Critical\r
+ // These will always be evaluated first\r
+ ////////////////////////////////////////////////////////////////////////\r
+ API_Creds.timeSensitiveInit(env, this, facade,directAAFUserPass);\r
+ API_Perms.timeSensitiveInit(this, facade);\r
+ ////////////////////////////////////////////////////////////////////////\r
+ // Service APIs\r
+ ////////////////////////////////////////////////////////////////////////\r
+ API_Creds.init(this, facade);\r
+ API_UserRole.init(this, facade);\r
+ API_Roles.init(this, facade);\r
+ API_Perms.init(this, facade);\r
+ API_NS.init(this, facade);\r
+ API_User.init(this, facade);\r
+ API_Delegate.init(this,facade);\r
+ API_Approval.init(this, facade);\r
+ API_History.init(this, facade);\r
+\r
+ ////////////////////////////////////////////////////////////////////////\r
+ // Management APIs\r
+ ////////////////////////////////////////////////////////////////////////\r
+ // There are several APIs around each concept, and it gets a bit too\r
+ // long in this class to create. The initialization of these Management\r
+ // APIs have therefore been pushed to StandAlone Classes with static\r
+ // init functions\r
+ API_Mgmt.init(this, facade);\r
+ API_Api.init(this, facade);\r
+ \r
+ }\r
+ \r
+ /**\r
+ * Setup XML and JSON implementations for each supported Version type\r
+ * \r
+ * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties\r
+ * to do Versions and Content switches\r
+ * \r
+ */\r
+ public void route(HttpMethods meth, String path, API api, Code code) throws Exception {\r
+ String version = "2.0";\r
+ Class<?> respCls = facade.mapper().getClass(api); \r
+ if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());\r
+ String application = applicationJSON(respCls, version);\r
+\r
+ route(env,meth,path,code,application,"application/json;version=2.0","*/*");\r
+ application = applicationXML(respCls, version);\r
+ route(env,meth,path,code.clone(facade_XML,false),application,"text/xml;version=2.0");\r
+ }\r
+\r
+ /**\r
+ * Start up AuthzAPI as DME2 Service\r
+ * @param env\r
+ * @param props\r
+ * @throws Exception \r
+ * @throws LocatorException \r
+ * @throws CadiException \r
+ * @throws NumberFormatException \r
+ * @throws IOException \r
+ * @throws GeneralSecurityException \r
+ * @throws APIException \r
+ */\r
+ public void startDME2(Properties props) throws Exception {\r
+ DME2Manager dme2 = new DME2Manager("AuthzServiceDME2Manager",props);\r
+ String s = dme2.getStringProp(Config.AFT_DME2_SSL_INCLUDE_PROTOCOLS,null);\r
+ env.init().log("DME2 Service TLS Protocols are set to",(s==null?"DME2 Default":s));\r
+ \r
+ DME2ServiceHolder svcHolder;\r
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();\r
+ svcHolder = new DME2ServiceHolder();\r
+ String serviceName = env.getProperty("DMEServiceName",null);\r
+ if(serviceName!=null) {\r
+ svcHolder.setServiceURI(serviceName);\r
+ svcHolder.setManager(dme2);\r
+ svcHolder.setContext("/");\r
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/authz","/authn","/mgmt"});\r
+ srvHolder.setContextPath("/*");\r
+ slist.add(srvHolder);\r
+ \r
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(\r
+ RequestDispatcherType.REQUEST,\r
+ RequestDispatcherType.FORWARD,\r
+ RequestDispatcherType.ASYNC\r
+ );\r
+ \r
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();\r
+\r
+ // Add DME2 Metrics\r
+ // DME2 removed the Metrics Filter in 2.8.8.5\r
+ // flist.add(new DME2FilterHolder(new DME2MetricsFilter(serviceName),"/*",edlist));\r
+ \r
+ // Note: Need CADI to fill out User for AuthTransFilter... so it's first\r
+ // Make sure there is no AAF TAF configured for Filters\r
+ env.setProperty(Config.AAF_URL,null);\r
+\r
+ flist.add(\r
+ new DME2FilterHolder(\r
+ new AuthzTransFilter(env, null /* no connection to AAF... it is AAF */,\r
+ new AAFTrustChecker((Env)env),\r
+ new DirectAAFLur(env,question), // Note, this will be assigned by AuthzTransFilter to TrustChecker\r
+ new BasicHttpTaf(env, directAAFUserPass,\r
+ DOMAIN,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)),\r
+ false\r
+ ) // Add specialty Direct TAF\r
+ ),\r
+ "/*", edlist));\r
+\r
+ svcHolder.setFilters(flist);\r
+ svcHolder.setServletHolders(slist);\r
+ \r
+ DME2Server dme2svr = dme2.getServer();\r
+ \r
+ String hostname = env.getProperty("HOSTNAME",null);\r
+ if(hostname!=null) {\r
+ //dme2svr.setHostname(hostname);\r
+ hostname=null;\r
+ }\r
+ // dme2svr.setGracefulShutdownTimeMs(5000);\r
+ \r
+ env.init().log("Starting AAF Jetty/DME2 server...");\r
+ dme2svr.start();\r
+ try {\r
+// if(env.getProperty("NO_REGISTER",null)!=null)\r
+ dme2.bindService(svcHolder);\r
+ //env.init().log("DME2 is available as HTTPS on port:",dme2svr.getPort());\r
+ \r
+ // Start CacheInfo Listener\r
+ HMangr hman = new HMangr(env, new DME2Locator(env, dme2,"https://DME2RESOLVE/"+serviceName,true /*remove self from cache*/));\r
+ SecuritySetter<HttpURLConnection> ss;\r
+ \r
+// InetAddress ip = InetAddress.getByName(dme2svr.getHostname());\r
+ SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(env);\r
+ String mechID;\r
+ if((mechID=env.getProperty(Config.AAF_MECHID))==null) {\r
+ String alias = env.getProperty(Config.CADI_ALIAS);\r
+ if(alias==null) {\r
+ env.init().log(Config.CADI_ALIAS, "is required for AAF Authentication by Certificate. Alternately, set",Config.AAF_MECHID,"and",Config.AAF_MECHPASS);\r
+ System.exit(1);\r
+ }\r
+ ss = new HX509SS(alias,si,true);\r
+ env.init().log("X509 Certificate Client configured:", alias);\r
+ } else {\r
+ String pass = env.getProperty(Config.AAF_MECHPASS);\r
+ if(pass==null) {\r
+ env.init().log(Config.AAF_MECHPASS, "is required for AAF Authentication by ID/Pass");\r
+ System.exit(1);\r
+ }\r
+ ss = new HBasicAuthSS(mechID,env.decrypt(pass, true),si,true);\r
+ env.init().log("BasicAuth (ID/Pass) Client configured.");\r
+ }\r
+ \r
+ //TODO Reenable Cache Update\r
+ //CacheInfoDAO.startUpdate(env, hman, ss, dme2svr.getHostname(), dme2svr.getPort());\r
+ \r
+ while(true) { // Per DME2 Examples...\r
+ Thread.sleep(5000);\r
+ }\r
+ } catch(DME2Exception e) { // Error binding service doesn't seem to stop DME2 or Process\r
+ env.init().log(e,"DME2 Initialization Error");\r
+ dme2svr.stop();\r
+ System.exit(1);\r
+ } catch(InterruptedException e) {\r
+ env.init().log("AAF Jetty Server interrupted!");\r
+ }\r
+ } else {\r
+ env.init().log("Properties must contain 'DMEServiceName'");\r
+ }\r
+ }\r
+\r
+ public static void main(String[] args) {\r
+ setup(AuthAPI.class,"authAPI.props");\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import java.io.IOException;\r
+import java.util.ArrayList;\r
+import java.util.Collection;\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.HashMap;\r
+import java.util.HashSet;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Set;\r
+import java.util.TreeMap;\r
+import java.util.UUID;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.common.Define;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Executor;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Expiration;\r
+import com.att.authz.org.Organization.Identity;\r
+import com.att.authz.org.Organization.Policy;\r
+import com.att.authz.service.mapper.Mapper;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.authz.service.validation.Validator;\r
+import com.att.cadi.principal.BasicPrincipal;\r
+import com.att.cssa.rserv.doc.ApiDoc;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.FutureDAO;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.NsDAO;\r
+import com.att.dao.aaf.cass.NsDAO.Data;\r
+import com.att.dao.aaf.cass.NsSplit;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.dao.aaf.hl.CassExecutor;\r
+import com.att.dao.aaf.hl.Function;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.dao.aaf.hl.Question.Access;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.util.Chrono;\r
+import com.att.inno.env.util.Split;\r
+\r
+import aaf.v2_0.CredRequest;\r
+\r
+/**\r
+ * AuthzCassServiceImpl implements AuthzCassService for \r
+ * \r
+ *\r
+ * @param <NSS>\r
+ * @param <PERMS>\r
+ * @param <PERMKEY>\r
+ * @param <ROLES>\r
+ * @param <USERS>\r
+ * @param <DELGS>\r
+ * @param <REQUEST>\r
+ * @param <HISTORY>\r
+ * @param <ERR>\r
+ * @param <APPROVALS>\r
+ */\r
+public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS>\r
+ implements AuthzService <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> {\r
+ \r
+ private Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper;\r
+ @Override\r
+ public Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {return mapper;}\r
+ \r
+ private static final String ASTERIX = "*";\r
+ private static final String CACHE = "cache";\r
+\r
+ private final Question ques;\r
+ private final Function func;\r
+ \r
+ public AuthzCassServiceImpl(AuthzTrans trans, Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper,Question question) {\r
+ this.ques = question;\r
+ func = new Function(trans, question);\r
+ this.mapper = mapper;\r
+ \r
+ }\r
+\r
+/***********************************\r
+ * NAMESPACE \r
+ ***********************************/\r
+ /**\r
+ * createNS\r
+ * @throws DAOException \r
+ * @see com.att.authz.service.AuthzService#createNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authz/ns",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = { 403,404,406,409 }, \r
+ text = { "Namespace consists of: ",\r
+ "<ul><li>name - What you want to call this Namespace</li>",\r
+ "<li>responsible(s) - Person(s) who receive Notifications and approves Requests ",\r
+ "regarding this Namespace. Companies have Policies as to who may take on ",\r
+ "this Responsibility. Separate multiple identities with commas</li>",\r
+ "<li>admin(s) - Person(s) who are allowed to make changes on the namespace, ",\r
+ "including creating Roles, Permissions and Credentials. Separate multiple ",\r
+ "identities with commas</li></ul>",\r
+ "Note: Namespaces are dot-delimited (i.e. com.myCompany.myApp) and must be ",\r
+ "created with parent credentials (i.e. To create com.myCompany.myApp, you must ",\r
+ "be an admin of com.myCompany or com"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> createNS(final AuthzTrans trans, REQUEST from, NsType type) {\r
+ final Result<Namespace> rnamespace = mapper.ns(trans, from);\r
+ final Validator v = new Validator();\r
+ if(v.ns(rnamespace).err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ final Namespace namespace = rnamespace.value;\r
+ final Result<NsDAO.Data> parentNs = ques.deriveNs(trans,namespace.name);\r
+ if(parentNs.notOK()) {\r
+ return Result.err(parentNs);\r
+ }\r
+ \r
+ if(namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed\r
+ return func.createNS(trans, namespace, false);\r
+ }\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true, \r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Create Namespace [" + namespace.name + ']';\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> rnd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(rnd==null) {\r
+ rnd = ques.mayUser(trans, trans.user(), parentNs.value,Access.write);\r
+ }\r
+ return rnd;\r
+ }\r
+ });\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, "C");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "NS [%s] is saved for future processing",namespace.name);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.createNS(trans, namespace, false);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = POST, \r
+ path = "/authz/ns/:ns/admin/:id",\r
+ params = { "ns|string|true",\r
+ "id|string|true" \r
+ },\r
+ expectedCode = 201,\r
+ errorCodes = { 403,404,406,409 }, \r
+ text = { "Add an Identity :id to the list of Admins for the Namespace :ns", \r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" }\r
+ )\r
+ @Override\r
+ public Result<Void> addAdminNS(AuthzTrans trans, String ns, String id) {\r
+ return func.addUserRole(trans, id, ns,Question.ADMIN);\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = DELETE, \r
+ path = "/authz/ns/:ns/admin/:id",\r
+ params = { "ns|string|true",\r
+ "id|string|true" \r
+ },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Remove an Identity :id from the list of Admins for the Namespace :ns",\r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" }\r
+ )\r
+ @Override\r
+ public Result<Void> delAdminNS(AuthzTrans trans, String ns, String id) {\r
+ return func.delAdmin(trans,ns,id);\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = POST, \r
+ path = "/authz/ns/:ns/responsible/:id",\r
+ params = { "ns|string|true",\r
+ "id|string|true" \r
+ },\r
+ expectedCode = 201,\r
+ errorCodes = { 403,404,406,409 }, \r
+ text = { "Add an Identity :id to the list of Responsibles for the Namespace :ns",\r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" }\r
+ )\r
+ @Override\r
+ public Result<Void> addResponsibleNS(AuthzTrans trans, String ns, String id) {\r
+ return func.addUserRole(trans,id,ns,Question.OWNER);\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = DELETE, \r
+ path = "/authz/ns/:ns/responsible/:id",\r
+ params = { "ns|string|true",\r
+ "id|string|true" \r
+ },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Remove an Identity :id to the list of Responsibles for the Namespace :ns",\r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)",\r
+ "Note: A namespace must have at least 1 responsible party"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> delResponsibleNS(AuthzTrans trans, String ns, String id) {\r
+ return func.delOwner(trans,ns,id);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#applyModel(com.att.authz.env.AuthzTrans, java.lang.Object)\r
+ */\r
+ @ApiDoc(\r
+ method = POST, \r
+ path = "/authz/ns/:ns/attrib/:key/:value",\r
+ params = { "ns|string|true",\r
+ "key|string|true",\r
+ "value|string|true"},\r
+ expectedCode = 201,\r
+ errorCodes = { 403,404,406,409 }, \r
+ text = { \r
+ "Create an attribute in the Namespace",\r
+ "You must be given direct permission for key by AAF"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> createNsAttrib(AuthzTrans trans, String ns, String key, String value) {\r
+ TimeTaken tt = trans.start("Create NsAttrib " + ns + ':' + key + ':' + value, Env.SUB);\r
+ try {\r
+ // Check inputs\r
+ final Validator v = new Validator();\r
+ if(v.ns(ns).err() ||\r
+ v.key(key).err() ||\r
+ v.value(value).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // Check if exists already\r
+ Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);\r
+ if(rlnsd.notOKorIsEmpty()) {\r
+ return Result.err(rlnsd);\r
+ }\r
+ NsDAO.Data nsd = rlnsd.value.get(0);\r
+\r
+ // Check for Existence\r
+ if(nsd.attrib.get(key)!=null) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key);\r
+ }\r
+ \r
+ // Check if User may put\r
+ if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, \r
+ ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {\r
+ return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);\r
+ }\r
+\r
+ // Add Attrib\r
+ nsd.attrib.put(key, value);\r
+ ques.nsDAO.dao().attribAdd(trans,ns,key,value);\r
+ return Result.ok();\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/ns/attrib/:key",\r
+ params = { "key|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { \r
+ "Read Attributes for Namespace"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<KEYS> readNsByAttrib(AuthzTrans trans, String key) {\r
+ // Check inputs\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Key",key).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // May Read\r
+ if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, \r
+ ":"+trans.org().getDomain()+".*:"+key, Question.READ)) {\r
+ return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key);\r
+ }\r
+\r
+ Result<Set<String>> rsd = ques.nsDAO.dao().readNsByAttrib(trans, key);\r
+ if(rsd.notOK()) {\r
+ return Result.err(rsd);\r
+ }\r
+ return mapper().keys(rsd.value);\r
+ }\r
+\r
+\r
+ @ApiDoc(\r
+ method = PUT, \r
+ path = "/authz/ns/:ns/attrib/:key/:value",\r
+ params = { "ns|string|true",\r
+ "key|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { \r
+ "Update Value on an existing attribute in the Namespace",\r
+ "You must be given direct permission for key by AAF"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<?> updateNsAttrib(AuthzTrans trans, String ns, String key, String value) {\r
+ TimeTaken tt = trans.start("Update NsAttrib " + ns + ':' + key + ':' + value, Env.SUB);\r
+ try {\r
+ // Check inputs\r
+ final Validator v = new Validator();\r
+ if(v.ns(ns).err() ||\r
+ v.key(key).err() ||\r
+ v.value(value).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // Check if exists already (NS must exist)\r
+ Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);\r
+ if(rlnsd.notOKorIsEmpty()) {\r
+ return Result.err(rlnsd);\r
+ }\r
+ NsDAO.Data nsd = rlnsd.value.get(0);\r
+\r
+ // Check for Existence\r
+ if(nsd.attrib.get(key)==null) {\r
+ return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key);\r
+ }\r
+ \r
+ // Check if User may put\r
+ if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, Question.ATTRIB, \r
+ ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {\r
+ return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);\r
+ }\r
+\r
+ // Add Attrib\r
+ nsd.attrib.put(key, value);\r
+\r
+ return ques.nsDAO.update(trans,nsd);\r
+ \r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = DELETE, \r
+ path = "/authz/ns/:ns/attrib/:key",\r
+ params = { "ns|string|true",\r
+ "key|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { \r
+ "Delete an attribute in the Namespace",\r
+ "You must be given direct permission for key by AAF"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> deleteNsAttrib(AuthzTrans trans, String ns, String key) {\r
+ TimeTaken tt = trans.start("Delete NsAttrib " + ns + ':' + key, Env.SUB);\r
+ try {\r
+ // Check inputs\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("NS",ns).err() ||\r
+ v.nullOrBlank("Key",key).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // Check if exists already\r
+ Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);\r
+ if(rlnsd.notOKorIsEmpty()) {\r
+ return Result.err(rlnsd);\r
+ }\r
+ NsDAO.Data nsd = rlnsd.value.get(0);\r
+\r
+ // Check for Existence\r
+ if(nsd.attrib.get(key)==null) {\r
+ return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key);\r
+ }\r
+ \r
+ // Check if User may del\r
+ if(!ques.isGranted(trans, trans.user(), Define.ROOT_NS, "attrib", ":com.att.*:"+key, Access.write.name())) {\r
+ return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key);\r
+ }\r
+\r
+ // Add Attrib\r
+ nsd.attrib.remove(key);\r
+ ques.nsDAO.dao().attribRemove(trans,ns,key);\r
+ return Result.ok();\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/nss/:id",\r
+ params = { "id|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { \r
+ "Lists the Admin(s), Responsible Party(s), Role(s), Permission(s)",\r
+ "Credential(s) and Expiration of Credential(s) in Namespace :id",\r
+ }\r
+ )\r
+ @Override\r
+ public Result<NSS> getNSbyName(AuthzTrans trans, String ns) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("NS", ns).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, ns);\r
+ if(rlnd.isOK()) {\r
+ if(rlnd.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "No data found for %s",ns);\r
+ }\r
+ Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ \r
+ Namespace namespace = new Namespace(rnd.value);\r
+ Result<List<String>> rd = func.getOwners(trans, namespace.name, false);\r
+ if(rd.isOK()) {\r
+ namespace.owner = rd.value;\r
+ }\r
+ rd = func.getAdmins(trans, namespace.name, false);\r
+ if(rd.isOK()) {\r
+ namespace.admin = rd.value;\r
+ }\r
+ \r
+ NSS nss = mapper.newInstance(API.NSS);\r
+ return mapper.nss(trans, namespace, nss);\r
+ } else {\r
+ return Result.err(rlnd);\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/nss/admin/:id",\r
+ params = { "id|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Lists all Namespaces where Identity :id is an Admin", \r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" \r
+ }\r
+ )\r
+ @Override\r
+ public Result<NSS> getNSbyAdmin(AuthzTrans trans, String user, boolean full) {\r
+ final Validator v = new Validator();\r
+ if (v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData, v.errs());\r
+ }\r
+ \r
+ Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".admin", full);\r
+ if(rn.notOK()) {\r
+ return Result.err(rn);\r
+ }\r
+ if (rn.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user); \r
+ }\r
+ NSS nss = mapper.newInstance(API.NSS);\r
+ // Note: "loadNamespace" already validates view of Namespace\r
+ return mapper.nss(trans, rn.value, nss);\r
+\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/nss/either/:id",\r
+ params = { "id|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner", \r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)" \r
+ }\r
+ )\r
+ @Override\r
+ public Result<NSS> getNSbyEither(AuthzTrans trans, String user, boolean full) {\r
+ final Validator v = new Validator();\r
+ if (v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData, v.errs());\r
+ }\r
+ \r
+ Result<Collection<Namespace>> rn = loadNamepace(trans, user, null, full);\r
+ if(rn.notOK()) {\r
+ return Result.err(rn);\r
+ }\r
+ if (rn.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user); \r
+ }\r
+ NSS nss = mapper.newInstance(API.NSS);\r
+ // Note: "loadNamespace" already validates view of Namespace\r
+ return mapper.nss(trans, rn.value, nss);\r
+ }\r
+\r
+ private Result<Collection<Namespace>> loadNamepace(AuthzTrans trans, String user, String endsWith, boolean full) {\r
+ Result<List<UserRoleDAO.Data>> urd = ques.userRoleDAO.readByUser(trans, user);\r
+ if(urd.notOKorIsEmpty()) {\r
+ return Result.err(urd);\r
+ }\r
+ Map<String, Namespace> lm = new HashMap<String,Namespace>();\r
+ Map<String, Namespace> other = full || endsWith==null?null:new TreeMap<String,Namespace>();\r
+ for(UserRoleDAO.Data urdd : urd.value) {\r
+ if(full) {\r
+ if(endsWith==null || urdd.role.endsWith(endsWith)) {\r
+ RoleDAO.Data rd = RoleDAO.Data.decode(urdd);\r
+ Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);\r
+ if(nsd.isOK()) {\r
+ Namespace namespace = lm.get(nsd.value.name);\r
+ if(namespace==null) {\r
+ namespace = new Namespace(nsd.value);\r
+ lm.put(namespace.name,namespace);\r
+ }\r
+ Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);\r
+ if(rls.isOK()) {\r
+ namespace.admin=rls.value;\r
+ }\r
+ \r
+ rls = func.getOwners(trans, namespace.name, false);\r
+ if(rls.isOK()) {\r
+ namespace.owner=rls.value;\r
+ }\r
+ }\r
+ }\r
+ } else { // Shortened version. Only Namespace Info available from Role.\r
+ if(Question.ADMIN.equals(urdd.rname) || Question.OWNER.equals(urdd.rname)) {\r
+ RoleDAO.Data rd = RoleDAO.Data.decode(urdd);\r
+ Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);\r
+ if(nsd.isOK()) {\r
+ Namespace namespace = lm.get(nsd.value.name);\r
+ if(namespace==null) {\r
+ if(other!=null) {\r
+ namespace = other.remove(nsd.value.name);\r
+ }\r
+ if(namespace==null) {\r
+ namespace = new Namespace(nsd.value);\r
+ namespace.admin=new ArrayList<String>();\r
+ namespace.owner=new ArrayList<String>();\r
+ }\r
+ if(endsWith==null || urdd.role.endsWith(endsWith)) {\r
+ lm.put(namespace.name,namespace);\r
+ } else { \r
+ other.put(namespace.name,namespace);\r
+ }\r
+ }\r
+ if(Question.OWNER.equals(urdd.rname)) {\r
+ namespace.owner.add(urdd.user);\r
+ } else {\r
+ namespace.admin.add(urdd.user);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return Result.ok(lm.values());\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/nss/responsible/:id",\r
+ params = { "id|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Lists all Namespaces where Identity :id is a Responsible Party", \r
+ "Note: :id must be fully qualified (i.e. ab1234@csp.att.com)"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<NSS> getNSbyResponsible(AuthzTrans trans, String user, boolean full) {\r
+ final Validator v = new Validator();\r
+ if (v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData, v.errs());\r
+ }\r
+ Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".owner",full);\r
+ if(rn.notOK()) {\r
+ return Result.err(rn);\r
+ }\r
+ if (rn.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user); \r
+ }\r
+ NSS nss = mapper.newInstance(API.NSS);\r
+ // Note: "loadNamespace" prevalidates\r
+ return mapper.nss(trans, rn.value, nss);\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = GET, \r
+ path = "/authz/nss/children/:id",\r
+ params = { "id|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404 }, \r
+ text = { "Lists all Child Namespaces of Namespace :id", \r
+ "Note: This is not a cached read"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<NSS> getNSsChildren(AuthzTrans trans, String parent) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("NS", parent).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans, parent);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+\r
+ Set<Namespace> lm = new HashSet<Namespace>();\r
+ Result<List<NsDAO.Data>> rlnd = ques.nsDAO.dao().getChildren(trans, parent);\r
+ if(rlnd.isOK()) {\r
+ if(rlnd.isEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "No data found for %s",parent);\r
+ }\r
+ for(NsDAO.Data ndd : rlnd.value) {\r
+ Namespace namespace = new Namespace(ndd);\r
+ Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);\r
+ if(rls.isOK()) {\r
+ namespace.admin=rls.value;\r
+ }\r
+ \r
+ rls = func.getOwners(trans, namespace.name, false);\r
+ if(rls.isOK()) {\r
+ namespace.owner=rls.value;\r
+ }\r
+\r
+ lm.add(namespace);\r
+ }\r
+ NSS nss = mapper.newInstance(API.NSS);\r
+ return mapper.nss(trans,lm, nss);\r
+ } else {\r
+ return Result.err(rlnd);\r
+ }\r
+ }\r
+\r
+\r
+ @ApiDoc(\r
+ method = PUT, \r
+ path = "/authz/ns",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404,406 }, \r
+ text = { "Replace the Current Description of a Namespace with a new one"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST from) {\r
+ final Result<Namespace> nsd = mapper.ns(trans, from);\r
+ final Validator v = new Validator();\r
+ if(v.ns(nsd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ if(v.nullOrBlank("description", nsd.value.description).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Namespace namespace = nsd.value;\r
+ Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, namespace.name);\r
+ \r
+ if(rlnd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "Namespace [%s] does not exist",namespace.name);\r
+ }\r
+ \r
+ if (ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.write).notOK()) {\r
+ return Result.err(Status.ERR_Denied, "You do not have approval to change %s",namespace.name);\r
+ }\r
+\r
+ Result<Void> rdr = ques.nsDAO.dao().addDescription(trans, namespace.name, namespace.description);\r
+ if(rdr.isOK()) {\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(rdr);\r
+ }\r
+ }\r
+ \r
+ /**\r
+ * deleteNS\r
+ * @throws DAOException \r
+ * @see com.att.authz.service.AuthzService#deleteNS(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.String)\r
+ */\r
+ @ApiDoc(\r
+ method = DELETE, \r
+ path = "/authz/ns/:ns",\r
+ params = { "ns|string|true" },\r
+ expectedCode = 200,\r
+ errorCodes = { 403,404,424 }, \r
+ text = { "Delete the Namespace :ns. Namespaces cannot normally be deleted when there ",\r
+ "are still credentials associated with them, but they can be deleted by setting ",\r
+ "the \"force\" property. To do this: Add 'force=true' as a query parameter",\r
+ "<p>WARNING: Using force will delete all credentials attached to this namespace. Use with care.</p>"\r
+ + "if the \"force\" property is set to 'force=move', then Permissions and Roles are not deleted,"\r
+ + "but are retained, and assigned to the Parent Namespace. 'force=move' is not permitted "\r
+ + "at or below Application Scope"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> deleteNS(AuthzTrans trans, String ns) {\r
+ return func.deleteNS(trans, ns);\r
+ }\r
+\r
+\r
+/***********************************\r
+ * PERM \r
+ ***********************************/\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#createOrUpdatePerm(com.att.authz.env.AuthzTrans, java.lang.Object, boolean, java.lang.String, java.lang.String, java.lang.String, java.util.List, java.util.List)\r
+ */\r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authz/perm",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409}, \r
+ text = { "Permission consists of:",\r
+ "<ul><li>type - a Namespace qualified identifier specifying what kind of resource "\r
+ + "is being protected</li>",\r
+ "<li>instance - a key, possibly multi-dimensional, that identifies a specific "\r
+ + " instance of the type</li>",\r
+ "<li>action - what kind of action is allowed</li></ul>",\r
+ "Note: instance and action can be an *"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) { \r
+ final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);\r
+ final Validator v = new Validator(trans);\r
+ if(v.perm(newPd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false,\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Create Permission [" + \r
+ newPd.value.fullType() + '|' + \r
+ newPd.value.instance + '|' + \r
+ newPd.value.action + ']';\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, newPd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans,fd.value, \r
+ newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action,\r
+ trans.user(),\r
+ nsr.value.get(0),\r
+ "C");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",\r
+ newPd.value.ns,\r
+ newPd.value.type,\r
+ newPd.value.instance,\r
+ newPd.value.action);\r
+ } else {\r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.createPerm(trans, newPd.value, true);\r
+ default:\r
+ return Result.err(fd);\r
+ } \r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/perms/:type",\r
+ params = {"type|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List All Permissions that match the :type element of the key" }\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByType(AuthzTrans trans, final String permType) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("PermType", permType).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<List<PermDAO.Data>> rlpd = ques.getPermsByType(trans, permType);\r
+ if(rlpd.notOK()) {\r
+ return Result.err(rlpd);\r
+ }\r
+\r
+// We don't have instance & action for mayUserView... do we want to loop through all returned here as well as in mapper?\r
+// Result<NsDAO.Data> r;\r
+// if((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r);\r
+ \r
+ PERMS perms = mapper.newInstance(API.PERMS);\r
+ if(!rlpd.isEmpty()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ return mapper.perms(trans, rlpd.value, perms, true);\r
+ }\r
+ return Result.ok(perms);\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/perms/:type/:instance/:action",\r
+ params = {"type|string|true",\r
+ "instance|string|true",\r
+ "action|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List Permissions that match key; :type, :instance and :action" }\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByName(AuthzTrans trans, String type, String instance, String action) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("PermType", type).err()\r
+ || v.nullOrBlank("PermInstance", instance).err()\r
+ || v.nullOrBlank("PermAction", action).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<List<PermDAO.Data>> rlpd = ques.getPermsByName(trans, type, instance, action);\r
+ if(rlpd.notOK()) {\r
+ return Result.err(rlpd);\r
+ }\r
+\r
+ PERMS perms = mapper.newInstance(API.PERMS);\r
+ if(!rlpd.isEmpty()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ return mapper.perms(trans, rlpd.value, perms, true);\r
+ }\r
+ return Result.ok(perms);\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/perms/user/:user",\r
+ params = {"user|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List All Permissions that match user :user",\r
+ "<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>"}\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByUser(AuthzTrans trans, String user) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user, trans.forceRequested());\r
+ if(rlpd.notOK()) {\r
+ return Result.err(rlpd);\r
+ }\r
+ \r
+ PERMS perms = mapper.newInstance(API.PERMS);\r
+ \r
+ if(rlpd.isEmpty()) {\r
+ return Result.ok(perms);\r
+ }\r
+ // Note: Mapper will restrict what can be viewed\r
+ // if user is the same as that which is looked up, no filtering is required\r
+ return mapper.perms(trans, rlpd.value, \r
+ perms, \r
+ !user.equals(trans.user()));\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authz/perms/user/:user",\r
+ params = {"user|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List All Permissions that match user :user",\r
+ "<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>",\r
+ "",\r
+ "Present Queries as one or more Permissions (see ContentType Links below for format).",\r
+ "",\r
+ "If the Caller is Granted this specific Permission, and the Permission is valid",\r
+ " for the User, it will be included in response Permissions, along with",\r
+ " all the normal permissions on the 'GET' version of this call. If it is not",\r
+ " valid, or Caller does not have permission to see, it will be removed from the list",\r
+ "",\r
+ " *Note: This design allows you to make one call for all expected permissions",\r
+ " The permission to be included MUST be:",\r
+ " <user namespace>.access|:<ns|role|perm>[:key]|<create|read|write>",\r
+ " examples:",\r
+ " com.att.myns.access|:ns|write",\r
+ " com.att.myns.access|:role:myrole|create",\r
+ " com.att.myns.access|:perm:mytype:myinstance:myaction|read",\r
+ ""\r
+ }\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS _perms, String user) {\r
+ PERMS perms = _perms;\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ //////////////\r
+ Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,trans.forceRequested());\r
+ if(rlpd.notOK()) {\r
+ return Result.err(rlpd);\r
+ }\r
+ \r
+ /*//TODO \r
+ 1) See if allowed to query\r
+ 2) See if User is allowed\r
+ */\r
+ Result<List<PermDAO.Data>> in = mapper.perms(trans, perms);\r
+ if(in.isOKhasData()) {\r
+ List<PermDAO.Data> out = rlpd.value;\r
+ boolean ok;\r
+ for(PermDAO.Data pdd : in.value) {\r
+ ok = false;\r
+ if("access".equals(pdd.type)) {\r
+ Access access = Access.valueOf(pdd.action);\r
+ String[] mdkey = Split.splitTrim(':',pdd.instance);\r
+ if(mdkey.length>1) {\r
+ String type = mdkey[1];\r
+ if("role".equals(type)) {\r
+ if(mdkey.length>2) {\r
+ RoleDAO.Data rdd = new RoleDAO.Data();\r
+ rdd.ns=pdd.ns;\r
+ rdd.name=mdkey[2];\r
+ ok = ques.mayUser(trans, trans.user(), rdd, Access.read).isOK() && ques.mayUser(trans, user, rdd , access).isOK();\r
+ }\r
+ } else if("perm".equals(type)) {\r
+ if(mdkey.length>4) { // also need instance/action\r
+ PermDAO.Data p = new PermDAO.Data();\r
+ p.ns=pdd.ns;\r
+ p.type=mdkey[2];\r
+ p.instance=mdkey[3];\r
+ p.action=mdkey[4];\r
+ ok = ques.mayUser(trans, trans.user(), p, Access.read).isOK() && ques.mayUser(trans, user, p , access).isOK();\r
+ }\r
+ } else if("ns".equals(type)) {\r
+ NsDAO.Data ndd = new NsDAO.Data();\r
+ ndd.name=pdd.ns;\r
+ ok = ques.mayUser(trans, trans.user(), ndd, Access.read).isOK() && ques.mayUser(trans, user, ndd , access).isOK();\r
+ }\r
+ }\r
+ }\r
+ if(ok) {\r
+ out.add(pdd);\r
+ }\r
+ }\r
+ } \r
+ \r
+ perms = mapper.newInstance(API.PERMS);\r
+ if(rlpd.isEmpty()) {\r
+ return Result.ok(perms);\r
+ }\r
+ // Note: Mapper will restrict what can be viewed\r
+ // if user is the same as that which is looked up, no filtering is required\r
+ return mapper.perms(trans, rlpd.value, \r
+ perms, \r
+ !user.equals(trans.user()));\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/perms/role/:role",\r
+ params = {"role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List All Permissions that are granted to :role" }\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByRole(AuthzTrans trans,String role) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Role", role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques,role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+\r
+ Result<NsDAO.Data> r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);\r
+ if(r.notOK()) {\r
+ return Result.err(r);\r
+ }\r
+\r
+ PERMS perms = mapper.newInstance(API.PERMS);\r
+\r
+ Result<List<PermDAO.Data>> rlpd = ques.getPermsByRole(trans, role, trans.forceRequested());\r
+ if(rlpd.isOKhasData()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ return mapper.perms(trans, rlpd.value, perms, true);\r
+ }\r
+ return Result.ok(perms);\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/perms/ns/:ns",\r
+ params = {"ns|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "List All Permissions that are in Namespace :ns" }\r
+ )\r
+ @Override\r
+ public Result<PERMS> getPermsByNS(AuthzTrans trans,String ns) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("NS", ns).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans, ns);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ Result<List<PermDAO.Data>> rlpd = ques.permDAO.readNS(trans, ns);\r
+ if(rlpd.notOK()) {\r
+ return Result.err(rlpd);\r
+ }\r
+\r
+ PERMS perms = mapper.newInstance(API.PERMS);\r
+ if(!rlpd.isEmpty()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ return mapper.perms(trans, rlpd.value,perms, true);\r
+ }\r
+ return Result.ok(perms);\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authz/perm/:type/:instance/:action",\r
+ params = {"type|string|true",\r
+ "instance|string|true",\r
+ "action|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406, 409 }, \r
+ text = { "Rename the Permission referenced by :type :instance :action, and "\r
+ + "rename (copy/delete) to the Permission described in PermRequest" }\r
+ )\r
+ @Override\r
+ public Result<Void> renamePerm(final AuthzTrans trans,REQUEST rreq, String origType, String origInstance, String origAction) {\r
+ final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);\r
+ final Validator v = new Validator(trans);\r
+ if(v.perm(newPd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ if (ques.mayUser(trans, trans.user(), newPd.value,Access.write).notOK()) {\r
+ return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]",\r
+ newPd.value.ns,newPd.value.type,newPd.value.instance,newPd.value.action);\r
+ }\r
+ \r
+ Result<NsSplit> nss = ques.deriveNsSplit(trans, origType);\r
+ Result<List<PermDAO.Data>> origRlpd = ques.permDAO.read(trans, nss.value.ns, nss.value.name, origInstance, origAction); \r
+ \r
+ if(origRlpd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound, \r
+ "Permission [%s|%s|%s] does not exist",\r
+ origType,origInstance,origAction);\r
+ }\r
+ \r
+ PermDAO.Data origPd = origRlpd.value.get(0);\r
+\r
+ if (!origPd.ns.equals(newPd.value.ns)) {\r
+ return Result.err(Status.ERR_Denied, "Cannot change namespace with rename command. " +\r
+ "<new type> must start with [" + origPd.ns + "]");\r
+ }\r
+ \r
+ if ( origPd.type.equals(newPd.value.type) && \r
+ origPd.action.equals(newPd.value.action) && \r
+ origPd.instance.equals(newPd.value.instance) ) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "New Permission must be different than original permission");\r
+ }\r
+ \r
+ Set<String> origRoles = origPd.roles(false);\r
+ if (!origRoles.isEmpty()) {\r
+ Set<String> roles = newPd.value.roles(true);\r
+ for (String role : origPd.roles) {\r
+ roles.add(role); \r
+ }\r
+ } \r
+ \r
+ newPd.value.description = origPd.description;\r
+ \r
+ Result<Void> rv = null;\r
+ \r
+ rv = func.createPerm(trans, newPd.value, false);\r
+ if (rv.isOK()) {\r
+ rv = func.deletePerm(trans, origPd, true, false);\r
+ }\r
+ return rv;\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authz/perm",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "Add Description Data to Perm" }\r
+ )\r
+ @Override\r
+ public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST from) {\r
+ final Result<PermDAO.Data> pd = mapper.perm(trans, from);\r
+ final Validator v = new Validator(trans);\r
+ if(v.perm(pd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ if(v.nullOrBlank("description", pd.value.description).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ final PermDAO.Data perm = pd.value;\r
+ if(ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "Permission [%s.%s|%s|%s] does not exist",\r
+ perm.ns,perm.type,perm.instance,perm.action);\r
+ }\r
+\r
+ if (ques.mayUser(trans, trans.user(), perm, Access.write).notOK()) {\r
+ return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]",\r
+ perm.ns,perm.type,perm.instance,perm.action);\r
+ }\r
+\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, pd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+\r
+ Result<Void> rdr = ques.permDAO.addDescription(trans, perm.ns, perm.type, perm.instance,\r
+ perm.action, perm.description);\r
+ if(rdr.isOK()) {\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(rdr);\r
+ }\r
+\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = PUT,\r
+ path = "/authz/role/perm",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409},\r
+ text = { "Set a permission's roles to roles given" }\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> resetPermRoles(final AuthzTrans trans, REQUEST rreq) {\r
+ final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);\r
+ if(updt.notOKorIsEmpty()) {\r
+ return Result.err(updt);\r
+ }\r
+\r
+ final Validator v = new Validator(trans);\r
+ if(v.perm(updt).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<NsDAO.Data> nsd = ques.mayUser(trans, trans.user(), updt.value, Access.write);\r
+ if (nsd.notOK()) {\r
+ return Result.err(nsd);\r
+ }\r
+\r
+ // Read full set to get CURRENT values\r
+ Result<List<PermDAO.Data>> rcurr = ques.permDAO.read(trans, \r
+ updt.value.ns, \r
+ updt.value.type, \r
+ updt.value.instance, \r
+ updt.value.action);\r
+ \r
+ if(rcurr.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound, \r
+ "Permission [%s.%s|%s|%s] does not exist",\r
+ updt.value.ns,updt.value.type,updt.value.instance,updt.value.action);\r
+ }\r
+ \r
+ // Create a set of Update Roles, which are in Internal Format\r
+ Set<String> updtRoles = new HashSet<String>();\r
+ Result<NsSplit> nss;\r
+ for(String role : updt.value.roles(false)) {\r
+ nss = ques.deriveNsSplit(trans, role);\r
+ if(nss.isOK()) {\r
+ updtRoles.add(nss.value.ns + '|' + nss.value.name);\r
+ } else {\r
+ trans.error().log(nss.errorString());\r
+ }\r
+ }\r
+\r
+ Result<Void> rv = null;\r
+ \r
+ for(PermDAO.Data curr : rcurr.value) {\r
+ Set<String> currRoles = curr.roles(false);\r
+ // must add roles to this perm, and add this perm to each role \r
+ // in the update, but not in the current \r
+ for (String role : updtRoles) {\r
+ if (!currRoles.contains(role)) {\r
+ Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);\r
+ if(key.isOKhasData()) {\r
+ Result<List<RoleDAO.Data>> rrd = ques.roleDAO.read(trans, key.value);\r
+ if(rrd.isOKhasData()) {\r
+ for(RoleDAO.Data r : rrd.value) {\r
+ rv = func.addPermToRole(trans, r, curr, false);\r
+ if (rv.notOK() && rv.status!=Result.ERR_ConflictAlreadyExists) {\r
+ return Result.err(rv);\r
+ }\r
+ }\r
+ } else {\r
+ return Result.err(rrd);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ // similarly, must delete roles from this perm, and delete this perm from each role\r
+ // in the update, but not in the current\r
+ for (String role : currRoles) {\r
+ if (!updtRoles.contains(role)) {\r
+ Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);\r
+ if(key.isOKhasData()) {\r
+ Result<List<RoleDAO.Data>> rdd = ques.roleDAO.read(trans, key.value);\r
+ if(rdd.isOKhasData()) {\r
+ for(RoleDAO.Data r : rdd.value) {\r
+ rv = func.delPermFromRole(trans, r, curr, true);\r
+ if (rv.notOK() && rv.status!=Status.ERR_PermissionNotFound) {\r
+ return Result.err(rv);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ } \r
+ } \r
+ return rv==null?Result.ok():rv; \r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = DELETE,\r
+ path = "/authz/perm",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "Delete the Permission referenced by PermKey.",\r
+ "You cannot normally delete a permission which is still granted to roles,",\r
+ "however the \"force\" property allows you to do just that. To do this: Add",\r
+ "'force=true' as a query parameter.",\r
+ "<p>WARNING: Using force will ungrant this permission from all roles. Use with care.</p>" }\r
+ )\r
+ @Override\r
+ public Result<Void> deletePerm(final AuthzTrans trans, REQUEST from) {\r
+ Result<PermDAO.Data> pd = mapper.perm(trans, from);\r
+ if(pd.notOK()) {\r
+ return Result.err(pd);\r
+ }\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank(pd.value).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ final PermDAO.Data perm = pd.value;\r
+ if (ques.permDAO.read(trans, perm).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist",\r
+ perm.ns,perm.type,perm.instance,perm.action );\r
+ }\r
+\r
+ Result<FutureDAO.Data> fd = mapper.future(trans,PermDAO.TABLE,from,perm,false,\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Delete Permission [" + perm.fullPerm() + ']';\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), perm, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, perm.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ \r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ perm.encode(), trans.user(),nsr.value.get(0),"D");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode());\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.deletePerm(trans,perm,trans.forceRequested(), false);\r
+ default:\r
+ return Result.err(fd);\r
+ } \r
+ } \r
+ \r
+ @ApiDoc( \r
+ method = DELETE,\r
+ path = "/authz/perm/:name/:type/:action",\r
+ params = {"type|string|true",\r
+ "instance|string|true",\r
+ "action|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 }, \r
+ text = { "Delete the Permission referenced by :type :instance :action",\r
+ "You cannot normally delete a permission which is still granted to roles,",\r
+ "however the \"force\" property allows you to do just that. To do this: Add",\r
+ "'force=true' as a query parameter",\r
+ "<p>WARNING: Using force will ungrant this permission from all roles. Use with care.</p>"}\r
+ )\r
+ @Override\r
+ public Result<Void> deletePerm(AuthzTrans trans, String type, String instance, String action) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("Type",type)\r
+ .nullOrBlank("Instance",instance)\r
+ .nullOrBlank("Action",action)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<PermDAO.Data> pd = ques.permFrom(trans, type, instance, action);\r
+ if(pd.isOK()) {\r
+ return func.deletePerm(trans, pd.value, trans.forceRequested(), false);\r
+ } else {\r
+ return Result.err(pd);\r
+ }\r
+ }\r
+\r
+/***********************************\r
+ * ROLE \r
+ ***********************************/\r
+ @ApiDoc(\r
+ method = POST,\r
+ path = "/authz/role",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409},\r
+ text = {\r
+\r
+ "Roles are part of Namespaces",\r
+ "Examples:",\r
+ "<ul><li> org.osaaf - A Possible root Namespace for maintaining AAF</li>",\r
+ "Roles do not include implied permissions for an App. Instead, they contain explicit Granted Permissions by any Namespace in AAF (See Permissions)",\r
+ "Restrictions on Role Names:",\r
+ "<ul><li>Must start with valid Namespace name, terminated by . (dot/period)</li>",\r
+ "<li>Allowed Characters are a-zA-Z0-9._-</li>",\r
+ "<li>role names are Case Sensitive</li></ul>",\r
+ "The right questions to ask for defining and populating a Role in AAF, therefore, are:",\r
+ "<ul><li>'What Job Function does this represent?'</li>",\r
+ "<li>'Does this person perform this Job Function?'</li></ul>" }\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> createRole(final AuthzTrans trans, REQUEST from) {\r
+ final Result<RoleDAO.Data> rd = mapper.role(trans, from);\r
+ final Validator v = new Validator(trans);\r
+ if(v.role(rd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ final RoleDAO.Data role = rd.value;\r
+ if(ques.roleDAO.read(trans, role.ns, role.name).isOKhasData()) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "Role [" + role.fullName() + "] already exists");\r
+ }\r
+\r
+ Result<FutureDAO.Data> fd = mapper.future(trans,RoleDAO.TABLE,from,role,false,\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Create Role [" + \r
+ rd.value.fullName() + \r
+ ']';\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), role, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ \r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ role.encode(), trans.user(),nsr.value.get(0),"C");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Role [%s.%s] is saved for future processing",\r
+ rd.value.ns,\r
+ rd.value.name);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ Result<RoleDAO.Data> rdr = ques.roleDAO.create(trans, role);\r
+ if(rdr.isOK()) {\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(rdr);\r
+ }\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#getRolesByName(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/roles/:role",\r
+ params = {"role|string|true"}, \r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List Roles that match :role",\r
+ "Note: You must have permission to see any given role"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<ROLES> getRolesByName(AuthzTrans trans, String role) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Role", role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // Determine if User can ask this question\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);\r
+ if(rrdd.isOKhasData()) {\r
+ Result<NsDAO.Data> r;\r
+ if((r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read)).notOK()) {\r
+ return Result.err(r);\r
+ }\r
+ } else {\r
+ return Result.err(rrdd);\r
+ }\r
+ \r
+ // Look up data\r
+ Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, role);\r
+ if(rlrd.isOK()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ ROLES roles = mapper.newInstance(API.ROLES);\r
+ return mapper.roles(trans, rlrd.value, roles, true);\r
+ } else {\r
+ return Result.err(rlrd);\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#getRolesByUser(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/roles/user/:name",\r
+ params = {"name|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all Roles that match user :name",\r
+ "'user' must be expressed as full identity (ex: id@full.domain.com)",\r
+ "Note: You must have permission to see any given role"\r
+ }\r
+ )\r
+\r
+ @Override\r
+ public Result<ROLES> getRolesByUser(AuthzTrans trans, String user) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ ROLES roles = mapper.newInstance(API.ROLES);\r
+ // Get list of roles per user, then add to Roles as we go\r
+ Result<List<RoleDAO.Data>> rlrd;\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);\r
+ if(rlurd.isOKhasData()) {\r
+ for(UserRoleDAO.Data urd : rlurd.value ) {\r
+ rlrd = ques.roleDAO.read(trans, urd.ns,urd.rname);\r
+ // Note: Mapper will restrict what can be viewed\r
+ // if user is the same as that which is looked up, no filtering is required\r
+ if(rlrd.isOKhasData()) {\r
+ mapper.roles(trans, rlrd.value,roles, !user.equals(trans.user()));\r
+ }\r
+ }\r
+ }\r
+ return Result.ok(roles);\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#getRolesByNS(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/roles/ns/:ns",\r
+ params = {"ns|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all Roles for the Namespace :ns", \r
+ "Note: You must have permission to see any given role"\r
+ }\r
+ )\r
+\r
+ @Override\r
+ public Result<ROLES> getRolesByNS(AuthzTrans trans, String ns) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("NS", ns).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // check if user is allowed to view NS\r
+ Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns); \r
+ if(rnsd.notOK()) {\r
+ return Result.err(rnsd); \r
+ }\r
+ rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read);\r
+ if(rnsd.notOK()) {\r
+ return Result.err(rnsd); \r
+ }\r
+\r
+ TimeTaken tt = trans.start("MAP Roles by NS to Roles", Env.SUB);\r
+ try {\r
+ ROLES roles = mapper.newInstance(API.ROLES);\r
+ // Get list of roles per user, then add to Roles as we go\r
+ Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readNS(trans, ns);\r
+ if(rlrd.isOK()) {\r
+ if(!rlrd.isEmpty()) {\r
