public abstract class Batch {
- private static String ROOT_NS;
+ private static String rootNs;
private static StaticSlot ssargs;
public static final String CASS_ENV = "CASS_ENV";
public static final String LOG_DIR = "LOG_DIR";
- protected final static String PUNT="punt";
- protected final static String MAX_EMAILS="MAX_EMAILS";
- protected final static String VERSION="VERSION";
- public final static String GUI_URL="GUI_URL";
+ protected static final String PUNT="punt";
+ protected static final String MAX_EMAILS="MAX_EMAILS";
+ protected static final String VERSION="VERSION";
+ public static final String GUI_URL="GUI_URL";
- protected final static String ORA_URL="ora_url";
- protected final static String ORA_PASSWORD="ora_password";
+ protected static final String ORA_URL="ora_url";
+ protected static final String ORA_PASSWORD="ora_password";
protected final Organization org;
cluster = CassAccess.cluster(env,batchEnv);
env.info().log("cluster name - ",cluster.getClusterName());
String dryRunStr = env.getProperty( "DRY_RUN" );
- if ( dryRunStr == null || dryRunStr.trim().equals("false") ) {
+ if ( dryRunStr == null || "false".equals(dryRunStr.trim()) ) {
dryRun = false;
} else {
dryRun = true;
org.setTestMode(dryRun);
// Special names to allow behaviors beyond normal rules
- specialNames = new HashSet<String>();
+ specialNames = new HashSet<>();
String names = env.getProperty( "SPECIAL_NAMES" );
if ( names != null )
{
protected abstract void _close(AuthzTrans trans);
public String[] args() {
- return (String[])env.get(ssargs);
+ return env.get(ssargs);
}
public boolean isDryRun()
}
}
- protected PrintStream fallout(PrintStream _fallout, String logType)
+ protected PrintStream fallout(PrintStream inFallout, String logType)
throws IOException {
- PrintStream fallout = _fallout;
+ PrintStream fallout = inFallout;
if (fallout == null) {
File dir = new File("logs");
if (!dir.exists()) {
}
File f = null;
- // String os = System.getProperty("os.name").toLowerCase();
long uniq = System.currentTimeMillis();
f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
}
public Organization getOrgFromID(AuthzTrans trans, String user) {
- Organization org;
+ Organization organization;
try {
- org = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
+ organization = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
} catch (OrganizationException e1) {
trans.error().log(e1);
- org=null;
+ organization=null;
}
- if (org == null) {
+ if (organization == null) {
PrintStream fallout = null;
try {
return (null);
}
- return (org);
+ return (organization);
}
public static Row executeDeleteQuery(Statement stmt) {
String envStr = env.getProperty("AFT_ENVIRONMENT");
if (envStr != null) {
- if (envStr.equals("AFTPRD")) {
+ if ("AFTPRD".equals(envStr)) {
testEnv = false;
}
} else {
// IMPORTANT! VALIDATE Organization isUser method
protected void checkOrganizationAcccess(AuthzTrans trans, Question q) throws APIException, OrganizationException {
- Set<String> testUsers = new HashSet<String>();
- Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, ROOT_NS);
- if(rrd.isOK()) {
- for(RoleDAO.Data r : rrd.value) {
- Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName());
- if(rur.isOK()) {
- for(UserRoleDAO.Data udd : rur.value) {
+ Set<String> testUsers = new HashSet<>();
+ Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, rootNs);
+ if (rrd.isOK()) {
+ for (RoleDAO.Data r : rrd.value) {
+ Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName());
+ if (!rur.isOK()) {
+ continue;
+ }
+ for (UserRoleDAO.Data udd : rur.value) {
testUsers.add(udd.user);
}
}
+ if (testUsers.size() < 2) {
+ throw new APIException("Not enough Users in Roles for " + rootNs + " to Validate");
+ }
+
+ Identity iden;
+ for (String user : testUsers) {
+ if ((iden = org.getIdentity(trans, user)) == null) {
+ throw new APIException("Failed Organization Entity Validation Check: " + user);
+ } else {
+ trans.info().log("Organization Validation Check: " + iden.id());
+ }
+ }
}
}
- if(testUsers.size()<2) {
- throw new APIException("Not enough Users in Roles for " + ROOT_NS + " to Validate");
- }
-
- Identity iden;
- for(String user : testUsers) {
- if((iden=org.getIdentity(trans,user))==null) {
- throw new APIException("Failed Organization Entity Validation Check: " + user);
- } else {
- trans.info().log("Organization Validation Check: " + iden.id());
- }
- }
- }
protected static String logDir() {
String ld = env.getProperty(LOG_DIR);
String propLoc;
try {
Define.set(access);
- ROOT_NS=Define.ROOT_NS();
+ rootNs =Define.ROOT_NS();
File f = new File("etc/authzBatch.props");
try {
public Email(String ... defaultCC) {
- toList = new ArrayList<String>();
+ toList = new ArrayList<>();
this.defaultCC = defaultCC;
- ccList = new ArrayList<String>();
+ ccList = new ArrayList<>();
clear();
}
}
public Email addTo(Identity id) {
- if(id!=null) {
- if(!toList.contains(id.email())) {
+ if(id!=null && !toList.contains(id.email())) {
toList.add(id.email());
- }
}
return this;
}
}
public Email addCC(Identity id) {
- if(id!=null) {
- if(!ccList.contains(id.email())) {
+ if(id!=null && !ccList.contains(id.email())) {
ccList.add(id.email());
- }
}
return this;
}
public final List<String> lines;
public Message() {
- lines = new ArrayList<String>();
+ lines = new ArrayList<>();
}
public void clear() {
}
public void msg(StringBuilder sb, String lineIndent) {
- if(lines.size()>0) {
+ if(!lines.isEmpty()) {
for(String line : lines) {
sb.append(lineIndent);
sb.append(line);
return Result.err(Result.ERR_ActionNotCompleted,"Not Executed");
} else {
// Save on Lookups
- final List<ApprovalDAO.Data> apprs = new ArrayList<ApprovalDAO.Data>();
- final List<UserRoleDAO.Data> urs = new ArrayList<UserRoleDAO.Data>();
+ final List<ApprovalDAO.Data> apprs = new ArrayList<>();
+ final List<UserRoleDAO.Data> urs = new ArrayList<>();
for(Approval a : app) {
apprs.add(a.add);
UserRole ur = UserRole.get(a.add.user, future.role);
import com.datastax.driver.core.Statement;
public class Future implements CacheChange.Data, Comparable<Future> {
- public static final Map<UUID,Future> data = new TreeMap<UUID,Future>();
- public static final Map<String,List<Future>> byRole = new TreeMap<String,List<Future>>();
+ public static final Map<UUID,Future> data = new TreeMap<>();
+ public static final Map<String,List<Future>> byRole = new TreeMap<>();
public final FutureDAO.Data fdd;
public final String role; // derived
- private final static CacheChange<Future> cache = new CacheChange<Future>();
+ private static final CacheChange<Future> cache = new CacheChange<>();
public final UUID id() {
++count;
Future f = creator.create(row);
data.put(f.fdd.id,f);
- if(f.role!=null) {
- List<Future> lf = byRole.get(f.role);
- if(lf==null) {
- byRole.put(f.role,lf = new ArrayList<Future>());
- }
- lf.add(f);
+ if(f.role==null) {
+ continue;
}
+ List<Future> lf = byRole.get(f.role);
+ if(lf==null) {
+ lf = new ArrayList<>();
+ byRole.put(f.role,lf);
+ }
+ lf.add(f);
+
}
} finally {
tt.done();
import static org.mockito.Mockito.*;
+import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.PrintStream;
import java.util.Collection;
public class JU_Email {