+ // Note: Mapper doesn't need to restrict what can be viewed, because we did it already.\r
+ mapper.roles(trans,rlrd.value,roles,false);\r
+ }\r
+ return Result.ok(roles);\r
+ } else {\r
+ return Result.err(rlrd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#getRolesByNS(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/roles/name/:name",\r
+ params = {"name|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all Roles for only the Name of Role (without Namespace)", \r
+ "Note: You must have permission to see any given role"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Name", name).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // User Mapper to make sure user is allowed to view NS\r
+\r
+ TimeTaken tt = trans.start("MAP Roles by Name to Roles", Env.SUB);\r
+ try {\r
+ ROLES roles = mapper.newInstance(API.ROLES);\r
+ // Get list of roles per user, then add to Roles as we go\r
+ Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readName(trans, name);\r
+ if(rlrd.isOK()) {\r
+ if(!rlrd.isEmpty()) {\r
+ // Note: Mapper will restrict what can be viewed\r
+ mapper.roles(trans,rlrd.value,roles,true);\r
+ }\r
+ return Result.ok(roles);\r
+ } else {\r
+ return Result.err(rlrd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/roles/perm/:type/:instance/:action",\r
+ params = {"type|string|true",\r
+ "instance|string|true",\r
+ "action|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "Find all Roles containing the given Permission." +\r
+ "Permission consists of:",\r
+ "<ul><li>type - a Namespace qualified identifier specifying what kind of resource "\r
+ + "is being protected</li>",\r
+ "<li>instance - a key, possibly multi-dimensional, that identifies a specific "\r
+ + " instance of the type</li>",\r
+ "<li>action - what kind of action is allowed</li></ul>",\r
+ "Notes: instance and action can be an *",\r
+ " You must have permission to see any given role"\r
+ }\r
+ )\r
+\r
+ @Override\r
+ public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.permType(type,null)\r
+ .permInstance(instance)\r
+ .permAction(action)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ TimeTaken tt = trans.start("Map Perm Roles Roles", Env.SUB);\r
+ try {\r
+ ROLES roles = mapper.newInstance(API.ROLES);\r
+ // Get list of roles per user, then add to Roles as we go\r
+ Result<NsSplit> nsSplit = ques.deriveNsSplit(trans, type);\r
+ if(nsSplit.isOK()) {\r
+ PermDAO.Data pdd = new PermDAO.Data(nsSplit.value, instance, action);\r
+ Result<?> res;\r
+ if((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) {\r
+ return Result.err(res);\r
+ }\r
+ \r
+ Result<List<PermDAO.Data>> pdlr = ques.permDAO.read(trans, pdd);\r
+ if(pdlr.isOK())for(PermDAO.Data pd : pdlr.value) {\r
+ Result<List<RoleDAO.Data>> rlrd;\r
+ for(String r : pd.roles) {\r
+ Result<String[]> rs = RoleDAO.Data.decodeToArray(trans, ques, r);\r
+ if(rs.isOK()) {\r
+ rlrd = ques.roleDAO.read(trans, rs.value[0],rs.value[1]);\r
+ // Note: Mapper will restrict what can be viewed\r
+ if(rlrd.isOKhasData()) {\r
+ mapper.roles(trans,rlrd.value,roles,true);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return Result.ok(roles);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = PUT,\r
+ path = "/authz/role",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "Add Description Data to a Role" }\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST from) {\r
+ final Result<RoleDAO.Data> rd = mapper.role(trans, from);\r
+ final Validator v = new Validator(trans);\r
+ if(v.role(rd).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ } {\r
+ if(v.nullOrBlank("description", rd.value.description).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ }\r
+ final RoleDAO.Data role = rd.value;\r
+ if(ques.roleDAO.read(trans, role.ns, role.name).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_NotFound, "Role [" + role.fullName() + "] does not exist");\r
+ }\r
+\r
+ if (ques.mayUser(trans, trans.user(), role, Access.write).notOK()) {\r
+ return Result.err(Status.ERR_Denied, "You do not have approval to change " + role.fullName());\r
+ }\r
+\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+\r
+ Result<Void> rdr = ques.roleDAO.addDescription(trans, role.ns, role.name, role.description);\r
+ if(rdr.isOK()) {\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(rdr);\r
+ }\r
+\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = POST,\r
+ path = "/authz/role/perm",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409},\r
+ text = { "Grant a Permission to a Role",\r
+ "Permission consists of:", \r
+ "<ul><li>type - a Namespace qualified identifier specifying what kind of resource "\r
+ + "is being protected</li>",\r
+ "<li>instance - a key, possibly multi-dimensional, that identifies a specific "\r
+ + " instance of the type</li>",\r
+ "<li>action - what kind of action is allowed</li></ul>",\r
+ "Note: instance and action can be an *",\r
+ "Note: Using the \"force\" property will create the Permission, if it doesn't exist AND the requesting " +\r
+ " ID is allowed to create. It will then grant",\r
+ " the permission to the role in one step. To do this: add 'force=true' as a query parameter."\r
+ }\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> addPermToRole(final AuthzTrans trans, REQUEST rreq) {\r
+ // Translate Request into Perm and Role Objects\r
+ final Result<PermDAO.Data> rpd = mapper.permFromRPRequest(trans, rreq);\r
+ if(rpd.notOKorIsEmpty()) {\r
+ return Result.err(rpd);\r
+ }\r
+ final Result<RoleDAO.Data> rrd = mapper.roleFromRPRequest(trans, rreq);\r
+ if(rrd.notOKorIsEmpty()) {\r
+ return Result.err(rrd);\r
+ }\r
+ \r
+ // Validate Role and Perm values\r
+ final Validator v = new Validator(trans);\r
+ if(v.perm(rpd.value)\r
+ .role(rrd.value)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.read(trans, rrd.value.ns, rrd.value.name);\r
+ if(rlrd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_RoleNotFound, "Role [%s] does not exist", rrd.value.fullName());\r
+ }\r
+ \r
+ // Check Status of Data in DB (does it exist)\r
+ Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, rpd.value.ns, \r
+ rpd.value.type, rpd.value.instance, rpd.value.action);\r
+ PermDAO.Data createPerm = null; // if not null, create first\r
+ if(rlpd.notOKorIsEmpty()) { // Permission doesn't exist\r
+ if(trans.forceRequested()) {\r
+ // Remove roles from perm data object so we just create the perm here\r
+ createPerm = rpd.value;\r
+ createPerm.roles.clear();\r
+ } else {\r
+ return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist", \r
+ rpd.value.ns,rpd.value.type,rpd.value.instance,rpd.value.action);\r
+ }\r
+ } else {\r
+ if (rlpd.value.get(0).roles(false).contains(rrd.value.encode())) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists,\r
+ "Permission [%s.%s|%s|%s] already granted to Role [%s.%s]",\r
+ rpd.value.ns,rpd.value.type,rpd.value.instance,rpd.value.action,\r
+ rrd.value.ns,rrd.value.name\r
+ );\r
+ }\r
+ }\r
+\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, rpd.value,true, // Allow grants to create Approvals\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Grant Permission [" + rpd.value.fullPerm() + ']' +\r
+ " to Role [" + rrd.value.fullName() + "]";\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), rpd.value, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rpd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans,fd.value, \r
+ rpd.value.fullPerm(),\r
+ trans.user(),\r
+ nsr.value.get(0),\r
+ "G");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",\r
+ rpd.value.ns,\r
+ rpd.value.type,\r
+ rpd.value.instance,\r
+ rpd.value.action);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ Result<Void> rv = null;\r
+ if(createPerm!=null) {// has been validated for creating\r
+ rv = func.createPerm(trans, createPerm, false);\r
+ }\r
+ if(rv==null || rv.isOK()) {\r
+ rv = func.addPermToRole(trans, rrd.value, rpd.value, false);\r
+ }\r
+ return rv;\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ \r
+ }\r
+\r
+ /**\r
+ * Create a RoleDAO.Data\r
+ * @param trans\r
+ * @param roleFullName\r
+ * @return\r
+ */\r
+ @ApiDoc(\r
+ method = DELETE,\r
+ path = "/authz/role/:role/perm",\r
+ params = {"role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "Ungrant a permission from Role :role" }\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> delPermFromRole(final AuthzTrans trans, REQUEST rreq) {\r
+ final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);\r
+ if(updt.notOKorIsEmpty()) {\r
+ return Result.err(updt);\r
+ }\r
+ final Result<RoleDAO.Data> rrd = mapper.roleFromRPRequest(trans, rreq);\r
+ if(rrd.notOKorIsEmpty()) {\r
+ return Result.err(rrd);\r
+ }\r
+ \r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank(updt.value)\r
+ .nullOrBlank(rrd.value)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, updt.value.ns, updt.value.type, \r
+ updt.value.instance, updt.value.action);\r
+ \r
+ if(rlpd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_PermissionNotFound, \r
+ "Permission [%s.%s|%s|%s] does not exist",\r
+ updt.value.ns,updt.value.type,updt.value.instance,updt.value.action);\r
+ }\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, updt.value,true, // allow ungrants requests\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Ungrant Permission [" + updt.value.fullPerm() + ']' +\r
+ " from Role [" + rrd.value.fullName() + "]";\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), updt.value, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, updt.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans,fd.value, \r
+ updt.value.fullPerm(),\r
+ trans.user(),\r
+ nsr.value.get(0),\r
+ "UG"\r
+ );\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Perm [%s.%s|%s|%s] is saved for future processing",\r
+ updt.value.ns,\r
+ updt.value.type,\r
+ updt.value.instance,\r
+ updt.value.action);\r
+ } else {\r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.delPermFromRole(trans, rrd.value, updt.value, false);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = DELETE,\r
+ path = "/authz/role/:role",\r
+ params = {"role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "Delete the Role named :role"}\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> deleteRole(AuthzTrans trans, String role) {\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);\r
+ if(rrdd.isOKhasData()) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank(rrdd.value).err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ return func.deleteRole(trans, rrdd.value, false, false);\r
+ } else {\r
+ return Result.err(rrdd);\r
+ }\r
+ }\r
+\r
+ @ApiDoc(\r
+ method = DELETE,\r
+ path = "/authz/role",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 404,406 },\r
+ text = { "Delete the Role referenced by RoleKey",\r
+ "You cannot normally delete a role which still has permissions granted or users assigned to it,",\r
+ "however the \"force\" property allows you to do just that. To do this: Add 'force=true'",\r
+ "as a query parameter.",\r
+ "<p>WARNING: Using force will remove all users and permission from this role. Use with care.</p>"}\r
+ )\r
+\r
+ @Override\r
+ public Result<Void> deleteRole(final AuthzTrans trans, REQUEST from) {\r
+ final Result<RoleDAO.Data> rd = mapper.role(trans, from);\r
+ final Validator v = new Validator(trans);\r
+ if(rd==null) {\r
+ return Result.err(Status.ERR_BadData,"Request does not contain Role");\r
+ }\r
+ if(v.nullOrBlank(rd.value).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ final RoleDAO.Data role = rd.value;\r
+ if(ques.roleDAO.read(trans, role).notOKorIsEmpty() && !trans.forceRequested()) {\r
+ return Result.err(Status.ERR_RoleNotFound, "Role [" + role.fullName() + "] does not exist");\r
+ }\r
+\r
+ Result<FutureDAO.Data> fd = mapper.future(trans,RoleDAO.TABLE,from,role,false,\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Delete Role [" + role.fullName() + ']' \r
+ + " and all attached user roles";\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.mayUser(trans, trans.user(), role, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rd.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ \r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ role.encode(), trans.user(),nsr.value.get(0),"D");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Role Deletion [%s.%s] is saved for future processing",\r
+ rd.value.ns,\r
+ rd.value.name);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.deleteRole(trans,role,trans.forceRequested(), true /*preapproved*/);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+\r
+ }\r
+\r
+/***********************************\r
+ * CRED \r
+ ***********************************/\r
+ private class MayCreateCred implements MayChange {\r
+ private Result<NsDAO.Data> nsd;\r
+ private AuthzTrans trans;\r
+ private CredDAO.Data cred;\r
+ private Executor exec;\r
+ \r
+ public MayCreateCred(AuthzTrans trans, CredDAO.Data cred, Executor exec) {\r
+ this.trans = trans;\r
+ this.cred = cred;\r
+ this.exec = exec;\r
+ }\r
+\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ nsd = ques.validNSOfDomain(trans, cred.id);\r
+ }\r
+ // is Ns of CredID valid?\r
+ if(nsd.isOK()) {\r
+ try {\r
+ // Check Org Policy\r
+ if(trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) {\r
+ return Result.ok(); \r
+ } else {\r
+ Result<?> rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write);\r
+ if(rmc.isOKhasData()) {\r
+ return rmc;\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ trans.warn().log(e);\r
+ }\r
+ } else {\r
+ trans.warn().log(nsd.errorString());\r
+ }\r
+ return Result.err(Status.ERR_Denied,"%s is not allowed to create %s in %s",trans.user(),cred.id,cred.ns);\r
+ }\r
+ }\r
+\r
+ private class MayChangeCred implements MayChange {\r
+ \r
+ private Result<NsDAO.Data> nsd;\r
+ private AuthzTrans trans;\r
+ private CredDAO.Data cred;\r
+ public MayChangeCred(AuthzTrans trans, CredDAO.Data cred) {\r
+ this.trans = trans;\r
+ this.cred = cred;\r
+ }\r
+\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ // User can change himself (but not create)\r
+ if(trans.user().equals(cred.id)) {\r
+ return Result.ok();\r
+ }\r
+ if(nsd==null) {\r
+ nsd = ques.validNSOfDomain(trans, cred.id);\r
+ }\r
+ // Get the Namespace\r
+ if(nsd.isOK()) {\r
+ if(ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) {\r
+ return Result.ok();\r
+ }\r
+ String user[] = Split.split('.',trans.user());\r
+ if(user.length>2) {\r
+ String company = user[user.length-1] + '.' + user[user.length-2];\r
+ if(ques.isGranted(trans, trans.user(), Define.ROOT_NS,"password",company,"reset")) {\r
+ return Result.ok();\r
+ }\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_Denied,"%s is not allowed to change %s in %s",trans.user(),cred.id,cred.ns);\r
+ }\r
+\r
+ }\r
+\r
+ private final long DAY_IN_MILLIS = 24*3600*1000;\r
+ \r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authn/cred",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409}, \r
+ text = { "A credential consists of:",\r
+ "<ul><li>id - the ID to create within AAF. The domain is in reverse",\r
+ "order of Namespace (i.e. Users of Namespace com.att.myapp would be",\r
+ "AB1234@myapp.att.com</li>",\r
+ "<li>password - Company Policy Compliant Password</li></ul>",\r
+ "Note: AAF does support multiple credentials with the same ID.",\r
+ "Check with your organization if you have this implemented."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> createUserCred(final AuthzTrans trans, REQUEST from) {\r
+ final String cmdDescription = ("Create User Credential");\r
+ TimeTaken tt = trans.start(cmdDescription, Env.SUB);\r
+ \r
+ try {\r
+ Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);\r
+ if(rcred.isOKhasData()) {\r
+ rcred = ques.userCredSetup(trans, rcred.value);\r
+ \r
+ final Validator v = new Validator();\r
+ \r
+ if(v.cred(trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+\r
+ // 2016-4 JG, New Behavior - If MechID is not registered with Org, deny creation\r
+ Identity mechID = null;\r
+ Organization org = trans.org();\r
+ try {\r
+ mechID = org.getIdentity(trans, rcred.value.id);\r
+ } catch (Exception e1) {\r
+ trans.error().log(e1,rcred.value.id,"cannot be validated at this time");\r
+ }\r
+ if(mechID==null || !mechID.isFound()) { \r
+ return Result.err(Status.ERR_Policy,"MechIDs must be registered with %s before provisioning in AAF",org.getName());\r
+ }\r
+\r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rcred.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns);\r
+ }\r
+\r
+ boolean firstID = false;\r
+ MayChange mc;\r
+ \r
+ CassExecutor exec = new CassExecutor(trans, func);\r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, rcred.value.id);\r
+ if (rlcd.isOKhasData()) {\r
+ if (!org.canHaveMultipleCreds(rcred.value.id)) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "Credential exists");\r
+ }\r
+ for (CredDAO.Data curr : rlcd.value) {\r
+ if (Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists, use 'reset'");\r
+ }\r
+ } \r
+ } else {\r
+ try {\r
+ // 2016-04-12 JG If Caller is the Sponsor and is also an Owner of NS, allow without special Perm\r
+ String theMechID = rcred.value.id;\r
+ Boolean otherMechIDs = false;\r
+ // find out if this is the only mechID. other MechIDs mean special handling (not automated)\r
+ for(CredDAO.Data cd : ques.credDAO.readNS(trans,nsr.value.get(0).name).value) {\r
+ if(!cd.id.equals(theMechID)) {\r
+ otherMechIDs = true;\r
+ break;\r
+ }\r
+ }\r
+ String reason;\r
+ // We can say "ID does not exist" here\r
+ if((reason=org.validate(trans, Policy.CREATE_MECHID, exec, theMechID,trans.user(),otherMechIDs.toString()))!=null) {\r
+ return Result.err(Status.ERR_Denied, reason); \r
+ }\r
+ firstID=true;\r
+ } catch (Exception e) {\r
+ return Result.err(e);\r
+ }\r
+ }\r
+ \r
+ mc = new MayCreateCred(trans, rcred.value, exec);\r
+ \r
+ final CredDAO.Data cdd = rcred.value;\r
+ Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false, // may want to enable in future.\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return cmdDescription + " [" + \r
+ cdd.id + '|' \r
+ + cdd.type + '|' \r
+ + cdd.expires + ']';\r
+ }\r
+ },\r
+ mc);\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,\r
+ trans.user(), nsr.value.get(0), "C");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s] is saved for future processing",\r
+ rcred.value.id,\r
+ Integer.toString(rcred.value.type),\r
+ rcred.value.expires.toString());\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ try {\r
+ if(firstID) {\r
+ // && !nsr.value.get(0).isAdmin(trans.getUserPrincipal().getName())) {\r
+ Result<List<String>> admins = func.getAdmins(trans, nsr.value.get(0).name, false);\r
+ // OK, it's a first ID, and not by NS Admin, so let's set TempPassword length\r
+ // Note, we only do this on First time, because of possibility of \r
+ // prematurely expiring a production id\r
+ if(admins.isOKhasData() && !admins.value.contains(trans.user())) {\r
+ rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ trans.error().log(e, "While setting expiration to TempPassword");\r
+ }\r
+ Result<?>udr = ques.credDAO.create(trans, rcred.value);\r
+ if(udr.isOK()) {\r
+ return Result.ok();\r
+ }\r
+ return Result.err(udr);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+\r
+ } else {\r
+ return Result.err(rcred);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authn/creds/ns/:ns",\r
+ params = {"ns|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Return all IDs in Namespace :ns"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERS> getCredsByNS(AuthzTrans trans, String ns) {\r
+ final Validator v = new Validator();\r
+ if(v.ns(ns).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ // check if user is allowed to view NS\r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ TimeTaken tt = trans.start("MAP Creds by NS to Creds", Env.SUB);\r
+ try { \r
+ USERS users = mapper.newInstance(API.USERS);\r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readNS(trans, ns);\r
+ \r
+ if(rlcd.isOK()) {\r
+ if(!rlcd.isEmpty()) {\r
+ return mapper.cred(rlcd.value, users);\r
+ }\r
+ return Result.ok(users); \r
+ } else {\r
+ return Result.err(rlcd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authn/creds/id/:ns",\r
+ params = {"id|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Return all IDs in for ID"\r
+ ,"(because IDs are multiple, due to multiple Expiration Dates)"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERS> getCredsByID(AuthzTrans trans, String id) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("ID",id).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ String ns = Question.domain2ns(id);\r
+ // check if user is allowed to view NS\r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ TimeTaken tt = trans.start("MAP Creds by ID to Creds", Env.SUB);\r
+ try { \r
+ USERS users = mapper.newInstance(API.USERS);\r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, id);\r
+ \r
+ if(rlcd.isOK()) {\r
+ if(!rlcd.isEmpty()) {\r
+ return mapper.cred(rlcd.value, users);\r
+ }\r
+ return Result.ok(users); \r
+ } else {\r
+ return Result.err(rlcd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authn/certs/id/:id",\r
+ params = {"id|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Return Cert Info for ID"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id) {\r
+ TimeTaken tt = trans.start("Get Cert Info by ID", Env.SUB);\r
+ try { \r
+ CERTS certs = mapper.newInstance(API.CERTS);\r
+ Result<List<CertDAO.Data>> rlcd = ques.certDAO.readID(trans, id);\r
+ \r
+ if(rlcd.isOK()) {\r
+ if(!rlcd.isEmpty()) {\r
+ return mapper.cert(rlcd.value, certs);\r
+ }\r
+ return Result.ok(certs); \r
+ } else { \r
+ return Result.err(rlcd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authn/cred",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = {300,403,404,406}, \r
+ text = { "Reset a Credential Password. If multiple credentials exist for this",\r
+ "ID, you will need to specify which entry you are resetting in the",\r
+ "CredRequest object"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> changeUserCred(final AuthzTrans trans, REQUEST from) {\r
+ final String cmdDescription = "Update User Credential";\r
+ TimeTaken tt = trans.start(cmdDescription, Env.SUB);\r
+ try {\r
+ Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);\r
+ if(rcred.isOKhasData()) {\r
+ rcred = ques.userCredSetup(trans, rcred.value);\r
+ \r
+ final Validator v = new Validator();\r
+ \r
+ if(v.cred(trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, rcred.value.id);\r
+ if(rlcd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_UserNotFound, "Credential does not exist");\r
+ } \r
+ \r
+ MayChange mc = new MayChangeCred(trans, rcred.value);\r
+ Result<?> rmc = mc.mayChange(); \r
+ if (rmc.notOK()) {\r
+ return Result.err(rmc);\r
+ }\r
+ \r
+ Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, rlcd.value);\r
+ if(ri.notOK()) {\r
+ return Result.err(ri);\r
+ }\r
+ int entry = ri.value;\r
+ \r
+ \r
+ final CredDAO.Data cred = rcred.value;\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false,\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return cmdDescription + " [" + \r
+ cred.id + '|' \r
+ + cred.type + '|' \r
+ + cred.expires + ']';\r
+ }\r
+ },\r
+ mc);\r
+ \r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rcred.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,\r
+ trans.user(), nsr.value.get(0), "U");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s]",\r
+ rcred.value.id,\r
+ Integer.toString(rcred.value.type),\r
+ rcred.value.expires.toString());\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ Result<?>udr = null;\r
+ // If we are Resetting Password on behalf of someone else (am not the Admin)\r
+ // use TempPassword Expiration time.\r
+ Expiration exp;\r
+ if(ques.isAdmin(trans, trans.user(), nsr.value.get(0).name)) {\r
+ exp = Expiration.Password;\r
+ } else {\r
+ exp = Expiration.TempPassword;\r
+ }\r
+ \r
+ Organization org = trans.org();\r
+ // If user resets password in same day, we will have a primary key conflict, so subtract 1 day\r
+ if (rlcd.value.get(entry).expires.equals(rcred.value.expires) \r
+ && rlcd.value.get(entry).type==rcred.value.type) {\r
+ GregorianCalendar gc = org.expiration(null, exp,rcred.value.id);\r
+ gc = Chrono.firstMomentOfDay(gc);\r
+ gc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay()); \r
+ rcred.value.expires = new Date(gc.getTimeInMillis() - DAY_IN_MILLIS);\r
+ } else {\r
+ rcred.value.expires = org.expiration(null,exp).getTime();\r
+ }\r
+ \r
+ udr = ques.credDAO.create(trans, rcred.value);\r
+ if(udr.isOK()) {\r
+ udr = ques.credDAO.delete(trans, rlcd.value.get(entry),false);\r
+ }\r
+ if (udr.isOK()) {\r
+ return Result.ok();\r
+ }\r
+ \r
+ return Result.err(udr);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ } else {\r
+ return Result.err(rcred);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ /*\r
+ * Codify the way to get Either Choice Needed or actual Integer from Credit Request\r
+ */\r
+ private Result<Integer> selectEntryIfMultiple(final CredRequest cr, List<CredDAO.Data> lcd) {\r
+ int entry = 0;\r
+ if (lcd.size() > 1) {\r
+ String inputOption = cr.getEntry();\r
+ if (inputOption == null) {\r
+ String message = selectCredFromList(lcd, false);\r
+ String[] variables = buildVariables(lcd);\r
+ return Result.err(Status.ERR_ChoiceNeeded, message, variables);\r
+ } else {\r
+ entry = Integer.parseInt(inputOption) - 1;\r
+ }\r
+ if (entry < 0 || entry >= lcd.size()) {\r
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");\r
+ }\r
+ }\r
+ return Result.ok(entry);\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authn/cred/:days",\r
+ params = {"days|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {300,403,404,406}, \r
+ text = { "Extend a Credential Expiration Date. The intention of this API is",\r
+ "to avoid an outage in PROD due to a Credential expiring before it",\r
+ "can be configured correctly. Measures are being put in place ",\r
+ "so that this is not abused."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> extendUserCred(final AuthzTrans trans, REQUEST from, String days) {\r
+ TimeTaken tt = trans.start("Extend User Credential", Env.SUB);\r
+ try {\r
+ Result<CredDAO.Data> cred = mapper.cred(trans, from, false);\r
+ Organization org = trans.org();\r
+ final Validator v = new Validator();\r
+ if(v.notOK(cred).err() || \r
+ v.nullOrBlank(cred.value.id, "Invalid ID").err() ||\r
+ v.user(org,cred.value.id).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ try {\r
+ String reason;\r
+ if ((reason=org.validate(trans, Policy.MAY_EXTEND_CRED_EXPIRES, new CassExecutor(trans,func)))!=null) {\r
+ return Result.err(Status.ERR_Policy,reason);\r
+ }\r
+ } catch (Exception e) {\r
+ String msg;\r
+ trans.error().log(e, msg="Could not contact Organization for User Validation");\r
+ return Result.err(Status.ERR_Denied, msg);\r
+ }\r
+ \r
+ // Get the list of Cred Entries\r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);\r
+ if(rlcd.notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_UserNotFound, "Credential does not exist");\r
+ }\r
+\r
+ //Need to do the "Pick Entry" mechanism\r
+ Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, rlcd.value);\r
+ if(ri.notOK()) {\r
+ return Result.err(ri);\r
+ }\r
+\r
+ CredDAO.Data found = rlcd.value.get(ri.value);\r
+ CredDAO.Data cd = cred.value;\r
+ // Copy over the cred\r
+ cd.cred = found.cred;\r
+ cd.type = found.type;\r
+ cd.expires = org.expiration(null, Expiration.ExtendPassword,days).getTime();\r
+ \r
+ cred = ques.credDAO.create(trans, cd);\r
+ if(cred.isOK()) {\r
+ return Result.ok();\r
+ }\r
+ return Result.err(cred);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ } \r
+\r
+ private String[] buildVariables(List<CredDAO.Data> value) {\r
+ // ensure credentials are sorted so we can fully automate Cred regression test\r
+ Collections.sort(value, new Comparator<CredDAO.Data>() {\r
+ @Override\r
+ public int compare(CredDAO.Data cred1, CredDAO.Data cred2) {\r
+ return cred1.expires.compareTo(cred2.expires);\r
+ } \r
+ });\r
+ String [] vars = new String[value.size()+1];\r
+ vars[0]="Choice";\r
+ for (int i = 0; i < value.size(); i++) {\r
+ vars[i+1] = value.get(i).id + " " + value.get(i).type \r
+ + " |" + value.get(i).expires;\r
+ }\r
+ return vars;\r
+ }\r
+ \r
+ private String selectCredFromList(List<CredDAO.Data> value, boolean isDelete) {\r
+ StringBuilder errMessage = new StringBuilder();\r
+ String userPrompt = isDelete?"Select which cred to delete (set force=true to delete all):":"Select which cred to update:";\r
+ int numSpaces = value.get(0).id.length() - "Id".length();\r
+ \r
+ errMessage.append(userPrompt + '\n');\r
+ errMessage.append(" Id");\r
+ for (int i = 0; i < numSpaces; i++) {\r
+ errMessage.append(' ');\r
+ }\r
+ errMessage.append(" Type Expires" + '\n');\r
+ for(int i=0;i<value.size();++i) {\r
+ errMessage.append(" %s\n");\r
+ }\r
+ errMessage.append("Run same command again with chosen entry as last parameter");\r
+ \r
+ return errMessage.toString();\r
+ \r
+ }\r
+\r
+ @ApiDoc( \r
+ method = DELETE, \r
+ path = "/authn/cred",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = {300,403,404,406}, \r
+ text = { "Delete a Credential. If multiple credentials exist for this",\r
+ "ID, you will need to specify which entry you are deleting in the",\r
+ "CredRequest object."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST from) {\r
+ final Result<CredDAO.Data> cred = mapper.cred(trans, from, false);\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("cred", cred.value.id).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);\r
+ if(rlcd.notOKorIsEmpty()) {\r
+ // Empty Creds should have no user_roles.\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id);\r
+ if(rlurd.isOK()) {\r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ ques.userRoleDAO.delete(trans, data, false);\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_UserNotFound, "Credential does not exist");\r
+ }\r
+ boolean isLastCred = rlcd.value.size()==1;\r
+ \r
+ MayChange mc = new MayChangeCred(trans,cred.value);\r
+ Result<?> rmc = mc.mayChange(); \r
+ if (rmc.notOK()) {\r
+ return Result.err(rmc);\r
+ }\r
+ \r
+ int entry = 0;\r
+ if(!trans.forceRequested()) {\r
+ if (rlcd.value.size() > 1) {\r
+ CredRequest cr = (CredRequest)from;\r
+ String inputOption = cr.getEntry();\r
+ if (inputOption == null) {\r
+ String message = selectCredFromList(rlcd.value, true);\r
+ String[] variables = buildVariables(rlcd.value);\r
+ return Result.err(Status.ERR_ChoiceNeeded, message, variables);\r
+ } else {\r
+ try {\r
+ entry = Integer.parseInt(inputOption) - 1;\r
+ } catch(NumberFormatException e) {\r
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");\r
+ }\r
+ }\r
+ isLastCred = (entry==-1)?true:false;\r
+ } else {\r
+ isLastCred = true;\r
+ }\r
+ if (entry < -1 || entry >= rlcd.value.size()) {\r
+ return Result.err(Status.ERR_BadData, "User chose invalid credential selection");\r
+ }\r
+ }\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false, \r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Delete Credential [" + \r
+ cred.value.id + \r
+ ']';\r
+ }\r
+ },\r
+ mc);\r
+ \r
+ Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, cred.value.ns);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, cred.value.id,\r
+ trans.user(), nsr.value.get(0),"D");\r
+ \r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ Result<?>udr = null;\r
+ if (!trans.forceRequested()) {\r
+ if(entry<0 || entry >= rlcd.value.size()) {\r
+ return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id);\r
+ }\r
+ udr = ques.credDAO.delete(trans, rlcd.value.get(entry),false);\r
+ } else {\r
+ for (CredDAO.Data curr : rlcd.value) {\r
+ udr = ques.credDAO.delete(trans, curr, false);\r
+ if (udr.notOK()) {\r
+ return Result.err(udr);\r
+ }\r
+ }\r
+ }\r
+ if(isLastCred) {\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id);\r
+ if(rlurd.isOK()) {\r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ ques.userRoleDAO.delete(trans, data, false);\r
+ }\r
+ }\r
+ }\r
+ if (udr.isOK()) {\r
+ return Result.ok();\r
+ }\r
+ return Result.err(udr);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ \r
+ }\r
+\r
+\r
+ @Override\r
+ public Result<Date> doesCredentialMatch(AuthzTrans trans, REQUEST credReq) {\r
+ TimeTaken tt = trans.start("Does Credential Match", Env.SUB);\r
+ try {\r
+ // Note: Mapper assigns RAW type\r
+ Result<CredDAO.Data> data = mapper.cred(trans, credReq,false);\r
+ if(data.notOKorIsEmpty()) {\r
+ return Result.err(data);\r
+ }\r
+ CredDAO.Data cred = data.value; // of the Mapped Cred\r
+ return ques.doesUserCredMatch(trans, cred.id, cred.cred.array());\r
+\r
+ } catch (DAOException e) {\r
+ trans.error().log(e,"Error looking up cred");\r
+ return Result.err(Status.ERR_Denied,"Credential does not match");\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authn/basicAuth",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 403 }, \r
+ text = { "Validate a Password using BasicAuth Base64 encoded Header. This HTTP/S call is intended as a fast"\r
+ + " User/Password lookup for Security Frameworks, and responds 200 if it passes BasicAuth "\r
+ + "security, and 403 if it does not." }\r
+ )\r
+ private void basicAuth() {\r
+ // This is a place holder for Documentation. The real BasicAuth API does not call Service.\r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authn/validate",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = { 403 }, \r
+ text = { "Validate a Credential given a Credential Structure. This is a more comprehensive validation, can "\r
+ + "do more than BasicAuth as Credential types exp" }\r
+ )\r
+ @Override\r
+ public Result<Date> validateBasicAuth(AuthzTrans trans, String basicAuth) {\r
+ //TODO how to make sure people don't use this in browsers? Do we care?\r
+ TimeTaken tt = trans.start("Validate Basic Auth", Env.SUB);\r
+ try {\r
+ BasicPrincipal bp = new BasicPrincipal(basicAuth,trans.org().getRealm());\r
+ Result<Date> rq = ques.doesUserCredMatch(trans, bp.getName(), bp.getCred());\r
+ // Note: Only want to log problem, don't want to send back to end user\r
+ if(rq.isOK()) {\r
+ return rq;\r
+ } else {\r
+ trans.audit().log(rq.errorString());\r
+ }\r
+ } catch (Exception e) {\r
+ trans.warn().log(e);\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return Result.err(Status.ERR_Denied,"Bad Basic Auth");\r
+ }\r
+\r
+/***********************************\r
+ * USER-ROLE \r
+ ***********************************/\r
+ @ApiDoc( \r
+ method = POST, \r
+ path = "/authz/userRole",\r
+ params = {},\r
+ expectedCode = 201,\r
+ errorCodes = {403,404,406,409}, \r
+ text = { "Create a UserRole relationship (add User to Role)",\r
+ "A UserRole is an object Representation of membership of a Role for limited time.",\r
+ "If a shorter amount of time for Role ownership is required, use the 'End' field.",\r
+ "** Note: Owners of Namespaces will be required to revalidate users in these roles ",\r
+ "before Expirations expire. Namespace owners will be notified by email."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> createUserRole(final AuthzTrans trans, REQUEST from) {\r
+ TimeTaken tt = trans.start("Create UserRole", Env.SUB);\r
+ try {\r
+ Result<UserRoleDAO.Data> urr = mapper.userRole(trans, from);\r
+ if(urr.notOKorIsEmpty()) {\r
+ return Result.err(urr);\r
+ }\r
+ final UserRoleDAO.Data userRole = urr.value;\r
+ \r
+ final Validator v = new Validator();\r
+ if(v.user_role(userRole).err() ||\r
+ v.user(trans.org(), userRole.user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+\r
+ \r
+ // Check if user can change first\r
+ Result<FutureDAO.Data> fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals\r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ return "Add User [" + userRole.user + "] to Role [" + \r
+ userRole.role + \r
+ ']';\r
+ }\r
+ },\r
+ new MayChange() {\r
+ private Result<NsDAO.Data> nsd;\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ if(nsd==null) {\r
+ RoleDAO.Data r = RoleDAO.Data.decode(userRole);\r
+ nsd = ques.mayUser(trans, trans.user(), r, Access.write);\r
+ }\r
+ return nsd;\r
+ }\r
+ });\r
+ Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr);\r
+ }\r
+\r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname, \r
+ userRole.user, nsr.value, "C");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing",\r
+ userRole.user,\r
+ userRole.ns,\r
+ userRole.rname);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ return func.addUserRole(trans, userRole);\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ \r
+ /**\r
+ * getUserRolesByRole\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/userRoles/role/:role",\r
+ params = {"role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all Users that are attached to Role specified in :role",\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("Role",role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<RoleDAO.Data> rrdd;\r
+ rrdd = RoleDAO.Data.decode(trans,ques,role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ // May Requester see result?\r
+ Result<NsDAO.Data> ns = ques.mayUser(trans,trans.user(), rrdd.value,Access.read);\r
+ if (ns.notOK()) {\r
+ return Result.err(ns);\r
+ }\r
+ \r
+ // boolean filter = true; \r
+ // if (ns.value.isAdmin(trans.user()) || ns.value.isResponsible(trans.user()))\r
+ // filter = false;\r
+ \r
+ // Get list of roles per user, then add to Roles as we go\r
+ HashSet<UserRoleDAO.Data> userSet = new HashSet<UserRoleDAO.Data>();\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);\r
+ if(rlurd.isOK()) {\r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ userSet.add(data);\r
+ }\r
+ }\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ USERROLES users = (USERROLES) mapper.newInstance(API.USER_ROLES);\r
+ // Checked for permission\r
+ mapper.userRoles(trans, userSet, users);\r
+ return Result.ok(users);\r
+ }\r
+ /**\r
+ * getUserRolesByRole\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/userRoles/user/:user",\r
+ params = {"role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all UserRoles for :user",\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERROLES> getUserRolesByUser(AuthzTrans trans, String user) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("User",user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // Get list of roles per user, then add to Roles as we go\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);\r
+ if(rlurd.notOK()) { \r
+ return Result.err(rlurd);\r
+ }\r
+ @SuppressWarnings("unchecked")\r
+ USERROLES users = (USERROLES) mapper.newInstance(API.USER_ROLES);\r
+ // Checked for permission\r
+ mapper.userRoles(trans, rlurd.value, users);\r
+ return Result.ok(users);\r
+ }\r
+\r
+ \r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authz/userRole/user",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Set a User's roles to the roles specified in the UserRoleRequest object.",\r
+ "WARNING: Roles supplied will be the ONLY roles attached to this user",\r
+ "If no roles are supplied, user's roles are reset."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> resetRolesForUser(AuthzTrans trans, REQUEST rreq) {\r
+ Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);\r
+ final Validator v = new Validator();\r
+ if(rurdd.notOKorIsEmpty()) {\r
+ return Result.err(rurdd);\r
+ }\r
+ if (v.user(trans.org(), rurdd.value.user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Set<String> currRoles = new HashSet<String>();\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, rurdd.value.user);\r
+ if(rlurd.isOK()) {\r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ currRoles.add(data.role);\r
+ }\r
+ }\r
+ \r
+ Result<Void> rv = null;\r
+ String[] roles;\r
+ if(rurdd.value.role==null) {\r
+ roles = new String[0];\r
+ } else {\r
+ roles = rurdd.value.role.split(",");\r
+ }\r
+ \r
+ for (String role : roles) { \r
+ if (v.role(role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ \r
+ rurdd.value.role(rrdd.value);\r
+ \r
+ Result<NsDAO.Data> nsd = ques.mayUser(trans, trans.user(), rrdd.value,Access.write);\r
+ if (nsd.notOK()) {\r
+ return Result.err(nsd);\r
+ }\r
+ Result<NsDAO.Data> nsr = ques.deriveNs(trans, role);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr); \r
+ }\r
+ \r
+ if(currRoles.contains(role)) {\r
+ currRoles.remove(role);\r
+ } else {\r
+ rv = func.addUserRole(trans, rurdd.value);\r
+ if (rv.notOK()) {\r
+ return rv;\r
+ }\r
+ }\r
+ }\r
+ \r
+ for (String role : currRoles) {\r
+ rurdd.value.role(trans,ques,role);\r
+ rv = ques.userRoleDAO.delete(trans, rurdd.value, true);\r
+ if(rv.notOK()) {\r
+ trans.info().log(rurdd.value.user,"/",rurdd.value.role, "expected to be deleted, but does not exist");\r
+ // return rv; // if it doesn't exist, don't error out\r
+ }\r
+\r
+ }\r
+ \r
+ return Result.ok(); \r
+ \r
+ }\r
+ \r
+ @ApiDoc( \r
+ method = PUT, \r
+ path = "/authz/userRole/role",\r
+ params = {},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Set a Role's users to the users specified in the UserRoleRequest object.",\r
+ "WARNING: Users supplied will be the ONLY users attached to this role",\r
+ "If no users are supplied, role's users are reset."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> resetUsersForRole(AuthzTrans trans, REQUEST rreq) {\r
+ Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);\r
+ if(rurdd.notOKorIsEmpty()) {\r
+ return Result.err(rurdd);\r
+ }\r
+ final Validator v = new Validator();\r
+ if (v.user_role(rurdd.value).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ RoleDAO.Data rd = RoleDAO.Data.decode(rurdd.value);\r
+\r
+ Result<NsDAO.Data> nsd = ques.mayUser(trans, trans.user(), rd, Access.write);\r
+ if (nsd.notOK()) {\r
+ return Result.err(nsd);\r
+ }\r
+\r
+ Result<NsDAO.Data> nsr = ques.deriveNs(trans, rurdd.value.role);\r
+ if(nsr.notOKorIsEmpty()) {\r
+ return Result.err(nsr); \r
+ }\r
+\r
+ Set<String> currUsers = new HashSet<String>();\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, rurdd.value.role);\r
+ if(rlurd.isOK()) { \r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ currUsers.add(data.user);\r
+ }\r
+ }\r
+ \r
+ // found when connected remotely to DEVL, can't replicate locally\r
+ // inconsistent errors with cmd: role user setTo [nothing]\r
+ // deleteUserRole --> read --> get --> cacheIdx(?)\r
+ // sometimes returns idx for last added user instead of user passed in\r
+ // cache bug? \r
+ \r
+ \r
+ Result<Void> rv = null;\r
+ String[] users = {};\r
+ if (rurdd.value.user != null) {\r
+ users = rurdd.value.user.split(",");\r
+ }\r
+ \r
+ for (String user : users) { \r
+ if (v.user(trans.org(), user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ rurdd.value.user = user;\r
+\r
+ if(currUsers.contains(user)) {\r
+ currUsers.remove(user);\r
+ } else {\r
+ rv = func.addUserRole(trans, rurdd.value);\r
+ if (rv.notOK()) { \r
+ return rv;\r
+ }\r
+ }\r
+ }\r
+ \r
+ for (String user : currUsers) {\r
+ rurdd.value.user = user; \r
+ rv = ques.userRoleDAO.delete(trans, rurdd.value, true);\r
+ if(rv.notOK()) {\r
+ trans.info().log(rurdd.value, "expected to be deleted, but not exists");\r
+ return rv;\r
+ }\r
+ } \r
+ \r
+ return Result.ok(); \r
+ }\r
+ \r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/userRole/extend/:user/:role",\r
+ params = { "user|string|true",\r
+ "role|string|true"\r
+ },\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406},\r
+ text = { "Extend the Expiration of this User Role by the amount set by Organization",\r
+ "Requestor must be allowed to modify the role"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> extendUserRole(AuthzTrans trans, String user, String role) {\r
+ Organization org = trans.org();\r
+ final Validator v = new Validator();\r
+ if(v.user(org, user)\r
+ .role(role)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ \r
+ Result<NsDAO.Data> rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write);\r
+ boolean mayNotChange;\r
+ if((mayNotChange = rcr.notOK()) && !trans.futureRequested()) {\r
+ return Result.err(rcr);\r
+ }\r
+ \r
+ Result<List<UserRoleDAO.Data>> rr = ques.userRoleDAO.read(trans, user,role);\r
+ if(rr.notOK()) {\r
+ return Result.err(rr);\r
+ }\r
+ for(UserRoleDAO.Data userRole : rr.value) {\r
+ if(mayNotChange) { // Function exited earlier if !trans.futureRequested\r
+ FutureDAO.Data fto = new FutureDAO.Data();\r
+ fto.target=UserRoleDAO.TABLE;\r
+ fto.memo = "Extend User ["+userRole.user+"] in Role ["+userRole.role+"]";\r
+ GregorianCalendar now = new GregorianCalendar();\r
+ fto.start = now.getTime();\r
+ fto.expires = org.expiration(now, Expiration.Future).getTime();\r
+ try {\r
+ fto.construct = userRole.bytify();\r
+ } catch (IOException e) {\r
+ trans.error().log(e, "Error while bytifying UserRole for Future");\r
+ return Result.err(e);\r
+ }\r
+\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fto, \r
+ userRole.user+'|'+userRole.role, userRole.user, rcr.value, "U");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing",\r
+ userRole.user,\r
+ userRole.role);\r
+ } else {\r
+ return Result.err(rfc);\r
+ }\r
+ } else {\r
+ return func.extendUserRole(trans, userRole, false);\r
+ }\r
+ }\r
+ return Result.err(Result.ERR_NotFound,"This user and role doesn't exist");\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = DELETE, \r
+ path = "/authz/userRole/:user/:role",\r
+ params = { "user|string|true",\r
+ "role|string|true"\r
+ },\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Remove Role :role from User :user."\r
+ }\r
+ )\r
+ @Override\r
+ public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role) {\r
+ Validator val = new Validator();\r
+ if(val.nullOrBlank("User", usr)\r
+ .nullOrBlank("Role", role).err()) {\r
+ return Result.err(Status.ERR_BadData, val.errs());\r
+ }\r
+\r
+ boolean mayNotChange;\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ \r
+ RoleDAO.Data rdd = rrdd.value;\r
+ // Make sure we don't delete the last owner\r
+ if(Question.OWNER.equals(rdd.name) && ques.countOwner(trans, usr, rdd.ns)<=1) {\r
+ return Result.err(Status.ERR_Denied,"You may not delete the last Owner of " + rdd.ns );\r
+ }\r
+ \r
+ Result<NsDAO.Data> rns = ques.mayUser(trans, trans.user(), rdd, Access.write);\r
+ if(mayNotChange=rns.notOK()) {\r
+ if(!trans.futureRequested()) {\r
+ return Result.err(rns);\r
+ }\r
+ }\r
+\r
+ Result<List<UserRoleDAO.Data>> rulr;\r
+ if((rulr=ques.userRoleDAO.read(trans, usr, role)).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_UserRoleNotFound, "User [ "+usr+" ] is not "\r
+ + "Assigned to the Role [ " + role + " ]");\r
+ }\r
+\r
+ UserRoleDAO.Data userRole = rulr.value.get(0);\r
+ if(mayNotChange) { // Function exited earlier if !trans.futureRequested\r
+ FutureDAO.Data fto = new FutureDAO.Data();\r
+ fto.target=UserRoleDAO.TABLE;\r
+ fto.memo = "Remove User ["+userRole.user+"] from Role ["+userRole.role+"]";\r
+ GregorianCalendar now = new GregorianCalendar();\r
+ fto.start = now.getTime();\r
+ fto.expires = trans.org().expiration(now, Expiration.Future).getTime();\r
+\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fto, \r
+ userRole.user+'|'+userRole.role, userRole.user, rns.value, "D");\r
+ if(rfc.isOK()) {\r
+ return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", \r
+ userRole.user,\r
+ userRole.role);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ } else {\r
+ return ques.userRoleDAO.delete(trans, rulr.value.get(0), false);\r
+ }\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/userRole/:user/:role",\r
+ params = {"user|string|true",\r
+ "role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Returns the User (with Expiration date from listed User/Role) if it exists"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role) {\r
+ final Validator v = new Validator();\r
+ if(v.role(role).nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+// Result<NsDAO.Data> ns = ques.deriveNs(trans, role);\r
+// if (ns.notOK()) return Result.err(ns);\r
+// \r
+// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);\r
+ // May calling user see by virtue of the Role\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ HashSet<UserRoleDAO.Data> userSet = new HashSet<UserRoleDAO.Data>();\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readUserInRole(trans, user, role);\r
+ if(rlurd.isOK()) {\r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ userSet.add(data);\r
+ }\r
+ }\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ USERS users = (USERS) mapper.newInstance(API.USERS);\r
+ mapper.users(trans, userSet, users);\r
+ return Result.ok(users);\r
+ }\r
+\r
+ @ApiDoc( \r
+ method = GET, \r
+ path = "/authz/users/role/:role",\r
+ params = {"user|string|true",\r
+ "role|string|true"},\r
+ expectedCode = 200,\r
+ errorCodes = {403,404,406}, \r
+ text = { "Returns the User (with Expiration date from listed User/Role) if it exists"\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERS> getUsersByRole(AuthzTrans trans, String role) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Role",role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+// Result<NsDAO.Data> ns = ques.deriveNs(trans, role);\r
+// if (ns.notOK()) return Result.err(ns);\r
+// \r
+// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);\r
+ // May calling user see by virtue of the Role\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ \r
+ HashSet<UserRoleDAO.Data> userSet = new HashSet<UserRoleDAO.Data>();\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);\r
+ if(rlurd.isOK()) { \r
+ for(UserRoleDAO.Data data : rlurd.value) {\r
+ userSet.add(data);\r
+ }\r
+ }\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ USERS users = (USERS) mapper.newInstance(API.USERS);\r
+ mapper.users(trans, userSet, users);\r
+ return Result.ok(users);\r
+ }\r
+\r
+ /**\r
+ * getUsersByPermission\r
+ */\r
+ @ApiDoc(\r
+ method = GET,\r
+ path = "/authz/users/perm/:type/:instance/:action",\r
+ params = { "type|string|true",\r
+ "instance|string|true",\r
+ "action|string|true"\r
+ },\r
+ expectedCode = 200,\r
+ errorCodes = {404,406},\r
+ text = { "List all Users that have Permission specified by :type :instance :action",\r
+ }\r
+ )\r
+ @Override\r
+ public Result<USERS> getUsersByPermission(AuthzTrans trans, String type, String instance, String action) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("Type",type)\r
+ .nullOrBlank("Instance",instance)\r
+ .nullOrBlank("Action",action) \r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<NsSplit> nss = ques.deriveNsSplit(trans, type);\r
+ if(nss.notOK()) {\r
+ return Result.err(nss);\r
+ }\r
+ \r
+ Result<List<NsDAO.Data>> nsd = ques.nsDAO.read(trans, nss.value.ns);\r
+ if (nsd.notOK()) {\r
+ return Result.err(nsd);\r
+ }\r
+ \r
+ boolean allInstance = ASTERIX.equals(instance);\r
+ boolean allAction = ASTERIX.equals(action);\r
+ // Get list of roles per Permission, \r
+ // Then loop through Roles to get Users\r
+ // Note: Use Sets to avoid processing or responding with Duplicates\r
+ Set<String> roleUsed = new HashSet<String>();\r
+ Set<UserRoleDAO.Data> userSet = new HashSet<UserRoleDAO.Data>();\r
+ \r
+ if(!nss.isEmpty()) {\r
+ Result<List<PermDAO.Data>> rlp = ques.permDAO.readByType(trans, nss.value.ns, nss.value.name);\r
+ if(rlp.isOKhasData()) {\r
+ for(PermDAO.Data pd : rlp.value) {\r
+ if((allInstance || pd.instance.equals(instance)) && \r
+ (allAction || pd.action.equals(action))) {\r
+ if(ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) {\r
+ for(String role : pd.roles) {\r
+ if(!roleUsed.contains(role)) { // avoid evaluating Role many times\r
+ roleUsed.add(role);\r
+ Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role.replace('|', '.'));\r
+ if(rlurd.isOKhasData()) {\r
+ for(UserRoleDAO.Data urd : rlurd.value) {\r
+ userSet.add(urd);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ @SuppressWarnings("unchecked")\r
+ USERS users = (USERS) mapper.newInstance(API.USERS);\r
+ mapper.users(trans, userSet, users);\r
+ return Result.ok(users);\r
+ }\r
+\r
+ /***********************************\r
+ * HISTORY \r
+ ***********************************/ \r
+ @Override\r
+ public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) { \r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("User",user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<NsDAO.Data> rnd;\r