+ private ByteArrayOutputStream outStream;
+ private ByteArrayOutputStream errStream;
Email email;
Identity usersI;
Message msg;
+ PrintStream ps;
@Before
- public void setUp() {
+ public void setUp() throws FileNotFoundException {
+ outStream = new ByteArrayOutputStream();
+ errStream = new ByteArrayOutputStream();
+ ps = new PrintStream(errStream);
+ System.setOut(new PrintStream(outStream));
+ System.setErr(ps);
+
usersI = mock(Identity.class);
msg = new Message();
email = new Email();
@Test
public void testLog() throws FileNotFoundException {
- PrintStream ps = new PrintStream("test");
email.addTo("email");
email.addCC("email");
email.log(ps, "email");
email.addCC("emails");
email.log(ps, "emails");
}
+
+ @After
+ public void cleanUp() {
+ System.setErr(System.err);
+ System.setOut(System.out);
+ }
}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.actions.test;
+
+import static org.junit.Assert.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.onap.aaf.auth.actions.EmailPrint;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+
+import static org.mockito.Mockito.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.junit.Test;
+
+public class JU_EmailPrint {
+
+ private ByteArrayOutputStream outStream;
+ private ByteArrayOutputStream errStream;
+ EmailPrint ePrint;
+ AuthzTrans trans;
+ Organization org;
+ StringBuilder strBuilder;
+
+ @Before
+ public void setUp() {
+ outStream = new ByteArrayOutputStream();
+ errStream = new ByteArrayOutputStream();
+ System.setOut(new PrintStream(outStream));
+ System.setErr(new PrintStream(errStream));
+ ePrint = new EmailPrint();
+ trans = mock(AuthzTrans.class);
+ org = mock(Organization.class);
+ strBuilder = new StringBuilder();
+ strBuilder.append("test\nte\nst");
+ ePrint.addTo("test");
+ ePrint.addTo("test1");
+ ePrint.addTo("test2");
+ ePrint.addCC("test");
+ ePrint.addCC("test1");
+ ePrint.addCC("test2");
+
+ }
+
+ @Test
+ public void testExec() throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
+ Class c = ePrint.getClass();
+ Class[] cArg = new Class[3];
+ cArg[0] = AuthzTrans.class;
+ cArg[1] = Organization.class;
+ cArg[2] = StringBuilder.class;//Steps to test a protected method
+ Method execMethod = c.getDeclaredMethod("exec", cArg);
+ execMethod.setAccessible(true);
+ execMethod.invoke(ePrint, trans, org, strBuilder);
+ }
+
+ @After
+ public void cleanUp() {
+ System.setErr(System.err);
+ System.setOut(System.out);
+ }
+
+}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.actions.test;
+
+import static org.junit.Assert.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.onap.aaf.auth.actions.Message;
+
+import static org.mockito.Mockito.*;
+import org.junit.Test;
+
+public class JU_Message {
+
+ Message msg;
+
+ @Before
+ public void setUp() {
+ msg = new Message();
+ }
+
+ @Test
+ public void testLine() {
+ msg.line("test");
+ }
+
+ @Test
+ public void testClear() {
+ msg.clear();
+ }
+
+ @Test
+ public void testMsg() {
+ StringBuilder sb = new StringBuilder();
+ msg.line("test");
+ msg.line("test1");
+ msg.msg(sb, "indent");
+ }
+
+}
public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>());
- private final String name,env;
+ private final String name;
+ private final String env;
private MessageDigest messageDigest;
private final String permType;
private Set<String> caIssuerDNs;
if(permType==null) {
throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
- caIssuerDNs = new HashSet<String>();
+ caIssuerDNs = new HashSet<>();
String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
access.log(Level.INFO, tag, "=",fields);
- for(RDN rdn : rdns = RDN.parse('/',fields)) {