+ // Users may look at their own data\r
+ if(trans.user().equals(user)) {\r
+ // Users may look at their own data\r
+ } else {\r
+ int at = user.indexOf('@');\r
+ if(at>=0 && trans.org().getRealm().equals(user.substring(at+1))) {\r
+ NsDAO.Data nsd = new NsDAO.Data();\r
+ nsd.name = Question.domain2ns(user);\r
+ rnd = ques.mayUser(trans, trans.user(), nsd, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ } else {\r
+ rnd = ques.validNSOfDomain(trans, user);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ }\r
+ }\r
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readByUser(trans, user, yyyymm);\r
+ if(resp.notOK()) {\r
+ return Result.err(resp);\r
+ }\r
+ return mapper.history(trans, resp.value,sort);\r
+ }\r
+\r
+ @Override\r
+ public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String role, int[] yyyymm, final int sort) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("Role",role).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);\r
+ if(rrdd.notOK()) {\r
+ return Result.err(rrdd);\r
+ }\r
+ \r
+ Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, role, "role", yyyymm); \r
+ if(resp.notOK()) {\r
+ return Result.err(resp);\r
+ }\r
+ return mapper.history(trans, resp.value,sort);\r
+ }\r
+\r
+ @Override\r
+ public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String type, int[] yyyymm, final int sort) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("Type",type)\r
+ .err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ // May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of")\r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ \r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, type, "perm", yyyymm);\r
+ if(resp.notOK()) {\r
+ return Result.err(resp);\r
+ }\r
+ return mapper.history(trans, resp.value,sort);\r
+ }\r
+\r
+ @Override\r
+ public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) {\r
+ final Validator v = new Validator(trans);\r
+ if(v.nullOrBlank("NS",ns)\r
+ .err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd);\r
+ }\r
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);\r
+ if(rnd.notOK()) {\r
+ return Result.err(rnd); \r
+ }\r
+\r
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, ns, "ns", yyyymm);\r
+ if(resp.notOK()) {\r
+ return Result.err(resp);\r
+ }\r
+ return mapper.history(trans, resp.value,sort);\r
+ }\r
+\r
+/***********************************\r
+ * DELEGATE \r
+ ***********************************/\r
+ @Override\r
+ public Result<Void> createDelegate(final AuthzTrans trans, REQUEST base) {\r
+ return createOrUpdateDelegate(trans, base, Question.Access.create);\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> updateDelegate(AuthzTrans trans, REQUEST base) {\r
+ return createOrUpdateDelegate(trans, base, Question.Access.write);\r
+ }\r
+\r
+\r
+ private Result<Void> createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) {\r
+ final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);\r
+ final Validator v = new Validator();\r
+ if(v.delegate(trans.org(),rd).err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ final DelegateDAO.Data dd = rd.value;\r
+ \r
+ Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO.read(trans, dd);\r
+ if(access==Access.create && ddr.isOKhasData()) {\r
+ return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate);\r
+ } else if(access!=Access.create && ddr.notOKorIsEmpty()) { \r
+ return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name());\r
+ }\r
+ Result<Void> rv = ques.mayUser(trans, dd, access);\r
+ if(rv.notOK()) {\r
+ return rv;\r
+ }\r
+ \r
+ Result<FutureDAO.Data> fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false, \r
+ new Mapper.Memo() {\r
+ @Override\r
+ public String get() {\r
+ StringBuilder sb = new StringBuilder();\r
+ sb.append(access.name());\r
+ sb.setCharAt(0, Character.toUpperCase(sb.charAt(0)));\r
+ sb.append("Delegate ");\r
+ sb.append(access==Access.create?"[":"to [");\r
+ sb.append(rd.value.delegate);\r
+ sb.append("] for [");\r
+ sb.append(rd.value.user);\r
+ sb.append(']');\r
+ return sb.toString();\r
+ }\r
+ },\r
+ new MayChange() {\r
+ @Override\r
+ public Result<?> mayChange() {\r
+ return Result.ok(); // Validate in code above\r
+ }\r
+ });\r
+ \r
+ switch(fd.status) {\r
+ case OK:\r
+ Result<List<Identity>> rfc = func.createFuture(trans, fd.value, \r
+ dd.user, trans.user(),null, access==Access.create?"C":"U");\r
+ if(rfc.isOK()) { \r
+ return Result.err(Status.ACC_Future, "Delegate for [%s]",\r
+ dd.user);\r
+ } else { \r
+ return Result.err(rfc);\r
+ }\r
+ case Status.ACC_Now:\r
+ if(access==Access.create) {\r
+ Result<DelegateDAO.Data> rdr = ques.delegateDAO.create(trans, dd);\r
+ if(rdr.isOK()) {\r
+ return Result.ok();\r
+ } else {\r
+ return Result.err(rdr);\r
+ }\r
+ } else {\r
+ return ques.delegateDAO.update(trans, dd);\r
+ }\r
+ default:\r
+ return Result.err(fd);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST base) {\r
+ final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);\r
+ final Validator v = new Validator();\r
+ if(v.notOK(rd).nullOrBlank("User", rd.value.user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ Result<List<DelegateDAO.Data>> ddl;\r
+ if((ddl=ques.delegateDAO.read(trans, rd.value)).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");\r
+ }\r
+ final DelegateDAO.Data dd = ddl.value.get(0);\r
+ Result<Void> rv = ques.mayUser(trans, dd, Access.write);\r
+ if(rv.notOK()) {\r
+ return rv;\r
+ }\r
+ \r
+ return ques.delegateDAO.delete(trans, dd, false);\r
+ }\r
+\r
+ @Override\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, String userName) {\r
+ DelegateDAO.Data dd = new DelegateDAO.Data();\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", userName).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ dd.user = userName;\r
+ Result<List<DelegateDAO.Data>> ddl;\r
+ if((ddl=ques.delegateDAO.read(trans, dd)).notOKorIsEmpty()) {\r
+ return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");\r
+ }\r
+ dd = ddl.value.get(0);\r
+ Result<Void> rv = ques.mayUser(trans, dd, Access.write);\r
+ if(rv.notOK()) {\r
+ return rv;\r
+ }\r
+ \r
+ return ques.delegateDAO.delete(trans, dd, false);\r
+ }\r
+ \r
+ @Override\r
+ public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", user).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ DelegateDAO.Data ddd = new DelegateDAO.Data();\r
+ ddd.user = user;\r
+ ddd.delegate = null;\r
+ Result<Void> rv = ques.mayUser(trans, ddd, Access.read);\r
+ if(rv.notOK()) {\r
+ return Result.err(rv);\r
+ }\r
+ \r
+ TimeTaken tt = trans.start("Get delegates for a user", Env.SUB);\r
+\r
+ Result<List<DelegateDAO.Data>> dbDelgs = ques.delegateDAO.read(trans, user);\r
+ try {\r
+ if (dbDelgs.isOKhasData()) {\r
+ return mapper.delegate(dbDelgs.value);\r
+ } else {\r
+ return Result.err(Status.ERR_DelegateNotFound,"No Delegate found for [%s]",user);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ } \r
+ }\r
+\r
+ @Override\r
+ public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Delegate", delegate).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ DelegateDAO.Data ddd = new DelegateDAO.Data();\r
+ ddd.user = delegate;\r
+ Result<Void> rv = ques.mayUser(trans, ddd, Access.read);\r
+ if(rv.notOK()) {\r
+ return Result.err(rv);\r
+ }\r
+\r
+ TimeTaken tt = trans.start("Get users for a delegate", Env.SUB);\r
+\r
+ Result<List<DelegateDAO.Data>> dbDelgs = ques.delegateDAO.readByDelegate(trans, delegate);\r
+ try {\r
+ if (dbDelgs.isOKhasData()) {\r
+ return mapper.delegate(dbDelgs.value);\r
+ } else {\r
+ return Result.err(Status.ERR_DelegateNotFound,"Delegate [%s] is not delegating for anyone.",delegate);\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ } \r
+ }\r
+\r
+/***********************************\r
+ * APPROVAL \r
+ ***********************************/\r
+ @Override\r
+ public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals) {\r
+ Result<List<ApprovalDAO.Data>> rlad = mapper.approvals(approvals);\r
+ if(rlad.notOK()) {\r
+ return Result.err(rlad);\r
+ }\r
+ int numApprs = rlad.value.size();\r
+ if(numApprs<1) {\r
+ return Result.err(Status.ERR_NoApprovals,"No Approvals sent for Updating");\r
+ }\r
+ int numProcessed = 0;\r
+ String user = trans.user();\r
+ \r
+ Result<List<ApprovalDAO.Data>> curr;\r
+ for(ApprovalDAO.Data updt : rlad.value) {\r
+ if(updt.ticket!=null) {\r
+ curr = ques.approvalDAO.readByTicket(trans, updt.ticket);\r
+ } else if(updt.id!=null) {\r
+ curr = ques.approvalDAO.read(trans, updt);\r
+ } else if(updt.approver!=null) {\r
+ curr = ques.approvalDAO.readByApprover(trans, updt.approver);\r
+ } else {\r
+ return Result.err(Status.ERR_BadData,"Approvals need ID, Ticket or Approval data to update");\r
+ }\r
+ if(curr.isOKhasData()) {\r
+ for(ApprovalDAO.Data cd : curr.value){\r
+ // Check for right record. Need ID, or (Ticket&Trans.User==Appr)\r
+ // If Default ID\r
+ boolean delegatedAction = ques.isDelegated(trans, user, cd.approver);\r
+ String delegator = cd.approver;\r
+ if(updt.id!=null || \r
+ (updt.ticket!=null && user.equals(cd.approver)) ||\r
+ (updt.ticket!=null && delegatedAction)) {\r
+ if(updt.ticket.equals(cd.ticket)) {\r
+ cd.id = changed(updt.id,cd.id);\r
+ cd.ticket = changed(updt.ticket,cd.ticket);\r
+ cd.user = changed(updt.user,cd.user);\r
+ cd.approver = changed(updt.approver,cd.approver);\r
+ cd.type = changed(updt.type,cd.type);\r
+ cd.status = changed(updt.status,cd.status);\r
+ cd.memo = changed(updt.memo,cd.memo);\r
+ cd.operation = changed(updt.operation,cd.operation);\r
+ cd.updated = changed(updt.updated,cd.updated);\r
+ ques.approvalDAO.update(trans, cd);\r
+ Result<Void> rv = func.performFutureOp(trans, cd);\r
+ if (rv.isOK()) {\r
+ if (delegatedAction) {\r
+ trans.audit().log("actor=",user,",action=",updt.status,",operation=\"",cd.memo,\r
+ '"',",requestor=",cd.user,",delegator=",delegator);\r
+ }\r
+ if (!delegatedAction && cd.status.equalsIgnoreCase("denied")) {\r
+ trans.audit().log("actor=",trans.user(),",action=denied,operation=\"",cd.memo,'"',",requestor=",cd.user);\r
+ }\r
+ rv = ques.approvalDAO.delete(trans, cd, false);\r
+ }\r
+ ++numProcessed;\r
+\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+\r
+ if(numApprs==numProcessed) {\r
+ return Result.ok();\r
+ }\r
+ return Result.err(Status.ERR_ActionNotCompleted,numProcessed + " out of " + numApprs + " completed");\r
+\r
+ }\r
+ \r
+ private<T> T changed(T src, T dflt) {\r
+ if(src!=null) {\r
+ return src;\r
+ }\r
+ return dflt;\r
+ }\r
+\r
+ @Override\r
+ public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("User", user).err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+\r
+ Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO.readByUser(trans, user);\r
+ if(rapd.isOK()) {\r
+ return mapper.approvals(rapd.value);\r
+ } else {\r
+ return Result.err(rapd);\r
+ }\r
+}\r
+\r
+ @Override\r
+ public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Ticket", ticket).err()) { \r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ UUID uuid;\r
+ try {\r
+ uuid = UUID.fromString(ticket);\r
+ } catch (IllegalArgumentException e) {\r
+ return Result.err(Status.ERR_BadData,e.getMessage());\r
+ }\r
+ \r
+ Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO.readByTicket(trans, uuid);\r
+ if(rapd.isOK()) {\r
+ return mapper.approvals(rapd.value);\r
+ } else {\r
+ return Result.err(rapd);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver) {\r
+ final Validator v = new Validator();\r
+ if(v.nullOrBlank("Approver", approver).err()) {\r
+ return Result.err(Status.ERR_BadData,v.errs());\r
+ }\r
+ \r
+ List<ApprovalDAO.Data> listRapds = new ArrayList<ApprovalDAO.Data>();\r
+ \r
+ Result<List<ApprovalDAO.Data>> myRapd = ques.approvalDAO.readByApprover(trans, approver);\r
+ if(myRapd.notOK()) {\r
+ return Result.err(myRapd);\r
+ }\r
+ \r
+ listRapds.addAll(myRapd.value);\r
+ \r
+ Result<List<DelegateDAO.Data>> delegatedFor = ques.delegateDAO.readByDelegate(trans, approver);\r
+ if (delegatedFor.isOK()) {\r
+ for (DelegateDAO.Data dd : delegatedFor.value) {\r
+ if (dd.expires.after(new Date())) {\r
+ String delegator = dd.user;\r
+ Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO.readByApprover(trans, delegator);\r
+ if (rapd.isOK()) {\r
+ for (ApprovalDAO.Data d : rapd.value) { \r
+ if (!d.user.equals(trans.user())) {\r
+ listRapds.add(d);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ return mapper.approvals(listRapds);\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#clearCache(com.att.authz.env.AuthzTrans, java.lang.String)\r
+ */\r
+ @Override\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname) {\r
+ if(ques.isGranted(trans,trans.user(),Define.ROOT_NS,CACHE,cname,"clear")) {\r
+ return ques.clearCache(trans,cname);\r
+ }\r
+ return Result.err(Status.ERR_Denied, "%s does not have AAF Permission '%s.cache|%s|clear",\r
+ trans.user(),Define.ROOT_NS,cname);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#cacheClear(com.att.authz.env.AuthzTrans, java.lang.String, java.lang.Integer)\r
+ */\r
+ @Override\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname, int[] segment) {\r
+ if(ques.isGranted(trans,trans.user(),Define.ROOT_NS,CACHE,cname,"clear")) {\r
+ Result<Void> v=null;\r
+ for(int i: segment) {\r
+ v=ques.cacheClear(trans,cname,i);\r
+ }\r
+ if(v!=null) {\r
+ return v;\r
+ }\r
+ }\r
+ return Result.err(Status.ERR_Denied, "%s does not have AAF Permission '%s.cache|%s|clear",\r
+ trans.user(),Define.ROOT_NS,cname);\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.AuthzService#dbReset(com.att.authz.env.AuthzTrans)\r
+ */\r
+ @Override\r
+ public void dbReset(AuthzTrans trans) {\r
+ ques.historyDAO.reportPerhapsReset(trans, null);\r
+ }\r
+\r
+}\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import java.util.Date;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.mapper.Mapper;\r
+import com.att.dao.DAOException;\r
+import com.att.dao.aaf.cass.NsType;\r
+\r
+public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> {\r
+ public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper();\r
+ \r
+/***********************************\r
+ * NAMESPACE \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param ns\r
+ * @return\r
+ * @throws DAOException \r
+ * @throws \r
+ */\r
+ public Result<Void> createNS(AuthzTrans trans, REQUEST request, NsType type);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<Void> addAdminNS(AuthzTrans trans, String ns, String id);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<Void> delAdminNS(AuthzTrans trans, String ns, String id);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param id\r
+ * @return\r
+ */\r
+ public Result<Void> addResponsibleNS(AuthzTrans trans, String ns, String id);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param id\r
+ * @return\r
+ */\r
+ public Result<Void> delResponsibleNS(AuthzTrans trans, String ns, String id);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param key\r
+ * @param value\r
+ * @return\r
+ */\r
+ public Result<Void> createNsAttrib(AuthzTrans trans, String ns, String key, String value);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param key\r
+ * @param value\r
+ * @return\r
+ */\r
+ public Result<?> updateNsAttrib(AuthzTrans trans, String ns, String key, String value);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param key\r
+ * @return\r
+ */\r
+ public Result<Void> deleteNsAttrib(AuthzTrans trans, String ns, String key);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param key\r
+ * @return\r
+ */\r
+ public Result<KEYS> readNsByAttrib(AuthzTrans trans, String key);\r
+\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<NSS> getNSbyName(AuthzTrans trans, String ns);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<NSS> getNSbyAdmin(AuthzTrans trans, String user, boolean full);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<NSS> getNSbyResponsible(AuthzTrans trans, String user, boolean full);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<NSS> getNSbyEither(AuthzTrans trans, String user, boolean full);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param parent\r
+ * @return\r
+ */\r
+ public Result<NSS> getNSsChildren(AuthzTrans trans, String parent);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @return\r
+ */\r
+ public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST req);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @param user\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<Void> deleteNS(AuthzTrans trans, String ns);\r
+\r
+/***********************************\r
+ * PERM \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param rreq\r
+ * @return\r
+ * @throws DAOException \r
+ * @throws MappingException\r
+ */\r
+ public Result<Void> createPerm(AuthzTrans trans, REQUEST rreq);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param childPerm\r
+ * @return\r
+ * @throws DAOException \r
+ */\r
+ public Result<PERMS> getPermsByType(AuthzTrans trans, String perm);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<PERMS> getPermsByName(AuthzTrans trans, String type,\r
+ String instance, String action);\r
+\r
+ /**\r
+ * Gets all the permissions for a user across all the roles it is assigned to\r
+ * @param userName\r
+ * @return\r
+ * @throws Exception \r
+ * @throws Exception\r
+ */\r
+ public Result<PERMS> getPermsByUser(AuthzTrans trans, String userName);\r
+\r
+ /**\r
+ * Gets all the permissions for a user across all the roles it is assigned to\r
+ * \r
+ * Add AAF Perms representing the "MayUser" calls if\r
+ * 1) Allowed\r
+ * 2) User has equivalent permission\r
+ * \r
+ * @param userName\r
+ * @return\r
+ * @throws Exception \r
+ * @throws Exception\r
+ */\r
+ public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS perms, String userName);\r
+\r
+ /**\r
+ * \r
+ * Gets all the permissions for a user across all the roles it is assigned to\r
+ * \r
+ * @param roleName\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<PERMS> getPermsByRole(AuthzTrans trans, String roleName);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<PERMS> getPermsByNS(AuthzTrans trans, String ns);\r
+\r
+ /**\r
+ * rename permission\r
+ * \r
+ * @param trans\r
+ * @param rreq\r
+ * @param isRename\r
+ * @param origType\r
+ * @param origInstance\r
+ * @param origAction\r
+ * @return\r
+ */\r
+ public Result<Void> renamePerm(AuthzTrans trans, REQUEST rreq, String origType, String origInstance, String origAction);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @return\r
+ */\r
+ public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST req);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ */\r
+ public Result<Void> resetPermRoles(AuthzTrans trans, REQUEST from);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Void> deletePerm(AuthzTrans trans, REQUEST from);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param perm\r
+ * @param type\r
+ * @param action\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ Result<Void> deletePerm(AuthzTrans trans, String perm, String type, String action);\r
+\r
+/***********************************\r
+ * ROLE \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param role\r
+ * @param approvers\r
+ * @return\r
+ * @throws DAOException \r
+ * @throws Exception\r
+ */\r
+ public Result<Void> createRole(AuthzTrans trans, REQUEST req);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<ROLES> getRolesByName(AuthzTrans trans, String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ * @throws DAOException \r
+ */\r
+ public Result<ROLES> getRolesByUser(AuthzTrans trans, String user);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<ROLES> getRolesByNS(AuthzTrans trans, String user);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param name\r
+ * @return\r
+ */\r
+ public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @return\r
+ */\r
+ public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST req);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param rreq\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ public Result<Void> addPermToRole(AuthzTrans trans, REQUEST rreq);\r
+ \r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param rreq\r
+ * @return\r
+ * @throws DAOException\r
+ */\r
+ Result<Void> delPermFromRole(AuthzTrans trans, REQUEST rreq);\r
+\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param role\r
+ * @return\r
+ * @throws DAOException \r
+ * @throws MappingException \r
+ */\r
+ public Result<Void> deleteRole(AuthzTrans trans, String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @return\r
+ */\r
+ public Result<Void> deleteRole(AuthzTrans trans, REQUEST req);\r
+\r
+/***********************************\r
+ * CRED \r
+ ***********************************/\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ */\r
+ Result<Void> createUserCred(AuthzTrans trans, REQUEST from);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ */\r
+ Result<Void> changeUserCred(AuthzTrans trans, REQUEST from);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @param days\r
+ * @return\r
+ */\r
+ Result<Void> extendUserCred(AuthzTrans trans, REQUEST from, String days);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ns\r
+ * @return\r
+ */\r
+ public Result<USERS> getCredsByNS(AuthzTrans trans, String ns);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param id\r
+ * @return\r
+ */\r
+ public Result<USERS> getCredsByID(AuthzTrans trans, String id);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param req\r
+ * @param id\r
+ * @return\r
+ */\r
+ public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param credReq\r
+ * @return\r
+ */\r
+ public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST credReq);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Date> doesCredentialMatch(AuthzTrans trans, REQUEST credReq);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param basicAuth\r
+ * @return\r
+ */\r
+ public Result<Date> validateBasicAuth(AuthzTrans trans, String basicAuth);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<USERS> getUsersByRole(AuthzTrans trans, String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param type\r
+ * @param instance\r
+ * @param action\r
+ * @return\r
+ */\r
+ public Result<USERS> getUsersByPermission(AuthzTrans trans,String type, String instance, String action);\r
+ \r
+ \r
+\r
+\r
+/***********************************\r
+ * USER-ROLE \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param request\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Void> createUserRole(AuthzTrans trans, REQUEST request);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<USERROLES> getUserRolesByUser(AuthzTrans trans, String user);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ */\r
+ public Result<Void> resetRolesForUser(AuthzTrans trans, REQUEST from);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param from\r
+ * @return\r
+ */\r
+ public Result<Void> resetUsersForRole(AuthzTrans trans, REQUEST from);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param role\r
+ * @return\r
+ */\r
+ public Result<Void> extendUserRole(AuthzTrans trans, String user,\r
+ String role);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param usr\r
+ * @param role\r
+ * @return\r
+ * @throws DAOException \r
+ */\r
+ public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role);\r
+\r
+\r
+\r
+/***********************************\r
+ * HISTORY \r
+ ***********************************/ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param yyyymm\r
+ * @return\r
+ */\r
+ public Result<HISTORY> getHistoryByUser(AuthzTrans trans, String user, int[] yyyymm, int sort);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param subj\r
+ * @param yyyymm\r
+ * @param sort\r
+ * @return\r
+ */\r
+ public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String subj, int[] yyyymm, int sort);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param subj\r
+ * @param yyyymm\r
+ * @param sort\r
+ * @return\r
+ */\r
+ public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String subj, int[] yyyymm, int sort);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param subj\r
+ * @param yyyymm\r
+ * @param sort\r
+ * @return\r
+ */\r
+ public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String subj, int[] yyyymm, int sort);\r
+\r
+/***********************************\r
+ * DELEGATE \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param delegates\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Void> createDelegate(AuthzTrans trans, REQUEST reqDelegate);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param delegates\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Void> updateDelegate(AuthzTrans trans, REQUEST reqDelegate);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param userName\r
+ * @param delegate\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST reqDelegate);\r
+ \r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param userName\r
+ * @return\r
+ */\r
+ public Result<Void> deleteDelegate(AuthzTrans trans, String userName);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ * @throws Exception\r
+ */\r
+ public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user);\r
+ \r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param delegate\r
+ * @return\r
+ */\r
+ public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate);\r
+\r
+/***********************************\r
+ * APPROVAL \r
+ ***********************************/\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @param approver\r
+ * @param status\r
+ * @return\r
+ */\r
+ public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param user\r
+ * @return\r
+ */\r
+ public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param ticket\r
+ * @return\r
+ */\r
+ public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param approver\r
+ * @return\r
+ */\r
+ public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param cname\r
+ * @return\r
+ */\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ * @param cname\r
+ * @param segment\r
+ * @return\r
+ */\r
+ public Result<Void> cacheClear(AuthzTrans trans, String cname, int[] segment);\r
+\r
+ /**\r
+ * \r
+ * @param trans\r
+ */\r
+ public void dbReset(AuthzTrans trans);\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.cssa.rserv.HttpCode;\r
+\r
+public abstract class Code extends HttpCode<AuthzTrans, AuthzFacade> implements Cloneable {\r
+ public boolean useJSON;\r
+\r
+ public Code(AuthzFacade facade, String description, boolean useJSON, String ... roles) {\r
+ super(facade, description, roles);\r
+ this.useJSON = useJSON;\r
+ }\r
+ \r
+ public <D extends Code> D clone(AuthzFacade facade, boolean useJSON) throws Exception {\r
+ @SuppressWarnings("unchecked")\r
+ D d = (D)clone();\r
+ d.useJSON = useJSON;\r
+ d.context = facade;\r
+ return d;\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import com.att.authz.layer.Result;\r
+\r
+/**\r
+ * There are several ways to determine if \r
+ *\r
+ */\r
+public interface MayChange {\r
+ public Result<?> mayChange();\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.Symm;\r
+import com.att.cssa.rserv.HttpMethods;\r
+\r
+/**\r
+ * API Apis\r
+ *\r
+ */\r
+public class API_Api {\r
+ // Hide Public Constructor\r
+ private API_Api() {}\r
+ \r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ ////////\r
+ // Overall APIs\r
+ ///////\r
+ authzAPI.route(HttpMethods.GET,"/api",API.API,new Code(facade,"Document API", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getAPI(trans,resp,authzAPI);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ ////////\r
+ // Overall Examples\r
+ ///////\r
+ authzAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new Code(facade,"Document API", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String pathInfo = req.getPathInfo();\r
+ int question = pathInfo.lastIndexOf('?');\r
+ \r
+ pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"\r
+ String nameOrContextType=Symm.base64noSplit.decode(pathInfo);\r
+ Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,\r
+ question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1))\r
+ );\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+\r
+public class API_Approval {\r
+ // Hide Public Constructor\r
+ private API_Approval() {}\r
+ \r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+\r
+ /**\r
+ * Get Approvals by User\r
+ */\r
+ authzAPI.route(GET, "/authz/approval/user/:user",API.APPROVALS,\r
+ new Code(facade,"Get Approvals by User", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getApprovalsByUser(trans, resp, pathParam(req,"user"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ } else {\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+\r
+ /**\r
+ * Get Approvals by Ticket\r
+ */\r
+ authzAPI.route(GET, "/authz/approval/ticket/:ticket",API.VOID,new Code(facade,"Get Approvals by Ticket ", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getApprovalsByTicket(trans, resp, pathParam(req,"ticket"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+\r
+ /**\r
+ * Get Approvals by Approver\r
+ */\r
+ authzAPI.route(GET, "/authz/approval/approver/:approver",API.APPROVALS,new Code(facade,"Get Approvals by Approver", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getApprovalsByApprover(trans, resp, pathParam(req,"approver"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+\r
+\r
+ /**\r
+ * Update an approval\r
+ */\r
+ authzAPI.route(PUT, "/authz/approval",API.APPROVALS,new Code(facade,"Update approvals", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.updateApproval(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import java.security.Principal;\r
+import java.util.Date;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.cadi.DirectAAFUserPass;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.CredVal;\r
+import com.att.cadi.Symm;\r
+import com.att.cadi.principal.BasicPrincipal;\r
+import com.att.cadi.principal.X509Principal;\r
+import com.att.cssa.rserv.HttpMethods;\r
+import com.att.inno.env.Env;\r
+\r
+/**\r
+ * Initialize All Dispatches related to Credentials (AUTHN)\r
+ *\r
+ */\r
+public class API_Creds {\r
+ // Hide Public Interface\r
+ private API_Creds() {}\r
+ // needed to validate Creds even when already Authenticated x509\r
+ /**\r
+ * TIME SENSITIVE APIs\r
+ * \r
+ * These will be first in the list\r
+ * \r
+ * @param env\r
+ * @param authzAPI\r
+ * @param facade\r
+ * @param directAAFUserPass \r
+ * @throws Exception\r
+ */\r
+ public static void timeSensitiveInit(Env env, AuthAPI authzAPI, AuthzFacade facade, final DirectAAFUserPass directAAFUserPass) throws Exception {\r
+ /**\r
+ * Basic Auth, quick Validation\r
+ * \r
+ * Responds OK or NotAuthorized\r
+ */\r
+ authzAPI.route(env, HttpMethods.GET, "/authn/basicAuth", new Code(facade,"Is given BasicAuth valid?",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+\r
+ Principal p = trans.getUserPrincipal();\r
+ if (p instanceof BasicPrincipal) {\r
+ // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok\r
+ // otherwise, it wouldn't have gotten here.\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else if (p instanceof X509Principal) {\r
+ // have to check Basic Auth here, because it might be CSP.\r
+ String ba = req.getHeader("Authorization");\r
+ if(ba.startsWith("Basic ")) {\r
+ String decoded = Symm.base64noSplit.decode(ba.substring(6));\r
+ int colon = decoded.indexOf(':');\r
+ if(directAAFUserPass.validate(\r
+ decoded.substring(0,colon), \r
+ CredVal.Type.PASSWORD , \r
+ decoded.substring(colon+1).getBytes())) {\r
+ \r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ }\r
+ }\r
+ } else if(p == null) {\r
+ trans.error().log("Transaction not Authenticated... no Principal");\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ } else {\r
+ trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");\r
+ // For Auth Security questions, we don't give any info to client on why failed\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ }\r
+ }\r
+ },"text/plain");\r
+ \r
+ /** \r
+ * returns whether a given Credential is valid\r
+ */\r
+ authzAPI.route(POST, "/authn/validate", API.CRED_REQ, new Code(facade,"Is given Credential valid?",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Date> r = context.doesCredentialMatch(trans, req, resp);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ // For Security, we don't give any info out on why failed, other than forbidden\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ }\r
+ }\r
+ }); \r
+\r
+ /** \r
+ * returns whether a given Credential is valid\r
+ */\r
+ authzAPI.route(GET, "/authn/cert/id/:id", API.CERTS, new Code(facade,"Get Cert Info by ID",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getCertInfoByID(trans, req, resp, pathParam(req,":id") );\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ } else {\r
+ // For Security, we don't give any info out on why failed, other than forbidden\r
+ resp.setStatus(HttpStatus.FORBIDDEN_403);\r
+ }\r
+ }\r
+ }); \r
+\r
+\r
+\r
+\r
+ }\r
+ \r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * Create a new ID/Credential\r
+ */\r
+ authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.createUserCred(trans, req);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /** \r
+ * gets all credentials by Namespace\r
+ */\r
+ authzAPI.route(GET, "/authn/creds/ns/:ns", API.USERS, new Code(facade,"Get Creds for a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getCredsByNS(trans, resp, pathParam(req, "ns"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+ \r
+ /** \r
+ * gets all credentials by ID\r
+ */\r
+ authzAPI.route(GET, "/authn/creds/id/:id", API.USERS, new Code(facade,"Get Creds by ID",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getCredsByID(trans, resp, pathParam(req, "id"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+\r
+\r
+ /**\r
+ * Update ID/Credential (aka reset)\r
+ */\r
+ authzAPI.route(PUT,"/authn/cred",API.CRED_REQ,new Code(facade,"Update an ID/Credential", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.changeUserCred(trans, req);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Extend ID/Credential\r
+ * This behavior will accelerate getting out of P1 outages due to ignoring renewal requests, or\r
+ * other expiration issues.\r
+ * \r
+ * Scenario is that people who are solving Password problems at night, are not necessarily those who\r
+ * know what the passwords are supposed to be. Also, changing Password, without changing Configurations\r
+ * using that password only exacerbates the P1 Issue.\r
+ */\r
+ authzAPI.route(PUT,"/authn/cred/:days",API.CRED_REQ,new Code(facade,"Extend an ID/Credential", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.extendUserCred(trans, req, pathParam(req, "days"));\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Delete a ID/Credential by Object\r
+ */\r
+ authzAPI.route(DELETE,"/authn/cred",API.CRED_REQ,new Code(facade,"Delete a Credential", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteUserCred(trans, req);\r
+ if(r.isOK()) {\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+\r
+public class API_Delegate {\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * Add a delegate\r
+ */\r
+ authzAPI.route(POST, "/authz/delegate",API.DELG_REQ,new Code(facade,"Add a Delegate", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.createDelegate(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+ \r
+ /**\r
+ * Update a delegate\r
+ */\r
+ authzAPI.route(PUT, "/authz/delegate",API.DELG_REQ,new Code(facade,"Update a Delegate", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.updateDelegate(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+ \r
+ /**\r
+ * DELETE delegates for a user\r
+ */\r
+ authzAPI.route(DELETE, "/authz/delegate",API.DELG_REQ,new Code(facade,"Delete delegates for a user", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteDelegate(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+ \r
+ /**\r
+ * DELETE a delegate\r
+ */\r
+ authzAPI.route(DELETE, "/authz/delegate/:user_name",API.VOID,new Code(facade,"Delete a Delegate", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteDelegate(trans, pathParam(req, "user_name"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+ \r
+ /**\r
+ * Read who is delegating for User\r
+ */\r
+ authzAPI.route(GET, "/authz/delegates/user/:user",API.DELGS,new Code(facade,"Get Delegates by User", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getDelegatesByUser(trans, pathParam(req, "user"), resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+\r
+ /**\r
+ * Read for whom the User is delegating\r
+ */\r
+ authzAPI.route(GET, "/authz/delegates/delegate/:delegate",API.DELGS,new Code(facade,"Get Delegates by Delegate", true) {\r
+\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getDelegatesByDelegate(trans, pathParam(req, "delegate"), resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ } \r
+ } \r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+\r
+import java.text.SimpleDateFormat;\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+/**\r
+ * Pull certain types of History Info\r
+ * \r
+ * Specify yyyymm as \r
+ * single - 201504\r
+ * commas 201503,201504\r
+ * ranges 201501-201504\r
+ * combinations 201301,201401,201501-201504\r
+ * \r
+ *\r
+ */\r
+public class API_History {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * Get History\r
+ */\r
+ authzAPI.route(GET,"/authz/hist/user/:user",API.HISTORY,new Code(facade,"Get History by User", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ int[] years;\r
+ int descend;\r
+ try {\r
+ years = getYears(req);\r
+ descend = decending(req);\r
+ } catch(Exception e) {\r
+ context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));\r
+ return;\r
+ }\r
+\r
+ Result<Void> r = context.getHistoryByUser(trans, resp, pathParam(req,":user"),years,descend);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Get History by NS\r
+ */\r
+ authzAPI.route(GET,"/authz/hist/ns/:ns",API.HISTORY,new Code(facade,"Get History by Namespace", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ int[] years;\r
+ int descend;\r
+ try {\r
+ years = getYears(req);\r
+ descend = decending(req);\r
+ } catch(Exception e) {\r
+ context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));\r
+ return;\r
+ }\r
+ \r
+ Result<Void> r = context.getHistoryByNS(trans, resp, pathParam(req,":ns"),years,descend);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Get History by Role\r
+ */\r
+ authzAPI.route(GET,"/authz/hist/role/:role",API.HISTORY,new Code(facade,"Get History by Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ int[] years;\r
+ int descend;\r
+ try {\r
+ years = getYears(req);\r
+ descend = decending(req);\r
+ } catch(Exception e) {\r
+ context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));\r
+ return;\r
+ }\r
+\r
+ Result<Void> r = context.getHistoryByRole(trans, resp, pathParam(req,":role"),years,descend);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Get History by Perm Type\r
+ */\r
+ authzAPI.route(GET,"/authz/hist/perm/:type",API.HISTORY,new Code(facade,"Get History by Perm Type", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ int[] years;\r
+ int descend;\r
+ try {\r
+ years = getYears(req);\r
+ descend = decending(req);\r
+ } catch(Exception e) {\r
+ context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));\r
+ return;\r
+ }\r
+ \r
+ Result<Void> r = context.getHistoryByPerm(trans, resp, pathParam(req,":type"),years,descend);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ }\r
+\r
+ // Check if Ascending\r
+ private static int decending(HttpServletRequest req) {\r
+ if("true".equalsIgnoreCase(req.getParameter("desc")))return -1;\r
+ if("true".equalsIgnoreCase(req.getParameter("asc")))return 1;\r
+ return 0;\r
+ }\r
+ \r
+ // Get Common "yyyymm" parameter, or none\r
+ private static final SimpleDateFormat FMT = new SimpleDateFormat("yyyyMM");\r
+ \r
+ private static int[] getYears(HttpServletRequest req) throws NumberFormatException {\r
+ String yyyymm = req.getParameter("yyyymm");\r
+ ArrayList<Integer> ai= new ArrayList<Integer>();\r
+ if(yyyymm==null) {\r
+ GregorianCalendar gc = new GregorianCalendar();\r
+ // three months is the default\r
+ for(int i=0;i<3;++i) {\r
+ ai.add(Integer.parseInt(FMT.format(gc.getTime())));\r
+ gc.add(GregorianCalendar.MONTH, -1);\r
+ }\r
+ } else {\r
+ for(String ym : yyyymm.split(",")) {\r
+ String range[] = ym.split("\\s*-\\s*");\r
+ switch(range.length) {\r
+ case 0:\r
+ break;\r
+ case 1:\r
+ if(!ym.endsWith("-")) {\r
+ ai.add(getNum(ym));\r
+ break;\r
+ } else {\r
+ range=new String[] {ym.substring(0, 6),FMT.format(new Date())};\r
+ }\r
+ default:\r
+ GregorianCalendar gc = new GregorianCalendar();\r
+ gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[1].substring(4,6))-1);\r
+ gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[1].substring(0,4)));\r
+ int end = getNum(FMT.format(gc.getTime())); \r
+ \r
+ gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[0].substring(4,6))-1);\r
+ gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[0].substring(0,4)));\r
+ for(int i=getNum(FMT.format(gc.getTime()));i<=end;gc.add(GregorianCalendar.MONTH, 1),i=getNum(FMT.format(gc.getTime()))) {\r
+ ai.add(i);\r
+ }\r
+\r
+ }\r
+ }\r
+ }\r
+ if(ai.size()==0) {\r
+ throw new NumberFormatException(yyyymm + " is an invalid number or range");\r
+ }\r
+ Collections.sort(ai);\r
+ int ym[] = new int[ai.size()];\r
+ for(int i=0;i<ym.length;++i) {\r
+ ym[i]=ai.get(i);\r
+ }\r
+ return ym;\r
+ }\r
+ \r
+ private static int getNum(String n) {\r
+ if(n==null || n.length()!=6) throw new NumberFormatException(n + " is not in YYYYMM format");\r
+ return Integer.parseInt(n);\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.common.Define;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.taf.dos.DenialOfServiceTaf;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.dao.session.SessionFilter;\r
+import com.att.inno.env.Trans;\r
+\r
+/**\r
+ * User Role APIs\r
+ *\r
+ */\r
+public class API_Mgmt {\r
+\r
+ private static final String SUCCESS = "SUCCESS";\r
+\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+\r
+ /**\r
+ * Clear Cache Segment\r
+ */\r
+ authzAPI.route(DELETE,"/mgmt/cache/:area/:segments",API.VOID,new Code(facade,"Clear Cache by Segment", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.cacheClear(trans, pathParam(req,"area"), pathParam(req,"segments"));\r
+ switch(r.status) {\r
+ case OK:\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Clear Cache\r
+ */\r
+ authzAPI.route(DELETE,"/mgmt/cache/:area",API.VOID,new Code(facade,"Clear Cache", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r;\r
+ String area;\r
+ r = context.cacheClear(trans, area=pathParam(req,"area"));\r
+ switch(r.status) {\r
+ case OK:\r
+ trans.audit().log("Cache " + area + " has been cleared by "+trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Clear DB Sessions\r
+ */\r
+ authzAPI.route(DELETE,"/mgmt/dbsession",API.VOID,new Code(facade,"Clear DBSessions", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ try {\r
+ if(req.isUserInRole(Define.ROOT_NS+".db|pool|clear")) {\r
+ SessionFilter.clear();\r
+ context.dbReset(trans);\r
+\r
+ trans.audit().log("DB Sessions have been cleared by "+trans.user());\r
+\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ return;\r
+ }\r
+ context.error(trans,resp,Result.err(Result.ERR_Denied,"%s is not allowed to clear dbsessions",trans.user()));\r
+ } catch(Exception e) {\r
+ trans.error().log(e, "clearing dbsession");\r
+ context.error(trans,resp,Result.err(e));\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Deny an IP \r
+ */\r
+ authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String ip = pathParam(req,":ip");\r
+ if(req.isUserInRole(Define.ROOT_NS+".deny|"+Define.ROOT_COMPANY+"|ip")) {\r
+ if(DenialOfServiceTaf.denyIP(ip)) {\r
+ trans.audit().log(ip+" has been set to deny by "+trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, \r
+ ip + " is already being denied"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to set IP Denial"));\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Stop Denying an IP\r
+ */\r
+ authzAPI.route(DELETE, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Stop Denying IP",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String ip = pathParam(req,":ip");\r
+ if(req.isUserInRole(Define.ROOT_NS+".deny|"+Define.ROOT_COMPANY+"|ip")) {\r
+ if(DenialOfServiceTaf.removeDenyIP(ip)) {\r
+ trans.audit().log(ip+" has been removed from denial by "+trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_NotFound, \r
+ ip + " is not on the denial list"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial"));\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Deny an ID \r
+ */\r
+ authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String id = pathParam(req,":id");\r
+ if(req.isUserInRole(Define.ROOT_NS+".deny|"+Define.ROOT_COMPANY+"|id")) {\r
+ if(DenialOfServiceTaf.denyID(id)) {\r
+ trans.audit().log(id+" has been set to deny by "+trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, \r
+ id + " is already being denied"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to set ID Denial"));\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Stop Denying an ID\r
+ */\r
+ authzAPI.route(DELETE, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Stop Denying ID",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String id = pathParam(req,":id");\r
+ if(req.isUserInRole(Define.ROOT_NS+".deny|"+Define.ROOT_COMPANY+"|id")) {\r
+ if(DenialOfServiceTaf.removeDenyID(id)) {\r
+ trans.audit().log(id+" has been removed from denial by " + trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_NotFound, \r
+ id + " is not on the denial list"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial"));\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Deny an ID \r
+ */\r
+ authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String id = pathParam(req,":id");\r
+ if(req.isUserInRole(Define.ROOT_NS+".log|"+Define.ROOT_COMPANY+"|id")) {\r
+ if(Question.specialLogOn(trans,id)) {\r
+ trans.audit().log(id+" has been set to special Log by "+trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.CREATED_201);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, \r
+ id + " is already being special Logged"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging"));\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Stop Denying an ID\r
+ */\r
+ authzAPI.route(DELETE, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Stop Special Log ID",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ String id = pathParam(req,":id");\r
+ if(req.isUserInRole(Define.ROOT_NS+".log|"+Define.ROOT_COMPANY+"|id")) {\r
+ if(Question.specialLogOff(trans,id)) {\r
+ trans.audit().log(id+" has been removed from special Logging by " + trans.user());\r
+ trans.checkpoint(SUCCESS,Trans.ALWAYS);\r
+ resp.setStatus(HttpStatus.OK_200);\r
+ } else {\r
+ context.error(trans,resp,Result.err(Status.ERR_NotFound, \r
+ id + " is not on the special Logging list"));\r
+ }\r
+ } else {\r
+ trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization");\r
+ context.error(trans,resp,Result.err(Status.ERR_Denied, \r
+ trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging"));\r
+ }\r
+ }\r
+ });\r
+\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+public class API_NS {\r
+ private static final String FULL = "full";\r
+ private static final String TRUE = "true";\r
+\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * puts a new Namespace in Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1, TC_NSdelete1\r
+ */\r
+ authzAPI.route(POST,"/authz/ns",API.NS_REQ, new Code(facade,"Create a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ NsType nst = NsType.fromString(req.getParameter("type"));\r
+ Result<Void> r = context.requestNS(trans, req, resp,nst);\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ case Status.ACC_Future:\r
+ resp.setStatus(HttpStatus.ACCEPTED_202); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+ \r
+ /**\r
+ * removes a Namespace from Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1, TC_NSdelete1\r
+ */\r
+ authzAPI.route(DELETE,"/authz/ns/:ns",API.VOID, new Code(facade,"Delete a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteNS(trans, req, resp, pathParam(req,":ns"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /**\r
+ * Add an Admin in NS in Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1\r
+ */\r
+ authzAPI.route(POST,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Add an Admin to a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.addAdminToNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ case Status.ACC_Future:\r
+ resp.setStatus(HttpStatus.ACCEPTED_202); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+ \r
+ /**\r
+ * Removes an Admin from Namespace in Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1\r
+ */\r
+ authzAPI.route(DELETE,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Remove an Admin from a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.delAdminFromNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /**\r
+ * Add an Admin in NS in Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1\r
+ */\r
+ authzAPI.route(POST,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Add a Responsible Identity to a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.addResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ case Status.ACC_Future:\r
+ resp.setStatus(HttpStatus.ACCEPTED_202); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+\r
+ /**\r
+ * \r
+ */\r
+ authzAPI.route(GET,"/authz/nss/:id",API.NSS, new Code(facade,"Return Information about Namespaces", true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getNSsByName(trans, resp, pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ ); \r
+ \r
+ /**\r
+ * Get all Namespaces where user is an admin\r
+ */\r
+ authzAPI.route(GET,"/authz/nss/admin/:user",API.NSS, new Code(facade,"Return Namespaces where User is an Admin", true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getNSsByAdmin(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+ \r
+ /**\r
+ * Get all Namespaces where user is a responsible party\r
+ */\r
+ authzAPI.route(GET,"/authz/nss/responsible/:user",API.NSS, new Code(facade,"Return Namespaces where User is Responsible", true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getNSsByResponsible(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /**\r
+ * Get all Namespaces where user is an admin or owner\r
+ */\r
+ authzAPI.route(GET,"/authz/nss/either/:user",API.NSS, new Code(facade,"Return Namespaces where User Admin or Owner", true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getNSsByEither(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /**\r
+ * Get all children Namespaces\r
+ */\r
+ authzAPI.route(GET,"/authz/nss/children/:id",API.NSS, new Code(facade,"Return Child Namespaces", true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getNSsChildren(trans, resp, pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /**\r
+ * Set a description of a Namespace\r
+ */\r
+ authzAPI.route(PUT,"/authz/ns",API.NS_REQ,new Code(facade,"Set a Description for a Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.updateNsDescription(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }); \r
+ \r
+ /**\r
+ * Removes an Owner from Namespace in Authz DB\r
+ * \r
+ * TESTCASES: TC_NS1\r
+ */\r
+ authzAPI.route(DELETE,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Remove a Responsible Identity from Namespace",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.delResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ authzAPI.route(POST,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"Add an Attribute from a Namespace",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.createAttribForNS(trans, resp, \r
+ pathParam(req,":ns"), \r
+ pathParam(req,":key"),\r