+ rdns = RDN.parse('/',fields);
+ for(RDN rdn : rdns) {
if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
}
}
- idDomains = new ArrayList<String>();
+ idDomains = new ArrayList<>();
StringBuilder sb = null;
for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
if(s.length()>0) {
access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
}
- String data_dir = access.getProperty(CM_PUBLIC_DIR,null);
- if(data_dir!=null) {
- File data = new File(data_dir);
+ String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
+ if(dataDir!=null) {
+ File data = new File(dataDir);
byte[] bytes;
if(data.exists()) {
- String trust_cas = access.getProperty(CM_TRUST_CAS,null);
- if(trust_cas!=null) {
- for(String fname : Split.splitTrim(',', trust_cas)) {
+ String trustCas = access.getProperty(CM_TRUST_CAS,null);
+ if(trustCas!=null) {
+ for(String fname : Split.splitTrim(',', trustCas)) {
File crt = new File(data,fname);
if(crt.exists()) {
access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
static final String CA_PREFIX = "http://";
static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll";
- private final static String MS_PROFILE="1";
- private final static int MAX_RETRY=3;
+ private static final String MS_PROFILE="1";
+ private static final int MAX_RETRY=3;
public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins
// package on purpose
- private Map<String,X509ChainWithIssuer> mxcwi_s;
- private Map<Client,X509ChainWithIssuer> mxcwi_c;
+ private Map<String,X509ChainWithIssuer> mxcwiS;
+ private Map<Client,X509ChainWithIssuer> mxcwiC;
private JscepClientLocator clients;
public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException {
super(access, name, env);
- mxcwi_s = new ConcurrentHashMap<String,X509ChainWithIssuer>();
- mxcwi_c = new ConcurrentHashMap<Client,X509ChainWithIssuer>();
+ mxcwiS = new ConcurrentHashMap<>();
+ mxcwiC = new ConcurrentHashMap<>();
if(params.length<2) {
throw new CertException("No Trust Chain parameters are included");
dir = dir + '/';
}
String path;
- List<FileReader> frs = new ArrayList<FileReader>(params.length-1);
+ List<FileReader> frs = new ArrayList<>(params.length-1);
try {
for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j];
}
X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs);
addCaIssuerDN(xcwi.getIssuerDN());
- mxcwi_s.put(params[i][0],xcwi);
+ mxcwiS.put(params[i][0],xcwi);
} finally {
for(FileReader fr : frs) {
if(fr!=null) {
break;
}
}
- X509ChainWithIssuer mxcwi = mxcwi_c.get(client);
+ X509ChainWithIssuer mxcwi = mxcwiC.get(client);
return new X509ChainWithIssuer(mxcwi,x509);
-// break;
+
} else if (er.isPending()) {
trans.checkpoint("Polling, waiting on CA to complete");
Thread.sleep(3000);
} else if (er.isFailure()) {
-// switch(er.getFailInfo()) {
-// case badMessageCheck:
-// throw new ClientException("Received BadMessageCheck from Jscep");
-// case badAlg:
-// case badCertId:
-// case badRequest:
-// case badTime:
-// default:
-// }
throw new CertException(clients.info(item)+':'+er.getFailInfo().toString());
}
}
- //i=MAX_RETRY;
} catch(LocatorException e) {
trans.error().log(e);
i=MAX_RETRY;
}
);
// Map URL to Client, because Client doesn't expose Connection
- mxcwi_c.put(c,mxcwi_s.get(urlinfo));
+ mxcwiC.put(c, mxcwiS.get(urlinfo));
return c;
} catch (MalformedURLException e) {
throw new LocatorException(e);
@Override
protected void _destroy(Client client) {
- mxcwi_c.remove(client);
+ mxcwiC.remove(client);
}
String fileName = f.getName();
if(fileName.endsWith(".key")) {
caKey = Factory.toPrivateKey(NullTrans.singleton(),f);