+ pathParam(req,":value"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ authzAPI.route(GET,"/authz/ns/attrib/:key",API.KEYS, new Code(facade,"get Ns Key List From Attribute",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.readNsByAttrib(trans, resp, pathParam(req,":key"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ authzAPI.route(PUT,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"update an Attribute from a Namespace",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.updAttribForNS(trans, resp, \r
+ pathParam(req,":ns"), \r
+ pathParam(req,":key"),\r
+ pathParam(req,":value"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+ \r
+ authzAPI.route(DELETE,"/authz/ns/:ns/attrib/:key",API.VOID, new Code(facade,"delete an Attribute from a Namespace",true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.delAttribForNS(trans, resp, \r
+ pathParam(req,":ns"), \r
+ pathParam(req,":key"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ }\r
+ \r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import java.net.URLDecoder;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.cadi.config.Config;\r
+\r
+public class API_Perms {\r
+ public static void timeSensitiveInit(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /** \r
+ * gets all permissions by user name\r
+ */\r
+ authzAPI.route(GET, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsByUser(trans, resp, pathParam(req, "user"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+ \r
+ /** \r
+ * gets all permissions by user name\r
+ */\r
+ authzAPI.route(POST, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User, Query AAF Perms",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsByUserWithAAFQuery(trans, req, resp, pathParam(req, "user"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+\r
+\r
+ } // end timeSensitiveInit\r
+\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * Create a Permission\r
+ */\r
+ authzAPI.route(POST,"/authz/perm",API.PERM_REQ,new Code(facade,"Create a Permission",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.createPerm(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /** \r
+ * get details of Permission\r
+ */\r
+ authzAPI.route(GET, "/authz/perms/:type/:instance/:action", API.PERMS, new Code(facade,"Get Permissions by Key",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsByName(trans, resp, \r
+ pathParam(req, "type"),\r
+ URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8),\r
+ pathParam(req, "action"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+ \r
+ /** \r
+ * get children of Permission\r
+ */\r
+ authzAPI.route(GET, "/authz/perms/:type", API.PERMS, new Code(facade,"Get Permissions by Type",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsByType(trans, resp, pathParam(req, "type"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+\r
+ \r
+ /**\r
+ * gets all permissions by role name\r
+ */\r
+ authzAPI.route(GET,"/authz/perms/role/:role",API.PERMS,new Code(facade,"Get Permissions by Role",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsForRole(trans, resp, pathParam(req, "role"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * gets all permissions by Namespace\r
+ */\r
+ authzAPI.route(GET,"/authz/perms/ns/:ns",API.PERMS,new Code(facade,"Get PermsByNS",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getPermsByNS(trans, resp, pathParam(req, "ns"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Set a perm's description\r
+ */\r
+ authzAPI.route(PUT,"/authz/perm",API.PERM_REQ,new Code(facade,"Set Description for Permission",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.updatePermDescription(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }); \r
+ \r
+ /**\r
+ * Update a permission with a rename\r
+ */\r
+ authzAPI.route(PUT,"/authz/perm/:type/:instance/:action",API.PERM_REQ,new Code(facade,"Update a Permission",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.renamePerm(trans, req, resp, pathParam(req, "type"), \r
+ pathParam(req, "instance"), pathParam(req, "action"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }); \r
+ \r
+ /**\r
+ * Delete a Permission\r
+ */\r
+ authzAPI.route(DELETE,"/authz/perm",API.PERM_REQ,new Code(facade,"Delete a Permission",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.deletePerm(trans,req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ \r
+ \r
+\r
+ /**\r
+ * Delete a Permission\r
+ */\r
+ authzAPI.route(DELETE,"/authz/perm/:name/:type/:action",API.PERM_KEY,new Code(facade,"Delete a Permission",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.deletePerm(trans, resp,\r
+ pathParam(req, ":name"),\r
+ pathParam(req, ":type"),\r
+ pathParam(req, ":action"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ } // end init\r
+}\r
+\r
+\r
+\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+import com.att.dao.aaf.cass.Status;\r
+\r
+public class API_Roles {\r
+ public static void init(AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * puts a new role in Authz DB\r
+ */\r
+ authzAPI.route(POST,"/authz/role",API.ROLE_REQ, new Code(facade,"Create Role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.createRole(trans, req, resp);\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ case Status.ACC_Future:\r
+ resp.setStatus(HttpStatus.ACCEPTED_202); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+\r
+ /** \r
+ * get Role by name\r
+ */\r
+ authzAPI.route(GET, "/authz/roles/:role", API.ROLES, new Code(facade,"GetRolesByFullName",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getRolesByName(trans, resp, pathParam(req, "role"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+\r
+\r
+ /** \r
+ * gets all Roles by user name\r
+ */\r
+ authzAPI.route(GET, "/authz/roles/user/:name", API.ROLES, new Code(facade,"GetRolesByUser",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getRolesByUser(trans, resp, pathParam(req, "name"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+\r
+ });\r
+\r
+ /** \r
+ * gets all Roles by Namespace\r
+ */\r
+ authzAPI.route(GET, "/authz/roles/ns/:ns", API.ROLES, new Code(facade,"GetRolesByNS",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getRolesByNS(trans, resp, pathParam(req, "ns"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /** \r
+ * gets all Roles by Name without the Namespace\r
+ */\r
+ authzAPI.route(GET, "/authz/roles/name/:name", API.ROLES, new Code(facade,"GetRolesByNameOnly",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getRolesByNameOnly(trans, resp, pathParam(req, ":name"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Deletes a Role from Authz DB by Object\r
+ */\r
+ authzAPI.route(DELETE,"/authz/role",API.ROLE_REQ, new Code(facade,"Delete Role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteRole(trans, req, resp);\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ \r
+ }\r
+ );\r
+ \r
+\r
+ \r
+ /**\r
+ * Deletes a Role from Authz DB by Key\r
+ */\r
+ authzAPI.route(DELETE,"/authz/role/:role",API.ROLE, new Code(facade,"Delete Role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteRole(trans, resp, pathParam(req,":role"));\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ \r
+ }\r
+ );\r
+ \r
+\r
+ /**\r
+ * Add a Permission to a Role (Grant)\r
+ */\r
+ authzAPI.route(POST,"/authz/role/perm",API.ROLE_PERM_REQ, new Code(facade,"Add Permission to Role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.addPermToRole(trans, req, resp);\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }\r
+ );\r
+ \r
+ /**\r
+ * Get all Roles by Permission\r
+ */\r
+ authzAPI.route(GET,"/authz/roles/perm/:type/:instance/:action",API.ROLES,new Code(facade,"GetRolesByPerm",true) {\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.getRolesByPerm(trans, resp, \r
+ pathParam(req, "type"),\r
+ pathParam(req, "instance"),\r
+ pathParam(req, "action"));\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Set a role's description\r
+ */\r
+ authzAPI.route(PUT,"/authz/role",API.ROLE_REQ,new Code(facade,"Set Description for role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.updateRoleDescription(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }); \r
+ \r
+ /**\r
+ * Set a permission's roles to roles given\r
+ */\r
+ authzAPI.route(PUT,"/authz/role/perm",API.ROLE_PERM_REQ,new Code(facade,"Set a Permission's Roles",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans, \r
+ HttpServletRequest req,\r
+ HttpServletResponse resp) throws Exception {\r
+ \r
+ Result<Void> r = context.resetPermRoles(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK: \r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ }); \r
+ \r
+ /**\r
+ * Delete a Permission from a Role\r
+ */\r
+ authzAPI.route(DELETE,"/authz/role/:role/perm",API.ROLE_PERM_REQ, new Code(facade,"Delete Permission from Role",true) {\r
+ @Override\r
+ public void handle(\r
+ AuthzTrans trans,\r
+ HttpServletRequest req, \r
+ HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.delPermFromRole(trans, req, resp);\r
+ \r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ \r
+ }\r
+ );\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+\r
+/**\r
+ * User Role APIs\r
+ *\r
+ */\r
+public class API_User {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * get all Users who have Permission X\r
+ */\r
+ authzAPI.route(GET,"/authz/users/perm/:type/:instance/:action",API.USERS,new Code(facade,"Get Users By Permission", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+// trans.checkpoint(pathParam(req,"type") + " " \r
+// + pathParam(req,"instance") + " " \r
+// + pathParam(req,"action"));\r
+//\r
+ Result<Void> r = context.getUsersByPermission(trans, resp,\r
+ pathParam(req, ":type"),\r
+ pathParam(req, ":instance"),\r
+ pathParam(req, ":action"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+\r
+ /**\r
+ * get all Users who have Role X\r
+ */\r
+ authzAPI.route(GET,"/authz/users/role/:role",API.USERS,new Code(facade,"Get Users By Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getUsersByRole(trans, resp, pathParam(req, ":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Get User Role if exists\r
+ * @deprecated\r
+ */\r
+ authzAPI.route(GET,"/authz/userRole/:user/:role",API.USERS,new Code(facade,"Get if User is In Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ /**\r
+ * Get User Role if exists\r
+ */\r
+ authzAPI.route(GET,"/authz/users/:user/:role",API.USERS,new Code(facade,"Get if User is In Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+\r
+\r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static com.att.authz.layer.Result.OK;\r
+import static com.att.cssa.rserv.HttpMethods.DELETE;\r
+import static com.att.cssa.rserv.HttpMethods.GET;\r
+import static com.att.cssa.rserv.HttpMethods.POST;\r
+import static com.att.cssa.rserv.HttpMethods.PUT;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.authz.service.Code;\r
+import com.att.authz.service.mapper.Mapper.API;\r
+\r
+/**\r
+ * User Role APIs\r
+ *\r
+ */\r
+public class API_UserRole {\r
+ /**\r
+ * Normal Init level APIs\r
+ * \r
+ * @param authzAPI\r
+ * @param facade\r
+ * @throws Exception\r
+ */\r
+ public static void init(final AuthAPI authzAPI, AuthzFacade facade) throws Exception {\r
+ /**\r
+ * Request User Role Access\r
+ */\r
+ authzAPI.route(POST,"/authz/userRole",API.USER_ROLE_REQ,new Code(facade,"Request User Role Access", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.requestUserRole(trans, req, resp);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.CREATED_201); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ \r
+ /**\r
+ * Get UserRoles by Role\r
+ */\r
+ authzAPI.route(GET,"/authz/userRoles/role/:role",API.USER_ROLES,new Code(facade,"Get UserRoles by Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getUserRolesByRole(trans, resp, pathParam(req,":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Get UserRoles by User\r
+ */\r
+ authzAPI.route(GET,"/authz/userRoles/user/:user",API.USER_ROLES,new Code(facade,"Get UserRoles by User", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.getUserRolesByUser(trans, resp, pathParam(req,":user"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ \r
+ /**\r
+ * Update roles attached to user in path\r
+ */\r
+ authzAPI.route(PUT,"/authz/userRole/user",API.USER_ROLE_REQ,new Code(facade,"Update Roles for a user", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.resetRolesForUser(trans, resp, req);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ \r
+ /**\r
+ * Update users attached to role in path\r
+ */\r
+ authzAPI.route(PUT,"/authz/userRole/role",API.USER_ROLE_REQ,new Code(facade,"Update Users for a role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.resetUsersForRole(trans, resp, req);\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+ \r
+ /**\r
+ * Extend Expiration Date (according to Organizational rules)\r
+ */\r
+ authzAPI.route(PUT, "/authz/userRole/extend/:user/:role", API.VOID, new Code(facade,"Extend Expiration", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.extendUserRoleExpiration(trans,resp,pathParam(req,":user"),pathParam(req,":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ \r
+ }\r
+ \r
+ });\r
+ \r
+ \r
+ /**\r
+ * Create a new ID/Credential\r
+ */\r
+ authzAPI.route(DELETE,"/authz/userRole/:user/:role",API.VOID,new Code(facade,"Delete User Role", true) {\r
+ @Override\r
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {\r
+ Result<Void> r = context.deleteUserRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));\r
+ switch(r.status) {\r
+ case OK:\r
+ resp.setStatus(HttpStatus.OK_200); \r
+ break;\r
+ default:\r
+ context.error(trans,resp,r);\r
+ }\r
+ }\r
+ });\r
+\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.mapper;\r
+\r
+import java.util.Collection;\r
+import java.util.List;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.service.MayChange;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.FutureDAO;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.rosetta.Marshal;\r
+\r
+public interface Mapper<\r
+ NSS,\r
+ PERMS,\r
+ PERMKEY,\r
+ ROLES,\r
+ USERS,\r
+ USERROLES,\r
+ DELGS,\r
+ CERTS,\r
+ KEYS,\r
+ REQUEST,\r
+ HISTORY,\r
+ ERROR,\r
+ APPROVALS>\r
+{\r
+ enum API{NSS,NS_REQ, \r
+ PERMS,PERM_KEY,PERM_REQ,\r
+ ROLES,ROLE,ROLE_REQ,ROLE_PERM_REQ,\r
+ USERS,USER_ROLE_REQ,USER_ROLES,\r
+ CRED_REQ,CERTS,\r
+ APPROVALS,\r
+ DELGS,DELG_REQ,\r
+ KEYS,\r
+ HISTORY,\r
+ ERROR,\r
+ API,\r
+ VOID};\r
+ public Class<?> getClass(API api);\r
+ public<A> Marshal<A> getMarshal(API api);\r
+ public<A> A newInstance(API api);\r
+\r
+ public Result<PermDAO.Data> permkey(AuthzTrans trans, PERMKEY from);\r
+ public Result<PermDAO.Data> perm(AuthzTrans trans, REQUEST from);\r
+ public Result<RoleDAO.Data> role(AuthzTrans trans, REQUEST from);\r
+ public Result<Namespace> ns(AuthzTrans trans, REQUEST from);\r
+ public Result<CredDAO.Data> cred(AuthzTrans trans, REQUEST from, boolean requiresPass);\r
+ public Result<USERS> cred(List<CredDAO.Data> lcred, USERS to);\r
+ public Result<CERTS> cert(List<CertDAO.Data> lcert, CERTS to);\r
+ public Result<DelegateDAO.Data> delegate(AuthzTrans trans, REQUEST from);\r
+ public Result<DELGS> delegate(List<DelegateDAO.Data> lDelg);\r
+ public Result<APPROVALS> approvals(List<ApprovalDAO.Data> lAppr);\r
+ public Result<List<ApprovalDAO.Data>> approvals(APPROVALS apprs);\r
+ public Result<List<PermDAO.Data>> perms(AuthzTrans trans, PERMS perms);\r
+ \r
+ public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, REQUEST from);\r
+ public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, REQUEST from);\r
+ public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, REQUEST from);\r
+ \r
+ /*\r
+ * Check Requests of varying sorts for Future fields set\r
+ */\r
+ public Result<FutureDAO.Data> future(AuthzTrans trans, String table, REQUEST from, Bytification content, boolean enableApproval, Memo memo, MayChange mc);\r
+\r
+ public Result<NSS> nss(AuthzTrans trans, Namespace from, NSS to);\r
+\r
+ // Note: Prevalidate if NS given is allowed to be seen before calling\r
+ public Result<NSS> nss(AuthzTrans trans, Collection<Namespace> from, NSS to);\r
+// public Result<NSS> ns_attrib(AuthzTrans trans, Set<String> from, NSS to);\r
+ public Result<PERMS> perms(AuthzTrans trans, List<PermDAO.Data> from, PERMS to, boolean filter);\r
+ public Result<ROLES> roles(AuthzTrans trans, List<RoleDAO.Data> from, ROLES roles, boolean filter);\r
+ // Note: Prevalidate if NS given is allowed to be seen before calling\r
+ public Result<USERS> users(AuthzTrans trans, Collection<UserRoleDAO.Data> from, USERS to);\r
+ public Result<USERROLES> userRoles(AuthzTrans trans, Collection<UserRoleDAO.Data> from, USERROLES to);\r
+ public Result<KEYS> keys(Collection<String> from);\r
+\r
+ public Result<HISTORY> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort);\r
+ \r
+ public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);\r
+ \r
+ /*\r
+ * A Memo Creator... Use to avoid creating superfluous Strings until needed.\r
+ */\r
+ public static interface Memo {\r
+ public String get();\r
+ }\r
+\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.mapper;\r
+\r
+import java.nio.ByteBuffer;\r
+import java.util.ArrayList;\r
+import java.util.Collection;\r
+import java.util.Collections;\r
+import java.util.Comparator;\r
+import java.util.Date;\r
+import java.util.GregorianCalendar;\r
+import java.util.List;\r
+import java.util.UUID;\r
+\r
+import javax.xml.datatype.XMLGregorianCalendar;\r
+\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Organization;\r
+import com.att.authz.org.Organization.Expiration;\r
+import com.att.authz.service.MayChange;\r
+import com.att.cadi.aaf.marshal.CertsMarshal;\r
+import com.att.cadi.util.Vars;\r
+import com.att.cssa.rserv.Pair;\r
+import com.att.dao.Bytification;\r
+import com.att.dao.aaf.cass.ApprovalDAO;\r
+import com.att.dao.aaf.cass.CertDAO;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO.Data;\r
+import com.att.dao.aaf.cass.FutureDAO;\r
+import com.att.dao.aaf.cass.HistoryDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.NsSplit;\r
+import com.att.dao.aaf.cass.NsType;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.Status;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+import com.att.dao.aaf.hl.Question;\r
+import com.att.dao.aaf.hl.Question.Access;\r
+import com.att.inno.env.Env;\r
+import com.att.inno.env.TimeTaken;\r
+import com.att.inno.env.util.Chrono;\r
+import com.att.rosetta.Marshal;\r
+\r
+import aaf.v2_0.Api;\r
+import aaf.v2_0.Approval;\r
+import aaf.v2_0.Approvals;\r
+import aaf.v2_0.Certs;\r
+import aaf.v2_0.Certs.Cert;\r
+import aaf.v2_0.CredRequest;\r
+import aaf.v2_0.Delg;\r
+import aaf.v2_0.DelgRequest;\r
+import aaf.v2_0.Delgs;\r
+import aaf.v2_0.Error;\r
+import aaf.v2_0.History;\r
+import aaf.v2_0.History.Item;\r
+import aaf.v2_0.Keys;\r
+import aaf.v2_0.NsRequest;\r
+import aaf.v2_0.Nss;\r
+import aaf.v2_0.Nss.Ns;\r
+import aaf.v2_0.Nss.Ns.Attrib;\r
+import aaf.v2_0.Perm;\r
+import aaf.v2_0.PermKey;\r
+import aaf.v2_0.PermRequest;\r
+import aaf.v2_0.Perms;\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.Request;\r
+import aaf.v2_0.Role;\r
+import aaf.v2_0.RolePermRequest;\r
+import aaf.v2_0.RoleRequest;\r
+import aaf.v2_0.Roles;\r
+import aaf.v2_0.UserRole;\r
+import aaf.v2_0.UserRoleRequest;\r
+import aaf.v2_0.UserRoles;\r
+import aaf.v2_0.Users;\r
+import aaf.v2_0.Users.User;\r
+\r
+public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> {\r
+ private Question q;\r
+\r
+ public Mapper_2_0(Question q) {\r
+ this.q = q;\r
+ }\r
+ \r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.mapper.Mapper#ns(java.lang.Object, com.att.authz.service.mapper.Mapper.Holder)\r
+ */\r
+ @Override\r
+ public Result<Namespace> ns(AuthzTrans trans, Request base) {\r
+ NsRequest from = (NsRequest)base;\r
+ Namespace namespace = new Namespace();\r
+ namespace.name = from.getName();\r
+ namespace.admin = from.getAdmin();\r
+ namespace.owner = from.getResponsible();\r
+ namespace.description = from.getDescription();\r
+ trans.checkpoint(namespace.name, Env.ALWAYS);\r
+ \r
+ NsType nt = NsType.fromString(from.getType());\r
+ if(nt.equals(NsType.UNKNOWN)) {\r
+ String ns = namespace.name;\r
+ int count = 0;\r
+ for(int i=ns.indexOf('.');\r
+ i>=0;\r
+ i=ns.indexOf('.',i+1)) {\r
+ ++count;\r
+ }\r
+ switch(count) {\r
+ case 0: nt = NsType.ROOT;break;\r
+ case 1: nt = NsType.COMPANY;break;\r
+ default: nt = NsType.APP;\r
+ }\r
+ }\r
+ namespace.type = nt.type;\r
+ \r
+ return Result.ok(namespace);\r
+ }\r
+\r
+ @Override\r
+ public Result<Nss> nss(AuthzTrans trans, Namespace from, Nss to) {\r
+ List<Ns> nss = to.getNs();\r
+ Ns ns = new Ns();\r
+ ns.setName(from.name);\r
+ if(from.admin!=null)ns.getAdmin().addAll(from.admin);\r
+ if(from.owner!=null)ns.getResponsible().addAll(from.owner);\r
+ if(from.attrib!=null) {\r
+ for(Pair<String,String> attrib : from.attrib) {\r
+ Attrib toAttrib = new Attrib();\r
+ toAttrib.setKey(attrib.x);\r
+ toAttrib.setValue(attrib.y);\r
+ ns.getAttrib().add(toAttrib);\r
+ }\r
+ }\r
+\r
+ ns.setDescription(from.description);\r
+ nss.add(ns);\r
+ return Result.ok(to);\r
+ }\r
+\r
+ /**\r
+ * Note: Prevalidate if NS given is allowed to be seen before calling\r
+ */\r
+ @Override\r
+ public Result<Nss> nss(AuthzTrans trans, Collection<Namespace> from, Nss to) {\r
+ List<Ns> nss = to.getNs();\r
+ for(Namespace nd : from) {\r
+ Ns ns = new Ns();\r
+ ns.setName(nd.name);\r
+ ns.getAdmin().addAll(nd.admin);\r
+ ns.getResponsible().addAll(nd.owner);\r
+ ns.setDescription(nd.description);\r
+ if(nd.attrib!=null) {\r
+ for(Pair<String,String> attrib : nd.attrib) {\r
+ Attrib toAttrib = new Attrib();\r
+ toAttrib.setKey(attrib.x);\r
+ toAttrib.setValue(attrib.y);\r
+ ns.getAttrib().add(toAttrib);\r
+ }\r
+ }\r
+\r
+ nss.add(ns);\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+\r
+ @Override\r
+ public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, boolean filter) {\r
+ List<Perm> perms = to.getPerm();\r
+ TimeTaken tt = trans.start("Filter Perms before return", Env.SUB);\r
+ try {\r
+ if(from!=null) {\r
+ for (PermDAO.Data data : from) {\r
+ if(!filter || q.mayUser(trans, trans.user(), data, Access.read).isOK()) {\r
+ Perm perm = new Perm();\r
+ perm.setType(data.fullType());\r
+ perm.setInstance(data.instance);\r
+ perm.setAction(data.action);\r
+ for(String role : data.roles(false)) {\r
+ perm.getRoles().add(role);\r
+ }\r
+ perm.setDescription(data.description);\r
+ perms.add(perm);\r
+ }\r
+ }\r
+ }\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ \r
+ tt = trans.start("Sort Perms", Env.SUB);\r
+ try {\r
+ Collections.sort(perms, new Comparator<Perm>() {\r
+ @Override\r
+ public int compare(Perm perm1, Perm perm2) {\r
+ int typeCompare = perm1.getType().compareToIgnoreCase(perm2.getType());\r
+ if (typeCompare == 0) {\r
+ int instanceCompare = perm1.getInstance().compareToIgnoreCase(perm2.getInstance());\r
+ if (instanceCompare == 0) {\r
+ return perm1.getAction().compareToIgnoreCase(perm2.getAction());\r
+ }\r
+ return instanceCompare;\r
+ }\r
+ return typeCompare;\r
+ } \r
+ });\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+ \r
+ @Override\r
+ public Result<List<PermDAO.Data>> perms(AuthzTrans trans, Perms perms) {\r
+ List<PermDAO.Data> lpd = new ArrayList<PermDAO.Data>();\r
+ for (Perm p : perms.getPerm()) {\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());\r
+ PermDAO.Data pd = new PermDAO.Data();\r
+ if(nss.isOK()) { \r
+ pd.ns=nss.value.ns;\r
+ pd.type = nss.value.name;\r
+ pd.instance = p.getInstance();\r
+ pd.action = p.getAction();\r
+ for (String role : p.getRoles())\r
+ pd.roles(true).add(role);\r
+ lpd.add(pd);\r
+ } else {\r
+ return Result.err(nss);\r
+ }\r
+ }\r
+ return Result.ok(lpd);\r
+ }\r
+\r
+ @Override\r
+ public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {\r
+ return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());\r
+ }\r
+ \r
+ @Override\r
+ public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {\r
+ RolePermRequest from = (RolePermRequest)req;\r
+ Pkey perm = from.getPerm();\r
+ if(perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());\r
+ PermDAO.Data pd = new PermDAO.Data();\r
+ if(nss.isOK()) { \r
+ pd.ns=nss.value.ns;\r
+ pd.type = nss.value.name;\r
+ pd.instance = from.getPerm().getInstance();\r
+ pd.action = from.getPerm().getAction();\r
+ trans.checkpoint(pd.fullPerm(), Env.ALWAYS);\r
+ \r
+ String[] roles = {};\r
+ \r
+ if (from.getRole() != null) {\r
+ roles = from.getRole().split(",");\r
+ }\r
+ for (String role : roles) { \r
+ pd.roles(true).add(role);\r
+ }\r
+ return Result.ok(pd);\r
+ } else {\r
+ return Result.err(nss);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {\r
+ RolePermRequest from = (RolePermRequest)req;\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());\r
+ RoleDAO.Data rd = new RoleDAO.Data();\r
+ if(nss.isOK()) { \r
+ rd.ns = nss.value.ns;\r
+ rd.name = nss.value.name;\r
+ trans.checkpoint(rd.fullName(), Env.ALWAYS);\r
+ return Result.ok(rd);\r
+ } else {\r
+ return Result.err(nss);\r
+ }\r
+ }\r
+ \r
+ @Override\r
+ public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {\r
+ PermRequest from = (PermRequest)req;\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());\r
+ PermDAO.Data pd = new PermDAO.Data();\r
+ if(nss.isOK()) { \r
+ pd.ns=nss.value.ns;\r
+ pd.type = nss.value.name;\r
+ pd.instance = from.getInstance();\r
+ pd.action = from.getAction();\r
+ pd.description = from.getDescription();\r
+ trans.checkpoint(pd.fullPerm(), Env.ALWAYS);\r
+ return Result.ok(pd);\r
+ } else {\r
+ return Result.err(nss);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<RoleDAO.Data> role(AuthzTrans trans, Request base) {\r
+ RoleRequest from = (RoleRequest)base;\r
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getName());\r
+ if(nss.isOK()) {\r
+ RoleDAO.Data to = new RoleDAO.Data();\r
+ to.ns = nss.value.ns;\r
+ to.name = nss.value.name;\r
+ to.description = from.getDescription();\r
+ trans.checkpoint(to.fullName(), Env.ALWAYS);\r
+\r
+ return Result.ok(to);\r
+ } else {\r
+ return Result.err(nss);\r
+ }\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.mapper.Mapper#roles(java.util.List)\r
+ */\r
+ @Override\r
+ public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {\r
+ for(RoleDAO.Data frole : from) {\r
+ // Only Add Data to view if User is allowed to see this Role \r
+ //if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) {\r
+ if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {\r
+ Role role = new Role();\r
+ role.setName(frole.ns + '.' + frole.name);\r
+ role.setDescription(frole.description);\r
+ for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for\r
+ Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);\r
+ if(rpa.notOK()) return Result.err(rpa);\r
+ \r
+ String[] pa = rpa.value;\r
+ Pkey pKey = new Pkey();\r
+ pKey.setType(pa[0]+'.'+pa[1]);\r
+ pKey.setInstance(pa[2]);\r
+ pKey.setAction(pa[3]);\r
+ role.getPerms().add(pKey);\r
+ }\r
+ to.getRole().add(role);\r
+ }\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)\r
+ * \r
+ * Note: Prevalidate all data for permission to view\r
+ */\r
+ @Override\r
+ public Result<Users> users(AuthzTrans trans, Collection<UserRoleDAO.Data> from, Users to) {\r
+ List<User> cu = to.getUser();\r
+ for(UserRoleDAO.Data urd : from) {\r
+ User user = new User();\r
+ user.setId(urd.user);\r
+ user.setExpires(Chrono.timeStamp(urd.expires));\r
+ cu.add(user);\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+\r
+ /*\r
+ * (non-Javadoc)\r
+ * @see com.att.authz.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)\r
+ * \r
+ * Note: Prevalidate all data for permission to view\r
+ */\r
+ @Override\r
+ public Result<UserRoles> userRoles(AuthzTrans trans, Collection<UserRoleDAO.Data> from, UserRoles to) {\r
+ List<UserRole> cu = to.getUserRole();\r
+ for(UserRoleDAO.Data urd : from) {\r
+ UserRole ur = new UserRole();\r
+ ur.setUser(urd.user);\r
+ ur.setRole(urd.role);\r
+ ur.setExpires(Chrono.timeStamp(urd.expires));\r
+ cu.add(ur);\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+\r
+ /**\r
+ * \r
+ * @param base\r
+ * @param start\r
+ * @return\r
+ */\r
+ @Override\r
+ public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) {\r
+ try {\r
+ UserRoleRequest from = (UserRoleRequest)base;\r
+\r
+ // Setup UserRoleData, either for immediate placement, or for future\r
+ UserRoleDAO.Data to = new UserRoleDAO.Data();\r
+ if (from.getUser() != null) {\r
+ String user = from.getUser();\r
+ to.user = user;\r
+ }\r
+ if (from.getRole() != null) {\r
+ to.role(trans,q,from.getRole());\r
+ }\r
+ to.expires = getExpires(trans.org(),Expiration.UserInRole,base,from.getUser());\r
+ trans.checkpoint(to.toString(), Env.ALWAYS);\r
+\r
+ return Result.ok(to);\r
+ } catch (Exception t) {\r
+ return Result.err(Status.ERR_BadData,t.getMessage());\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<CredDAO.Data> cred(AuthzTrans trans, Request base, boolean requiresPass) {\r
+ CredRequest from = (CredRequest)base;\r
+ CredDAO.Data to = new CredDAO.Data();\r
+ to.id=from.getId();\r
+ to.ns = Question.domain2ns(to.id);\r
+ String passwd = from.getPassword();\r
+ if(requiresPass) {\r
+ String ok = trans.org().isValidPassword(to.id,passwd);\r
+ if(ok.length()>0) {\r
+ return Result.err(Status.ERR_BadData,ok);\r
+ }\r
+\r
+ } else {\r
+ to.type=0;\r
+ }\r
+ if(passwd != null) {\r
+ to.cred = ByteBuffer.wrap(passwd.getBytes());\r
+ to.type = CredDAO.RAW; \r
+ } else {\r
+ to.type = 0;\r
+ }\r
+ \r
+ // Note: Ensure requested EndDate created will match Organization Password Rules\r
+ // P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)\r
+ to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());\r
+ trans.checkpoint(to.id, Env.ALWAYS);\r
+\r
+ return Result.ok(to);\r
+ }\r
+ \r
+ @Override\r
+ public Result<Users> cred(List<CredDAO.Data> from, Users to) {\r
+ List<User> cu = to.getUser();\r
+ for(CredDAO.Data cred : from) {\r
+ User user = new User();\r
+ user.setId(cred.id);\r
+ user.setExpires(Chrono.timeStamp(cred.expires));\r
+ user.setType(cred.type);\r
+ cu.add(user);\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+ \r
+@Override\r
+ public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {\r
+ List<Cert> lc = to.getCert();\r
+ for(CertDAO.Data fcred : from) {\r
+ Cert cert = new Cert();\r
+ cert.setId(fcred.id);\r
+ cert.setX500(fcred.x500);\r
+ /**TODO - change Interface \r
+ * @deprecated */\r
+ cert.setFingerprint(fcred.serial.toByteArray());\r
+ lc.add(cert);\r
+ }\r
+ return Result.ok(to);\r
+ }\r
+\r
+ /**\r
+ * Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester\r
+ * is allowed to change this value directly\r
+ * \r
+ * Returning Result.OK means it should be done in the future.\r
+ * Returning Result.ACC_Now means to act on table change now.\r
+ */\r
+ @Override\r
+ public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from, \r
+ Bytification content, boolean enableApproval, Memo memo, MayChange mc) {\r
+ Result<?> rMayChange = mc.mayChange();\r
+ boolean needsAppr;\r
+ if(needsAppr = rMayChange.notOK()) {\r
+ if(enableApproval) {\r
+ if(!trans.futureRequested()) {\r
+ return Result.err(rMayChange);\r
+ }\r
+ } else {\r
+ return Result.err(rMayChange);\r
+ }\r
+ }\r
+ GregorianCalendar now = new GregorianCalendar(); \r
+ GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar();\r
+ \r
+ GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);\r
+ XMLGregorianCalendar xgc;\r
+ if((xgc=from.getEnd())!=null) {\r
+ GregorianCalendar fgc = xgc.toGregorianCalendar();\r
+ expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration\r
+ }\r
+ \r
+ //TODO needs two answers from this. What's the NSS, and may Change.\r
+ FutureDAO.Data fto;\r
+ if(start.after(now) || needsAppr ) {\r
+ //String user = trans.user();\r
+ fto = new FutureDAO.Data();\r
+ fto.target=table;\r
+ fto.memo = memo.get();\r
+ fto.start = start.getTime();\r
+ fto.expires = expires.getTime();\r
+ if(needsAppr) { // Need to add Approvers...\r
+ /*\r
+ Result<Data> rslt = mc.getNsd();\r
+ if(rslt.notOKorIsEmpty())return Result.err(rslt);\r
+ appr.addAll(mc.getNsd().value.responsible);\r
+ try {\r
+ //Note from 2013 Is this getting Approvers for user only? What about Delegates?\r
+ // 3/25/2014. Approvers are set by Corporate policy. We don't have to worry here about what that means.\r
+ // It is important to get Delegates, if necessary, at notification time\r
+ // If we add delegates now, it will get all confused as to who is actually responsible.\r
+ for(Organization.User ou : org.getApprovers(trans, user)) {\r
+ appr.add(ou.email);\r
+ }\r
+ } catch (Exception e) {\r
+ return Result.err(Status.ERR_Policy,org.getName() + " did not respond with Approvers: " + e.getLocalizedMessage());\r
+ }\r
+ */\r
+ }\r
+ try {\r
+ fto.construct = content.bytify();\r
+ } catch (Exception e) {\r
+ return Result.err(Status.ERR_BadData,"Data cannot be saved for Future.");\r
+ }\r
+ } else {\r
+ return Result.err(Status.ACC_Now, "Make Data changes now.");\r
+ }\r
+ return Result.ok(fto);\r
+ }\r
+\r
+\r
+ /* (non-Javadoc)\r
+ * @see com.att.authz.service.mapper.Mapper#history(java.util.List)\r
+ */\r
+ @Override\r
+ public Result<History> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort) {\r
+ History hist = new History();\r
+ List<Item> items = hist.getItem();\r
+ for(HistoryDAO.Data data : history) {\r
+ History.Item item = new History.Item();\r
+ item.setYYYYMM(Integer.toString(data.yr_mon));\r
+ Date date = Chrono.uuidToDate(data.id);\r
+ item.setTimestamp(Chrono.timeStamp(date));\r
+ item.setAction(data.action);\r
+ item.setMemo(data.memo);\r
+ item.setSubject(data.subject);\r
+ item.setTarget(data.target);\r
+ item.setUser(data.user);\r
+ items.add(item);\r
+ }\r
+ \r
+ if(sort != 0) {\r
+ TimeTaken tt = trans.start("Sort ", Env.SUB);\r
+ try {\r
+ java.util.Collections.sort(items, new Comparator<Item>() {\r
+ @Override\r
+ public int compare(Item o1, Item o2) {\r
+ return sort*(o1.getTimestamp().compare(o2.getTimestamp()));\r
+ }\r
+ });\r
+ } finally {\r
+ tt.done();\r
+ }\r
+ }\r
+ return Result.ok(hist);\r
+ }\r
+\r
+ @Override\r
+ public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {\r
+ Error err = new Error();\r
+ err.setMessageId(msgID);\r
+ // AT&T Restful Error Format requires numbers "%" placements\r
+ err.setText(Vars.convert(holder, text, var));\r
+ for(String s : var) {\r
+ err.getVariables().add(s);\r
+ }\r
+ return err;\r
+ }\r
+ \r
+ @Override\r
+ public Class<?> getClass(API api) {\r
+ switch(api) {\r
+ case NSS: return Nss.class;\r
+ case NS_REQ: return NsRequest.class;\r
+ case PERMS: return Perms.class;\r
+ case PERM_KEY: return PermKey.class;\r
+ case ROLES: return Roles.class;\r
+ case ROLE: return Role.class;\r
+ case USERS: return Users.class;\r
+ case DELGS: return Delgs.class;\r
+ case CERTS: return Certs.class;\r
+ case DELG_REQ: return DelgRequest.class;\r
+ case PERM_REQ: return PermRequest.class;\r
+ case ROLE_REQ: return RoleRequest.class;\r
+ case CRED_REQ: return CredRequest.class;\r
+ case USER_ROLE_REQ: return UserRoleRequest.class;\r
+ case USER_ROLES: return UserRoles.class;\r
+ case ROLE_PERM_REQ: return RolePermRequest.class;\r
+ case APPROVALS: return Approvals.class;\r
+ case KEYS: return Keys.class;\r
+ case HISTORY: return History.class;\r
+// case MODEL: return Model.class;\r
+ case ERROR: return Error.class;\r
+ case API: return Api.class;\r
+ case VOID: return Void.class;\r
+ }\r
+ return null;\r
+ }\r
+\r
+ @SuppressWarnings("unchecked")\r
+ @Override\r
+ public <A> A newInstance(API api) {\r
+ switch(api) {\r
+ case NS_REQ: return (A) new NsRequest();\r
+ case NSS: return (A) new Nss();\r
+ case PERMS: return (A)new Perms();\r
+ case PERM_KEY: return (A)new PermKey();\r
+ case ROLES: return (A)new Roles();\r
+ case ROLE: return (A)new Role();\r
+ case USERS: return (A)new Users();\r
+ case DELGS: return (A)new Delgs();\r
+ case CERTS: return (A)new Certs();\r
+ case PERM_REQ: return (A)new PermRequest();\r
+ case CRED_REQ: return (A)new CredRequest();\r
+ case ROLE_REQ: return (A)new RoleRequest();\r
+ case USER_ROLE_REQ: return (A)new UserRoleRequest();\r
+ case USER_ROLES: return (A)new UserRoles();\r
+ case ROLE_PERM_REQ: return (A)new RolePermRequest();\r
+ case HISTORY: return (A)new History();\r
+ case KEYS: return (A)new Keys();\r
+ //case MODEL: return (A)new Model();\r
+ case ERROR: return (A)new Error();\r
+ case API: return (A)new Api();\r
+ case VOID: return null;\r
+ \r
+ case APPROVALS: return (A) new Approvals();\r
+ case DELG_REQ: return (A) new DelgRequest();\r
+ }\r
+ return null;\r
+ }\r
+ \r
+ @SuppressWarnings("unchecked")\r
+ /**\r
+ * Get Typed Marshaler as they are defined\r
+ * \r
+ * @param api\r
+ * @return\r
+ */\r
+ public <A> Marshal<A> getMarshal(API api) {\r
+ switch(api) {\r
+ case CERTS: return (Marshal<A>) new CertsMarshal();\r
+ default:\r
+ return null;\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public Result<Approvals> approvals(List<ApprovalDAO.Data> lAppr) {\r
+ Approvals apprs = new Approvals();\r
+ List<Approval> lappr = apprs.getApprovals();\r
+ Approval a;\r
+ for(ApprovalDAO.Data appr : lAppr) {\r
+ a = new Approval();\r
+ a.setId(appr.id.toString());\r
+ a.setTicket(appr.ticket.toString());\r
+ a.setUser(appr.user);\r
+ a.setApprover(appr.approver);\r
+ a.setType(appr.type);\r
+ a.setStatus(appr.status);\r
+ a.setMemo(appr.memo);\r
+ a.setOperation(appr.operation);\r
+ a.setUpdated(Chrono.timeStamp(appr.updated));\r
+ lappr.add(a);\r
+ }\r
+ return Result.ok(apprs);\r
+ }\r
+ \r
+ @Override\r
+ public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {\r
+ List<ApprovalDAO.Data> lappr = new ArrayList<ApprovalDAO.Data>();\r
+ for(Approval a : apprs.getApprovals()) {\r
+ ApprovalDAO.Data ad = new ApprovalDAO.Data();\r
+ String str = a.getId();\r
+ if(str!=null)ad.id=UUID.fromString(str);\r
+ str = a.getTicket();\r
+ if(str!=null)ad.ticket=UUID.fromString(str);\r
+ ad.user=a.getUser();\r
+ ad.approver=a.getApprover();\r
+ ad.type=a.getType();\r
+ ad.status=a.getStatus();\r
+ ad.operation=a.getOperation();\r
+ ad.memo=a.getMemo();\r
+ \r
+ XMLGregorianCalendar xgc = a.getUpdated();\r
+ if(xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();\r
+ lappr.add(ad);\r
+ }\r
+ return Result.ok(lappr);\r
+ }\r
+\r
+ @Override\r
+ public Result<Delgs> delegate(List<DelegateDAO.Data> lDelg) {\r
+ Delgs delgs = new Delgs();\r
+ List<Delg> ldelg = delgs.getDelgs();\r
+ Delg d;\r
+ for(DelegateDAO.Data del: lDelg) {\r
+ d = new Delg();\r
+ d.setUser(del.user);\r
+ d.setDelegate(del.delegate);\r
+ if(del.expires!=null)d.setExpires(Chrono.timeStamp(del.expires));\r
+ ldelg.add(d);\r
+ }\r
+ return Result.ok(delgs);\r
+ }\r
+\r
+ @Override\r
+ public Result<Data> delegate(AuthzTrans trans, Request base) {\r
+ try {\r
+ DelgRequest from = (DelgRequest)base;\r
+ DelegateDAO.Data to = new DelegateDAO.Data();\r
+ String user = from.getUser();\r
+ to.user = user;\r
+ String delegate = from.getDelegate();\r
+ to.delegate = delegate;\r
+ to.expires = getExpires(trans.org(),Expiration.UserDelegate,base,from.getUser());\r
+ trans.checkpoint(to.user+"=>"+to.delegate, Env.ALWAYS);\r
+\r
+ return Result.ok(to);\r
+ } catch (Exception t) {\r
+ return Result.err(Status.ERR_BadData,t.getMessage());\r
+ }\r
+ }\r
+\r
+ /*\r
+ * We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever\r
+ * the date is created from.\r
+ */ \r
+ private Date getExpires(Organization org, Expiration exp, Request base, String id) {\r
+ XMLGregorianCalendar end = base.getEnd();\r
+ GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();\r
+ GregorianCalendar orggc;\r
+ orggc = org.expiration(gc,exp,id); \r
+\r
+ // We'll choose the lesser of dates to ensure Policy Compliance...\r
+ \r
+ GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;\r
+ // Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.\r
+ endgc = Chrono.firstMomentOfDay(endgc);\r
+ endgc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay());\r
+ return endgc.getTime();\r
+ }\r
+\r
+\r
+ @Override\r
+ public Result<Keys> keys(Collection<String> from) {\r
+ Keys keys = new Keys();\r
+ keys.getKey().addAll(from);\r
+ return Result.ok(keys).emptyList(from.isEmpty());\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.validation;\r
+\r
+import java.util.regex.Pattern;\r
+\r
+import com.att.authz.cadi.DirectAAFLur.PermPermission;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Organization;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+\r
+/**\r
+ * Validator\r
+ * Consistently apply content rules for content (incoming)\r
+ * \r
+ * Note: We restrict content for usability in URLs (because RESTful service), and avoid \r
+ * issues with Regular Expressions, and other enabling technologies. \r
+ *\r
+ */\r
+public class Validator {\r
+ // % () ,-. 0-9 =A-Z _a-z\r
+ private static final String ESSENTIAL="\\x25\\x28\\x29\\x2C-\\x2E\\x30-\\x39\\x3D\\x40-\\x5A\\x5F\\x61-\\x7A";\r
+ private static final Pattern ESSENTIAL_CHARS=Pattern.compile("["+ESSENTIAL+"]+");\r
+ \r
+ // Must be 1 or more of Alphanumeric or the following :._-\r
+ // '*' only allowed when it is the only character, or the only element in a key separator\r
+ // :* :hello:* :hello:*:there etc\r
+ public static final Pattern ACTION_CHARS=Pattern.compile(\r
+ "["+ESSENTIAL+"]+" + // All AlphaNumeric+\r
+ "|\\*" // Just Star\r
+ );\r
+\r
+ public static final Pattern INST_CHARS=Pattern.compile(\r
+ "["+ESSENTIAL+"]+[\\*]*" + // All AlphaNumeric+ possibly ending with *\r
+ "|\\*" + // Just Star\r
+ "|(([:/]\\*)|([:/][!]{0,1}["+ESSENTIAL+"]+[\\*]*[:/]*))+" // Key :asdf:*:sdf*:sdk\r
+ );\r
+ \r
+ // Must be 1 or more of Alphanumeric or the following ._-, and be in the form id@domain\r
+ public static final Pattern ID_CHARS=Pattern.compile("[\\w.-]+@[\\w.-]+");\r
+ // Must be 1 or more of Alphanumeric or the following ._-\r
+ public static final Pattern NAME_CHARS=Pattern.compile("[\\w.-]+");\r
+ \r
+ private final Pattern actionChars;\r
+ private final Pattern instChars;\r
+ private StringBuilder msgs;\r
+\r
+ /**\r
+ * Default Validator does not check for non-standard Action/Inst chars\r
+ * \r
+ * \r
+ * IMPORTANT: Use ONLY when the Validator is doing something simple... NullOrBlank\r
+ */\r
+ public Validator() {\r
+ actionChars = ACTION_CHARS;\r
+ instChars = INST_CHARS;\r
+ }\r
+ \r
+ /**\r
+ * When Trans is passed in, check for non-standard Action/Inst chars\r
+ * \r
+ * This is an opportunity to change characters, if required.\r
+ * \r
+ * Use for any Object method passed (i.e. role(RoleDAO.Data d) ), to ensure fewer bugs.\r
+ * \r
+ * @param trans\r
+ */\r
+ public Validator(AuthzTrans trans) {\r
+ actionChars = ACTION_CHARS;\r
+ instChars = INST_CHARS;\r
+ }\r
+\r
+\r
+ public Validator perm(Result<PermDAO.Data> rpd) {\r
+ if(rpd.notOK()) {\r
+ msg(rpd.details);\r
+ } else {\r
+ perm(rpd.value);\r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+ public Validator perm(PermDAO.Data pd) {\r
+ if(pd==null) {\r
+ msg("Perm Data is null.");\r
+ } else {\r
+ ns(pd.ns);\r
+ permType(pd.type,pd.ns);\r
+ permInstance(pd.instance);\r
+ permAction(pd.action);\r
+ if(pd.roles!=null) { \r
+ for(String role : pd.roles) {\r
+ role(role);\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator role(Result<RoleDAO.Data> rrd) {\r
+ if(rrd.notOK()) {\r
+ msg(rrd.details);\r
+ } else {\r
+ role(rrd.value);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator role(RoleDAO.Data pd) {\r
+ if(pd==null) {\r
+ msg("Role Data is null.");\r
+ } else {\r
+ ns(pd.ns);\r
+ role(pd.name);\r
+ if(pd.perms!=null) {\r
+ for(String perm : pd.perms) {\r
+ String[] ps = perm.split("\\|");\r
+ if(ps.length!=3) {\r
+ msg("Perm [" + perm + "] in Role [" + pd.fullName() + "] is not correctly separated with '|'");\r
+ } else {\r
+ permType(ps[0],null);\r
+ permInstance(ps[1]);\r
+ permAction(ps[2]);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator delegate(Organization org, Result<DelegateDAO.Data> rdd) {\r
+ if(rdd.notOK()) {\r
+ msg(rdd.details);\r
+ } else {\r
+ delegate(org, rdd.value);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator delegate(Organization org, DelegateDAO.Data dd) {\r
+ if(dd==null) {\r
+ msg("Delegate Data is null.");\r
+ } else {\r
+ user(org,dd.user);\r
+ user(org,dd.delegate);\r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+ public Validator cred(Organization org, Result<CredDAO.Data> rcd, boolean isNew) {\r
+ if(rcd.notOK()) {\r
+ msg(rcd.details);\r
+ } else {\r
+ cred(org,rcd.value,isNew);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator cred(Organization org, CredDAO.Data cd, boolean isNew) {\r
+ if(cd==null) {\r
+ msg("Cred Data is null.");\r
+ } else {\r
+ if(nob(cd.id,ID_CHARS)) {\r
+ msg("ID [" + cd.id + "] is invalid");\r
+ }\r
+ if(!org.isValidCred(cd.id)) {\r
+ msg("ID [" + cd.id + "] is invalid for a cred");\r
+ }\r
+ String str = cd.id;\r
+ int idx = str.indexOf('@');\r
+ if(idx>0) {\r
+ str = str.substring(0,idx);\r
+ }\r
+ \r
+ if(cd.id.endsWith(org.getRealm())) {\r
+ if(isNew && (str=org.isValidID(str)).length()>0) {\r
+ msg(cd.id,str);\r
+ }\r
+ }\r
+ \r
+ if(cd.type==null) {\r
+ msg("Credential Type must be set");\r
+ } else {\r
+ switch(cd.type) {\r
+ case CredDAO.BASIC_AUTH_SHA256:\r
+ // ok\r
+ break;\r
+ default:\r
+ msg("Credential Type [",Integer.toString(cd.type),"] is invalid");\r
+ }\r
+ }\r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+ public Validator user(Organization org, String user) {\r
+ if(nob(user,ID_CHARS)) {\r
+ msg("User [",user,"] is invalid.");\r
+ }\r
+ //TODO Change when Multi-Org solution is created\r
+// if(org instanceof ATT) {\r
+// if(!user.endsWith("@csp.att.com") &&\r
+// !org.isValidCred(user)) \r
+// msg("User [",user,"] is not valid ID for Credential in ",org.getRealm());\r
+// }\r
+ return this;\r
+ }\r
+\r
+ public Validator ns(Result<Namespace> nsd) {\r
+ notOK(nsd);\r
+ ns(nsd.value.name);\r
+ for(String s : nsd.value.admin) {\r
+ if(nob(s,ID_CHARS)) {\r
+ msg("Admin [" + s + "] is invalid."); \r
+ }\r
+ \r
+ }\r
+ for(String s : nsd.value.owner) {\r
+ if(nob(s,ID_CHARS)) {\r
+ msg("Responsible [" + s + "] is invalid."); \r
+ }\r
+ \r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+ public Validator ns(String ns) {\r
+ if(nob(ns,NAME_CHARS)){\r
+ msg("NS [" + ns + "] is invalid.");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public String errs() {\r
+ return msgs.toString();\r
+ }\r
+\r
+\r
+ public Validator permType(String type, String ns) {\r
+ // TODO check for correct Splits? Type|Instance|Action ?\r
+ if(nob(type,NAME_CHARS)) {\r
+ msg("Perm Type [" + (ns==null?"":ns+(type.length()==0?"":'.'))+type + "] is invalid.");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator permInstance(String instance) {\r
+ // TODO check for correct Splits? Type|Instance|Action ?\r
+ if(nob(instance,instChars)) {\r
+ msg("Perm Instance [" + instance + "] is invalid.");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator permAction(String action) {\r
+ // TODO check for correct Splits? Type|Instance|Action ?\r
+ if(nob(action, actionChars)) {\r
+ msg("Perm Action [" + action + "] is invalid.");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator role(String role) {\r
+ if(nob(role, NAME_CHARS)) {\r
+ msg("Role [" + role + "] is invalid.");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator user_role(UserRoleDAO.Data urdd) {\r
+ if(urdd==null) {\r
+ msg("UserRole is null");\r
+ } else {\r
+ role(urdd.role);\r
+ nullOrBlank("UserRole.ns",urdd.ns);\r
+ nullOrBlank("UserRole.rname",urdd.rname);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator nullOrBlank(String name, String str) {\r
+ if(str==null) {\r
+ msg(name + " is null.");\r
+ } else if(str.length()==0) {\r
+ msg(name + " is blank.");\r
+ }\r
+ return this;\r
+ }\r
+ \r
+ public Validator nullOrBlank(PermDAO.Data pd) {\r
+ if(pd==null) {\r
+ msg("Permission is null");\r
+ } else {\r
+ nullOrBlank("NS",pd.ns).\r
+ nullOrBlank("Type",pd.type).\r
+ nullOrBlank("Instance",pd.instance).\r
+ nullOrBlank("Action",pd.action);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator nullOrBlank(RoleDAO.Data rd) {\r
+ if(rd==null) {\r
+ msg("Role is null");\r
+ } else {\r
+ nullOrBlank("NS",rd.ns).\r
+ nullOrBlank("Name",rd.name);\r
+ }\r
+ return this;\r
+ }\r
+\r
+ // nob = Null Or Not match Pattern\r
+ private boolean nob(String str, Pattern p) {\r
+ return str==null || !p.matcher(str).matches(); \r
+ }\r
+\r
+ private void msg(String ... strs) {\r
+ if(msgs==null) {\r
+ msgs=new StringBuilder();\r
+ }\r
+ for(String str : strs) {\r
+ msgs.append(str);\r
+ }\r
+ msgs.append('\n');\r
+ }\r
+ \r
+ public boolean err() {\r
+ return msgs!=null;\r
+ }\r
+\r
+\r
+ public Validator notOK(Result<?> res) {\r
+ if(res==null) {\r
+ msgs.append("Result object is blank");\r
+ } else if(res.notOK()) {\r
+ msgs.append(res.getClass().getSimpleName() + " is not OK");\r
+ }\r
+ return this;\r
+ }\r
+\r
+ public Validator key(String key) {\r
+ if(nob(key,NAME_CHARS)) {\r
+ msg("NS Prop Key [" + key + "] is invalid");\r
+ }\r
+ return this;\r
+ }\r
+ \r
+ public Validator value(String value) {\r
+ if(nob(value,ESSENTIAL_CHARS)) {\r
+ msg("NS Prop value [" + value + "] is invalid");\r
+ }\r
+ return this;\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+##
+## AUTHZ API (authz-service) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+##DME2 related parameters
+
+DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_SERVICE_PORT_RANGE_
+
+
+CACHE_HIGH_COUNT=20000
+CACHE_CLEAN_INTERVAL=60000
\ No newline at end of file
--- /dev/null
+DIR=`pwd`
+DME2REG=$DIR/../dme2reg
+CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar
+
+java -cp $CLASSPATH \
+ -Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props \
+ -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \
+ com.att.cmd.AAFcli $*
+
--- /dev/null
+USE authz;
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+
+// Create 'com' root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com',1,'Root Namespace',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','admin',{'com.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','owner',{'com.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
+
+// Create org root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org',1,'Root Namespace Org',null,1);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
+
+
+// Create com.att
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att',2,'AT&T Namespace','com',2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
+
+// Create com.att.aaf
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
+
+
+// Create org.openecomp
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
+
+// Create org.openecomp.dmaapBC
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
+
+//INSERT INTO role(ns, name, perms, description)
+// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
--- /dev/null
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
--- /dev/null
+// For Developer Machine single instance
+//
+CREATE KEYSPACE authz
+WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+//
+// From Ravi, 6-17-2014. User for DEVL->TEST
+//
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
+//
+// PROD
+//
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
+//
+// create user authz with password '<AUTHZ PASSWORD>' superuser;
+// grant all on keyspace authz to authz;
+//
+// For TEST (aaf_test)
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
+//
+// DEVL
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
+//
+// TEST / PERF
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
+//
+// IST
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
+// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
+//
+// with 6 localized with ccm
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+//
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy. Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+ name varchar,
+ scope int, // deprecated 2.0.11
+ description varchar,
+ parent varchar,
+ type int,
+ PRIMARY KEY (name)
+);
+CREATE INDEX ns_parent on ns(parent);
+
+
+// Oct 2015, not performant. Made Owner and Attrib first class Roles,
+// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
+// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder)
+// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces
+// as having certain tools, like SWM, etc.
+CREATE TABLE ns_attrib (
+ ns varchar,
+ key varchar,
+ value varchar,
+ PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+ ns varchar,
+ name varchar,
+ perms set<varchar>, // Use "Key" of "name|type|action"
+ description varchar,
+ PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name ON role(name);
+
+// Will be cached
+CREATE TABLE perm (
+ ns varchar,
+ type varchar,
+ instance varchar,
+ action varchar,
+ roles set<varchar>, // Need to find Roles given Permissions
+ description varchar,
+ PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+ user varchar,
+ role varchar, // deprecated: change to ns/rname after 2.0.11
+ ns varchar,
+ rname varchar,
+ expires timestamp,
+ PRIMARY KEY(user,role)
+ );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+ id varchar,
+ type int,
+ expires timestamp,
+ ns varchar,
+ other int,
+ notes varchar,
+ cred blob,
+ prev blob,
+ PRIMARY KEY (id,type,expires)
+ );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+// coordinated with CRED type 2
+CREATE TABLE cert (
+ fingerprint blob,
+ id varchar,
+ x500 varchar,
+ expires timestamp,
+ PRIMARY KEY (fingerprint)
+ );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
+ PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+ ca text,
+ serial blob,
+ id text,
+ x500 text,
+ x509 text,
+ PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+//
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+ mechid text,
+ machine text,
+ type Set<text>,
+ sponsor text,
+ ca text,
+ dir text,
+ appName text,
+ os_user text,
+ notify text,
+ expires timestamp,
+ renewDays int,
+ PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine);
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+ name varchar,
+ seg int, // cache Segment
+ touched timestamp,
+ PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+ id timeuuid,
+ yr_mon int,
+ user varchar,
+ action varchar,
+ target varchar, // user, user_role,
+ subject varchar, // field for searching main portion of target key
+ memo varchar, //description of the action
+ reconstruct blob, //serialized form of the target
+ // detail Map<varchar, varchar>, // additional information
+ PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user);
+CREATE INDEX history_subject ON history(subject);
+
+//
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+ id uuid, // uniquify
+ target varchar, // Target Table
+ memo varchar, // Description
+ start timestamp, // When it should take effect
+ expires timestamp, // When not longer valid
+ construct blob, // How to construct this object (like History)
+ PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+ id timeuuid, // unique Key
+ ticket uuid, // Link to Future Record
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE delegate (
+ user varchar,
+ delegate varchar,
+ expires timestamp,
+ PRIMARY KEY (user)
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+ class text,
+ host text,
+ start timestamp,
+ PRIMARY KEY ((class))
+);
--- /dev/null
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
+m99751|ID of AAF|||||a|bdevl
+m99501|ID of AAF|||||a|bdevl
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+version: '2'\r
+services:\r
+ aaf_container:\r
+ image: attos/aaf\r
+ ports:\r
+ - "8101:8101"\r
+\r
+ links:\r
+ - cassandra_container\r
+ volumes:\r
+ # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props\r
+ - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh\r
+ - ./data2:/data\r
+ - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh\r
+ # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props\r
+ # - ./cadi-core-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-1.3.0.jar\r
+ # - ./cadi-aaf-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-1.3.0.jar\r
+ # - ./cadi-client-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-1.3.0.jar\r
+ # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar\r
+ # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar\r
+ entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]\r
+ environment:\r
+ - CASSANDRA_CLUSTER=cassandra_container\r
+ \r
+\r
+ cassandra_container:\r
+ image: cassandra:2.1.16\r
+ ports:\r
+ - "7000:7000"\r
+ - "7001:7001"\r
+ - "9042:9042"\r
+ - "9160:9160"\r
+ volumes:\r
+ - ./data:/data\r
+ - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh\r
+ entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]\r
--- /dev/null
+#!/bin/sh
+
+DIR=`pwd`
+#DME2REG=$DIR/../dme2reg
+DME2REG=/opt/dme2reg
+#CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar
+CLASSPATH=/opt/app/aaf/authz-service/2.0.15/etc:/opt/app/aaf/authz-service/2.0.15/lib/authz-cmd-2.0.15-jar-with-dependencies.jar
+#java -cp $CLASSPATH -Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.cmd.AAFcli $*
+java -cp $CLASSPATH -Dcadi_prop_files=/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.cmd.AAFcli $*
--- /dev/null
+# lji: this startup file shadows the existing extry point startup.sh file of the container
+# because we need to pass in the cassandra cluster location
+
+LIB=/opt/app/aaf/authz-service/2.0.15/lib
+
+ETC=/opt/app/aaf/authz-service/2.0.15/etc
+DME2REG=/opt/dme2reg
+
+echo "this is LIB" $LIB
+echo "this is ETC" $ETC
+echo "this is DME2REG" $DME2REG
+
+CLASSPATH=$ETC
+for FILE in `find $LIB -name *.jar`; do
+ CLASSPATH=$CLASSPATH:$FILE
+done
+
+FILEPATHS="/opt/app/aaf/common/com.osaaf.common.props /opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props"
+for FILEPATH in $FILEPATHS:
+do
+ if [ -e ${FILEPATH} ]; then
+ if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then
+ echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH;
+ fi
+ fi
+done
+
+
+java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.authz.service.AuthAPI
+
+# keet it running so we can check fs
+while sleep 2; do echo thinking; done
--- /dev/null
+net.ipv6.conf.all.disable_ipv6=1
+net.ipv6.conf.default.disable_ipv6=1
+net.ipv6.conf.lol.disable_ipv6=1
--- /dev/null
+#!/bin/bash
+
+set -e
+
+host="$1"
+port="$2"
+shift
+shift
+cmd="$@"
+
+until echo > /dev/tcp/${host}/${port} ; do
+ >&2 echo "${host}:${port} is unavailable - sleeping"
+ sleep 1
+done
+
+>&2 echo "${host}:${port} is up - executing command"
+exec $cmd
--- /dev/null
+##
+## AUTHZ API (authz-service) Properties
+##
+
+# Standard AFT for THIS box, and THIS box is in St Louis. Put your own LAT/LONG in here. Use "bing.com/maps" or
+# SWMTools (geoloc for DataCenters) to get YOURs
+
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=AFTUAT
+DEPLOYED_VERSION=2.0.SAMPLE
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE
+
+#DME2 can limit Port Ranges with the following:
+# AFT_DME2_PORT_RANGE=8101-8029,8100
+# Leaving both unset makes DME2 picks any unused port in +1024 range (Ephemeral)
+# AFT_DME2_PORT=0
+AFT_DME2_ALLOW_PORT_CACHING=false
+
+# Point to "Common" files, used between all the AAF Services. ...
+cadi_prop_files=../opt/app/aaf/common/com.osaaf.common.props;../opt/app/aaf/common/com.osaaf.props
+
+CACHE_HIGH_COUNT=40000
+CACHE_CLEAN_INTERVAL=60000
+
+
+
+
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+#\r
+# Licensed to the Apache Software Foundation (ASF) under one\r
+# or more contributor license agreements. See the NOTICE file\r
+# distributed with this work for additional information\r
+# regarding copyright ownership. The ASF licenses this file\r
+# to you under the Apache License, Version 2.0 (the\r
+# "License"); you may not use this file except in compliance\r
+# with the License. You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing,\r
+# software distributed under the License is distributed on an\r
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
+# KIND, either express or implied. See the License for the\r
+# specific language governing permissions and limitations\r
+# under the License.\r
+#\r
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.INIT.File=logs/${LOG4J_FILENAME_init}\r
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.INIT.MaxFileSize=10000KB\r
+#log4j.appender.INIT.MaxBackupIndex=7\r
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.SRVR.File=logs/${LOG4J_FILENAME_authz}\r
+log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.SRVR.MaxFileSize=10000KB\r
+#log4j.appender.SRVR.MaxBackupIndex=7\r
+log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n\r
+\r
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.AUDIT.File=logs/${LOG4J_FILENAME_audit}\r
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd\r
+#log4j.appender.AUDIT.MaxFileSize=10000KB\r
+#log4j.appender.AUDIT.MaxBackupIndex=7\r
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.TRACE=org.apache.log4j.DailyRollingFileAppender\r
+log4j.appender.TRACE.File=logs/${LOG4J_FILENAME_trace}\r
+log4j.appender.TRACE.DatePattern='.'yyyy-MM-dd\r
+log4j.appender.TRACE.MaxFileSize=10000KB\r
+log4j.appender.TRACE.MaxBackupIndex=7\r
+log4j.appender.TRACE.layout=org.apache.log4j.PatternLayout \r
+log4j.appender.TRACE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n\r
+\r
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
+log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n\r
+\r
+# General Apache libraries\r
+log4j.rootLogger=WARN\r
+log4j.logger.org.apache=WARN,INIT\r
+log4j.logger.dme2=WARN,INIT\r
+log4j.logger.init=WARN,stdout,INIT\r
+log4j.logger.authz=WARN,stdout,SRVR\r
+log4j.logger.audit=WARN,AUDIT\r
+log4j.logger.trace=TRACE,TRACE\r
+\r
--- /dev/null
+#!/bin/sh\r
+##############################################################################\r
+# - Copyright 2012, 2016 AT&T Intellectual Properties\r
+##############################################################################
+umask 022\r
+ROOT_DIR=${INSTALL_ROOT}/${distFilesRootDirPath}\r
+\r
+# Grab the IID of all resources running under the name and same version(s) we're working on and stop those instances\r
+${LRM_HOME}/bin/lrmcli -running | \\r
+ grep ${artifactId} | \\r
+ grep ${version} | \\r
+ cut -f1 | \\r
+while read _iid\r
+do\r
+ if [ -n "${_iid}" ]; then\r
+ ${LRM_HOME}/bin/lrmcli -shutdown -iid ${_iid} | grep SUCCESS\r
+ if [ $? -ne 0 ]; then\r
+ echo "$LRMID-{_iid} Shutdown failed"\r
+ fi\r
+ fi\r
+done\r
+ \r
+# Grab the resources configured under the name and same version we're working on and delete those instances\r
+${LRM_HOME}/bin/lrmcli -configured | \\r
+ grep ${artifactId} | \\r
+ grep ${version} | \\r
+ cut -f1,2,3 | \\r
+while read _name _version _routeoffer\r
+do\r
+ if [ -n "${_name}" ]; then\r
+ ${LRM_HOME}/bin/lrmcli -delete -name ${_name} -version ${_version} -routeoffer ${_routeoffer} | grep SUCCESS\r
+ if [ $? -ne 0 ]; then\r
+ echo "${_version} Delete failed"\r
+ fi\r
+ fi\r
+done \r
+\r
+rm -rf ${ROOT_DIR}\r
+\r
+exit 0\r
--- /dev/null
+#!/bin/sh
+##############################################################################
+# AAF Installs
+# - Copyright 2015, 2016 AT&T Intellectual Properties
+##############################################################################
+umask 022
+ROOT_DIR=${INSTALL_ROOT}${distFilesRootDirPath}
+COMMON_DIR=${INSTALL_ROOT}${distFilesRootDirPath}/../../common
+LRM_XML=${ROOT_DIR}/etc/lrm-${artifactId}.xml
+LOGGING_PROP_FILE=${ROOT_DIR}/etc/log4j.properties
+LOGGER_PROP_FILE=${ROOT_DIR}/etc/logging.props
+AAFLOGIN=${ROOT_DIR}/bin/aaflogin
+JAVA_HOME=/opt/java/jdk/jdk180
+JAVA=$JAVA_HOME/bin/java
+CADI_JAR=`ls $ROOT_DIR/lib/cadi-core*.jar`
+
+cd ${ROOT_DIR}
+
+mkdir -p logs || fail 1 "Error on creating the logs directory."
+mkdir -p back || fail 1 "Error on creating the back directory."
+chmod 777 back || fail 1 "Error on creating the back directory."
+
+#
+# Some Functions that Vastly cleanup this install file...
+# You wouldn't believe how ugly it was before. Unreadable... JG
+#
+fail() {
+ rc=$1
+ shift;
+ echo "ERROR: $@"
+ exit $rc
+}
+
+#
+# Set the "SED" replacement for this Variable. Error if missing
+# Note that Variable in the Template is surrounded by "_" i.e. _ROOT_DIR_
+# Replacement Name
+# Value
+#
+required() {
+ if [ -z "$2" ]; then
+ ERRS+="\n\t$1 must be set for this installation"
+ fi
+ SED_E+=" -e s|$1|$2|g"
+}
+
+#
+# Set the "SED" replacement for this Variable. Use Default (3rd parm) if missing
+# Note that Variable in the Template is surrounded by "_" i.e. _ROOT_DIR_
+# Replacement Name
+# Value
+# Default Value
+#
+default() {
+ if [ -z "$2" ]; then
+ SED_E+=" -e s|$1|$3|g"
+ else
+ SED_E+=" -e s|$1|$2|g"
+ fi
+}
+
+#
+# Password behavior:
+# For each Password passed in:
+# If Password starts with "enc:???", then replace it as is
+# If not, then check for CADI_KEYFILE... see next
+# If the CADI_KEYFILE is set, the utilize this as the CADI Keyfile
+# If it does not exist, create it, and change to "0400" mode
+# Utilize the Java and "cadi-core" found in Library to
+# Encrypt Password with Keyfile, prepending "enc:???"
+#
+passwd() {
+ #
+ # Test if var exists, and is required
+ #
+ if [ "${!1}" = "" ]; then
+ if [ "${2}" = "required" ]; then
+ ERRS+="\n\t$1 must be set for this installation"
+ fi
+ else
+ #
+ # Test if needs encrypting
+ #
+ if [[ ${!1} = enc:* ]]; then
+ SED_E+=" -e s|_${1}_|${!1}|g"
+ else
+ if [ "${CADI_KEYFILE}" != "" ] && [ -e "${CADI_JAR}" ]; then
+ #
+ # Create or use Keyfile listed in CADI_KEYFILE
+ #
+ if [ -e "${CADI_KEYFILE}" ]; then
+ if [ "$REPORTED_CADI_KEYFILE" = "" ]; then
+ echo "Using existing CADI KEYFILE (${CADI_KEYFILE})"
+ REPORTED_CADI_KEYFILE=true
+ fi
+ else
+ echo "Creating CADI_KEYFILE (${CADI_KEYFILE})"
+ $JAVA -jar $CADI_JAR keygen ${CADI_KEYFILE}
+ chmod 0400 ${CADI_KEYFILE}
+ fi
+
+ PASS=`$JAVA -jar $CADI_JAR digest ${!1} ${CADI_KEYFILE}`
+ SED_E+=" -e s|_${1}_|enc:$PASS|g"
+ else
+ if [ "$REPORTED_CADI_KEYFILE" = "" ]; then
+ if [ "${CADI_KEYFILE}" = "" ]; then
+ ERRS+="\n\tCADI_KEYFILE must be set for this installation"
+ fi
+ if [ ! -e "${CADI_JAR}" ]; then
+ ERRS+="\n\t${CADI_JAR} must exist to deploy passwords"
+ fi
+ REPORTED_CADI_KEYFILE=true
+ fi
+ fi
+ fi
+ fi
+}
+
+# Linux requires this. Mac blows with it. Who knows if Windoze even does SED
+if [ -z "$SED_OPTS" ]; then
+ SED_E+=" -c "
+else
+ SED_E+=$SED_OPTS;
+fi
+
+#
+# Use "default" function if there is a property that isn't required, but can be defaulted
+# use "required" function if the property must be set by the environment
+#
+ required _ROOT_DIR_ ${ROOT_DIR}
+ default _COMMON_DIR_ ${AUTHZ_COMMON_DIR} ${COMMON_DIR}
+ required _JAVA_HOME_ ${JAVA_HOME}
+ required _SCLD_PLATFORM_ ${SCLD_PLATFORM}
+ required _HOSTNAME_ ${TARGET_HOSTNAME_FQ}
+ required _ARTIFACT_ID_ ${artifactId}
+ default _ARTIFACT_VERSION_ ${AFTSWM_ACTION_NEW_VERSION}
+ default _RESOURCE_REGISTRATION_ ${RESOURCE_REGISTRATION} true
+ default _AUTHZ_DATA_DIR_ ${AUTHZ_DATA_DIR} ${ROOT_DIR}/../../data
+ default _CM_URL_ ${CM_URL} ""
+
+ # Specifics for Service
+ if [ "${artifactId}" = "authz-service" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/authAPI.props
+ default _RESOURCE_MIN_COUNT_ ${RESOURCE_MIN_COUNT} 1
+ default _RESOURCE_MAX_COUNT_ ${RESOURCE_MAX_COUNT} 5
+ required _AUTHZ_SERVICE_PORT_RANGE_ ${AUTHZ_SERVICE_PORT_RANGE}
+
+ elif [ "${artifactId}" = "authz-gui" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/authGUI.props
+ required _AUTHZ_GUI_PORT_RANGE_ ${AUTHZ_GUI_PORT_RANGE}
+ default _RESOURCE_MIN_COUNT_ ${RESOURCE_MIN_COUNT} 1
+ default _RESOURCE_MAX_COUNT_ ${RESOURCE_MAX_COUNT} 2
+
+ elif [ "${artifactId}" = "authz-gw" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/authGW.props
+ default _AUTHZ_GW_PORT_RANGE_ ${AUTHZ_GW_PORT_RANGE} 8095-8095
+ default _RESOURCE_MIN_COUNT_ 1
+ default _RESOURCE_MAX_COUNT_ 1
+
+ elif [ "${artifactId}" = "authz-fs" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/FileServer.props
+ OTHER_FILES=${ROOT_DIR}/data/test.html
+ default _AUTHZ_FS_PORT_RANGE_ ${AUTHZ_FS_PORT_RANGE} 8096-8096
+ default _RESOURCE_MIN_COUNT_ 1
+ default _RESOURCE_MAX_COUNT_ 1
+
+ elif [ "${artifactId}" = "authz-certman" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/certman.props
+ default _AUTHZ_CERTMAN_PORT_RANGE_ ${AUTHZ_CERTMAN_PORT_RANGE} 8150-8159
+ default _RESOURCE_MIN_COUNT_ 1
+ default _RESOURCE_MAX_COUNT_ 1
+ elif [ "${artifactId}" = "authz-batch" ]; then
+ PROPERTIES_FILE=${ROOT_DIR}/etc/authBatch.props
+ cd /
+ OTHER_FILES=`find ${ROOT_DIR}/bin -depth -type f`
+ cd -
+ default _RESOURCE_MIN_COUNT_ 1
+ default _RESOURCE_MAX_COUNT_ 1
+ required _AUTHZ_GUI_URL_ ${AUTHZ_GUI_URL}
+ else
+ PROPERTIES_FILE=NONE
+ fi
+
+ if [ "${DME2_FS}" != "" ]; then
+ SED_E+=" -e s|_DME2_FS_|-DDME2_EP_REGISTRY_CLASS=DME2FS\$\{AAF_SPACE\}-DAFT_DME2_EP_REGISTRY_FS_DIR=${DME2_FS}|g"
+ else
+ SED_E+=" -e s|_DME2_FS_||g"
+ fi
+
+
+ default _EMAIL_FROM_ ${EMAIL_FROM} authz@ems.att.com
+ default _EMAIL_HOST_ ${EMAIL_HOST} mailhost.att.com
+ default _ROUTE_OFFER_ ${ROUTE_OFFER} BAU_SE
+ default _DME_TIMEOUT_ ${DME_TIMEOUT} 3000
+
+ # Choose defaults for log level and logfile size
+ if [ "${SCLD_PLATFORM}" = "PROD" ]; then
+ LOG4J_LEVEL=WARN
+ fi
+
+ default _AFT_ENVIRONMENT_ ${AFT_ENVIRONMENT} AFTUAT
+ default _ENV_CONTEXT_ ${ENV_CONTEXT} DEV
+ default _LOG4J_LEVEL_ ${LOG4J_LEVEL} WARN
+ default _LOG4J_SIZE_ ${LOG4J_SIZE} 10000KB
+ default _LOG_DIR_ ${LOG_DIR} ${ROOT_DIR}/logs
+ default _MAX_LOG_FILE_SIZE_ ${MAX_LOG_FILE_SIZE} 10000KB
+ default _MAX_LOG_FILE_BACKUP_COUNT_ ${MAX_LOG_FILE_BACKUP_COUNT} 7
+
+ if [ "${artifactId}" != "authz-batch" ]; then
+ required _LRM_XML_ ${LRM_XML}
+ fi
+ required _AFT_LATITUDE_ ${LATITUDE}
+ required _AFT_LONGITUDE_ ${LONGITUDE}
+ required _HOSTNAME_ ${HOSTNAME}
+
+ required _PROPERTIES_FILE_ ${PROPERTIES_FILE}
+ required _LOGGING_PROP_FILE_ ${LOGGING_PROP_FILE}
+
+ # Divide up Version
+ default _MAJOR_VER_ "`expr ${version} : '\([0-9]*\)\..*'`"
+ default _MINOR_VER_ "`expr ${version} : '[0-9]*\.\([0-9]*\)\..*'`"
+ default _PATCH_VER_ "`expr ${version} : '[0-9]\.[0-9]*\.\(.*\)'`"
+
+# Now Fail if Required items are not set...
+# Report all of them at once!
+if [ "${ERRS}" != "" ] ; then
+ fail 1 "${ERRS}"
+fi
+
+#echo ${SED_E}
+
+for i in ${PROPERTIES_FILE} ${LRM_XML} ${LOGGING_PROP_FILE} ${AAFLOGIN} ${OTHER_FILES} ; do
+ if [ -r ${i} ]; then
+ if [ -w ${i} ]; then
+# echo ${i}
+ sed ${SED_E} -i'.sed' ${i} || fail 8 "could not sed ${i} "
+ mv -f ${i}.sed ${ROOT_DIR}/back
+ fi
+ fi
+done
+
+#
+# Add the resource to LRM using the newly created/substituted XML file.
+#
+if [ -r ${LRM_XML} ]; then
+ ${LRM_HOME}/bin/lrmcli -addOrUpgrade -file ${LRM_XML} || fail 1 "Add to LRM Failed"
+ ${LRM_HOME}/bin/lrmcli -start -name com.att.authz.${artifactId} -version ${version} -routeoffer ${ROUTE_OFFER} | grep SUCCESS
+fi
+
+
+# Note: Must exit 0 or, it will be exit default 1 and fail
+exit 0
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+#!/bin/sh
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+
+exec sh -x ../../common/deinstall.sh
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<descriptor version="1" xmlns="http://aft.att.com/swm/descriptor">\r
+ <platforms>\r
+ <platform architecture="*" os="*" osVersions="*"/> \r
+ </platforms>\r
+ <paths>\r
+ <path name="/opt/app/aaf" type="d" user="aft" group="aft" permissions="0755" recursive="false"/>\r
+ <path name="/opt/app/aaf/${artifactId}" type="d" user="aft" group="aft" permissions="0755" recursive="false"/>\r
+ <path name="/opt/app/aaf/${artifactId}/${version}" type="d" user="aft" group="aft" permissions="0755" recursive="true"/>\r
+ </paths>\r
+ <actions>\r
+ <action type="INIT">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="INST">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="DINST">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="FALL">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ </actions>\r
+</descriptor>\r
--- /dev/null
+#!/bin/sh\r
+######################################################################\r
+# $RCSfile$ - $Revision$\r
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.\r
+######################################################################\r
+exec sh -x ../../common/install.sh
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+exec sh -x ../../common/install.sh
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+#!/bin/sh
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+
+exec sh -x ../../common/install.sh
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+
+exit 0
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+The following two commands can be used to create and approve a SWM installation package.\r
+\r
+These steps assume:\r
+ 1. The component has been added in SWM\r
+ 2. The java6 directory resides, by itself, under the directory '${artifactId}-${version}'\r
+ 3. The SWM client is executed from the same directory containing '${artifactId}-${version}'\r
+\r
+\r
+ attuid@swmcli- --> component pkgcreate -c ${groupId}:${artifactId}:${version} -d ${artifactId}-${version}\r
+ attuid@swmcli- --> component pkgapprove -c ${groupId}:${artifactId}:${version}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.security.Principal;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.cadi.Permission;\r
+import com.att.dao.aaf.hl.Question;\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DirectAAFLur {\r
+ \r
+public static AuthzEnv env;\r
+public static Question question;\r
+public DirectAAFLur directAAFLur;\r
+\r
+\r
+\r
+ @Before\r
+ public void setUp()\r
+ {\r
+ directAAFLur = new DirectAAFLur(env, question); \r
+ }\r
+ \r
+ @Test\r
+ public void testFish()\r
+ {\r
+ \r
+ Principal bait = null;\r
+ Permission pond=null;\r
+ directAAFLur.fish(bait, pond); \r
+ \r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.cadi.CredVal.Type;\r
+import com.att.dao.aaf.hl.Question;\r
+import static org.mockito.Mockito.*;\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.mockito.runners.MockitoJUnitRunner;\r
+import org.powermock.core.classloader.annotations.PrepareForTest;\r
+import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DirectAAFUserPass {\r
+ \r
+//public static AuthzEnv env;\r
+//public static Question question;\r
+public static String string;\r
+public DirectAAFUserPass directAAFUserPass;\r
+\r
+@Mock\r
+AuthzEnv env;\r
+Question question;\r
+String user;\r
+Type type; \r
+byte[] pass;\r
+ @Before\r
+ public void setUp() {\r
+ directAAFUserPass = new DirectAAFUserPass(env, question, string);\r
+ }\r
+ \r
+ @Test\r
+ public void testvalidate(){\r
+\r
+// Boolean bolVal = directAAFUserPass.validate(user, type, pass);\r
+ // assertEquals((bolVal==null),true);\r
+\r
+ assertTrue(true);\r
+ \r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.cadi;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.security.Principal;\r
+import java.security.cert.CertificateException;\r
+import java.security.cert.X509Certificate;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.junit.runner.RunWith;\r
+import org.mockito.Mock;\r
+import org.powermock.modules.junit4.PowerMockRunner;\r
+\r
+import com.att.dao.aaf.cached.CachedCertDAO;\r
+\r
+@RunWith(PowerMockRunner.class)\r
+public class JU_DirectCertIdentity {\r
+ \r
+ public DirectCertIdentity directCertIdentity;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ directCertIdentity = new DirectCertIdentity();\r
+ }\r
+\r
+\r
+ @Mock\r
+ HttpServletRequest req;\r
+ X509Certificate cert;\r
+ byte[] _certBytes;\r
+ \r
+ @Test\r
+ public void testidentity(){\r
+ \r
+ try {\r
+ Principal p = directCertIdentity.identity(req, cert, _certBytes);\r
+ assertEquals(( (p) == null),true);\r
+ \r
+ } catch (CertificateException e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ //assertTrue(true);\r
+ \r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import java.util.Properties;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.cadi.DirectAAFUserPass;\r
+import com.att.authz.env.AuthzEnv;\r
+import com.att.authz.facade.AuthzFacade_2_0;\r
+import com.att.dao.aaf.hl.Question;\r
+\r
+public class JU_AuthAPI {\r
+ \r
+ public AuthAPI authAPI;\r
+ AuthzEnv env;\r
+ private static final String ORGANIZATION = "Organization.";\r
+ private static final String DOMAIN = "openecomp.org";\r
+\r
+ public Question question;\r
+ private AuthzFacade_2_0 facade;\r
+ private AuthzFacade_2_0 facade_XML;\r
+ private DirectAAFUserPass directAAFUserPass;\r
+ public Properties props;\r
+ @Before\r
+ public void setUp(){\r
+ try {\r
+ authAPI = new AuthAPI(env);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @Test\r
+ public void testStartDME2(Properties props){\r
+ try {\r
+ authAPI.startDME2(props);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ \r
+ //assertTrue(true);\r
+ \r
+ }\r
+\r
+\r
+ \r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Api {\r
+ API_Api api_Api;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ //api_Api = new API_Api();\r
+ }\r
+\r
+\r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit()\r
+ {\r
+ try {\r
+ api_Api.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ assertTrue(true);\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Approval {\r
+ API_Approval api_Approval;\r
+ \r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+ \r
+ @Before\r
+ public void setUp()\r
+ {\r
+ \r
+ }\r
+\r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit() {\r
+ \r
+ try {\r
+ api_Approval.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ //assertTrue(true);\r
+ }\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.cadi.DirectAAFUserPass;\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+import com.att.inno.env.Env;\r
+\r
+public class JU_API_Creds {\r
+\r
+API_Creds api_Creds;\r
+@Mock\r
+AuthAPI authzAPI;\r
+AuthzFacade facade;\r
+Env env;\r
+DirectAAFUserPass directAAFUserPass;\r
+ @Before\r
+ public void setUp(){\r
+ \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){ \r
+ try {\r
+ api_Creds.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testTimeSensitiveInit(){\r
+ \r
+ try {\r
+ api_Creds.timeSensitiveInit(env, authzAPI, facade, directAAFUserPass);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Delegate {\r
+API_Delegate api_Delegate;\r
+@Mock\r
+AuthAPI authzAPI;\r
+AuthzFacade facade;\r
+ @Before\r
+ public void setUp() {\r
+ \r
+ \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ \r
+ try {\r
+ api_Delegate.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_History {\r
+ API_History api_History;\r
+ \r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ \r
+ try {\r
+ api_History.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ assertTrue(true);\r
+ }\r
+\r
+\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Mgmt {\r
+ API_Mgmt api_Mgmt;\r
+ \r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ \r
+ try {\r
+ api_Mgmt.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_NS {\r
+ API_NS api_Ns;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ try {\r
+ api_Ns.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Perms {\r
+ API_Perms api_Perms;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+\r
+ @Before\r
+ public void setUp(){\r
+ \r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ try {\r
+ api_Perms.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testTimeSensitiveInit(){\r
+ try {\r
+ api_Perms.timeSensitiveInit(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_Roles {\r
+ API_Roles api_Roles;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+ \r
+\r
+ @Before\r
+ public void setUp() {\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ try {\r
+ api_Roles.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ } }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_User {\r
+ API_User api_User;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+\r
+ @Before\r
+ public void setUp() {\r
+ //assertTrue(true);\r
+ }\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ try {\r
+ api_User.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.api;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+import org.mockito.Mock;\r
+\r
+import com.att.authz.facade.AuthzFacade;\r
+import com.att.authz.service.AuthAPI;\r
+\r
+public class JU_API_UserRole {\r
+ API_UserRole api_UserRole;\r
+ @Mock\r
+ AuthAPI authzAPI;\r
+ AuthzFacade facade;\r
+\r
+ \r
+ @SuppressWarnings("static-access")\r
+ @Test\r
+ public void testInit(){\r
+ try {\r
+ api_UserRole.init(authzAPI, facade);\r
+ } catch (Exception e) {\r
+ // TODO Auto-generated catch block\r
+ e.printStackTrace();\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.mapper;\r
+\r
+import static org.junit.Assert.*;\r
+\r
+import org.junit.Test;\r
+\r
+public class JU_Mapper_2_0 {\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testApprovals(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testCert(){\r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testCred(){\r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testDelegate(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testErrorFromMessage(){\r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testFuture(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testGetClass(){\r
+ assertTrue(true);\r
+ }\r
+\r
+ @Test\r
+ public void testGetExpires(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testGetMarshal(){\r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testHistory(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testKeys(){\r
+ assertTrue(true);\r
+ \r
+ }\r
+ \r
+ @Test\r
+ public void testNewInstance(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testNs(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testNss(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testPerm(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testPermFromRPRequest(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testPermKey(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testPerms(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testRole(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testRoleFromRPRequest(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testRoles(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testUserRole(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testUserRoles(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ @Test\r
+ public void testUsers(){\r
+ assertTrue(true);\r
+ }\r
+ \r
+ \r
+ \r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.test;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertFalse;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import org.junit.Test;\r
+\r
+import com.att.authz.service.validation.Validator;\r
+\r
+public class JU_Validator {\r
+\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(Validator.ACTION_CHARS.matcher("HowdyDoody").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("Howd?yDoody").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("_HowdyDoody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("HowdyDoody").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("Howd?yDoody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("_HowdyDoody").matches());\r
+\r
+ // \r
+ assertTrue(Validator.ACTION_CHARS.matcher("*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":*:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*:*").matches());\r
+ \r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("hello:").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("hello:d").matches());\r
+\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello:d*:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":hello:d*d:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello:d*:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("HowdyDoody*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("Howdy*Doody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("HowdyDoody*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("*HowdyDoody").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("*HowdyDoody").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h*h*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":h*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h:h*:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":h:h*:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:h*h:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:h*h*:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h:*:*h").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:*:*h").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":com.test.*:ns:*").matches());\r
+\r
+ \r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234+235gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-23_5gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235g,d").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd(Version12)").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234-23 5gd").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234-235gd ").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(" 1234-235gd").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(" ").matches());\r
+\r
+ // Allow % and = (Needed for Escaping & Base64 usages) jg \r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234%235g=d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:%20==").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:=%23").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:*:=%23").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*:==%20:*").matches());\r
+\r
+ // Allow / instead of : (more natural instance expression) jg \r
+ assertFalse(Validator.INST_CHARS.matcher("1234/a").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234/a").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234/*/a/").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234//a").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234/a").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("/1234/*/a/").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234//a").matches());\r
+\r
+\r
+ assertFalse(Validator.INST_CHARS.matcher("1234+235gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-23_5gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235g,d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("m1234@shb.dd.com").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235gd(Version12)").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("").matches());\r
+\r
+ \r
+ for( char c=0x20;c<0x7F;++c) {\r
+ boolean b;\r
+ switch(c) {\r
+ case '?':\r
+ case '|':\r
+ case '*':\r
+ continue; // test separately\r
+ case '~':\r
+ case ',':\r
+ b = false;\r
+ break;\r
+ default:\r
+ b=true;\r
+ }\r
+ }\r
+ \r
+ assertFalse(Validator.ID_CHARS.matcher("abc").matches());\r
+ assertFalse(Validator.ID_CHARS.matcher("").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("abc@att.com").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("ab-me@att.com").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("ab-me_.x@att._-com").matches());\r
+ \r
+ assertFalse(Validator.NAME_CHARS.matcher("ab-me_.x@att._-com").matches());\r
+ assertTrue(Validator.NAME_CHARS.matcher("ab-me").matches());\r
+ assertTrue(Validator.NAME_CHARS.matcher("ab-me_.xatt._-com").matches());\r
+\r
+ \r
+ // 7/22/2016\r
+ assertTrue(Validator.INST_CHARS.matcher(\r
+ "/!com.att.*/role/write").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(\r
+ ":!com.att.*:role:write").matches());\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aai\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * Copyright © 2017 Amdocs\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package com.att.authz.service.validation;\r
+\r
+import static org.junit.Assert.assertEquals;\r
+import static org.junit.Assert.assertFalse;\r
+import static org.junit.Assert.assertTrue;\r
+\r
+import com.att.authz.cadi.DirectAAFLur.PermPermission;\r
+import com.att.authz.env.AuthzTrans;\r
+import com.att.authz.layer.Result;\r
+import com.att.authz.org.Organization;\r
+import com.att.dao.aaf.cass.CredDAO;\r
+import com.att.dao.aaf.cass.DelegateDAO;\r
+import com.att.dao.aaf.cass.Namespace;\r
+import com.att.dao.aaf.cass.PermDAO;\r
+import com.att.dao.aaf.cass.RoleDAO;\r
+import com.att.dao.aaf.cass.UserRoleDAO;\r
+\r
+import org.junit.Before;\r
+import org.junit.Test;\r
+\r
+import com.att.authz.service.validation.Validator;\r
+\r
+public class JU_Validator {\r
+ \r
+ @Before\r
+ public void setUp(){\r
+ Validator validator = new Validator();\r
+ }\r
+\r
+\r
+ @Test\r
+ public void test() {\r
+ assertTrue(Validator.ACTION_CHARS.matcher("HowdyDoody").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("Howd?yDoody").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("_HowdyDoody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("HowdyDoody").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("Howd?yDoody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("_HowdyDoody").matches());\r
+\r
+ // \r
+ assertTrue(Validator.ACTION_CHARS.matcher("*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":*:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*:*").matches());\r
+ \r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("hello:").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("hello:d").matches());\r
+\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":hello:d*:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":hello:d*d:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":hello:d*:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("HowdyDoody*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("Howdy*Doody").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("HowdyDoody*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("*HowdyDoody").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("*HowdyDoody").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h*h*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":h*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h:h*:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":h:h*:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:h*h:*").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:h*h*:*").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":h:*:*h").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher(":h:*:*h").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":com.test.*:ns:*").matches());\r
+\r
+ \r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234+235gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-23_5gd").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235g,d").matches());\r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd(Version12)").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234-23 5gd").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234-235gd ").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(" 1234-235gd").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(" ").matches());\r
+\r
+ // Allow % and = (Needed for Escaping & Base64 usages) jg \r
+ assertTrue(Validator.ACTION_CHARS.matcher("1234%235g=d").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher(":1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:%20==").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:=%23").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:*:=%23").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:*").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(":*:==%20:*").matches());\r
+\r
+ // Allow / instead of : (more natural instance expression) jg \r
+ assertFalse(Validator.INST_CHARS.matcher("1234/a").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234/a").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234/*/a/").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("/1234//a").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234/a").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("/1234/*/a/").matches());\r
+ assertFalse(Validator.ACTION_CHARS.matcher("1234//a").matches());\r
+\r
+\r
+ assertFalse(Validator.INST_CHARS.matcher("1234+235gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-23_5gd").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235g,d").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("m1234@shb.dd.com").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher("1234-235gd(Version12)").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());\r
+ assertFalse(Validator.INST_CHARS.matcher("").matches());\r
+\r
+ \r
+ for( char c=0x20;c<0x7F;++c) {\r
+ boolean b;\r
+ switch(c) {\r
+ case '?':\r
+ case '|':\r
+ case '*':\r
+ continue; // test separately\r
+ case '~':\r
+ case ',':\r
+ b = false;\r
+ break;\r
+ default:\r
+ b=true;\r
+ }\r
+ }\r
+ \r
+ assertFalse(Validator.ID_CHARS.matcher("abc").matches());\r
+ assertFalse(Validator.ID_CHARS.matcher("").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("abc@att.com").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("ab-me@att.com").matches());\r
+ assertTrue(Validator.ID_CHARS.matcher("ab-me_.x@att._-com").matches());\r
+ \r
+ assertFalse(Validator.NAME_CHARS.matcher("ab-me_.x@att._-com").matches());\r
+ assertTrue(Validator.NAME_CHARS.matcher("ab-me").matches());\r
+ assertTrue(Validator.NAME_CHARS.matcher("ab-me_.xatt._-com").matches());\r
+\r
+ \r
+ // 7/22/2016\r
+ assertTrue(Validator.INST_CHARS.matcher(\r
+ "/!com.att.*/role/write").matches());\r
+ assertTrue(Validator.INST_CHARS.matcher(\r
+ ":!com.att.*:role:write").matches());\r
+\r
+ }\r
+\r
+}\r
--- /dev/null
+DIR=`pwd`
+LIB=$DIR/target/swm/package/nix/dist_files/opt/app/aaf/authz-service/2.0.15/lib
+ETC=$DIR/src/main/sample
+DME2REG=$DIR/../dme2reg
+
+CLASSPATH=$ETC
+for FILE in `find $LIB -depth 1 -name *.jar`; do
+ CLASSPATH=$CLASSPATH:$FILE
+done
+java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.authz.service.AuthAPI
+
--- /dev/null
+.metadata
+.settings
+.classpath
+.project
+target
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+NOTE: You may find slight differences between this readme doc and your actual output in places such as <YOUR_ATTUID>, times, or other such fields that vary for each run.\r
+\r
+Do NOT replace anything inside square brackets such as [user.name] Some commands listed here use this notation, but they are set up to work by just copying & pasting the entire command.\r
+\r
+run command: sh ./tc MTC_Appr1\r
+you should see: MTC_Appr1\r
+ SUCCESS! [MTC_Appr1.2014-11-03_11-26-26]\r
+\r
+\r
+open a broswer and goto the gui for the machine you're on. For example, this is the home page on test machine zltv1492: \r
+https://zltv1492.vci.att.com:8085/gui/home \r
+\r
+click on My Approvals\r
+\r
+click the submit button at the bottom of the form with no approve or deny buttons selected\r
+\r
+you should see: No Approvals have been sent. Try again\r
+\r
+click "Try again" link\r
+\r
+you should see: The Approval Request page\r
+\r
+NOTE: a radio button is a (filled or unfilled) circle under approve or deny\r
+click the select all link for approve\r
+\r
+you should see: all radio buttons under approve should be selected\r
+\r
+click the select all link for deny\r
+\r
+you should see: all radio buttons under deny should be selected\r
+\r
+click the reset button at the bottom of the form\r
+\r
+you should see: NO radio buttons should be selected\r
+\r
+Try to select both approve and deny for a single entry\r
+\r
+you should: not be able to\r
+\r
+approve or deny entries as you like, then click submit\r
+\r
+after you have submitted all approvals, go back to My Approvals page\r
+\r
+you should see: No Approvals to process at this time\r
+\r
+in your command line,\r
+run command: aafcli ns list name com.test.appr.@[user.name].myProject\r
+\r
+NOTE: what you see here will depend on which entries you approved and denied. Included are 2 examples of what you can see:\r
+\r
+1) If you approve everything\r
+\r
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]\r
+--------------------------------------------------------------------------------\r
+com.test.appr.<YOUR_ATTUID>.myProject\r
+ Administrators\r
+ <YOUR_ATTUID>@csp.att.com \r
+ Responsible Parties\r
+ <YOUR_ATTUID>@csp.att.com \r
+\r
+\r
+2) If you deny everything\r
+\r
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]\r
+--------------------------------------------------------------------------------\r
+\r
+\r
+run command: sh ./tc MTC_Appr2 dryrun\r
+you should see: a lot of output. It's fine if you see errors for this command.\r
+\r
+run command: aafcli ns list name com.test.appr\r
+you should see: List Namespaces by Name[com.test.appr]\r
+--------------------------------------------------------------------------------\r
+\r
+\r
+run command: aafcli ns list name com.test.appr.@[user.name]\r
+you should see: List Namespaces by Name[com.test.appr.<YOUR_ATTUID>]\r
+--------------------------------------------------------------------------------\r
+\r
--- /dev/null
+as testid@aaf.att.com:<pass>
+# JU_Lur2_0.10.0.POS List NS to prove ok
+expect 201,409
+ns create com.test.JU_Lur2_0Call @[user.name] testid@aaf.att.com
+
+# JU_Lur2_0.10.2.POS Create Role in Namespace
+role create com.test.JU_Lur2_0Call.role
+
+# JU_Lur2_0.10.10.POS Create MyInstance Perms
+perm create com.test.JU_Lur2_0Call.service myInstance write
+perm create com.test.JU_Lur2_0Call.service myInstance read
+perm create com.test.JU_Lur2_0Call.service myInstance *
+
+# JU_Lur2_0.10.11.POS Create kumquat Perms
+perm create com.test.JU_Lur2_0Call.service kumquat write
+perm create com.test.JU_Lur2_0Call.service kumquat read
+perm create com.test.JU_Lur2_0Call.service kumquat *
+perm create com.test.JU_Lur2_0Call.service kum.quat read
+
+# JU_Lur2_0.10.11.POS Create key delimited Perms
+perm create com.test.JU_Lur2_0Call.service :myCluster write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:myCF write
+perm create com.test.JU_Lur2_0Call.service :myCluster:*:myCF write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:* write
+
+# JU_Lur2_0.10.20.POS Grant Some Perms to Role
+perm grant com.test.JU_Lur2_0Call.service myInstance * com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service kumquat read com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service kum.quat read com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service :myCluster:*:myCF write com.test.JU_Lur2_0Call.role
+
+# JU_Lur2_0.30.1.POS Add User to ROle
+user role add testid@aaf.att.com com.test.JU_Lur2_0Call.role
--- /dev/null
+Load Data for CADI Test: JU_Lur2_0Call.java
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+
+as testid@aaf.att.com
+
+# TC_Appr1.10.0.POS List NS to prove ok
+expect 200
+ns list name com.test.appr
+ns list name com.test.appr.@[user.name]
+
+# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals
+expect 201
+ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Appr1.10.2.POS Create General Namespace to add Approvals
+ns create com.test.appr @[user.name] testid@aaf.att.com
+
+# TC_Appr1.10.10.POS Create Roles in Namespace
+role create com.test.appr.@[user.name].addToUserRole
+role create com.test.appr.@[user.name].grantToPerm
+role create com.test.appr.@[user.name].ungrantFromPerm
+role create com.test.appr.@[user.name].grantFirstPerm
+role create com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.10.12.POS Create Permissions in Namespace
+perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+perm create com.test.appr.@[user.name].grantToRole myInstance myAction
+force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
--- /dev/null
+expect 403
+as testunused@aaf.att.com
+
+# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request
+user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr1.15.02.NEG Create Approval for NS create
+ns create com.test.appr.@[user.name].myProject @[user.name]
+
+# TC_Appr1.15.03.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+
+# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+
+# TC_Appr1.15.05.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+expect 202
+# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request
+set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr1.15.52.POS Create Approval for NS create
+set request=true ns create com.test.appr.@[user.name].myProject @[user.name]
+
+# TC_Appr1.15.53.POS Generate Approval for granting permission to role
+set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+
+# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+
+# TC_Appr1.15.55.POS Generate Approval for granting permission to role
+request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+
+as testid@aaf.att.com
+
+expect 200,404
+
+# TC_Appr2.99.10.POS Delete UserRoles if exists
+user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].deleteThisRole
+user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr2.10.11.POS Delete Roles if exists
+set force=true role delete com.test.appr.@[user.name].addToUserRole
+set force=true role delete com.test.appr.@[user.name].grantToPerm
+set force=true role delete com.test.appr.@[user.name].ungrantFromPerm
+role delete com.test.appr.@[user.name].grantedRole
+role delete com.test.appr.@[user.name].approvedRole
+role delete com.test.appr.@[user.name].approvedRole2
+role delete com.test.appr.@[user.name].grantFirstPerm
+role delete com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr2.10.12.POS Delete Permissions if exists
+perm delete com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].grantedRole
+perm delete com.test.appr.@[user.name].grantToRole myInstance myAction
+perm delete com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+perm delete com.test.appr.@[user.name].approvedPerm myInstance myAction
+perm delete com.test.appr.@[user.name].approvedPerm * *
+perm delete com.test.appr.@[user.name].approvedPerm2 myInstance myAction
+perm delete com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+perm delete com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction
+
+
+# TC_Appr2.99.80.POS Delete Namespaces for TestSuite if exists
+ns delete com.test.appr.@[user.name].myProject
+set force=true ns delete com.test.appr.@[user.name]
+set force=true ns delete com.test.appr
+
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+set XX@NS=<pass>
+
+#delay 10
+set NFR=0
--- /dev/null
+as testid@aaf.att.com
+# TC_Cred1.10.0.POS List NS to prove ok
+expect 200
+ns list name com.test.TC_Cred1.@[user.name]
+
+# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
+expect 201
+ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Cred1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
+role create com.test.TC_Cred1.@[user.name].pw_reset
+
+# TC_Cred1.10.11.POS Assign roles to perms
+as XX@NS
+expect 201
+perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
+perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
+perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Cred1.10.30.POS Assign user for creating creds
+expect 201
+user cred add m99999@@[user.name].TC_Cred1.test.com password123
+set m99999@@[user.name].TC_Cred1.test.com=password123
+
+
+# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
+expect 201
+user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
+
+# TC_Cred1.10.32.POS Remove create rights for testing
+expect 200
+user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+
--- /dev/null
+# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
+as testunused@aaf.att.com
+expect 403
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
+as m99999@@[user.name].TC_Cred1.test.com
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
+as testunused@aaf.att.com
+expect 403
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
+as m99999@@[user.name].TC_Cred1.test.com:password123
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
+as testid@aaf.att.com
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
+
+# TC_Cred1.15.20.POS Admin, delete
+expect 200
+user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
+
--- /dev/null
+# TC_Cred1.30.1.NEG Multiple options available to delete
+as XX@NS
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
+
+as testid@aaf.att.com
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
+
+# TC_Cred1.30.2.POS Succeeds when we choose last option
+expect 200
+user cred del m99990@@[user.name].TC_Cred1.test.com 2
+
+# TC_Cred1.30.10.POS Add another credential
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.30.11.NEG Multiple options available to reset
+expect 300
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.30.12.NEG Fails when we choose a bad option
+expect 406
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
+
+# TC_Cred1.30.13.POS Succeeds when we choose last option
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
+
+#TC_Cred1.30.30.NEG Fails when we don't have specific property
+expect 403
+user cred extend m99990@@[user.name].TC_Cred1.test.com
+
+#### EXTENDS behavior ####
+#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
+expect 201
+as XX@NS
+role create com.test.TC_Cred1.@[user.name].extendTemp
+
+#TC_Cred1.30.33.POS Grant Extends Permission to Role
+expect 201
+perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
+
+#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
+expect 201
+role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
+
+#TC_Cred1.30.36.POS Extend Password, expecting Single Response
+expect 200
+user cred extend m99990@@[user.name].TC_Cred1.test.com 1
+
+#TC_Cred1.30.39.POS Remove Role
+expect 200
+set force=true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+
+#### MULTI CLEANUP #####
+expect 200
+role list user m99990@@[user.name].TC_Cred1.test.com
+
+# TC_Cred1.30.80.POS Delete all entries for this cred
+expect 200
+set force=true
+user cred del m99990@@[user.name].TC_Cred1.test.com
+
+# TC_Cred1.30.99.POS List ns shows no creds attached
+expect 200
+ns list name com.test.TC_Cred1.@[user.name]
+
--- /dev/null
+as testid@aaf.att.com
+# TC_Cred1.99.1.POS Delete credentials
+expect 200,404
+force user cred del m99990@@[user.name].TC_Cred1.test.com
+
+#TC_Cred1.99.2.POS Ensure Remove Role
+expect 200,404
+set force=true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+
+# TC_Cred1.99.10.POS Remove ability to create creds
+force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+force perm delete com.att.aaf.password com.test reset
+force perm delete com.att.aaf.mechid com.test create
+
+as testid@aaf.att.com
+force role delete com.test.TC_Cred1.@[user.name].cred_admin
+force role delete com.test.TC_Cred1.@[user.name].pw_reset
+
+# TC_Cred1.99.99.POS Delete Namespace for TestSuite
+set force=true ns delete com.test.TC_Cred1.@[user.name]
+
+as XX@NS
+force ns delete com.test.TC_Cred1.@[user.name]
+force ns delete com.test.TC_Cred1
+
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set m99999@@[user.name].delg.test.com=password123
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
--- /dev/null
+# TC_DELG1.10.1.POS Check For Existing Data
+as testid@aaf.att.com
+expect 200
+ns list name com.test.delg.@[user.name]
+
+as XX@NS
+expect 201,409
+perm create com.att.aaf.delg com.att * com.att.admin
+
+expect 404
+user list delegates delegate @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.10.2.POS Create Namespace to add IDs
+expect 201
+ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com
+
+as XX@NS
+# TC_DELG1.10.10.POS Grant ability to change delegates
+expect 404
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.11.POS Grant ability to change delegates
+expect 201
+role create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.12.POS Grant ability to change delegates
+expect 201
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.14.POS Create user role to change delegates
+expect 201
+user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.15.POS Grant ability to create cred
+expect 201
+perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_DELG1.10.30.POS Create cred that will change his own delg
+expect 201
+user cred add m99999@@[user.name].delg.test.com password123
+
+as XX@NS
+ TC_DELG1.10.31.POS ungrant ability to create cred
+expect 200
+perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_DELG1.10.99.POS Check for Data as Correct
+expect 200
+ns list name com.test.delg.@[user.name]
+
+
+
--- /dev/null
+# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID
+expect 404
+user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate
+expect 404
+user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.20.NEG May not change user, no delegate permission
+as m99999@@[user.name].delg.test.com
+expect 403
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as testid@aaf.att.com
+# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist
+expect 404
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.22.NEG May not create delegate for self.