- List<FileReader> frs = new ArrayList<FileReader>(params.length-1);
+ List<FileReader> frs = new ArrayList<>(params.length-1);
try {
String dir = access.getProperty(CM_PUBLIC_DIR, "");
if(!"".equals(dir) && !dir.endsWith("/")) {
KeyStore keyStore;
FileInputStream fis = null;
if(fileName.endsWith(".pkcs11")) {
- String ksType;
- p = Factory.getSecurityProvider(ksType="PKCS11",params);
+ String ksType="PKCS11";
+ p = Factory.getSecurityProvider(ksType,params);
keyStore = KeyStore.getInstance(ksType,p);
} else if(fileName.endsWith(".jks")) {
keyStore = KeyStore.getInstance("JKS");
SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent()))
// new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))
);
- List<GeneralName> lsan = new ArrayList<GeneralName>();
+ List<GeneralName> lsan = new ArrayList<>();
for(String s : csrmeta.sans()) {
lsan.add(new GeneralName(GeneralName.dNSName,s));
}
Collection<? extends Certificate> certs;
X509Certificate x509;
for(Reader rdr : rdrs) {
- if(rdr!=null) { // cover for badly formed array
- byte[] bytes = Factory.decode(rdr);
- try {
- certs = Factory.toX509Certificate(bytes);
- } catch (CertificateException e) {
- throw new CertException(e);
+ if(rdr==null) { // cover for badly formed array
+ continue;
+ }
+ byte[] bytes = Factory.decode(rdr);
+ try {
+ certs = Factory.toX509Certificate(bytes);
+ } catch (CertificateException e) {
+ throw new CertException(e);
+ }
+ for(Certificate c : certs) {
+ x509=(X509Certificate)c;
+ Principal subject = x509.getSubjectDN();
+ if(subject==null) {
+ continue;
}
- for(Certificate c : certs) {
- x509=(X509Certificate)c;
- Principal subject = x509.getSubjectDN();
- if(subject!=null) {
- if(cert==null) { // first in Trust Chain
- issuerDN= subject.toString();
- }
- addTrustChainEntry(x509);
- cert=x509; // adding each time makes sure last one is signer.
- }
+ if(cert==null) { // first in Trust Chain
+ issuerDN = subject.toString();
}
+ addTrustChainEntry(x509);
+ cert=x509; // adding each time makes sure last one is signer.
}
}
}
private String email;
private String challenge;
private List<RDN> rdns;
-
- public CSRMeta(List<RDN> rdns) {
- this.rdns = rdns;
- }
-
- private ArrayList<String> sanList = new ArrayList<String>();
+ private ArrayList<String> sanList = new ArrayList<>();
private KeyPair keyPair;
private X500Name name = null;
private SecureRandom random = new SecureRandom();
- public X500Name x500Name() throws IOException {
+ public CSRMeta(List<RDN> rdns) {
+ this.rdns = rdns;
+ }
+
+ public X500Name x500Name() {
if(name==null) {
X500NameBuilder xnb = new X500NameBuilder();
xnb.addRDN(BCStyle.CN,cn);
}
int plus = email==null?0:1;
- if(sanList.size()>0) {
+ if(!sanList.isEmpty()) {
GeneralName[] gna = new GeneralName[sanList.size()+plus];
int i=-1;
for(String s : sanList) {
})
);
}
-
- if(email!=null) {
-
- }
+
try {
return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
} catch (OperatorCreationException e) {
public static void dump(PKCS10CertificationRequest csr) {
Attribute[] certAttributes = csr.getAttributes();
for (Attribute attribute : certAttributes) {
- if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
- Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
- GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
- GeneralName[] names = gns.getNames();
- for(int k=0; k < names.length; k++) {
- String title = "";
- if(names[k].getTagNo() == GeneralName.dNSName) {
- title = "dNSName";
- } else if(names[k].getTagNo() == GeneralName.iPAddress) {
- title = "iPAddress";
- // Deprecated, but I don't see anything better to use.