+expect 406
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.23.POS May create delegate for self for tests by forcing.
+expect 201
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as XX@NS
+# TC_DELG1.20.30.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.20.35.NEG Fail Create when exists
+expect 409
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as XX@NS
+# TC_DELG1.20.40.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.20.46.POS Update Delegate with new Date
+expect 200
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00'
+
+as XX@NS
+# TC_DELG1.20.82.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+# TC_DELG1.20.83.POS Expect Delegate to show up in list
+expect 200
+user list delegates delegate @[user.name]@csp.att.com
+
--- /dev/null
+expect 200,404
+as XX@NS
+# TC_DELG1.99.0.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+
+# TC_DELG1.99.10.POS Delete Delegates
+user delegate del @[user.name]@csp.att.com
+
+# TC_DELG1.99.30.POS Delete Namespace com.att.test.id
+force ns delete com.test.delg.@[user.name]
+
+# TC_DELG1.99.98.POS Check for Delegate Data as Correct
+user list delegates user @[user.name]@csp.att.com
+
+# TC_DELG1.99.99.POS Check for NS Data as Correct
+ns list name com.test.delg.@[user.name]
+
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set testid=<pass>
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+expect 200,404
+# TC_05
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
--- /dev/null
+expect 201
+# TC_10
+as XX@NS
+ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS
+
+role create com.test.TC_Link_1.@[user.name].myRole
+
+perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+
+
--- /dev/null
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
--- /dev/null
+expect 200
+role delete com.test.TC_Link_1.@[user.name].myRole
+
--- /dev/null
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
--- /dev/null
+expect 201
+role create com.test.TC_Link_1.@[user.name].myRole
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+
--- /dev/null
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
--- /dev/null
+as XX@NS:<pass>
+
+expect 200,404
+force ns delete com.test.TC_Link_2.@[user.name]
+force ns delete com.test.TC_Link_1.@[user.name]
--- /dev/null
+This Testcase Tests the essentials of Grants
+
+APIs:
+
+
+CLI:
+ Target
+ Ancillary
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_NS1.01.0.POS Expect Clean Namespace to start
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party
+expect 403
+ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS
+
+# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin
+expect 403
+ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_NS1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_NS1.10.40.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.10.41.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS1.@[user.name].admin
+
+# TC_NS1.10.42.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS1.@[user.name].owner
+
+# TC_NS1.10.43.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS1.@[user.name].access * *
+
+# TC_NS1.10.44.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS1.@[user.name].access * read
+
--- /dev/null
+# TC_NS1.11.1.NEG Create Namespace when exists
+expect 409
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+
--- /dev/null
+# TC_NS1.20.1.NEG Too Few Args for Create 1
+expect Exception
+ns create
+
+# TC_NS1.20.2.NEG Too Few Args for Create 2
+expect Exception
+ns create bogus
--- /dev/null
+# TC_NS1.30.10.NEG Non-admins can't change description
+expect 403
+as testunused@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+
+# TC_NS1.30.11.NEG Namespace must exist to change description
+expect 404
+as testid@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name].project1 Description for my project
+
+# TC_NS1.30.12.POS Admin can change description
+expect 200
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+
--- /dev/null
+# TC_NS1.50.1.NEG Adding a Bogus ID
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] bogus
+
+# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+
+# TC_NS1.50.3.NEG Adding an OK ID, bad domain
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+
+# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+sleep @[NFR]
+# TC_NS1.50.10.POS Adding an OK ID
+expect 201
+ns admin add com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.11.POS Deleting One of Two
+expect 200
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.13.POS Add ID back in
+expect 201
+ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.14.POS Deleting original
+expect 200
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.15.NEG Can't remove twice
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions
+expect 403
+role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain
+
+# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions
+expect 403
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin
+
--- /dev/null
+# TC_NS1.60.1.NEG Adding a Bogus ID
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] bogus
+
+# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+
+# TC_NS1.60.3.NEG Adding an OK ID, bad domain
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+
+# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] testid
+
+# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+sleep @[NFR]
+# TC_NS1.60.10.POS Adding an OK ID
+# Note: mw9749 used because we must have employee as responsible
+expect 201
+ns responsible add com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.11.POS Deleting One of Two
+expect 200
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.12.NEG mw9749 no longer Admin
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions
+expect 403
+role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain
+
+# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions
+expect 403
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner
+
+
--- /dev/null
+sleep @[NFR]
+# TC_NS1.80.1.POS List Data on Empty NS
+as testid@aaf.att.com
+
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.80.2.POS Add Roles to NS for Listing
+expect 201
+role create com.test.TC_NS1.@[user.name].r.A
+role create com.test.TC_NS1.@[user.name].r.B
+
+# TC_NS1.80.3.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
--- /dev/null
+# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace
+expect 403
+as testunused@aaf.att.com
+ns delete com.test.TC_NS1.@[user.name]
+
+sleep @[NFR]
+
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NS1.@[user.name].r.A
+role delete com.test.TC_NS1.@[user.name].r.B
+
+# TC_NS1.99.2.POS Namespace Admin can delete Namespace
+ns delete com.test.TC_NS1.@[user.name]
+
+sleep @[NFR]
+
+# TC_NS1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS1.@[user.name]
+
--- /dev/null
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs: POST /authz/ns
+ DELETE /authz/ns/:ns
+ GET /authz/roles/:role (where Role is NS + "*")
+
+CLI:
+ Target
+ ns create :ns :responsibleParty :admins
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_NS2.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com
+
+# TC_NS2.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com
+
+as XX@NS:<pass>
+# TC_NS2.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].admin
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].owner
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS2.@[user.name].project
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].project.admin
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].project.owner
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].project.access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].project.access * read
+
--- /dev/null
+as testid@aaf.att.com
+# TC_NS2.20.1.POS Create roles
+expect 201
+role create com.test.TC_NS2.@[user.name].watcher
+role create com.test.TC_NS2.@[user.name].myRole
+
+# TC_NS2.20.2.POS Create permissions
+perm create com.test.TC_NS2.@[user.name].myType myInstance myAction
+perm create com.test.TC_NS2.@[user.name].myType * *
+
+# TC_NS2.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_NS2.test.com password123
+
+as XX@NS
+# TC_NS2.20.10.POS Grant view perms to watcher role
+expect 201
+perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher
+
--- /dev/null
+
+as testunused@aaf.att.com
+# TC_NS2.40.1.NEG Non-admin, not granted user should not view
+expect 403
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_NS2.40.10.POS Add user to watcher role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+
+as testunused@aaf.att.com
+# TC_NS2.40.11.POS Non-admin, granted user should view
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# TC_NS2.40.19.POS Remove user from watcher role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+
+# Thirties test admin user
+# TC_NS2.40.20.POS Admin should be able to view
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+# TC_NS2.40.21.POS Admin of parent NS should be able to view
+expect 200
+ns list name com.test.TC_NS2.@[user.name].project
+
--- /dev/null
+# TC_NS2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace
+as testunused@aaf.att.com
+expect 200
+ns list admin XX@NS
+
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+role delete com.test.TC_NS2.@[user.name].myRole
+role delete com.test.TC_NS2.@[user.name].watcher
+perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction
+perm delete com.test.TC_NS2.@[user.name].myType * *
+user cred del m99990@@[user.name].TC_NS2.test.com
+
+as XX@NS
+force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read
+
+# TC_NS2.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+
+as testid@aaf.att.com:<pass>
+force role delete com.test.TC_NS2.@[user.name].cred_admin
+
+# TC_NS2.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS2.@[user.name].project
+force ns delete com.test.TC_NS2.@[user.name]
+sleep @[NFR]
+
+# TC_NS2.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS2.@[user.name]
+
--- /dev/null
+This Testcase Tests the viewability of different ns commands
+
+APIs:
+
+CLI:
+
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as XX@NS
+expect 200
+ns list name com.test.TC_NS3.@[user.name]
+
+# TC_NS3.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com
+
--- /dev/null
+as testid_1@test.com
+expect Exception
+# TC_NS3.20.0.NEG Too short
+ns attrib
+
+# TC_NS3.20.1.NEG Wrong command
+ns attrib xyz
+
+# TC_NS3.20.2.NEG Too Short after Command
+ns attrib add
+
+# TC_NS3.20.3.NEG Too Short after Namespace
+ns attrib add com.test.TC_NS3.@[user.name]
+
+# TC_NS3.20.4.NEG Too Short after Key
+ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm
+
+# TC_NS3.20.5.NEG No Permission
+expect 403
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+
+# TC_NS3.20.6.POS Create Permission to write Attrib
+expect 201
+as XX@NS
+perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.6.POS Create Permission
+expect 201
+perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.10.POS Attribute added
+as testid_1@test.com
+expect 201
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+
+# TC_NS3.20.30.POS List NS by Attrib
+expect 200
+ns list keys TC_NS3_swm
+
+# TC_NS3.20.40.POS List NS (shows Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.20.42.POS Change Attrib
+ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1
+
+# TC_NS3.20.49.POS List NS (shows new Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.20.80.POS Remove write Permission
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.83.POS Remove read Permission
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+
--- /dev/null
+as testid_1@test.com
+expect Exception
+# TC_NS3.50.2.NEG Too Short after Command
+ns attrib del
+
+# TC_NS3.50.3.NEG Too Short after Namespace
+ns attrib del com.test.TC_NS3.@[user.name]
+
+# TC_NS3.50.5.NEG No Permission
+expect 403
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+
+# TC_NS3.50.6.POS Create Permission
+as XX@NS
+expect 201
+perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.50.7.POS Attribute added
+as testid_1@test.com
+expect 200
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+
+# TC_NS3.50.8.POS Remove Permission
+as XX@NS
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
--- /dev/null
+expect 200,404
+as testid_1@test.com
+# TC_NS3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.99.3.POS Print Namespaces
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.99.10.POS Remove Special Permissions
+as XX@NS
+force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write
+
+force perm delete com.att.aaf.attrib :com.att.*:* read
+
--- /dev/null
+This is a TEMPLATE testcase, to make creating new Test Cases easier.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+as
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
--- /dev/null
+as testid@aaf.att.com
+# TC_NSdelete1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.force.@[user.name]
+ns list name com.@[user.name]
+
+as XX@NS
+# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com
+ns create com.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_NSdelete1.10.2.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.TC_NSdelete1.@[user.name]
+ns list name com.@[user.name]
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+# TC_NSdelete1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_NSdelete1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+
--- /dev/null
+as testid@aaf.att.com
+# TC_NSdelete1.20.1.POS Create valid Role in my Namespace
+expect 201
+role create com.test.TC_NSdelete1.@[user.name].app.r.A
+
+# TC_NSdelete1.20.2.POS Create valid permission
+expect 201
+perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+
+# TC_NSdelete1.20.3.POS Add credential to my namespace
+expect 201
+user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123
+
+# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential
+expect 424
+ns delete com.test.TC_NSdelete1.@[user.name].app
+
+# TC_NSdelete1.20.11.POS Delete Credential
+expect 200
+set force=true
+user cred del m99990@app.@[user.name].TC_NSdelete1.test.com
+
+# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached
+expect 424
+ns delete com.test.TC_NSdelete1.@[user.name].app
+
+# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns
+expect 200
+set force=move ns list name com.test.TC_NSdelete1.@[user.name]
+
--- /dev/null
+as testid@aaf.att.com
+# TC_NSdelete1.30.1.POS Create valid Role in my Namespace
+expect 201
+role create com.@[user.name].r.A
+
+# TC_NSdelete1.30.2.NEG Delete Company with role attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles
+expect 200
+role delete com.@[user.name].r.A
+
+# TC_NSdelete1.30.10.POS Create valid permission
+expect 201
+perm create com.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.30.11.NEG Delete Company with permission attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms
+expect 200
+perm delete com.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.30.20.POS Create valid Credential in my namespace
+expect 201
+user cred add m99990@@[user.name].com password123
+
+# TC_NSdelete1.30.21.NEG Delete Company with credential attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.22.POS Namespace admin can remove Cred
+expect 200
+set force=true
+user cred del m99990@@[user.name].com
+
+# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached
+expect 200
+ns delete com.@[user.name]
+
--- /dev/null
+# TC_NSdelete1.40.1.POS Create valid Role in my Namespace\r
+expect 201\r
+role create com.test.force.@[user.name].r.A\r
+\r
+# TC_NSdelete1.40.2.POS Create valid permission in my Namespace\r
+expect 201\r
+perm create com.test.force.@[user.name].p.A myInstance myAction\r
+\r
+# TC_NSdelete1.40.3.POS Add credential to my namespace\r
+expect 201\r
+user cred add m99990@@[user.name].force.test.com password123\r
+\r
+# TC_NSdelete1.40.10.POS Delete Program in my Namespace\r
+expect 200\r
+set force=true ns delete com.test.force.@[user.name]\r
+\r
+sleep @[NFR]\r
+# TC_NSdelete1.40.20.NEG Role and permission should not exist\r
+expect 200,404\r
+ns list name com.test.force.@[user.name]\r
+\r
+# TC_NSdelete1.40.22.NEG Credential should not exist\r
+expect 404\r
+set force=true\r
+user cred del m99990@@[user.name].force.test.com\r
+\r
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NSdelete1.@[user.name].app.r.A
+
+# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles
+perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+
+# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials
+set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com
+
+# TC_NSdelete1.99.10.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin
+
+# TC_NSdelete1.99.97.POS Clean Namespace
+set force=true ns delete com.test.TC_NSdelete1.@[user.name].app
+set force=true ns delete com.test.TC_NSdelete1.@[user.name]
+set force=true ns delete com.test.force.@[user.name]
+
+# TC_NSdelete1.99.98.POS Check Clean Namespace
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.TC_NSdelete1.@[user.name]
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.99.99.POS Clean and check Company Namespace
+as XX@NS
+set force=true ns delete com.@[user.name]
+ns list name com.@[user.name]
+
--- /dev/null
+This Testcase Tests the deletion of a Namespace with attached roles and permissions
+
+APIs: POST /authz/ns
+ DELETE /authz/ns/:ns
+ GET /authz/roles/:role (where Role is NS + "*")
+
+CLI:
+ Target
+ ns create :ns :responsibleParty :admins
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+
+as testid@aaf.att.com
+
+# TC_PW1.10.0.POS Validate no NS
+expect 200,404
+ns list name com.test.TC_PW1.@[user.name]
+
+# TC_PW1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_PW1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_PW1.@[user.name].cred_admin
+
+as XX@NS
+# TC_PW1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_PW1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
--- /dev/null
+# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length
+expect 406
+user cred add m12345@TC_PW1.test.com 12
+
+# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1
+
+# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1234567
+
--- /dev/null
+# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com 12345678
+
+# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh
+
+# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*"
+
+# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com m12345
+
--- /dev/null
+# TC_PW1.23.1.NEG Too Few Args for User Cred 1
+expect Exception
+user cred
+
+# TC_PW1.23.2.NEG Too Few Args for User Cred add
+user cred add
--- /dev/null
+# TC_PW1.30.1.POS Create a Credential, with Temporary Time
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+
+# TC_PW1.30.3.NEG Credential Exists
+expect 409
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf"
+
+# TC_PW1.30.8.POS Reset this Password
+expect 200
+user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1
+
+# TC_PW1.30.9.POS Delete a Credential
+user cred del m12345@@[user.name].TC_PW1.test.com 1
+
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com
+set force=true
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_PW1.@[user.name].cred_admin
+
+# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1
+ns delete com.test.TC_PW1.@[user.name]
+
+# TC_PW1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_PW1.@[user.name]
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user cred add :user :password
+ user cred del :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set testid=<pass>
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+# TC_Perm1.10.0.POS Validate Namespace is empty first
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Perm1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Perm1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Perm1.10.12.POS Assign user for creating creds
+expect 201
+user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
--- /dev/null
+# TC_Perm1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.2.POS Add Perm
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.3.NEG Already Added Perm
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.8.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
+# TC_Perm1.20.11.NEG Permission must exist to change description
+expect 404
+as testid
+perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
+
+# TC_Perm1.20.12.POS Admin can change description
+expect 200
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
--- /dev/null
+# TC_Perm1.22.1.NEG Try to rename permission without changing anything\r
+expect 409\r
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction\r
+\r
+# TC_Perm1.22.2.NEG Try to rename parent ns\r
+expect 403\r
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction\r
+\r
+# TC_Perm1.22.10.POS View permission in original state\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.22.11.POS Rename permission instance\r
+expect 200\r
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction\r
+\r
+# TC_Perm1.22.12.POS Verify change in permission instance\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.22.13.POS Rename permission action\r
+expect 200\r
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction\r
+\r
+# TC_Perm1.22.14.POS Verify change in permission action\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.22.15.POS Rename permission type\r
+expect 200\r
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction\r
+\r
+# TC_Perm1.22.16.POS Verify change in permission type\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.22.20.POS See permission is attached to this role\r
+expect 200\r
+role list role com.test.TC_Perm1.@[user.name].r.A\r
+\r
+# TC_Perm1.22.21.POS Rename permission type, instance and action\r
+expect 200\r
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction\r
+\r
+# TC_Perm1.22.22.POS See permission stays attached after rename\r
+expect 200\r
+role list role com.test.TC_Perm1.@[user.name].r.A\r
+\r
+# TC_Perm1.22.23.POS Verify permission is back to original state\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
--- /dev/null
+# TC_Perm1.25.1.POS Create another Role in This namespace
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.2.POS Create another Perm in This namespace
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.4.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.5.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.6.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.11.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.25.21.POS Owner of permission can reset roles
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
--- /dev/null
+# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not\r
+as XX@NS\r
+expect 201\r
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS\r
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS\r
+\r
+# TC_Perm1.26.2.POS Create ID in other Namespace\r
+expect 201\r
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7\r
+\r
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid\r
+expect 201\r
+role create com.test2.TC_Perm1.@[user.name].r.C\r
+role create com.test2.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID\r
+expect 403\r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID\r
+expect 202\r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+set request=true \r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company\r
+as testid@aaf.att.com\r
+expect 403\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company\r
+as testid@aaf.att.com\r
+expect 404\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.14.POS Create Role\r
+as testid@aaf.att.com\r
+expect 201\r
+role create com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company\r
+expect 201\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.16.POS Print Info for Validation\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role\r
+expect 201\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.18.NEG Already Granted Perm\r
+expect 409\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID\r
+expect 200\r
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID\r
+expect 403\r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID\r
+expect 202\r
+set request=true \r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID\r
+expect 403\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B\r
+\r
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID\r
+expect 202\r
+set request=true \r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B\r
+\r
+\r
+# TC_Perm1.26.30.POS Add ID to Role\r
+as XX@NS:<pass> \r
+expect 201\r
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com \r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+sleep @[NFR]\r
+\r
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner\r
+expect 403\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner\r
+expect 202\r
+set request=true\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C\r
+\r
+\r
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace\r
+expect 201\r
+as testid@aaf.att.com\r
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.34.POS Print Info for Validation\r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+\r
+as XX@NS\r
+# TC_Perm1.26.35.POS Print Info for Validation\r
+expect 200\r
+ns list name com.test2.TC_Perm1.@[user.name] \r
+\r
+as testid@aaf.att.com\r
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role\r
+as testid@aaf.att.com\r
+expect 200\r
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.37.NEG Already UnGranted Perm\r
+expect 404\r
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C\r
+\r
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo\r
+expect 200\r
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A\r
+\r
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles\r
+expect 403\r
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7\r
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction\r
+\r
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant\r
+expect 403\r
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C\r
+\r
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete\r
+expect 403\r
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction\r
+\r
+# TC_Perm1.26.45.POS Owner of permission can reset roles\r
+as testid@aaf.att.com\r
+expect 200\r
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction\r
+\r
+as XX@NS\r
+# TC_Perm1.26.97.POS List the Namespaces \r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+ns list name com.test2.TC_Perm1.@[user.name]\r
+\r
+as testid@aaf.att.com\r
+# TC_Perm1.26.98.POS Cleanup\r
+expect 200\r
+role delete com.test.TC_Perm1.@[user.name].r.A\r
+role delete com.test.TC_Perm1.@[user.name].r.B\r
+role delete com.test.TC_Perm1.@[user.name].r.C\r
+role delete com.test.TC_Perm1.@[user.name]_2.r.C\r
+as XX@NS\r
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C\r
+role delete com.test2.TC_Perm1.@[user.name].r.C\r
+as testid@aaf.att.com\r
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction\r
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction\r
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction\r
+force ns delete com.test.TC_Perm1.@[user.name]_2\r
+as XX@NS\r
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com \r
+ns delete com.test2.TC_Perm1.@[user.name]\r
+\r
+# TC_Perm1.26.99.POS List the Now Empty Namespaces \r
+expect 200\r
+ns list name com.test.TC_Perm1.@[user.name]\r
+ns list name com.test2.TC_Perm1.@[user.name]\r
+\r
--- /dev/null
+# TC_Perm1.27.1.POS Create Permission
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.27.2.POS Create Role
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.11.POS Role is created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.13.POS Perm is created with force
+expect 201
+force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.14.POS Role and perm are created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
+
+
--- /dev/null
+# TC_Perm1.30.1.POS List Data on non-Empty NS
+as testid
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Perm1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+
--- /dev/null
+as XX@NS:<pass>
+expect 200,404
+
+# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name].r.unknown
+role delete com.test.TC_Perm1.@[user.name].r.unknown2
+role delete com.test2.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.99.2.POS Remove ability to create creds
+user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS:<pass>
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com:<pass>
+role delete com.test.TC_Perm1.@[user.name].cred_admin
+
+sleep @[NFR]
+as XX@NS:<pass>
+# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
+set force=true ns delete com.test2.TC_Perm1.@[user.name]
+as testid:<pass>
+force ns delete com.test.TC_Perm1.@[user.name].r
+force ns delete com.test.TC_Perm1.@[user.name]_2
+force ns delete com.test.TC_Perm1.@[user.name]
+force ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.99.99.POS List to prove removed
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+ns list name com.test.TC_Perm1.@[user.name]_2
+ns list name com.test2.TC_Perm1.@[user.name]
--- /dev/null
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as testid@aaf.att.com
+# TC_Perm2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
--- /dev/null
+as testid@aaf.att.com:<pass>
+# TC_Perm2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.10.POS Add Perms with specific Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+
+# TC_Perm2.20.11.POS Add Perms with specific Instance and Star
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
+
+# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A * *
+perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+
+# TC_Perm2.20.20.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.superUser
+role create com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.21.POS Grant sub-NS perms to role
+expect 201
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.40.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.watcher
+
+as XX@NS
+# TC_Perm2.20.50.POS Grant view perms to watcher role
+expect 201
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
--- /dev/null
+as testid@aaf.att.com
+# TC_Perm2.30.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
+
+# TC_Perm2.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+ns list name com.test.TC_Perm2.@[user.name].p
+
--- /dev/null
+
+as testunused@aaf.att.com
+# TC_Perm2.40.1.NEG Non-admin, not granted user should not view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_Perm2.40.10.POS Add user to superUser role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.11.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.12.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.13.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.19.POS Remove user from superUser role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+# Twenties test user granted explicit view permission
+# TC_Perm2.40.20.POS Add user to watcher role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as XX@NS
+# TC_Perm2.40.22.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.23.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.29.POS Remove user from watcher role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+# Thirties test admin user
+# TC_Perm2.40.30.POS Admin should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.31.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
+# TC_Perm2.40.32.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.34.POS Admin of parent NS should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.80.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.81.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
--- /dev/null
+# TC_Perm2.41.1.POS Add user to some roles with perms attached
+as testid@aaf.att.com
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
+as XX@NS
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+perm list user XX@NS
+
+# TC_Perm2.41.99.POS Remove users from roles for later test
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
--- /dev/null
+# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+perm list ns com.test.TC_Perm2.@[user.name].p
+
+# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+perm list ns com.test.TC_Perm2.@[user.name].p
+
--- /dev/null
+# TC_Perm2.43.10.POS List perms when allowed to see Role
+as testid@aaf.att.com
+expect 200
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
+as testunused@aaf.att.com
+expect 403
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+
--- /dev/null
+as testid@aaf.att.com
+# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
+expect 200,404
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
+force perm delete com.test.TC_Perm2.@[user.name].p.A * *
+force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+force role delete com.test.TC_Perm2.@[user.name].p.watcher
+force role delete com.test.TC_Perm2.@[user.name].p.superUser
+force role delete com.test.TC_Perm2.@[user.name].p.secret
+
+as XX@NS
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
+
+# TC_Perm2.99.2.POS Namespace Admin can delete Namespace
+expect 200,404
+force ns delete com.test.TC_Perm2.@[user.name].p
+force ns delete com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm2.@[user.name].p
+ns list name com.test.TC_Perm2.@[user.name]
--- /dev/null
+This Testcase Tests the viewability of different perm commands
+
+APIs:
+
+
+
+CLI:
+
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as XX@NS
+# TC_Perm3.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Perm3.@[user.name]
+
+# TC_Perm3.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
+
+# TC_Perm3.10.2.POS Create Namespace with Different ID
+expect 201
+ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
+
+# TC_Perm3.10.3.POS Create Namespace in Different Company
+expect 201
+ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
--- /dev/null
+as testid_1@test.com
+
+# TC_Perm3.20.0.POS User1 Create a Perm
+expect 201
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
+
+# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
+expect 403
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.6.POS User2 should be able to create Role in own group
+as testid_2@test.com
+expect 201
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
+as testid_2@test.com
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
+expect 201
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
--- /dev/null
+# TC_Perm3.30.0.POS User1 Create a Perm
+as testid_1@test.com
+expect 201
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
+
+# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
+expect 403
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
+
+# TC_Perm3.30.6.POS User2 should be able to create Role in own group
+as testunused@aaf.att.com
+expect 201
+role create com.att.TC_Perm3.@[user.name].dev.myRole_b
+
+# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+
+# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
+as testid_1@test.com
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+
--- /dev/null
+expect 200,404
+as testid_1@test.com
+# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_1
+
+# TC_Perm3.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_1
+
+as testid_2@test.com
+# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_2
+
+# TC_Perm3.99.5.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_2
+
+
+as testunused@aaf.att.com
+# TC_Perm3.99.6.POS Remove Namespace from other company
+force ns delete com.att.TC_Perm3.@[user.name]
+
+# TC_Perm3.99.7.POS Print Namespace from other company
+ns list name com.att.TC_Perm3.@[user.name]
--- /dev/null
+This is a targeted Test Case specifically to cover Inner and Outer Granting.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+perm create
+perm grant
+role create
+as
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+
+as testid@aaf.att.com
+
+# TC_Realm1.10.0.POS Validate no NS
+expect 200,404
+ns list name com.test.TC_Realm1.@[user.name]
+
+# TC_Realm1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com
+
+as XX@NS
+# TC_Realm1.10.10.POS Grant ability to change delegates
+expect 201
+force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg
+
+# TC_Realm1.10.11.POS Create user role to change delegates
+expect 201
+user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_Realm1.20.1.NEG Fail to create - default domain wrong
+expect 403
+ns create com.test.TC_Realm1.@[user.name].project1 testunused
+
+# TC_Realm1.20.2.POS Create - default domain appended
+expect 201
+ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name]
+
+# TC_Realm1.20.3.NEG Fail to create - default domain wrong
+expect 403
+ns admin add com.test.TC_Realm1.@[user.name].project1 testunused
+
+# TC_Realm1.20.4.POS Create - full domain given
+expect 201
+ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com
+
+# TC_Realm1.20.5.POS Delete - default domain appended
+expect 200
+ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name]
+
+# TC_Realm1.20.6.POS Add admin - default domain appended
+expect 201
+ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name]
+
--- /dev/null
+# TC_Realm1.30.1.POS Create role to add to users
+expect 201
+role create com.test.TC_Realm1.@[user.name].role1
+
+# TC_Realm1.30.2.NEG Add user, but default domain wrong
+expect 403
+role user add com.test.TC_Realm1.@[user.name].role1 testunused
+
+# TC_Realm1.30.3.POS Add user, with default domain appended
+expect 201
+role user add com.test.TC_Realm1.@[user.name].role1 @[user.name]
+
+# TC_Realm1.30.10.POS Role list, with default domain added
+expect 200
+role list user testunused
+
+# TC_Realm1.30.80.POS Delete user, with default domain appended
+expect 200
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+
--- /dev/null
+# TC_Realm1.40.1.POS Create role to add to users
+expect 201
+role create com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.2.NEG Add user, but default domain wrong
+expect 403
+user role add testunused com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.3.POS Add user, with default domain appended
+expect 201
+user role add @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.10.NEG Add delegate, but default domain wrong
+expect 404
+user delegate add testunused testid 2099-01-01
+
+# TC_Realm1.40.11.POS Add delegate, with default domain appended
+expect 201
+force user delegate add @[user.name] @[user.name] 2099-01-01
+
+# TC_Realm1.40.12.POS Update delegate, with default domain appended
+expect 200
+user delegate upd @[user.name] @[user.name] 2099-01-01
+
+as XX@NS
+# TC_Realm1.40.20.POS List delegate, with default domain appended
+expect 200
+user list delegates user @[user.name]
+
+# TC_Realm1.40.21.POS List delegate, with default domain appended
+expect 200
+user list delegates delegate @[user.name]
+
+as testid@aaf.att.com
+# TC_Realm1.40.80.POS Delete user, with default domain appended
+expect 200
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.81.POS Delete delegate, with default domain appended
+expect 200
+user delegate del @[user.name]
+
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_Realm1.99.1.POS Delete delgates
+user delegate del @[user.name]
+
+# TC_Realm1.99.2.POS Delete user roles
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.99.3.POS Delete roles
+role delete com.test.TC_Realm1.@[user.name].role1
+role delete com.test.TC_Realm1.@[user.name].role2
+
+as XX@NS
+# TC_Realm1.99.10.POS UnGrant ability to change delegates
+perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_Realm1.99.11.POS Delete role to change delegates
+set force=true role delete com.test.TC_Realm1.@[user.name].change_delg
+
+# TC_Realm1.99.98.POS Delete Namespaces
+ns delete com.test.TC_Realm1.@[user.name]
+ns delete com.test.TC_Realm1.@[user.name].project1
+
+# TC_Realm1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_Realm1.@[user.name]
--- /dev/null
+This Testcase tests that the default domain is appended before being sent to the server
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as testid@aaf.att.com
+
+# TC_Role1.10.0.POS Validate NS ok
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
--- /dev/null
+# TC_Role1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.2.POS Add Roles
+expect 201
+role create com.test.TC_Role1.@[user.name].r.A
+role create com.test.TC_Role1.@[user.name].r.B
+
+# TC_Role1.20.3.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.4.NEG Don't write over Role
+expect 409
+role create com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.20.5.NEG Don't allow non-user to create
+expect 401
+as bogus
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
+expect 403
+as testunused@aaf.att.com
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+
+# TC_Role1.20.11.NEG Role must exist to change description
+expect 404
+as testid@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.C Description C
+
+# TC_Role1.20.12.POS Admin can change description
+expect 200
+role describe com.test.TC_Role1.@[user.name].r.A Description A
--- /dev/null
+# TC_Role1.30.1.POS List Data on non-Empty NS
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Role1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+ns list name com.test.TC_Role1.@[user.name].r
+
--- /dev/null
+# TC_Role1.40.01.POS List Data on non-Empty NS
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.20.POS Create a Perm, and add to Role
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.25.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.30.POS Create a Perm
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.40.32.POS Separately Grant Perm
+expect 201
+perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.35.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
--- /dev/null
+# TC_Role1.50.1.POS Create user to attach to role\r
+expect 201\r
+user cred add m00001@@[user.name].TC_Role1.test.com password123\r
+\r
+# TC_Role1.50.2.POS Create new role\r
+expect 201\r
+role create com.test.TC_Role1.@[user.name].r.C\r
+\r
+# TC_Role1.50.3.POS Attach user to role\r
+expect 201\r
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C\r
+\r
+# TC_Role1.50.4.POS Create permission and attach to role\r
+expect 201\r
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C\r
+\r
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail\r
+expect 424\r
+role delete com.test.TC_Role1.@[user.name].r.C\r
+\r
+# TC_Role1.50.21.POS Force delete role should work\r
+expect 200\r
+set force=true role delete com.test.TC_Role1.@[user.name].r.C\r
+\r
+# TC_Role1.50.30.POS List Data on non-Empty NS\r
+expect 200\r
+ns list name com.test.TC_Role1.@[user.name]\r
+\r
--- /dev/null
+# Need to let DB catch up on deletes
+sleep @[NFR]
--- /dev/null
+as testid@aaf.att.com
+expect 200,404
+
+# TC_Role1.99.05.POS Remove Permissions from "40_reports"
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
+force role delete com.test.TC_Role1.@[user.name].r.A
+force role delete com.test.TC_Role1.@[user.name].r.B
+force role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.99.15.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_Role1.@[user.name].cred_admin
+
+# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
+perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
+set force=true
+user cred del m00001@@[user.name].TC_Role1.test.com
+
+# TC_Role1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role1.@[user.name].r
+force ns delete com.test.TC_Role1.@[user.name]
+
+# TC_Role1.99.99.POS List to prove clean Namespaces
+ns list name com.test.TC_Role1.@[user.name].r
+ns list name com.test.TC_Role1.@[user.name]
+
--- /dev/null
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
--- /dev/null
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com:<pass>
+# TC_Role2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+expect 201
+role create com.test.TC_Role2.@[user.name].r.animals
+role create com.test.TC_Role2.@[user.name].r.dogs
+role create com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+expect 201
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+expect 201
+as XX@NS:<pass>
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+expect 200
+as testid@aaf.att.com:<pass>
+ns list name com.test.TC_Role2.@[user.name]
+
--- /dev/null
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.10.POS Add testunused to animals
+expect 201
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
--- /dev/null
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+role list user XX@NS
+
--- /dev/null
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+role list ns com.test.TC_Role2.@[user.name]
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+role list ns com.test.TC_Role2.@[user.name]
+
--- /dev/null
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+expect 200
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+expect 403
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+
--- /dev/null
+as XX@NS
+expect 200,404
+
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
--- /dev/null
+This Testcase Tests the viewability of different role commands
+
+APIs:
+
+
+
+CLI:
+
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as testid@aaf.att.com
+# TC_UR1.10.0.POS Validate no NS
+expect 200
+ns list name com.test.TC_UR1.@[user.name]
+
+# TC_UR1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_UR1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+
+# TC_UR1.10.20.POS Create two Credentials
+user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd"
+user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd"
+
+# TC_UR1.10.21.POS Create two Roles
+role create com.test.TC_UR1.@[user.name].r1
+role create com.test.TC_UR1.@[user.name].r2
+
--- /dev/null
+# TC_UR1.23.1.NEG Too Few Args for User Role 1
+expect 0
+user
+
+# TC_UR1.23.2.NEG Too Few Args for user role
+expect Exception
+user role
+
+# TC_UR1.23.3.NEG Too Few Args for user role add
+user role add
--- /dev/null
+# TC_UR1.30.10.POS Create a UserRole
+expect 201
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.30.11.NEG Created UserRole Exists
+expect 409
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.30.13.POS Delete UserRole
+sleep @[NFR]
+expect 200
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+
+# TC_UR1.30.20.POS Create multiple UserRoles
+expect 201
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.21.NEG Created UserRole Exists
+expect 409
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.23.POS Delete UserRole
+sleep @[NFR]
+expect 200
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.30.POS Create a Role User
+expect 201
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.31.NEG Created Role User Exists
+expect 409
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.33.POS Delete Role User
+sleep @[NFR]
+expect 200
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.40.POS Create multiple Role Users
+expect 201
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.41.NEG Created Role User Exists
+expect 409
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.43.POS Delete Role Users
+sleep @[NFR]
+expect 200
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
--- /dev/null
+# TC_UR1.40.10.POS Create multiple UserRoles\r
+expect 200\r
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2\r
+\r
+# TC_UR1.40.11.POS Reset userrole for a user\r
+expect 200\r
+user role setTo m00001@@[user.name].TC_UR1.test.com\r
+\r
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist\r
+expect 404\r
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5\r
+\r
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist\r
+expect 403\r
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1\r
+\r
+as testunused@aaf.att.com\r
+# TC_UR1.40.19.NEG User without permission tries to add userrole\r
+expect 403\r
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1\r
+\r
+# TC_UR1.40.20.NEG User without permission tries to add userrole\r
+expect 403\r
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com\r
+\r
+as testid@aaf.att.com\r
+# TC_UR1.40.22.POS Reset userrole for a user\r
+expect 200\r
+role user setTo com.test.TC_UR1.@[user.name].r1\r
+\r
+sleep @[NFR]\r
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist\r
+expect 404\r
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com\r
+\r
+sleep @[NFR]\r
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist\r
+expect 403\r
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com\r
+\r
--- /dev/null
+# Need to let DB catch up on deletes
+sleep @[NFR]
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_UR1.99.1.POS Remove User from Role
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+role user setTo com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_UR1.@[user.name].cred_admin
+
+# TC_UR1.99.3.POS Delete Creds
+set force=true
+user cred del m00001@@[user.name].TC_UR1.test.com
+set force=true
+user cred del m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.99.4.POS Delete Roles
+set force=true role delete com.test.TC_UR1.@[user.name].r1
+set force=true role delete com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.99.5.POS Delete Namespace
+set force=true ns delete com.test.TC_UR1.@[user.name]
+
+# TC_UR1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_UR1.@[user.name]
--- /dev/null
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user cred add :user :password
+ user cred del :user
+ Ancillary
+ ns create
+ ns delete
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+set m99990@@[user.name].TC_User1.test.com=password123
+set m99995@@[user.name].TC_User1.test.com=password123
+
+#delay 10
+set NFR=0
+
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_User1.@[user.name]
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+
+as XX@NS:<pass>
+# TC_User1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_User1.@[user.name]
+
--- /dev/null
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+expect 201
+role create com.test.TC_User1.@[user.name].manager
+role create com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+user cred add m99995@@[user.name].TC_User1.test.com password123
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+expect 201
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
--- /dev/null
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+expect 403
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+expect 403
+user list role com.test.TC_User1.@[user.name].manager
+
+sleep @[NFR]
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+expect 200
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
--- /dev/null
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+
--- /dev/null
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+expect 403
+user list delegates user m99990@@[user.name].TC_User1.test.com
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+expect 200
+user list delegates user @[user.name]
+user list delegates delegate @[user.name]
+
--- /dev/null
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+expect 201
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+expect 201
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
--- /dev/null
+expect 200,404
+as testid@aaf.att.com
+
+# TC_User1.99.0.POS Remove user roles
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move
+force perm delete com.test.TC_User1.@[user.name].supplies * stock
+force perm delete com.test.TC_User1.@[user.name].schedule worker create
+force perm delete com.test.TC_User1.@[user.name].worker * annoy
+force role delete com.test.TC_User1.@[user.name].manager
+force role delete com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+user cred del m99990@@[user.name].TC_User1.test.com
+user cred del m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+
+as testid@aaf.att.com:<pass>
+force role delete com.test.TC_User1.@[user.name].cred_admin
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+sleep @[NFR]
+
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+
--- /dev/null
+This Testcase Tests the viewability of different user commands
+
+APIs:
+
+CLI:
+
--- /dev/null
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as XX@NS
+# TC_Wild.10.0.POS Validate NS ok
+expect 200
+ns list name com.att.test.TC_Wild.@[user.name]
+
+# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Wild.10.10.POS Create a clean MechID
+expect 201
+user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8
+set m99999@@[user.name].TC_Wild.att.com=aNewPass8
+
+as XX@NS
+# TC_Wild.10.11.POS Create role and assign MechID to
+expect 201
+role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.20.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.20.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.20.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.20.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.20.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.21.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.21.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.21.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.21.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.21.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.30.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.30.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.30.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.30.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.30.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.31.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.31.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.31.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.31.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.31.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.32.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.32.5.POS Print Perms
+as m99999@@[user.name].TC_Wild.att.com
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.32.7.POS Now able to create a role in NS
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+# TC_Wild.32.8.POS May Print Role
+expect 200
+role list role com.att.TC_Wild.@[user.name].tool.myRole
+
+as XX@NS
+# TC_Wild.32.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:* *
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.50.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.50.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.50.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.50.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.50.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.51.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.51.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.51.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.51.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.51.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.att.*:role:tool.* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
--- /dev/null
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.52.1.NEG Fail to create a NS
+expect 403
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+
+# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.52.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.52.7.POS Now able to create an NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+
+# TC_Wild.52.8.POS Print Perms
+as XX@NS
+expect 200
+ns list name com.test.TC_Wild.@[user.name]
+
+# TC_Wild.52.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.test:ns write
+force ns delete com.test.TC_Wild.@[user.name]
+
--- /dev/null
+as XX@NS
+expect 200,404
+
+# TC_Wild.99.80.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* write
+
+# TC_Wild.99.81.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* *
+
+# TC_Wild.99.82.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:role:* write
+
+# TC_Wild.99.83.POS Cleanup
+force perm delete com.att.aaf.ns :com.test:ns write
+
+# TC_Wild.99.90.POS Cleanup
+force ns delete com.test.TC_Wild.@[user.name]
+
+# TC_Wild.99.91.POS Cleanup
+force ns delete com.att.TC_Wild.@[user.name]
+
+# TC_Wild.99.99.POS List to prove clean Namespaces
+ns list name com.att.TC_Wild.@[user.name]
+ns list name com.test.TC_Wild.@[user.name]
+
--- /dev/null
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
--- /dev/null
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
--- /dev/null
+as XX@NS
+# TEMPLATE_TC.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TEMPLATE_TC.@[user.name]_1 @[user.name] testid_1@test.com
+
+# TEMPLATE_TC.10.4.POS Print NS to prove ok
+expect 200
+ns list name com.test.TEMPLATE_TC.@[user.name]_2
+
+# TEMPLATE_TC.10.5.POS Create Namespace with Different ID
+expect 201
+ns create com.test.TEMPLATE_TC.@[user.name]_2 @[user.name] testid_2@test.com
+
+# TEMPLATE_TC.10.8.POS Print NS to prove ok
+expect 200
+ns list name com.att.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.10.9.POS Create Namespace in Different Company
+expect 201
+ns create com.att.TEMPLATE_TC.@[user.name] @[user.name] testunused@aaf.att.com
--- /dev/null
+expect 200,404
+as testid_1@test.com
+# TEMPLATE_TC.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TEMPLATE_TC.@[user.name]_1
+
+# TEMPLATE_TC.99.3.POS Print Namespaces
+ns list name com.test.TEMPLATE_TC.@[user.name]_1
+
+as testid_2@test.com
+# TEMPLATE_TC.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TEMPLATE_TC.@[user.name]_2
+
+# TEMPLATE_TC.99.5.POS Print Namespaces
+ns list name com.test.TEMPLATE_TC.@[user.name]_2
+
+
+as testunused@aaf.att.com
+# TEMPLATE_TC.99.6.POS Remove Namespace from other company
+force ns delete com.att.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.99.7.POS Print Namespace from other company
+ns list name com.att.TEMPLATE_TC.@[user.name]
--- /dev/null
+This is a TEMPLATE testcase, to make creating new Test Cases easier.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+as
+
--- /dev/null
+# /bin/bash
+. ~/.bashrc
+function failed {
+ echo "FAILED TEST! " $*
+ exit 1
+}
+
+if [ "$1" == "" ] ; then
+ DIRS=`find . -name "TC_*" -maxdepth 1`" "`find . -name "MTC_*" -maxdepth 1`
+else
+ DIRS="$1"
+fi
+
+ for DIR in $DIRS; do
+ for FILE in $DIR/[0-9]*; do
+ echo "*** "$FILE" ***"
+ cat $FILE
+ echo
+ done
+ done
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$2" != "" ] ; then
+ if [ -e $2 ]; then
+ echo "$2 exists, copy aborted"
+ exit 1
+ fi
+ mkdir -p $2
+ for FILE in $1/*; do
+ FILE2=`echo $FILE | sed -e "s/$1/$2/"`
+ echo $FILE2
+ sed -e "s/$1/$2/g" $FILE > $FILE2
+ done
+else
+ echo 'Usage: copy <Source TestCase> <Target TestCase>'
+fi
+
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$1" == "" ]; then
+ DIRS=`ls -d TC*`
+else
+ DIRS=$1
+fi
+
+echo '"Test Case","Description"'
+for DIR in $DIRS; do
+ grep -h "^# $DIR" $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ /,"/' -e 's/$/"/'
+done
+cd ..
+exit 0
--- /dev/null
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Appr1.10.0.POS List NS to prove ok
+ns list name com.test.appr
+** Expect 200 **
+
+List Namespaces by Name[com.test.appr]
+--------------------------------------------------------------------------------
+
+ns list name com.test.appr.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.appr.@[THE_USER]]
+--------------------------------------------------------------------------------
+
+# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals
+ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Appr1.10.2.POS Create General Namespace to add Approvals
+ns create com.test.appr @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Appr1.10.10.POS Create Roles in Namespace
+role create com.test.appr.@[user.name].addToUserRole
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantToPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].ungrantFromPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantFirstPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantSecondPerm
+** Expect 201 **
+Created Role
+
+# TC_Appr1.10.12.POS Create Permissions in Namespace
+perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].ungrantFromRole|myInstance|myAction] to Role [com.test.appr.@[THE_USER].ungrantFromPerm]
+
+perm create com.test.appr.@[user.name].grantToRole myInstance myAction
+** Expect 201 **
+Created Permission
+
+force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].deleteThisPerm|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantedRole] (Created)
+
+perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantFirstPerm]
+Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantSecondPerm]
+
+as testunused@aaf.att.com
+# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request
+user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.02.NEG Create Approval for NS create
+ns create com.test.appr.@[user.name].myProject @[user.name]
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.03.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.05.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request
+set request true
+set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+** Expect 202 **
+UserRole Creation Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.52.POS Create Approval for NS create
+set request true
+set request=true ns create com.test.appr.@[user.name].myProject @[user.name]
+** Expect 202 **
+Namespace Creation Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.53.POS Generate Approval for granting permission to role
+set request true
+set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 202 **
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.55.POS Generate Approval for granting permission to role
+request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 202 **
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+
--- /dev/null
+# TC_Appr2.99.1.POS Delete User Role, if exists
+user role del testunused@aaf.att.com com.test.appr.@[user.name].myRole
+** Expect 200,404 **
+Failed [SVC1404]: Cannot delete non-existent User Role
+
+# TC_Appr2.99.79.POS Delete Role
+role delete com.test.appr.@[user.name].myRole
+** Expect 200,404 **
+Deleted Role
+
+# TC_Appr2.99.80.POS Delete Namespaces for TestSuite
+ns delete com.test.appr
+** Expect 200,404 **
+Deleted Namespace
+
+ns delete com.test.appr.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Appr2.99.81.POS Delete Credential used to generate approvals
+as XX@NS:<pass> user cred del testbatch@aaf.att.com
+** Expect 200,404 **
+Deleted Credential [testbatch@aaf.att.com]
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+set XX@NS <pass>
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Cred1.10.0.POS List NS to prove ok
+ns list name com.test.TC_Cred1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
+ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Cred1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+role create com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 201 **
+Created Role
+
+# TC_Cred1.10.11.POS Assign roles to perms
+as XX@NS
+perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]
+
+perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Cred1.10.30.POS Assign user for creating creds
+user cred add m99999@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]
+
+set m99999@@[THE_USER].TC_Cred1.test.com password123
+# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
+user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
+Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.10.32.POS Remove create rights for testing
+user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200 **
+Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
+as testunused@aaf.att.com
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T
+
+# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
+as m99999@@[THE_USER].TC_Cred1.test.com
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
+as testunused@aaf.att.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]
+
+# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
+as m99999@@[THE_USER].TC_Cred1.test.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
+as testid@aaf.att.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.20.POS Admin, delete
+user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.1.NEG Multiple options available to delete
+as XX@NS
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+as testid@aaf.att.com
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.2.POS Succeeds when we choose last option
+user cred del m99990@@[user.name].TC_Cred1.test.com 2
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.10.POS Add another credential
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.11.NEG Multiple options available to reset
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 300 **
+Failed [SVC1300]: Choice - Select which cred to update:
+ Id Type Expires
+ 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
+ 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
+Run same command again with chosen entry as last parameter
+
+# TC_Cred1.30.12.NEG Fails when we choose a bad option
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - User chose invalid credential selection
+
+# TC_Cred1.30.13.POS Succeeds when we choose last option
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+#TC_Cred1.30.30.NEG Fails when we don't have specific property
+user cred extend m99990@@[user.name].TC_Cred1.test.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T
+
+#### EXTENDS behavior ####
+#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
+as XX@NS
+role create com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 201 **
+Created Role
+
+#TC_Cred1.30.33.POS Grant Extends Permission to Role
+perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 201 **
+Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
+
+#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
+role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
+** Expect 201 **
+Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
+
+#TC_Cred1.30.36.POS Extend Password, expecting Single Response
+user cred extend m99990@@[user.name].TC_Cred1.test.com 1
+** Expect 200 **
+Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+#TC_Cred1.30.39.POS Remove Role
+set force true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 200 **
+Deleted Role
+
+#### MULTI CLEANUP #####
+role list user m99990@@[user.name].TC_Cred1.test.com
+** Expect 200 **
+
+List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Cred1.30.80.POS Delete all entries for this cred
+set force true
+user cred del m99990@@[user.name].TC_Cred1.test.com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.99.POS List ns shows no creds attached
+ns list name com.test.TC_Cred1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Cred1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Cred1.@[THE_USER].admin
+ com.test.TC_Cred1.@[THE_USER].cred_admin
+ com.test.TC_Cred1.@[THE_USER].owner
+ com.test.TC_Cred1.@[THE_USER].pw_reset
+ Permissions
+ com.test.TC_Cred1.@[THE_USER].access * *
+ com.test.TC_Cred1.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].TC_Cred1.test.com
+
+as testid@aaf.att.com
+# TC_Cred1.99.1.POS Delete credentials
+force user cred del m99990@@[user.name].TC_Cred1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+#TC_Cred1.99.2.POS Ensure Remove Role
+set force true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist
+
+# TC_Cred1.99.10.POS Remove ability to create creds
+force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+force perm delete com.att.aaf.password com.test reset
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.mechid com.test create
+** Expect 200,404 **
+Deleted Permission
+
+as testid@aaf.att.com
+force role delete com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 200,404 **
+Deleted Role
+
+# TC_Cred1.99.99.POS Delete Namespace for TestSuite
+set force true
+set force=true ns delete com.test.TC_Cred1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+as XX@NS
+force ns delete com.test.TC_Cred1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist
+
+force ns delete com.test.TC_Cred1
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set m99999@@[THE_USER].delg.test.com password123
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+# TC_DELG1.10.1.POS Check For Existing Data
+as testid@aaf.att.com
+ns list name com.test.delg.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as XX@NS
+perm create com.att.aaf.delg com.att * com.att.admin
+** Expect 201,409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.att.aaf.delg|com.att|*] already exists.
+
+user list delegates delegate @[user.name]@csp.att.com
+** Expect 404 **
+Failed [SVC7404]: Not Found - Delegate [@[THE_USER]@csp.att.com] is not delegating for anyone.
+
+as testid@aaf.att.com
+# TC_DELG1.10.2.POS Create Namespace to add IDs
+ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as XX@NS
+# TC_DELG1.10.10.POS Grant ability to change delegates
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.delg.@[THE_USER].change_delg] does not exist
+
+# TC_DELG1.10.11.POS Grant ability to change delegates
+role create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Created Role
+
+# TC_DELG1.10.12.POS Grant ability to change delegates
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg]
+
+# TC_DELG1.10.14.POS Create user role to change delegates
+user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Added Role [com.test.delg.@[THE_USER].change_delg] to User [testid@aaf.att.com]
+
+# TC_DELG1.10.15.POS Grant ability to create cred
+perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg]
+
+as testid@aaf.att.com
+# TC_DELG1.10.30.POS Create cred that will change his own delg
+user cred add m99999@@[user.name].delg.test.com password123
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].delg.test.com]
+
+as XX@NS
+Unknown Instruction "TC_DELG1.10.31.POS"
+perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 200 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.delg.@[THE_USER].change_delg]
+
+as testid@aaf.att.com
+# TC_DELG1.10.99.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.delg.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.delg.@[THE_USER].admin
+ com.test.delg.@[THE_USER].change_delg
+ com.test.delg.@[THE_USER].owner
+ Permissions
+ com.test.delg.@[THE_USER].access * *
+ com.test.delg.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].delg.test.com
+
+# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID
+user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database.
+
+# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate
+user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database.
+
+# TC_DELG1.20.20.NEG May not change user, no delegate permission
+as m99999@@[THE_USER].delg.test.com
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].delg.test.com] may not create a delegate for [@[THE_USER]@csp.att.com]
+
+as testid@aaf.att.com
+# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC1404]: Not Found - [@[THE_USER]@csp.att.com] does not have a Delegate Record to [write].
+
+# TC_DELG1.20.22.NEG May not create delegate for self.
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - [@[THE_USER]@csp.att.com] cannot be a delegate for self
+
+# TC_DELG1.20.23.POS May create delegate for self for tests by forcing.
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 201 **
+Delegate Added
+
+as XX@NS
+# TC_DELG1.20.30.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_DELG1.20.35.NEG Fail Create when exists
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - [@[THE_USER]@csp.att.com] already delegates to [@[THE_USER]@csp.att.com]
+
+as XX@NS
+# TC_DELG1.20.40.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_DELG1.20.46.POS Update Delegate with new Date
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00'
+** Expect 200 **
+Delegate Updated
+
+as XX@NS
+# TC_DELG1.20.82.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+# TC_DELG1.20.83.POS Expect Delegate to show up in list
+user list delegates delegate @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as XX@NS
+# TC_DELG1.99.0.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.delg.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.delg.@[THE_USER].admin
+ com.test.delg.@[THE_USER].change_delg
+ com.test.delg.@[THE_USER].owner
+ Permissions
+ com.test.delg.@[THE_USER].access * *
+ com.test.delg.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].delg.test.com
+
+# TC_DELG1.99.10.POS Delete Delegates
+user delegate del @[user.name]@csp.att.com
+** Expect 200,404 **
+Delegate Deleted
+
+# TC_DELG1.99.30.POS Delete Namespace com.att.test.id
+force ns delete com.test.delg.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_DELG1.99.98.POS Check for Delegate Data as Correct
+user list delegates user @[user.name]@csp.att.com
+** Expect 200,404 **
+Failed [SVC7404]: Not Found - No Delegate found for [@[THE_USER]@csp.att.com]
+
+# TC_DELG1.99.99.POS Check for NS Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid <pass>
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+# TC_05
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200,404 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200,404 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_10
+as XX@NS
+ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+role create com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole]
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+role delete com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+Deleted Role
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+role create com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole]
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+as XX@NS
+force ns delete com.test.TC_Link_2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Link_1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NS1.01.0.POS Expect Clean Namespace to start
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party
+ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testunused@aaf.att.com does not have permission to assume test status at AT&T
+
+# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin
+ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC2403]: Forbidden - bogus@aaf.att.com is not a valid AAF Credential
+
+as testid@aaf.att.com
+# TC_NS1.10.0.POS Check for Existing Data
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NS1.10.40.POS Expect Namespace to be created
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.10.41.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * *
+
+
+# TC_NS1.10.42.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * read
+
+
+# TC_NS1.10.43.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].access * *
+
+# TC_NS1.10.44.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.11.1.NEG Create Namespace when exists
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Target Namespace already exists
+
+# TC_NS1.20.1.NEG Too Few Args for Create 1
+ns create
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.20.2.NEG Too Few Args for Create 2
+ns create bogus
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.30.10.NEG Non-admins can't change description
+as testunused@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.30.11.NEG Namespace must exist to change description
+as testid@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name].project1 Description for my project
+** Expect 404 **
+Failed [SVC1404]: Not Found - Namespace [com.test.TC_NS1.@[THE_USER].project1] does not exist
+
+# TC_NS1.30.12.POS Admin can change description
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 200 **
+Description added to Namespace
+
+# TC_NS1.50.1.NEG Adding a Bogus ID
+ns admin add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain
+ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.3.NEG Adding an OK ID, bad domain
+ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - xz9914@bogus.test.com is not a valid AAF Credential
+
+# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+sleep 0
+# TC_NS1.50.10.POS Adding an OK ID
+ns admin add com.test.TC_NS1.@[user.name] XX@NS
+** Expect 201 **
+Admin XX@NS added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.11.POS Deleting One of Two
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 200 **
+Admin testid@aaf.att.com deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.13.POS Add ID back in
+ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.14.POS Deleting original
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 200 **
+Admin XX@NS deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.15.NEG Can't remove twice
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions
+role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.60.1.NEG Adding a Bogus ID
+ns responsible add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain
+ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.3.NEG Adding an OK ID, bad domain
+ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+sleep 0
+# TC_NS1.60.10.POS Adding an OK ID
+# Note: mw9749 used because we must have employee as responsible
+ns responsible add com.test.TC_NS1.@[user.name] mw9749
+** Expect 201 **
+mw9749@csp.att.com is now responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.11.POS Deleting One of Two
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 200 **
+mw9749@csp.att.com is no longer responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.12.NEG mw9749 no longer Admin
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [mw9749@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions
+role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+sleep 0
+# TC_NS1.80.1.POS List Data on Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.80.2.POS Add Roles to NS for Listing
+role create com.test.TC_NS1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+role create com.test.TC_NS1.@[user.name].r.B
+** Expect 201 **
+Created Role
+
+# TC_NS1.80.3.POS List Data on non-Empty NS
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].r.A
+ com.test.TC_NS1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace
+as testunused@aaf.att.com
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write in NS [com.test.TC_NS1.@[THE_USER]]
+
+sleep 0
+as testid@aaf.att.com
+# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NS1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_NS1.@[user.name].r.B
+** Expect 200,404 **
+Deleted Role
+
+# TC_NS1.99.2.POS Namespace Admin can delete Namespace
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_NS1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NS2.10.0.POS Check for Existing Data
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NS2.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as XX@NS
+# TC_NS2.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].access * *
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].access * read
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+ns list name com.test.TC_NS2.@[user.name].project
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+ Administrators
+ testunused@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].project.access * *
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].project.admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].project.admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.access * *
+
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].project.owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].project.owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.access * read
+
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].project.access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].project.access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.owner
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+as testid@aaf.att.com
+# TC_NS2.20.1.POS Create roles
+role create com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Created Role
+
+role create com.test.TC_NS2.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+# TC_NS2.20.2.POS Create permissions
+perm create com.test.TC_NS2.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm create com.test.TC_NS2.@[user.name].myType * *
+** Expect 201 **
+Created Permission
+
+# TC_NS2.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_NS2.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_NS2.test.com]
+
+as XX@NS
+# TC_NS2.20.10.POS Grant view perms to watcher role
+perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.test.TC_NS2.@[THE_USER]:ns|read] to Role [com.test.TC_NS2.@[THE_USER].watcher]
+
+as testunused@aaf.att.com
+# TC_NS2.40.1.NEG Non-admin, not granted user should not view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_NS2.@[THE_USER]]
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_NS2.40.10.POS Add user to watcher role
+user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Added Role [com.test.TC_NS2.@[THE_USER].watcher] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_NS2.40.11.POS Non-admin, granted user should view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].myRole
+ com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].watcher
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+ com.test.TC_NS2.@[THE_USER].myType * *
+ com.test.TC_NS2.@[THE_USER].myType myInstance myAction
+ Credentials
+ m99990@@[THE_USER].TC_NS2.test.com
+
+as testid@aaf.att.com
+# TC_NS2.40.19.POS Remove user from watcher role
+user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+** Expect 200 **
+Removed Role [com.test.TC_NS2.@[THE_USER].watcher] from User [testunused@aaf.att.com]
+
+# Thirties test admin user
+# TC_NS2.40.20.POS Admin should be able to view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].myRole
+ com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].watcher
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+ com.test.TC_NS2.@[THE_USER].myType * *
+ com.test.TC_NS2.@[THE_USER].myType myInstance myAction
+ Credentials
+ m99990@@[THE_USER].TC_NS2.test.com
+
+# TC_NS2.40.21.POS Admin of parent NS should be able to view
+ns list name com.test.TC_NS2.@[user.name].project
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+ Administrators
+ testunused@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].project.access * *
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+# TC_NS2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace
+as testunused@aaf.att.com
+ns list admin XX@NS
+** Expect 200 **
+
+List Namespaces with admin privileges for [XX@NS]
+--------------------------------------------------------------------------------
+com
+com.att
+com.att.aaf
+com.test
+
+as testid@aaf.att.com
+# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+role delete com.test.TC_NS2.@[user.name].myRole
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_NS2.@[user.name].watcher
+** Expect 200,404 **
+Deleted Role
+
+perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+perm delete com.test.TC_NS2.@[user.name].myType * *
+** Expect 200,404 **
+Deleted Permission
+
+user cred del m99990@@[user.name].TC_NS2.test.com
+** Expect 200,404 **
+Deleted Credential [m99990@@[THE_USER].TC_NS2.test.com]
+
+as XX@NS
+force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read
+** Expect 200,404 **
+Deleted Permission
+
+# TC_NS2.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+force role delete com.test.TC_NS2.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_NS2.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS2.@[user.name].project
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_NS2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_NS2.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set testid_1@test.com <pass>
+set testid_2@test.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+ns list name com.test.TC_NS3.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS3.10.1.POS Create Namespace with User ID
+ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com
+** Expect 201 **
+Created Namespace
+
+as testid_1@test.com
+# TC_NS3.20.0.NEG Too short
+ns attrib
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.1.NEG Wrong command
+ns attrib xyz
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.2.NEG Too Short after Command
+ns attrib add
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.3.NEG Too Short after Namespace
+ns attrib add com.test.TC_NS3.@[user.name]
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.4.NEG Too Short after Key
+ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm
+** Expect -1 **
+Not added: Need more Data
+
+# TC_NS3.20.5.NEG No Permission
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testid_1@test.com may not create NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm]
+
+# TC_NS3.20.6.POS Create Permission to write Attrib
+as XX@NS
+perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.6.POS Create Permission
+perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.attrib|:com.att.*:*|read] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.10.POS Attribute added
+as testid_1@test.com
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+** Expect 201 **
+Add Attrib TC_NS3_swm=v1 to com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.30.POS List NS by Attrib
+ns list keys TC_NS3_swm
+** Expect 200 **
+
+List Namespace Names by Attribute
+--------------------------------------------------------------------------------
+ com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.40.POS List NS (shows Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+com.test.TC_NS3.@[THE_USER]_1
+ Administrators
+ testid_1@test.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Namespace Attributes
+ TC_NS3_swm=v1
+ Roles
+ com.test.TC_NS3.@[THE_USER]_1.admin
+ com.test.TC_NS3.@[THE_USER]_1.owner
+ Permissions
+ com.test.TC_NS3.@[THE_USER]_1.access * *
+ com.test.TC_NS3.@[THE_USER]_1.access * read
+
+# TC_NS3.20.42.POS Change Attrib
+ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1
+** Expect 200 **
+Update Attrib TC_NS3_swm=Version1 for com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.49.POS List NS (shows new Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+com.test.TC_NS3.@[THE_USER]_1
+ Administrators
+ testid_1@test.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Namespace Attributes
+ TC_NS3_swm=Version1
+ Roles
+ com.test.TC_NS3.@[THE_USER]_1.admin
+ com.test.TC_NS3.@[THE_USER]_1.owner
+ Permissions
+ com.test.TC_NS3.@[THE_USER]_1.access * *
+ com.test.TC_NS3.@[THE_USER]_1.access * read
+
+# TC_NS3.20.80.POS Remove write Permission
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.83.POS Remove read Permission
+perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:*|read] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+as testid_1@test.com
+# TC_NS3.50.2.NEG Too Short after Command
+ns attrib del
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.50.3.NEG Too Short after Namespace
+ns attrib del com.test.TC_NS3.@[user.name]
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.50.5.NEG No Permission
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testid_1@test.com may not delete NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm]
+
+# TC_NS3.50.6.POS Create Permission
+as XX@NS
+perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.50.7.POS Attribute added
+as testid_1@test.com
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+** Expect 200 **
+Attrib TC_NS3_swm deleted from com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.50.8.POS Remove Permission
+as XX@NS
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+as testid_1@test.com
+# TC_NS3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS3.@[user.name]_1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_NS3.99.3.POS Print Namespaces
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS3.99.10.POS Remove Special Permissions
+as XX@NS
+force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.attrib :com.att.*:* read
+** Expect 200,404 **
+Deleted Permission
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NSdelete1.10.0.POS Check for Existing Data
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.force.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as XX@NS
+# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties
+ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NSdelete1.10.2.POS Expect Namespace to be created
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER].app
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].app.admin
+ com.test.TC_NSdelete1.@[THE_USER].app.owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].app.access * *
+ com.test.TC_NSdelete1.@[THE_USER].app.access * read
+
+ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].admin
+ com.test.TC_NSdelete1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].access * *
+ com.test.TC_NSdelete1.@[THE_USER].access * read
+
+ns list name com.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.@[THE_USER].admin
+ com.@[THE_USER].owner
+ Permissions
+ com.@[THE_USER].access * *
+ com.@[THE_USER].access * read
+
+ns list name com.test.force.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.force.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.force.@[THE_USER].admin
+ com.test.force.@[THE_USER].owner
+ Permissions
+ com.test.force.@[THE_USER].access * *
+ com.test.force.@[THE_USER].access * read
+
+# TC_NSdelete1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_NSdelete1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+as testid@aaf.att.com
+# TC_NSdelete1.20.1.POS Create valid Role in my Namespace
+role create com.test.TC_NSdelete1.@[user.name].app.r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.20.2.POS Create valid permission
+perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.20.3.POS Add credential to my namespace
+user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123
+** Expect 201 **
+Added Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com]
+
+# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential
+ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains users, permissions, roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.20.11.POS Delete Credential
+set force true
+user cred del m99990@app.@[user.name].TC_NSdelete1.test.com
+** Expect 200 **
+Deleted Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com]
+
+# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached
+ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains permissions, roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns
+set force move
+set force=move ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].admin
+ com.test.TC_NSdelete1.@[THE_USER].cred_admin
+ com.test.TC_NSdelete1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].access * *
+ com.test.TC_NSdelete1.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NSdelete1.30.1.POS Create valid Role in my Namespace
+role create com.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.30.2.NEG Delete Company with role attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles
+role delete com.@[user.name].r.A
+** Expect 200 **
+Deleted Role
+
+# TC_NSdelete1.30.10.POS Create valid permission
+perm create com.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.30.11.NEG Delete Company with permission attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains permissions.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms
+perm delete com.@[user.name].p.A myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+# TC_NSdelete1.30.20.POS Create valid Credential in my namespace
+user cred add m99990@@[user.name].com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].com]
+
+# TC_NSdelete1.30.21.NEG Delete Company with credential attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains users.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.22.POS Namespace admin can remove Cred
+set force true
+user cred del m99990@@[user.name].com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].com]
+
+# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached
+ns delete com.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+# TC_NSdelete1.40.1.POS Create valid Role in my Namespace
+role create com.test.force.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.40.2.POS Create valid permission in my Namespace
+perm create com.test.force.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.40.3.POS Add credential to my namespace
+user cred add m99990@@[user.name].force.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].force.test.com]
+
+# TC_NSdelete1.40.10.POS Delete Program in my Namespace
+set force true
+set force=true ns delete com.test.force.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+sleep 0
+# TC_NSdelete1.40.20.NEG Role and permission should not exist
+ns list name com.test.force.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NSdelete1.40.22.NEG Credential should not exist
+set force true
+user cred del m99990@@[user.name].force.test.com
+** Expect 404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+as testid@aaf.att.com
+# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NSdelete1.@[user.name].app.r.A
+** Expect 200,404 **
+Deleted Role
+
+# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles
+perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials
+set force true
+set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+# TC_NSdelete1.99.10.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+set force true
+set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_NSdelete1.99.97.POS Clean Namespace
+set force true
+set force=true ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 200,404 **
+Deleted Namespace
+
+set force true
+set force=true ns delete com.test.TC_NSdelete1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+set force true
+set force=true ns delete com.test.force.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.force.@[THE_USER] does not exist
+
+# TC_NSdelete1.99.98.POS Check Clean Namespace
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.force.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NSdelete1.99.99.POS Clean and check Company Namespace
+as XX@NS
+set force true
+set force=true ns delete com.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.@[THE_USER] does not exist
+
+ns list name com.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_PW1.10.0.POS Validate no NS
+ns list name com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_PW1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_PW1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_PW1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_PW1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_PW1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_PW1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_PW1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 12
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1234567
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com 12345678
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*"
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID
+user cred add m12345@@[user.name].TC_PW1.test.com m12345
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010)
+
+# TC_PW1.23.1.NEG Too Few Args for User Cred 1
+user cred
+** Expect -1 **
+Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+
+# TC_PW1.23.2.NEG Too Few Args for User Cred add
+user cred add
+** Expect -1 **
+Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+
+# TC_PW1.30.1.POS Create a Credential, with Temporary Time
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.30.3.NEG Credential Exists
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf"
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Credential with same Expiration Date exists, use 'reset'
+
+# TC_PW1.30.8.POS Reset this Password
+user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1
+** Expect 200 **
+Reset Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.30.9.POS Delete a Credential
+user cred del m12345@@[user.name].TC_PW1.test.com 1
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+as testid@aaf.att.com
+# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com
+set force true
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+# TC_PW1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_PW1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_PW1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1
+ns delete com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_PW1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_PW1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid <pass>
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+# TC_Perm1.10.0.POS Validate Namespace is empty first
+as testid@aaf.att.com
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Perm1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Perm1.10.12.POS Assign user for creating creds
+user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS]
+
+# TC_Perm1.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+
+# TC_Perm1.20.2.POS Add Perm
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.20.3.NEG Already Added Perm
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists.
+
+# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
+force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.A]
+Created Role [com.test.TC_Perm1.@[THE_USER].r.B]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B]
+
+# TC_Perm1.20.8.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
+perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists.
+
+# TC_Perm1.20.10.NEG Non-admins can't change description
+as testunused
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction]
+
+# TC_Perm1.20.11.NEG Permission must exist to change description
+as testid
+perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
+** Expect 404 **
+Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
+
+# TC_Perm1.20.12.POS Admin can change description
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+** Expect 200 **
+Description added to Permission
+
+# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.22.10.POS View permission in original state
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.22.11.POS Rename permission instance
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction
+
+# TC_Perm1.22.13.POS Rename permission action
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.14.POS Verify change in permission action
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction
+
+# TC_Perm1.22.15.POS Rename permission type
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.16.POS Verify change in permission type
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+role list role com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+role list role com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.25.1.POS Create another Role in This namespace
+role create com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.25.2.POS Create another Perm in This namespace
+perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
+perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist
+
+# TC_Perm1.25.4.POS Grant individual new Perm to new Role
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.5.NEG Already Granted Perm
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.6.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.11.NEG Already UnGranted Perm
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
+
+# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.25.21.POS Owner of permission can reset roles
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Set Permission's Roles to []
+
+# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+role create com.test2.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.16.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+set request true
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+** Expect 201 **
+Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER]
+
+as m99990@@[THE_USER].TC_Perm1.test2.com
+sleep 0
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.34.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test2.TC_Perm1.@[THE_USER]
+ Administrators
+ XX@NS
+ m99990@@[THE_USER].TC_Perm1.test2.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test2.TC_Perm1.@[THE_USER].admin
+ com.test2.TC_Perm1.@[THE_USER].owner
+ com.test2.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test2.TC_Perm1.@[THE_USER].access * *
+ com.test2.TC_Perm1.@[THE_USER].access * read
+ Credentials
+ m99990@@[THE_USER].TC_Perm1.test2.com
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Set Permission's Roles to []
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test2.TC_Perm1.@[THE_USER]
+ Administrators
+ XX@NS
+ m99990@@[THE_USER].TC_Perm1.test2.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test2.TC_Perm1.@[THE_USER].admin
+ com.test2.TC_Perm1.@[THE_USER].owner
+ com.test2.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test2.TC_Perm1.@[THE_USER].access * *
+ com.test2.TC_Perm1.@[THE_USER].access * read
+ Credentials
+ m99990@@[THE_USER].TC_Perm1.test2.com
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+role delete com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.B
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+Deleted Role
+
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+Deleted Role
+
+role delete com.test2.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+force ns delete com.test.TC_Perm1.@[user.name]_2
+** Expect 200 **
+Deleted Namespace
+
+as XX@NS
+set force true
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
+
+ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm1.27.1.POS Create Permission
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.27.2.POS Create Role
+role create com.test.TC_Perm1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
+perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist
+
+# TC_Perm1.27.11.POS Role is created with force
+force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
+
+# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
+perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist
+
+# TC_Perm1.27.13.POS Perm is created with force
+force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.27.14.POS Role and perm are created with force
+force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
+
+# TC_Perm1.30.1.POS List Data on non-Empty NS
+as testid
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.unknown
+ com.test.TC_Perm1.@[THE_USER].r.unknown2
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
+
+# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
+
+ns list name com.test.TC_Perm1.@[user.name].r
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.admin
+ com.test.TC_Perm1.@[THE_USER].r.owner
+ com.test.TC_Perm1.@[THE_USER].r.unknown
+ com.test.TC_Perm1.@[THE_USER].r.unknown2
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].r.access * *
+ com.test.TC_Perm1.@[THE_USER].r.access * read
+
+as XX@NS
+# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+role delete com.test.TC_Perm1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.B
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist
+
+role delete com.test.TC_Perm1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist
+
+role delete com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.unknown2
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test2.TC_Perm1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist
+
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+# TC_Perm1.99.2.POS Remove ability to create creds
+user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+sleep 0
+as XX@NS
+# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
+set force true
+set force=true ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
+
+as testid
+force ns delete com.test.TC_Perm1.@[user.name].r
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Perm1.@[user.name]_2
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist
+
+force ns delete com.test.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
+
+# TC_Perm1.99.99.POS List to prove removed
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm1.@[user.name].r
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm1.@[user.name]_2
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Perm2.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as testid@aaf.att.com
+# TC_Perm2.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+
+# TC_Perm2.20.10.POS Add Perms with specific Instance and Action
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.11.POS Add Perms with specific Instance and Star
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
+perm create com.test.TC_Perm2.@[user.name].p.A * *
+** Expect 201 **
+Created Permission
+
+perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.20.POS Create role
+role create com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Created Role
+
+# TC_Perm2.20.21.POS Grant sub-NS perms to role
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.phoneCalls|*|spy] to Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+
+# TC_Perm2.20.30.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+# TC_Perm2.20.40.POS Create role
+role create com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Perm2.20.50.POS Grant view perms to watcher role
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+as testid@aaf.att.com
+# TC_Perm2.30.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ com.test.TC_Perm2.@[THE_USER].p.watcher
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm2.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+
+ns list name com.test.TC_Perm2.@[user.name].p
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].p.admin
+ com.test.TC_Perm2.@[THE_USER].p.owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ com.test.TC_Perm2.@[THE_USER].p.watcher
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.access * *
+ com.test.TC_Perm2.@[THE_USER].p.access * read
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+as testunused@aaf.att.com
+# TC_Perm2.40.1.NEG Non-admin, not granted user should not view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_Perm2.40.10.POS Add user to superUser role
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.11.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.12.POS Ungrant perm with wildcards
+perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] from Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.13.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.19.POS Remove user from superUser role
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
+
+# Twenties test user granted explicit view permission
+# TC_Perm2.40.20.POS Add user to watcher role
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as XX@NS
+# TC_Perm2.40.22.POS Ungrant perm with wildcards
+perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+UnGranted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] from Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.23.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.29.POS Remove user from watcher role
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
+
+# Thirties test admin user
+# TC_Perm2.40.30.POS Admin should be able to view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.40.31.POS Add new admin for sub-NS
+ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+** Expect 201 **
+Admin testunused@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.32.POS Remove admin from sub-NS
+ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+** Expect 200 **
+Admin testid@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.34.POS Admin of parent NS should be able to view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.40.80.POS Add new admin for sub-NS
+ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.81.POS Remove admin from sub-NS
+ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+** Expect 200 **
+Admin testunused@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.41.1.POS Add user to some roles with perms attached
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
+
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
+
+user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.secret] to User [XX@NS]
+
+# TC_Perm2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
+as XX@NS
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+perm list user XX@NS
+** Expect 200 **
+
+List Permissions by User[XX@NS]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+# TC_Perm2.41.99.POS Remove users from roles for later test
+as testid@aaf.att.com
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
+
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
+
+user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.secret] from User [XX@NS]
+
+# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+perm list ns com.test.TC_Perm2.@[user.name].p
+** Expect 200 **
+
+List Perms by NS [com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+com.test.TC_Perm2.@[THE_USER].p.access * *
+com.test.TC_Perm2.@[THE_USER].p.access * read
+com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+
+# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+perm list ns com.test.TC_Perm2.@[user.name].p
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Perm2.@[THE_USER].p]
+
+# TC_Perm2.43.10.POS List perms when allowed to see Role
+as testid@aaf.att.com
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+
+# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
+as testunused@aaf.att.com
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+
+as testid@aaf.att.com
+# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A * *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+** Expect 200,404 **
+Deleted Permission
+
+force role delete com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200,404 **
+Deleted Role
+
+as XX@NS
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Perm2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm2.@[user.name].p
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Perm2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm2.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm2.@[user.name].p
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set testid_1@test.com <pass>
+set testid_2@test.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+# TC_Perm3.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Perm3.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm3.10.1.POS Create Namespace with User ID
+ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.2.POS Create Namespace with Different ID
+ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.3.POS Create Namespace in Different Company
+ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as testid_1@test.com
+# TC_Perm3.20.0.POS User1 Create a Perm
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.20.6.POS User2 should be able to create Role in own group
+as testid_2@test.com
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Created Role
+
+# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
+as testid_2@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.30.0.POS User1 Create a Perm
+as testid_1@test.com
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b]
+
+# TC_Perm3.30.6.POS User2 should be able to create Role in own group
+as testunused@aaf.att.com
+role create com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 201 **
+Created Role
+
+# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction]
+
+# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b]
+
+as testid_1@test.com
+# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testid_2@test.com
+# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.5.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testunused@aaf.att.com
+# TC_Perm3.99.6.POS Remove Namespace from other company
+force ns delete com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.7.POS Print Namespace from other company
+ns list name com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Realm1.10.0.POS Validate no NS
+ns list name com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Realm1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as XX@NS
+# TC_Realm1.10.10.POS Grant ability to change delegates
+force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg
+** Expect 201 **
+Created Role [com.test.TC_Realm1.@[THE_USER].change_delg]
+Created Permission
+Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.TC_Realm1.@[THE_USER].change_delg]
+
+# TC_Realm1.10.11.POS Create user role to change delegates
+user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg
+** Expect 201 **
+Added Role [com.test.TC_Realm1.@[THE_USER].change_delg] to User [testid@aaf.att.com]
+
+as testid@aaf.att.com
+# TC_Realm1.20.1.NEG Fail to create - default domain wrong
+ns create com.test.TC_Realm1.@[user.name].project1 testunused
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testunused@csp.att.com does not have permission to assume test status at AT&T
+
+# TC_Realm1.20.2.POS Create - default domain appended
+ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name]
+** Expect 201 **
+Created Namespace
+
+# TC_Realm1.20.3.NEG Fail to create - default domain wrong
+ns admin add com.test.TC_Realm1.@[user.name].project1 testunused
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.20.4.POS Create - full domain given
+ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.20.5.POS Delete - default domain appended
+ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name]
+** Expect 200 **
+Admin @[THE_USER]@csp.att.com deleted from com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.20.6.POS Add admin - default domain appended
+ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name]
+** Expect 201 **
+Admin @[THE_USER]@csp.att.com added to com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.30.1.POS Create role to add to users
+role create com.test.TC_Realm1.@[user.name].role1
+** Expect 201 **
+Created Role
+
+# TC_Realm1.30.2.NEG Add user, but default domain wrong
+role user add com.test.TC_Realm1.@[user.name].role1 testunused
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.30.3.POS Add user, with default domain appended
+role user add com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 201 **
+Added User [@[THE_USER]@csp.att.com] to Role [com.test.TC_Realm1.@[THE_USER].role1]
+
+# TC_Realm1.30.10.POS Role list, with default domain added
+role list user testunused
+** Expect 200 **
+
+List Roles for User [testunused@csp.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Realm1.30.80.POS Delete user, with default domain appended
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 200 **
+Removed User [@[THE_USER]@csp.att.com] from Role [com.test.TC_Realm1.@[THE_USER].role1]
+
+# TC_Realm1.40.1.POS Create role to add to users
+role create com.test.TC_Realm1.@[user.name].role2
+** Expect 201 **
+Created Role
+
+# TC_Realm1.40.2.NEG Add user, but default domain wrong
+user role add testunused com.test.TC_Realm1.@[user.name].role2
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.40.3.POS Add user, with default domain appended
+user role add @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 201 **
+Added Role [com.test.TC_Realm1.@[THE_USER].role2] to User [@[THE_USER]@csp.att.com]
+
+# TC_Realm1.40.10.NEG Add delegate, but default domain wrong
+user delegate add testunused testid 2099-01-01
+** Expect 404 **
+Failed [SVC5404]: Not Found - [testunused@csp.att.com] is not a user in the company database.
+
+# TC_Realm1.40.11.POS Add delegate, with default domain appended
+force user delegate add @[user.name] @[user.name] 2099-01-01
+** Expect 201 **
+Delegate Added
+
+# TC_Realm1.40.12.POS Update delegate, with default domain appended
+user delegate upd @[user.name] @[user.name] 2099-01-01
+** Expect 200 **
+Delegate Updated
+
+as XX@NS
+# TC_Realm1.40.20.POS List delegate, with default domain appended
+user list delegates user @[user.name]
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+# TC_Realm1.40.21.POS List delegate, with default domain appended
+user list delegates delegate @[user.name]
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_Realm1.40.80.POS Delete user, with default domain appended
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 200 **
+Removed Role [com.test.TC_Realm1.@[THE_USER].role2] from User [@[THE_USER]@csp.att.com]
+
+# TC_Realm1.40.81.POS Delete delegate, with default domain appended
+user delegate del @[user.name]
+** Expect 200 **
+Delegate Deleted
+
+as testid@aaf.att.com
+# TC_Realm1.99.1.POS Delete delgates
+user delegate del @[user.name]
+** Expect 200,404 **
+Failed [SVC7404]: Not Found - Cannot delete non-existent Delegate
+
+# TC_Realm1.99.2.POS Delete user roles
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role1 ]
+
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role2 ]
+
+# TC_Realm1.99.3.POS Delete roles
+role delete com.test.TC_Realm1.@[user.name].role1
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Realm1.@[user.name].role2
+** Expect 200,404 **
+Deleted Role
+
+as XX@NS
+# TC_Realm1.99.10.POS UnGrant ability to change delegates
+perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.delg|com.att|change] not associated with any Role
+
+as testid@aaf.att.com
+# TC_Realm1.99.11.POS Delete role to change delegates
+set force true
+set force=true role delete com.test.TC_Realm1.@[user.name].change_delg
+** Expect 200,404 **
+Deleted Role
+
+# TC_Realm1.99.98.POS Delete Namespaces
+ns delete com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+ns delete com.test.TC_Realm1.@[user.name].project1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Realm1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Role1.10.0.POS Validate NS ok
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_Role1.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.20.2.POS Add Roles
+role create com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role1.@[user.name].r.B
+** Expect 201 **
+Created Role
+
+# TC_Role1.20.3.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.20.4.NEG Don't write over Role
+role create com.test.TC_Role1.@[user.name].r.A
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists
+
+# TC_Role1.20.5.NEG Don't allow non-user to create
+as bogus
+role create com.test.TC_Role1.@[user.name].r.No
+** Expect 401 **
+Failed with code 401, Unauthorized
+
+# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
+as testunused@aaf.att.com
+role create com.test.TC_Role1.@[user.name].r.No
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No]
+
+# TC_Role1.20.10.NEG Non-admins can't change description
+as testunused@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A
+
+# TC_Role1.20.11.NEG Role must exist to change description
+as testid@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.C Description C
+** Expect 404 **
+Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
+
+# TC_Role1.20.12.POS Admin can change description
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+** Expect 200 **
+Description added to role
+
+# TC_Role1.30.1.POS List Data on non-Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+ns list name com.test.TC_Role1.@[user.name].r
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ com.test.TC_Role1.@[THE_USER].r.admin
+ com.test.TC_Role1.@[THE_USER].r.owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].r.access * *
+ com.test.TC_Role1.@[THE_USER].r.access * read
+
+# TC_Role1.40.01.POS List Data on non-Empty NS
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+
+# TC_Role1.40.20.POS Create a Perm, and add to Role
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A]
+
+# TC_Role1.40.25.POS List
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+
+# TC_Role1.40.30.POS Create a Perm
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+** Expect 201 **
+Created Permission
+
+# TC_Role1.40.32.POS Separately Grant Perm
+perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A]
+
+# TC_Role1.40.35.POS List
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.50.1.POS Create user to attach to role
+user cred add m00001@@[user.name].TC_Role1.test.com password123
+** Expect 201 **
+Added Credential [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.50.2.POS Create new role
+role create com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+# TC_Role1.50.3.POS Attach user to role
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.50.4.POS Create permission and attach to role
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C]
+
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
+role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users.
+
+# TC_Role1.50.21.POS Force delete role should work
+set force true
+set force=true role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+# TC_Role1.50.30.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+ com.test.TC_Role1.@[THE_USER].p.C myInstance myAction
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
+ Credentials
+ m00001@@[THE_USER].TC_Role1.test.com
+
+# Need to let DB catch up on deletes
+sleep 0
+as testid@aaf.att.com
+# TC_Role1.99.05.POS Remove Permissions from "40_reports"
+set force true
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
+force role delete com.test.TC_Role1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role1.@[user.name].r.B
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
+
+# TC_Role1.99.15.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
+perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+user cred del m00001@@[user.name].TC_Role1.test.com
+** Expect 200,404 **
+Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role1.@[user.name].r
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Role1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Role1.99.99.POS List to prove clean Namespaces
+ns list name com.test.TC_Role1.@[user.name].r
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com
+# TC_Role2.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+role create com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Role
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+as XX@NS
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.pigs
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.10.POS Add testunused to animals
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
+
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+role list user XX@NS
+** Expect 200 **
+
+List Roles for User [XX@NS]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].access * *
+com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].access * read
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
+
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
+
+as XX@NS
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200,404 **
+Deleted Role
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_UR1.10.0.POS Validate no NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_UR1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_UR1.10.20.POS Create two Credentials
+user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.10.21.POS Create two Roles
+role create com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Created Role
+
+role create com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Created Role
+
+# TC_UR1.23.1.NEG Too Few Args for User Role 1
+user
+** Expect 0 **
+user role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+ cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+ delegate <add|upd|del> <from> [to REQ A&U] [until (YYYY-MM-DD) REQ A]
+ list role <role>
+ perm <type> <instance> <action>
+ cred <ns|id> <value>
+ delegates <user|delegate> <id>
+ approvals <user|approver|ticket> <value>
+ activity <user>
+
+# TC_UR1.23.2.NEG Too Few Args for user role
+user role
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.23.3.NEG Too Few Args for user role add
+user role add
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.30.10.POS Create a UserRole
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.11.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.13.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.20.POS Create multiple UserRoles
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+Added Role [com.test.TC_UR1.@[THE_USER].r2] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.21.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.23.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+Removed Role [com.test.TC_UR1.@[THE_USER].r2] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.30.POS Create a Role User
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.31.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.33.POS Delete Role User
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.40.POS Create multiple Role Users
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+Added User [m00002@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.41.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.43.POS Delete Role Users
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+Removed User [m00002@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.10.POS Create multiple UserRoles
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Set User's Roles to [com.test.TC_UR1.@[THE_USER].r1,com.test.TC_UR1.@[THE_USER].r2]
+
+# TC_UR1.40.11.POS Reset userrole for a user
+user role setTo m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Set User's Roles to []
+
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+as testunused@aaf.att.com
+# TC_UR1.40.19.NEG User without permission tries to add userrole
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.20.NEG User without permission tries to add userrole
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+as testid@aaf.att.com
+# TC_UR1.40.22.POS Reset userrole for a user
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Set the Role to Users []
+
+sleep 0
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+sleep 0
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+# Need to let DB catch up on deletes
+sleep 0
+as testid@aaf.att.com
+# TC_UR1.99.1.POS Remove User from Role
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+
+role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Set the Role to Users []
+
+# TC_UR1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_UR1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.3.POS Delete Creds
+set force true
+user cred del m00001@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+set force true
+user cred del m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.99.4.POS Delete Roles
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Deleted Role
+
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r2
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.5.POS Delete Namespace
+set force true
+set force=true ns delete com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_UR1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+set m99990@@[THE_USER].TC_User1.test.com password123
+set m99995@@[THE_USER].TC_User1.test.com password123
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as XX@NS
+# TC_User1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_User1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_User1.@[THE_USER].admin
+ com.test.TC_User1.@[THE_USER].cred_admin
+ com.test.TC_User1.@[THE_USER].owner
+ Permissions
+ com.test.TC_User1.@[THE_USER].access * *
+ com.test.TC_User1.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+role create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Role
+
+role create com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Role
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred add m99995@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
+
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
+** Expect 201 **
+Delegate Added
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+sleep 0
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].manager]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+user list delegates user m99990@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
+
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+user list delegates user @[user.name]
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+user list delegates delegate @[user.name]
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.99.0.POS Remove user roles
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
+
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
+
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200,404 **
+Deleted Permission
+
+force role delete com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+** Expect 200,404 **
+Delegate Deleted
+
+user cred del m99990@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred del m99995@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+** Expect 200,404 **
+Deleted Permission
+
+as testid@aaf.att.com
+force role delete com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+# TC_Wild.10.0.POS Validate NS ok
+ns list name com.att.test.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.att.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Wild.10.10.POS Create a clean MechID
+user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].TC_Wild.att.com]
+
+set m99999@@[THE_USER].TC_Wild.att.com aNewPass8
+as XX@NS
+# TC_Wild.10.11.POS Create role and assign MechID to
+role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com
+** Expect 201 **
+Created Role
+Added User [m99999@@[THE_USER].TC_Wild.att.com] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.20.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:myAction|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.20.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write
+
+
+# TC_Wild.20.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.20.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.20.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.21.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.21.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write
+
+
+# TC_Wild.21.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.21.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.21.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.30.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.30.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:tool.* write
+
+
+# TC_Wild.30.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.30.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.TC_Wild.@[THE_USER].access :role:tool.* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.30.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.31.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.31.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:* write
+
+
+# TC_Wild.31.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.31.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.TC_Wild.@[THE_USER].access :role:* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.31.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.32.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|*] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.32.5.POS Print Perms
+as m99999@@[THE_USER].TC_Wild.att.com
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:* *
+
+
+# TC_Wild.32.7.POS Now able to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.32.8.POS May Print Role
+role list role com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+
+List Roles for Role[com.att.TC_Wild.@[THE_USER].tool.myRole]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+as XX@NS
+# TC_Wild.32.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:* *
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.50.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.att.*:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.50.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.att.*:perm:myType:*:* write
+
+
+# TC_Wild.50.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.50.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.50.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.51.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.att.*:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.51.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.att.*:role:tool.* write
+
+
+# TC_Wild.51.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.51.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.aaf.ns :com.att.*:role:tool.* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.51.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.att.*:role:tool.* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.52.1.NEG Fail to create a NS
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write in NS [com.test]
+
+# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.test:ns|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.52.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.test:ns write
+
+
+# TC_Wild.52.7.POS Now able to create an NS
+as m99999@@[THE_USER].TC_Wild.att.com
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Wild.52.8.POS Print Perms
+as XX@NS
+ns list name com.test.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Wild.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Wild.@[THE_USER].admin
+ com.test.TC_Wild.@[THE_USER].owner
+ Permissions
+ com.test.TC_Wild.@[THE_USER].access * *
+ com.test.TC_Wild.@[THE_USER].access * read
+
+# TC_Wild.52.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.test:ns write
+** Expect 200 **
+Deleted Permission
+
+force ns delete com.test.TC_Wild.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+as XX@NS
+# TC_Wild.99.80.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|write] does not exist
+
+# TC_Wild.99.81.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* *
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|*] does not exist
+
+# TC_Wild.99.82.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:role:* write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:role:*|write] does not exist
+
+# TC_Wild.99.83.POS Cleanup
+force perm delete com.att.aaf.ns :com.test:ns write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.test:ns|write] does not exist
+
+# TC_Wild.99.90.POS Cleanup
+force ns delete com.test.TC_Wild.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Wild.@[THE_USER] does not exist
+
+# TC_Wild.99.91.POS Cleanup
+force ns delete com.att.TC_Wild.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Wild.99.99.POS List to prove clean Namespaces
+ns list name com.att.TC_Wild.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Wild.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
--- /dev/null
+# /bin/sh
+find . -maxdepth 1 -name "TC*" -exec sh cmds {} \; | grep \#
--- /dev/null
+#!/bin/bash
+
+# For Jenkins, we need to keep track of the exit code returned from each tc run;
+# if it's ever non-zero (ie, a failure), must return that value when this script exits
+#
+STATUS=0
+
+for DIR in `ls | grep ^TC_ | sort`; do
+ echo "**" | tee reports/$DIR.txt
+ echo "** TC Group: $DIR" | tee -a reports/$DIR.txt
+ echo "** Date : "`date` | tee -a reports/$DIR.txt
+ echo "** By : "`who | cut -d " " -f 1` | tee -a reports/$DIR.txt
+ echo "**" | tee -a reports/$DIR.txt
+ echo "" >> reports/$DIR.txt
+ echo "-- Description --" >> reports/$DIR.txt
+ cat $DIR/Description >> reports/$DIR.txt
+ echo -- Positive Cases -- >> reports/$DIR.txt
+ grep -h "^# $DIR.*POS " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt
+ echo >> reports/$DIR.txt
+ echo -- Negative Cases -- >> reports/$DIR.txt
+ grep -h "^# $DIR.*NEG " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt
+
+
+ echo "" >> reports/$DIR.txt
+ echo "-- Results" | tee -a reports/$DIR.txt
+ echo "" | tee -a reports/$DIR.txt
+
+ bash ./tc $DIR | tee -a reports/$DIR.txt
+
+ if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+ STATUS=1
+ fi
+done
+
+
+exit $STATUS
+
+
--- /dev/null
+set m12345=<pass>
+as m12345
+ns create com.test testid@test.com
+
--- /dev/null
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt1 <TestCase>"
+ exit 1
+fi
+
+echo "**"
+echo "** TC Group: $1"
+echo "** Date : "`date`
+echo "** By : "`who | cut -d " " -f 1`
+echo "**"
+echo ""
+echo "-- Description --"
+cat $1/Description
+echo -- Positive Cases --
+grep -h "^# $1.*POS " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+echo
+echo -- Negative Cases --
+grep -h "^# $1.*NEG " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+
+cd ..
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt2 <TestCase>"
+ exit 1
+fi
+
+./rpt1 $1
+echo ""
+echo "-- Results"
+echo ""
+./tc $1
+
--- /dev/null
+#!/bin/bash
+TS=`echo $0 | sed "s/\/tc//"`
+
+mkdir -p runs
+
+function failed {
+ echo "FAILED TEST! $*"
+ exit 1
+}
+
+if [ "$1" == "-a" ]; then
+ OPTS=$OPTS" -a";
+ shift
+elif [ "$1" == "clean" ]; then
+ CLEAN="TRUE"
+ shift
+fi
+
+if [[ -z $USER ]]; then
+ THE_USER=`whoami`
+elif [[ -n "$SUDO_USER" ]]; then
+ THE_USER=$SUDO_USER
+elif [[ -n "$USER" ]]; then
+ THE_USER=$USER
+fi
+
+if [ "$1" == "" ]; then
+ DIRS=`find $TS -maxdepth 2 -type d -name "TC_*" | sed "s/^$TS\///" | sort`
+ if [ "$DIRS" == "" ] ; then
+ echo "Usage: tc <TestCase> [expected]"
+ echo " expected - create the expected response for future comparison"
+ exit 1
+ fi
+else
+ DIRS=$1
+ shift
+fi
+
+if [ "$1" == "-a" ]; then
+ OPTS=$OPTS" -a";
+ shift
+elif [ "$1" == "clean" ]; then
+ CLEAN="TRUE"
+ shift
+fi
+
+if [ -e tc.delay ]; then
+ OPTS=$OPTS" -delayAll "`cat tc.delay`
+fi
+
+
+SUFFIX=`date "+%Y-%m-%d_%H:%M:%S"`
+for TC in $DIRS; do
+ echo $TC
+ if [ "$CLEAN" = "TRUE" ]; then
+ cat $TS/$TC/00* $TS/$TC/99* | aafcli -i -a -t -n
+ rm -f last
+ ln -s runs/$TC.CLEAN.$SUFFIX last
+ elif [ "$1" = "expected" ]; then
+ SUFFIX=$1
+ cat $TS/$TC/[0-9]* | aafcli -i -t 2>&1 | sed -e "/$THE_USER/s//@[THE_USER]/g" | tee $TS/expected/$TC.$SUFFIX
+ elif [ -d "$TS/$TC" ]; then
+ if [ "$1" = "dryrun" ]; then
+ cat $TS/$TC/[0-9]* > temp
+ cat $TS/$TC/[0-9]* | aafcli -i -t
+ else
+ rm -f last
+ > runs/$TC.$SUFFIX
+ ln -s runs/$TC.$SUFFIX last
+ cat $TS/$TC/[0-9]* | aafcli -i -t $OPTS | sed -e "/$THE_USER/s//@[THE_USER]/g" -e "s/\r//" 2>&1 > runs/$TC.$SUFFIX
+
+ diff --ignore-blank-lines -w runs/$TC.$SUFFIX $TS/expected/$TC.expected || failed "[$TC.$SUFFIX]"
+ echo "SUCCESS! [$TC.$SUFFIX]"
+ fi
+ elif [ -f "$TS/$TC" ]; then
+ cat $TS/$TC | aafcli -i -t $OPTS
+ else
+ echo missed dir
+ fi
+done
+
+exit 0
--- /dev/null
+# Load Passwords needed
+
+DME2REG=/Volumes/Data/src/authz/dme2reg
+
+# This is a fix for DME2 jar which doesn't register entries correctly
+function fix {
+ for FILE in `find $DME2REG -name "*.txt"`
+ do
+ sed -e"s/null/https/" $FILE > temp3555
+ cat temp3555 > $FILE
+ rm temp3555
+ done
+}
+
+function aafcli {
+ fix
+ java \
+ -Daaf_id=testid \
+ -Daaf_pass=<pass> \
+ -Daaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0.1/envContext=DEV/routeOffer=BAU_SE \
+ -DAFT_LATITUDE=32.780140 \
+ -DAFT_LONGITUDE=-96.800451 \
+ -DAFT_ENVIRONMENT=AFTUAT \
+ -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \
+ -DDME2_EP_REGISTRY_CLASS=DME2FS \
+ -Dtestid=<pass> \
+ -Dbogus=xxx \
+ -Dm12345=<pass> \
+ -jar \
+ /Volumes/Data/src/authz/authz-cmd/target/authz-cmd-2.0.2-SNAPSHOT-jar-with-dependencies.jar \
+ $*
+}
--- /dev/null
+# Load Passwords needed
+if [ -e ../../authz-service ]; then
+ CMD_DEPLOYED=authz-service
+else
+ CMD_DEPLOYED=authz-cmd
+fi
+function aafcli {
+ java \
+ -Daaf_id=testid \
+ -Daaf_pass=<pass> \
+ -Daaf_url=DMEServiceName=service=com.att.authz.AuthorizationService/version=2.0/envContext=AFTUAT/routeOffer=BAU_SE \
+ -Dkeyfile=/Volumes/Data/src/authz/common/keyfile \
+ -DAFT_LATITUDE=38.432930 \
+ -DAFT_LONGITUDE=-90.432480 \
+ -DAFT_ENVIRONMENT=AFTUAT \
+ -Dtestid=<pass> \
+ -Dbogus=xxx \
+ -Dm12345=<pass> \
+ -jar \
+ ../../${CMD_DEPLOYED}/2.0.2/lib/authz-cmd-2.0.2-jar-with-dependencies.jar \
+ $*
+}
--- /dev/null
+# Load Passwords needed
+
+DME2REG=../../dme2reg
+
+function aafcli {
+ java \
+ -Daaf_id=testid \
+ -Daaf_pass=<pass> \
+ -Daaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0.3/envContext=DEV/routeOffer=BAU_SE \
+ -Dkeyfile=../../common/keyfile \
+ -DAFT_LATITUDE=32.780140 \
+ -DAFT_LONGITUDE=-96.800451 \
+ -DAFT_ENVIRONMENT=AFTUAT \
+ -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \
+ -DDME2_EP_REGISTRY_CLASS=DME2FS \
+ -Dtestid=<pass> \
+ -Dbogus=xxx \
+ -Dm12345=<pass> \
+ -jar \
+ ../../authz-cmd/target/authz-cmd-2.0.3-jar-with-dependencies.jar \
+ $*
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">\r
+ <modelVersion>4.0.0</modelVersion>\r
+ <parent>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>parent</artifactId>\r
+ <version>2.0.15</version>\r
+ <relativePath>../pom.xml</relativePath>\r
+ </parent>\r
+ \r
+ <artifactId>authz-test</artifactId>\r
+ <name>Authz TestCases</name>\r
+ <description>TestCase Suite for Authz/Authn</description>\r
+ <packaging>jar</packaging>\r
+ <url>https://github.com/att/AAF</url>\r
+ <licenses>\r
+ <license>\r
+ <name>BSD License</name>\r
+ <url> </url>\r
+ </license>\r
+ </licenses>\r
+ <developers>\r
+ <developer>\r
+ <name>Jonathan Gathman</name>\r
+ <email></email>\r
+ <organization>ATT</organization>\r
+ <organizationUrl></organizationUrl>\r
+ </developer>\r
+ </developers>\r
+\r
+\r
+ <properties>\r
+ <maven.test.failure.ignore>false</maven.test.failure.ignore>\r
+ <project.swmVersion>0</project.swmVersion>\r
+\r
+ </properties>\r
+ \r
+ <dependencies>\r
+ <dependency>\r
+ <groupId>com.att.cadi</groupId>\r
+ <artifactId>cadi-aaf</artifactId>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-client</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-core</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.authz</groupId>\r
+ <artifactId>authz-cmd</artifactId>\r
+ </dependency>\r
+\r
+ <dependency>\r
+ <groupId>com.att.aft</groupId>\r
+ <artifactId>dme2</artifactId>\r
+ </dependency>\r
+\r
+\r
+ <dependency>\r
+ <groupId>org.apache.jmeter</groupId>\r
+ <artifactId>ApacheJMeter_java</artifactId>\r
+ <version>2.11</version>\r
+ </dependency>\r
+ \r
+ <dependency>\r
+ <groupId>junit</groupId>\r
+ <artifactId>junit</artifactId>\r
+ <version>4.7</version>\r
+ <scope>test</scope>\r
+ </dependency>\r
+ </dependencies>\r
+\r
+ <build>\r
+ <pluginManagement>\r
+ <plugins>\r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-failsafe-plugin</artifactId>\r
+ <configuration>\r
+ <includes>\r
+ <include>**/AAFJUnitTest.java</include>\r
+ </includes>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-surefire-plugin</artifactId>\r
+ <configuration>\r
+ <excludes>\r
+ <exclude>**/AAFJUnitTest.java</exclude>\r
+ </excludes>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-javadoc-plugin</artifactId>\r
+ <configuration>\r
+ <failOnError>false</failOnError>\r
+ </configuration>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-javadocs</id>\r
+ <goals>\r
+ <goal>jar</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin> \r
+ \r
+ \r
+ <plugin>\r
+ <groupId>org.apache.maven.plugins</groupId>\r
+ <artifactId>maven-source-plugin</artifactId>\r
+ <version>2.2.1</version>\r
+ <executions>\r
+ <execution>\r
+ <id>attach-sources</id>\r
+ <goals>\r
+ <goal>jar-no-fork</goal>\r
+ </goals>\r
+ </execution>\r
+ </executions>\r
+ </plugin>\r
+\r
+ \r
+ <plugin>\r
+ <groupId>org.sonatype.plugins</groupId>\r
+ <artifactId>nexus-staging-maven-plugin</artifactId>\r
+ <version>1.6.7</version>\r
+ <extensions>true</extensions>\r
+ <configuration>\r
+ <serverId>ossrhdme</serverId>\r
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>\r
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>\r
+ </configuration>\r
+ </plugin>\r
+ \r
+ </plugins>\r
+ </pluginManagement>\r
+ </build>\r
+\r
+</project>\r
--- /dev/null
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<assembly>\r
+ <id>swm</id>\r
+ <formats>\r
+ <format>zip</format>\r
+ </formats>\r
+ <baseDirectory>${artifactId}</baseDirectory>\r
+ <fileSets>\r
+ <fileSet>\r
+ <directory>target/swm</directory>\r
+ </fileSet>\r
+ </fileSets>\r
+</assembly>\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">\r
+ <ns2:ManagedResource>\r
+ <ResourceDescriptor>\r
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>\r
+ <ResourceVersion>\r
+ <Major>_MAJOR_VER_</Major>\r
+ <Minor>_MINOR_VER_</Minor>\r
+ <Patch>_PATCH_VER_</Patch> \r
+ </ResourceVersion>\r
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>\r
+ </ResourceDescriptor>\r
+ <ResourceType>Java</ResourceType>\r
+ <ResourcePath>com.att.authz.service.AuthzAPI</ResourcePath>\r
+ <ResourceProps>\r
+ <Tag>process.workdir</Tag>\r
+ <Value>_ROOT_DIR_</Value>\r
+ </ResourceProps> \r
+ <ResourceProps>\r
+ <Tag>jvm.version</Tag>\r
+ <Value>1.6</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.args</Tag>\r
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.classpath</Tag>\r
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.min</Tag>\r
+ <Value>512m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>jvm.heap.max</Tag>\r
+ <Value>1024m</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>start.class</Tag>\r
+ <Value>com.att.authz.service.AuthAPI</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stdout.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>\r
+ </ResourceProps>\r
+ <ResourceProps>\r
+ <Tag>stderr.redirect</Tag>\r
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>\r
+ </ResourceProps>\r
+ <ResourceOSID>aft</ResourceOSID>\r
+ <ResourceStartType>AUTO</ResourceStartType>\r
+ <ResourceStartPriority>2</ResourceStartPriority>\r
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>\r
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount> \r
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>\r
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>\r
+ </ns2:ManagedResource>\r
+</ns2:ManagedResourceList>\r
--- /dev/null
+# Load Passwords needed
+function aafcli {
+ java \
+ -Daaf_id=testid \
+ -Daaf_pass=<pass> \
+ -Daaf_url=DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_AFT_ENVIRONMENT_/routeOffer=_ROUTE_OFFER_ \
+ -DAFT_LATITUDE=_AFT_LATITUDE_ \
+ -DAFT_LONGITUDE=_AFT_LONGITUDE_ \
+ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ \
+ -Dtestid=<pass> \
+ -Dbogus=xxx \
+ -Dm12345=<pass> \
+ -jar \
+ /Volumes/Data/src/authz/authz-cmd/target/authz-cmd-2.0.2-SNAPSHOT-jar-with-dependencies.jar \
+ $*
+}
--- /dev/null
+# /bin/bash
+. ~/.bashrc
+function failed {
+ echo "FAILED TEST! " $*
+ exit 1
+}
+
+if [ "$1" != "" ] ; then
+ for FILE in TestCases/$1/[0-9]*; do
+ echo "*** "$FILE" ***"
+ cat $FILE
+ echo
+ done
+else
+ echo "Usage: cmds <TestCase>"
+fi
+
+
+
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$2" != "" ] ; then
+ if [ -e $2 ]; then
+ echo "$2 exists, copy aborted"
+ exit 1
+ fi
+ mkdir -p TestCases/$2
+ for FILE in TestCases/$1/*; do
+ FILE2=`echo $FILE | sed -e "s/$1/$2/"`
+ echo $FILE2
+ sed -e "s/$1/$2/g" $FILE > $FILE2
+ done
+else
+ echo 'Usage: copy <Source TestCase> <Target TestCase>'
+fi
+
+exit 0
--- /dev/null
+# /bin/bash
+cd TestCases
+if [ "$1" == "" ]; then
+ DIRS=`ls -d TC*`
+else
+ DIRS=$1
+fi
+
+echo '"Test Case","Description"'
+for DIR in $DIRS; do
+ grep -h "^# $DIR" $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ /,"/' -e 's/$/"/'
+done
+cd ..
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt1 <TestCase>"
+ exit 1
+fi
+
+cd TestCases
+echo "**"
+echo "** TC Group: $1"
+echo "** Date : "`date`
+echo "** By : "`who | cut -d " " -f 1`
+echo "**"
+echo ""
+echo "-- Description --"
+cat $1/Description
+echo -- Positive Cases --
+grep -h "^# $1.*OK " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+echo
+echo -- Negative Cases --
+grep -h "^# $1.*FAIL " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+
+cd ..
+exit 0
--- /dev/null
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt2 <TestCase>"
+ exit 1
+fi
+
+bin/rpt1 TC_NS1
+echo ""
+echo "-- Results"
+echo ""
+bin/tc TC_NS1
+
--- /dev/null
+# /bin/bash
+mkdir -p runs
+function failed {
+ echo "FAILED TEST! $*"
+ exit 1
+}
+
+if [ "$1" == "" ]; then
+ DIRS=`find TestCases -type d -name "TC_*" -maxdepth 1 | sed "s/^TestCases\///"`
+ if [ "$DIRS" == "" ] ; then
+ echo "Usage: tc <TestCase> [expected]"
+ echo " expected - create the expected response for future comparison"
+ exit 1
+ fi
+else
+ DIRS=$1
+ shift
+fi
+
+for TC in $DIRS; do
+ if [ "$1" = "expected" ]; then
+ SUFFIX=$1
+ cat TestCases/$TC/[0-9]* | aafcli -i 2>&1 | tee TestCases/expected/$TC.$SUFFIX
+ elif [ -d "TestCases/$TC" ]; then
+ SUFFIX=`date "+%Y-%m-%d_%H:%M:%S"`
+ cat TestCases/$TC/[0-9]* | aafcli -i 2>&1 | tee runs/$TC.$SUFFIX > /dev/null
+
+ diff runs/$TC.$SUFFIX TestCases/expected/$TC.expected || failed "[$TC.$SUFFIX]"
+ echo "SUCCESS! [$TC.$SUFFIX]"
+ else
+ echo missed dir
+exit
+ cat $TC | aafcli -i
+ fi
+done
+
+exit 0
--- /dev/null
+#!/bin/sh\r
+##############################################################################\r
+# - Copyright 2012, 2016 AT&T Intellectual Properties\r
+##############################################################################
+umask 022\r
+ROOT_DIR=${INSTALL_ROOT}/${distFilesRootDirPath}\r
+\r
+# Grab the IID of all resources running under the name and same version(s) we're working on and stop those instances\r
+${LRM_HOME}/bin/lrmcli -running | \\r
+ grep ${artifactId} | \\r
+ grep ${version} | \\r
+ cut -f1 | \\r
+while read _iid\r
+do\r
+ if [ -n "${_iid}" ]; then\r
+ ${LRM_HOME}/bin/lrmcli -shutdown -iid ${_iid} | grep SUCCESS\r
+ if [ $? -ne 0 ]; then\r
+ echo "$LRMID-{_iid} Shutdown failed"\r
+ fi\r
+ fi\r
+done\r
+ \r
+# Grab the resources configured under the name and same version we're working on and delete those instances\r
+${LRM_HOME}/bin/lrmcli -configured | \\r
+ grep ${artifactId} | \\r
+ grep ${version} | \\r
+ cut -f1,2,3 | \\r
+while read _name _version _routeoffer\r
+do\r
+ if [ -n "${_name}" ]; then\r
+ ${LRM_HOME}/bin/lrmcli -delete -name ${_name} -version ${_version} -routeoffer ${_routeoffer} | grep SUCCESS\r
+ if [ $? -ne 0 ]; then\r
+ echo "${_version} Delete failed"\r
+ fi\r
+ fi\r
+done \r
+\r
+rm -rf ${ROOT_DIR}\r
+\r
+exit 0\r
--- /dev/null
+#!/bin/sh
+##############################################################################
+# - Copyright 2012, 2016 AT&T Intellectual Properties
+##############################################################################
+umask 022
+ROOT_DIR=${INSTALL_ROOT}/${distFilesRootDirPath}
+LOGGING_PROP_FILE=${ROOT_DIR}/etc/log4j.properties
+RUN_FILE=${ROOT_DIR}/etc/tconn.sh
+
+cd ${ROOT_DIR}
+
+mkdir -p logs || fail 1 "Error on creating the logs directory."
+mkdir -p back || fail 1 "Error on creating the back directory."
+chmod 777 back || fail 1 "Error on creating the back directory."
+
+#
+# Some Functions that Vastly cleanup this install file...
+# You wouldn't believe how ugly it was before. Unreadable... JG
+#
+fail() {
+ rc=$1
+ shift;
+ echo "ERROR: $@"
+ exit $rc
+}
+
+#
+# Set the "SED" replacement for this Variable. Error if missing
+# Note that Variable in the Template is surrounded by "_" i.e. _ROOT_DIR_
+# Replacement Name
+# Value
+#
+required() {
+ if [ -z "$2" ]; then
+ ERRS+="\n\t$1 must be set for this installation"
+ fi
+ SED_E+=" -e s|$1|$2|g"
+}
+
+#
+# Set the "SED" replacement for this Variable. Use Default (3rd parm) if missing
+# Note that Variable in the Template is surrounded by "_" i.e. _ROOT_DIR_
+# Replacement Name
+# Value
+# Default Value
+#
+default() {
+ if [ -z "$2" ]; then
+ SED_E+=" -e s|$1|$3|g"
+ else
+ SED_E+=" -e s|$1|$2|g"
+ fi
+}
+
+# Linux requires this. Mac blows with it. Who knows if Windoze even does SED
+if [ -z "$SED_OPTS" ]; then
+ SED_E+=" -c "
+else
+ SED_E+=$SED_OPTS;
+fi
+
+
+#
+# Use "default" function if there is a property that isn't required, but can be defaulted
+# use "required" function if the property must be set by the environment
+#
+ required _ROOT_DIR_ ${ROOT_DIR}
+ default _COMMON_DIR_ ${COMMON_DIR} ${ROOT_DIR}/../../common
+ required _AFT_ENVIRONMENT_ ${AFT_ENVIRONMENT}
+ required _ENV_CONTEXT_ ${ENV_CONTEXT}
+ required _HOSTNAME_ ${HOSTNAME}
+ required _ARTIFACT_ID_ ${artifactId}
+ required _ARTIFACT_VERSION_ ${version}
+
+ # Specifics for Service
+ if [ "${artifactId}" = "authz-service" ]; then
+ default _AUTHZ_SERVICE_PORT_ ${PORT} 0
+ required _AUTHZ_CASS_CLUSTERS_ ${AUTHZ_CASS_CLUSTERS}
+ required _AUTHZ_CASS_PORT_ ${AUTHZ_CASS_PORT}
+ required _AUTHZ_CASS_PWD_ ${AUTHZ_CASS_PWD}
+ default _AUTHZ_CASS_USER_ ${AUTHZ_CASS_USER} authz
+ required _AUTHZ_KEYSTORE_PASSWORD_ ${AUTHZ_KEYSTORE_PASSWORD}
+ required _AUTHZ_KEY_PASSWORD_ ${AUTHZ_KEY_PASSWORD}
+ required _SCLD_PLATFORM_ ${SCLD_PLATFORM}
+ fi
+
+ default _EMAIL_FROM_ ${EMAIL_FROM} authz@ems.att.com
+ default _EMAIL_HOST_ ${EMAIL_HOST} mailhost.att.com
+ default _ROUTE_OFFER_ ${ROUTE_OFFER} BAU_SE
+ default _DME_TIMEOUT_ ${DME_TIMEOUT} 3000
+
+ # Choose defaults for log level and logfile size
+ if [ "${SCLD_PLATFORM}" = "PROD" ]; then
+ LOG4J_LEVEL=WARN
+ fi
+ default _LOG4J_LEVEL_ ${LOG4J_LEVEL} INFO
+ default _LOG4J_SIZE_ ${LOG4J_SIZE} 10000KB
+ default _LOG_DIR_ ${LOG_DIR} ${ROOT_DIR}/logs
+ default _MAX_LOG_FILE_SIZE_ ${MAX_LOG_FILE_SIZE} 10000KB
+ default _MAX_LOG_FILE_BACKUP_COUNT_ ${MAX_LOG_FILE_BACKUP_COUNT} 7
+ default _RESOURCE_MIN_COUNT_ ${RESOURCE_MIN_COUNT} 1
+ default _RESOURCE_MAX_COUNT_ ${RESOURCE_MAX_COUNT} 1
+
+ required _LOGGING_PROP_FILE_ ${LOGGING_PROP_FILE}
+ required _AFT_LATITUDE_ ${LATITUDE}
+ required _AFT_LONGITUDE_ ${LONGITUDE}
+ required _HOSTNAME_ ${HOSTNAME}
+
+ # Divide up Version
+ default _MAJOR_VER_ "`expr ${version} : '\([0-9]*\)\..*'`"
+ default _MINOR_VER_ "`expr ${version} : '[0-9]*\.\([0-9]*\)\..*'`"
+ default _PATCH_VER_ "`expr ${version} : '[0-9]\.[0-9]*\.\(.*\)'`"
+
+
+
+# Now Fail if Required items are not set...
+# Report all of them at once!
+if [ "${ERRS}" != "" ] ; then
+ fail 1 "${ERRS}"
+fi
+
+#echo ${SED_E}
+
+for i in ${PROPERTIES_FILE} ${LRM_XML} ${LOGGING_PROP_FILE} ${RUN_FILE} ; do
+ if [ -r ${i} ]; then
+ if [ -w ${i} ]; then
+# echo ${i}
+ sed ${SED_E} -i'.sed' ${i} || fail 8 "could not sed ${i} "
+ mv -f ${i}.sed ${ROOT_DIR}/back
+ fi
+ fi
+done
+
+#
+# Add the resource to LRM using the newly created/substituted XML file.
+#
+# Note: No LRM for authz-test
+#if [ -r ${LRM_XML} ]; then
+# ${LRM_HOME}/bin/lrmcli -addOrUpgrade -file ${LRM_XML} || fail 1 "Add to LRM Failed"
+# ${LRM_HOME}/bin/lrmcli -start -name com.att.authz.${artifactId} -version ${version} -routeoffer ${ROUTE_OFFER} | grep SUCCESS
+#fi
+#
+# Note: Must exit 0 or, it will be exit default 1 and fail
+exit 0
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+#!/bin/sh
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+
+exec sh -x ../../common/deinstall.sh
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<!--\r
+ ============LICENSE_START====================================================\r
+ * org.onap.aai\r
+ * ===========================================================================\r
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * Copyright © 2017 Amdocs\r
+ * ===========================================================================\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ * \r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ * \r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ * ============LICENSE_END====================================================\r
+ *\r
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ *\r
+-->\r
+<descriptor version="1" xmlns="http://aft.att.com/swm/descriptor">\r
+ <platforms>\r
+ <platform architecture="*" os="*" osVersions="*"/> \r
+ </platforms>\r
+ <paths>\r
+ <path name="/opt/app/aft/auth/${artifactId}/${version}" type="d" user="aft" group="aft" permissions="0755" recursive="true"/>\r
+ </paths>\r
+ <actions>\r
+ <action type="INIT">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="INST">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="DINST">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ <action type="FALL">\r
+ <proc stage="PRE" user="aft" group="aft"/>\r
+ <proc stage="POST" user="aft" group="aft"/>\r
+ </action>\r
+ </actions>\r
+</descriptor>\r
--- /dev/null
+#!/bin/sh\r
+######################################################################\r
+# $RCSfile$ - $Revision$\r
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.\r
+######################################################################\r
+exec sh -x ../../common/install.sh
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+exec sh -x ../../common/install.sh
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+#!/bin/sh
+exit 0
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+
+exec sh -x ../../common/install.sh
--- /dev/null
+#!/bin/sh
+######################################################################
+# $RCSfile$ - $Revision$
+# Copyright 2012 AT&T Intellectual Property. All rights reserved.
+######################################################################
+
+exit 0
--- /dev/null
+#-------------------------------------------------------------------------------\r
+# ============LICENSE_START====================================================\r
+# * org.onap.aai\r
+# * ===========================================================================\r
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+# * Copyright © 2017 Amdocs\r
+# * ===========================================================================\r
+# * Licensed under the Apache License, Version 2.0 (the "License");\r
+# * you may not use this file except in compliance with the License.\r
+# * You may obtain a copy of the License at\r
+# * \r
+# * http://www.apache.org/licenses/LICENSE-2.0\r
+# * \r
+# * Unless required by applicable law or agreed to in writing, software\r
+# * distributed under the License is distributed on an "AS IS" BASIS,\r
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# * See the License for the specific language governing permissions and\r
+# * limitations under the License.\r
+# * ============LICENSE_END====================================================\r
+# *\r
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+# *\r
+#-------------------------------------------------------------------------------\r
+The following two commands can be used to create and approve a SWM installation package.\r
+\r
+These steps assume:\r
+ 1. The component has been added in SWM\r
+ 2. The java6 directory resides, by itself, under the directory '${artifactId}-${version}'\r
+ 3. The SWM client is executed from the same directory containing '${artifactId}-${version}'\r
+\r
+\r
+ attuid@swmcli- --> component pkgcreate -c ${groupId}:${artifactId}:${version} -d ${artifactId}-${version}\r
+ attuid@swmcli- --> component pkgapprove -c ${groupId}:${artifactId}:${version}\r
--- /dev/null
+/routeOffer=BAU_SE.lock
+/routeOffer=BAU_SE.txt
--- /dev/null
+/com.osaaf.common.props
+/com.osaaf.keyfile
+/com.osaaf.props
+/mylocal.common.props
--- /dev/null
+# Initial instructions for Common Directory
+
+1) Generate a Keyfile
+ a) From the "Cadi" Lib directory
+ java -jar <CADI DIRECTORY>/lib/cadi_core*.jar keygen com.osaaf.keyfile
+2) "cp" com.osaaf.common.props.sample to a locally named file
+ a) It is best to replace relative paths with canonical paths
+ a) Add your Cassandra Connection info.
+ b) For your Password, do (from "Cadi Lib" again):
+ java -jar <CADI DIRECTORY>/lib/cadi_core*.jar digest com.osaaf.keyfile
+ Prepend "enc:" to the encrypted password
+3) "ln -s" the locally named file to com.osaaf.common.props
+4) "cp" com.osaaf.props.sample to com.osaaf.props
+ Note: This file will be replaced by Certificate Manager if used
+ a) Update with appropriate "Certificate Manger" URL, if used
--- /dev/null
+############################################################
+# Properties Written by Jonathan Gathman
+# on 2016-08-12T04:17:59.628-0500
+# These properties encapsulate the Verisign Public Certificates
+############################################################
+# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it
+# would be better if you got a Cert for that, and remove this! There is nothing stupider than
+# an unsecured Security Service.
+cadi_trust_all_x509=true
+
+# Public (i.e. Verisign) Key stores.
+# AFT_DME2_KEYSTORE=
+# AFT_DME2_KEYSTORE_PASSWORD=
+# AFT_DME2_KEY_PASSWORD=
+# cadi_truststore=
+# cadi_truststore_password=
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=../data
+cadi_loglevel=WARN
+aaf_id=<osaaf's Application Identity>
+aaf_password=enc:<Encrypted Password, use java -jar cadi-core*.jar>
+
+aaf_conn_timeout=6000
+aaf_timeout=10000
+aaf_user_expires=600000
+aaf_clean_interval=45000
+aaf_refresh_trigger_count=3
+aaf_high_count=30000
+
+# Basic Auth
+aaf_default_realm=osaaf.com
+basic_realm=osaaf.com
+basic_warn=false
+localhost_deny=false
+
+# Cassandra
+# IP:Cass DataCenter:Latitude:Longitude,IP....
+# cassandra.clusters=127.0.0.1:dc1:32.780140:-96.800451,127.0.0.2:dc1:32.780140:-96.800451
+# cassandra.clusters.port=9042
+# cassandra.clusters.user=
+# cassandra.clusters.password=enc:<encrypted>
+## Exceptions from Cassandra which require resetting the Cassandra Connections
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Consistency Settings
+cassandra.writeConsistency.ns=LOCAL_QUORUM
+cassandra.writeConsistency.perm=LOCAL_QUORUM
+cassandra.writeConsistency.role=LOCAL_QUORUM
+cassandra.writeConsistency.user_role=LOCAL_QUORUM
+cassandra.writeConsistency.cred=LOCAL_QUORUM
+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+## Supported Plugin Organizational Units
+Organization.com.osaaf=com.osaaf.defOrg.DefaultOrg
+
+## Email Server settings for Def Organization.
+#Sender's email ID needs to be mentioned
+com.osaaf.mailFromUserId=mailid@bogus.com
+com.osaaf.supportEmail=support@bogus.com
+com.osaaf.mailHost=smtp.bogus.com
+
+# Standard AAF DME2 Props
+AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE
+
+## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC
+AFT_DME2_SSL_ENABLE=false
+# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016
+AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE
+AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2
+AFT_DME2_SSL_VALIDATE_CERTS=FALSE
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false
+
+## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs
+cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer
--- /dev/null
+############################################################
+# Initial File for Generating
+# on 2016-10-26T06:56:19.905-0500
+# @copyright 2016, AT&T
+############################################################
+cm_url=https://<certificate manager host>:8150
+hostname=<your host>
+cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US
+cadi_keyfile=../common/com.osaaf.keyfile
--- /dev/null
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
--- /dev/null
+<!--
+ ============LICENSE_START====================================================
+ * org.onap.aai
+ * ===========================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright © 2017 Amdocs
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.att.authz</groupId>
+ <artifactId>parent</artifactId>
+ <version>2.0.15</version>
+ <name>Authz Parent (pom)</name>
+ <packaging>pom</packaging>
+ <url>https://github.com/att/AAF</url>
+ <licenses>
+ <license>
+ <name>BSD License</name>
+ <url> </url>
+ </license>
+ </licenses>
+ <developers>
+ <developer>
+ <name>Jonathan Gathman</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl></organizationUrl>
+ </developer>
+ </developers>
+ <description>This module is used to organize all of the common SWM (Software Manager)
+ artifacts and capabilities that are inherited by all modules that are SWM
+ packaged. This prevents duplication of these common artifacts, plugins, and
+ other settings and provides a single place to support this configuration.
+ </description>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <skipTests>false</skipTests>
+ <project.interfaceVersion>2.6</project.interfaceVersion>
+ <project.innoVersion>1.2.13</project.innoVersion>
+ <project.cadiVersion>1.3.2</project.cadiVersion>
+ <project.dme2Version>3.1.200</project.dme2Version>
+ <!-- version> 2.8.8</version -->
+ <!-- version> 2.8.5.8</version -->
+ <!-- version> 2.8.2.5</version -->
+ <!-- version>2.8.1.3</version -->
+ <!-- version>2.8.1</version This version changes Servlet to 3.0-->
+ <!-- version>2.6.29</version -->
+ <!-- version>2.6.20</version -->
+
+ </properties>
+
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.3.2</version>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.17</version>
+ <configuration>
+ <skipTests>${skipTests}</skipTests>
+ <includes>
+ <include>**/JU*.java</include>
+ </includes>
+ <excludes>
+ <exclude>**/JU_DataFile.java</exclude>
+ <exclude>**/JU_ArtiDAO.java</exclude>
+ <exclude>**/JU_CertDAO.java</exclude>
+ <exclude>**/JU_FastCalling.java</exclude>
+ <exclude>**/JU_NsDAO.java</exclude>
+ <!-- <exclude>**/authz-cass/**</exclude> -->
+ <!-- <exclude>**/JU_UseCase1.java</exclude> -->
+ <exclude>**/JU_RoleDAO.java</exclude>
+ <exclude>**/JU_PermDAO.java</exclude>
+ <exclude>**/JU_Question.java</exclude>
+ <!-- <exclude>**/JU_NS.java</exclude> -->
+ <exclude>**/JU_HistoryDAO.java</exclude>
+ <exclude>**/JU_DelegateDAO.java</exclude>
+ <exclude>**/JU_CredDAO.java</exclude>
+ <exclude>**/JU_CacheInfoDAO.java</exclude>
+ <exclude>**/JU_ApprovalDAO.java</exclude>
+ <exclude>**/JU_Define.java</exclude>
+ <exclude>**/JU_AuthzTransFilter.java</exclude>
+ <exclude>**/JU_CachingFileAccess.java</exclude>
+ <!-- <exclude>**/AbsServiceTest.java</exclude> -->
+ <exclude>**/JU_DefaultOrg.java</exclude>
+ <!-- <exclude>**/JU_Perm_2_0*.java</exclude> -->
+ <!-- <exclude>**/JU_Role_2_0*.java</exclude> -->
+ </excludes>
+
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>jaxb2-maven-plugin</artifactId>
+ <version>1.3</version>
+ <executions>
+ <execution>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>xjc</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <schemaDirectory>src/main/xsd</schemaDirectory>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <version>2.17</version>
+ <configuration>
+ <skipTests>true</skipTests>
+ </configuration>
+ <executions>
+ <execution>
+ <id>integration-test</id>
+ <goals>
+ <goal>integration-test</goal>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jarsigner-plugin</artifactId>
+ <version>1.2</version>
+ <executions>
+ <execution>
+ <id>sign</id>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ <configuration>
+ <!-- skip>${skipSigning}</skip -->
+ <archive>target/${project.artifactId}-${project.version}.jar</archive>
+ </configuration>
+ </execution>
+ <execution>
+ <id>verify</id>
+ <goals>
+ <goal>verify</goal>
+ </goals>
+ <configuration>
+ <archive>target/${project.artifactId}-${project.version}.jar</archive>
+ </configuration>
+ </execution>
+ </executions>
+ <configuration>
+ <skip>true</skip>
+ <alias>aaf</alias>
+ <keystore>/Volumes/Data/src/cadi/keys/aaf_cadi.jks</keystore>
+ <storepass>Surprise!</storepass>
+ <keypass>Surprise!</keypass>
+ <verbose>true</verbose>
+ <certs>true</certs>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <failOnError>false</failOnError>
+ </configuration>
+ <executions>
+ <execution>
+ <id>attach-javadocs</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.2.1</version>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <serverId>ossrhdme</serverId>
+ <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>cobertura-maven-plugin</artifactId>
+ <version>2.7</version>
+ <configuration>
+ <formats>
+ <format>html</format>
+ <format>xml</format>
+ </formats>
+ </configuration>
+ </plugin>
+
+
+ </plugins>
+ </pluginManagement>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.10</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.10.19</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ <version>1.6.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito</artifactId>
+ <version>1.6.4</version>
+ <scope>test</scope>
+ </dependency>
+
+
+ </dependencies>
+
+ <modules>
+ <!--
+ <module> auth-client</module>
+ complile manually with mvn -N independently
+ -->
+ <module>authz-client</module>
+ <module>authz-core</module>
+ <module>authz-cass</module>
+ <module>authz-defOrg</module>
+ <module>authz-service</module>
+ <module>authz-cmd</module>
+ <!-- <module>authz-batch</module>-->
+ <module>authz-test</module>
+ <!-- <module>authz-gui</module> -->
+ <module>authz-gw</module>
+ <module>authz-certman</module>
+ <module>authz-fs</module>
+ </modules>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>env</artifactId>
+ <version>${project.innoVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${project.innoVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>rosetta</artifactId>
+ <version>${project.innoVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.inno</groupId>
+ <artifactId>xgen</artifactId>
+ <version>${project.innoVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-core</artifactId>
+ <version>${project.cadiVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-client</artifactId>
+ <version>${project.cadiVersion}</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>com.att.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ <version>${project.cadiVersion}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.cassandra</groupId>
+ <artifactId>cassandra-all</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-client</artifactId>
+ <version>${project.interfaceVersion}</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-cass</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-batch</artifactId>
+ <version>${project.interfaceVersion}</version>
+ </dependency>
+
+ <!-- <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-att</artifactId>
+ <version>${project.version}</version>
+ </dependency> -->
+
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-cmd</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.att.authz</groupId>
+ <artifactId>authz-gw</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.att.aft</groupId>
+ <artifactId>dme2</artifactId>
+ <!-- version>2.6.20</version -->
+ <!-- version>2.6.29</version -->
+ <!-- version>2.8.1</version This version changes Servlet to 3.0-->
+ <!-- version>2.8.1.3</version -->
+ <!-- version>2.8.2.5</version -->
+ <version>${project.dme2Version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlet</artifactId>
+ <version>9.0.3.v20130506</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.datastax.cassandra</groupId>
+ <artifactId>cassandra-all</artifactId>
+ <version>2.1.10</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.datastax.cassandra</groupId>
+ <artifactId>cassandra-driver-core</artifactId>
+ <!-- version>1.0.3</version -->
+ <!-- version>1.0.5</version -->
+ <version>2.1.10</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4.5</version>
+ </dependency>
+
+
+ </dependencies>
+ </dependencyManagement>
+
+
+<distributionManagement>
+ <snapshotRepository>
+ <id>ossrhdme</id>
+ <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+ </snapshotRepository>
+ <repository>
+ <id>ossrhdme</id>
+ <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+ </repository>
+ </distributionManagement>
+
+ <scm>
+ <connection>https://github.com/att/AAF.git</connection>
+ <developerConnection>${project.scm.connection}</developerConnection>
+ <url>http://github.com/att/AAF/tree/master</url>
+ </scm>
+
+</project>