- names[k].toASN1Object();
- } else if(names[k].getTagNo() == GeneralName.otherName) {
- title = "otherName";
- } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
- title = "email";
- }
+ if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
+ continue;
+ }
+
+ Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
+ GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
+ GeneralName[] names = gns.getNames();
+ for(int k=0; k < names.length; k++) {
+ String title = "";
+ if(names[k].getTagNo() == GeneralName.dNSName) {
+ title = "dNSName";
+ } else if(names[k].getTagNo() == GeneralName.iPAddress) {
+ title = "iPAddress";
+ // Deprecated, but I don't see anything better to use.
+ names[k].toASN1Object();
+ } else if(names[k].getTagNo() == GeneralName.otherName) {
+ title = "otherName";
+ } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
+ title = "email";
+ }
- System.out.println(title + ": "+ names[k].getName());
- }
- }
+ System.out.println(title + ": "+ names[k].getName());
+ }
}
}
public static final String CACHE_HIGH_COUNT = "CACHE_HIGH_COUNT";
public static final String CACHE_CLEAN_INTERVAL = "CACHE_CLEAN_INTERVAL";
-// public static final String CACHE_MIN_REFRESH_INTERVAL = "CACHE_MIN_REFRESH_INTERVAL";
private static final Map<String,Map<String,Dated>> cacheMap;
static {
- cacheMap = new HashMap<String,Map<String,Dated>>();
+ cacheMap = new HashMap<>();
}
/**
* @author Jonathan
*
*/
- public final static class Dated {
+ public static final class Dated {
public Date timestamp;
public List<?> data;
private long expireIn;
public <T> Dated(T t, long expireIn) {
timestamp = new Date(System.currentTimeMillis()+expireIn);
- ArrayList<T> al = new ArrayList<T>(1);
+ ArrayList<T> al = new ArrayList<>(1);
al.add(t);
data = al;
this.expireIn = expireIn;
public static Map<String,Dated> obtain(String key) {
Map<String, Dated> m = cacheMap.get(key);
if(m==null) {
- m = new ConcurrentHashMap<String, Dated>();
+ m = new ConcurrentHashMap<>();
synchronized(cacheMap) {
cacheMap.put(key, m);
}
* @author Jonathan
*
*/
- private final static class Clean extends TimerTask {
+ private static final class Clean extends TimerTask {
private final Env env;
private Set<String> set;
high = highCount;
timeInterval = cleanInterval;
advance = 0;
- set = new HashSet<String>();
+ set = new HashSet<>();
}
public synchronized void add(String key) {
for(String name : set) {
Map<String,Dated> map = cacheMap.get(name);
- if(map!=null) for(Map.Entry<String,Dated> me : map.entrySet()) {
+ if(map==null) {
+ continue;
+ }
+
+ for(Map.Entry<String,Dated> me : map.entrySet()) {
++total;
- if(me.getValue().timestamp.before(now)) {
+ if (me.getValue().timestamp.before(now)) {
map.remove(me.getKey());
++count;
}
}
-// if(count>0) {
-// env.info().log(Level.INFO, "Cache removed",count,"expired",name,"Elements");
-// }
}
if(count>0) {
@Override
public Cells get(final AuthzTrans trans, final AAF_GUI gui) {
final String userParam = trans.get(sUser, null);
- ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> rv = new ArrayList<>();
String msg = null;
TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE);
try {
- final List<Approval> pendingApprovals = new ArrayList<Approval>();
- final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>();
+ final List<Approval> pendingApprovals = new ArrayList<>();
+ final List<Integer> beginIndicesPerApprover = new ArrayList<>();
int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException {
if(fa.value!=null) {
for (Approval appr : fa.value.getApprovals()) {
- if (appr.getStatus().equals("pending")) {
- if (userParam!=null) {
- if (!appr.getUser().equalsIgnoreCase(userParam)) {
+ if ("pending".equals(appr.getStatus())) {
+ if (userParam!=null && !appr.getUser().equalsIgnoreCase(userParam)) {
numLeft++;
continue;
- }
}
pendingApprovals.add(appr);
}
}
});
- if (pendingApprovals.size() > 0) {
+ if (!pendingApprovals.isEmpty()) {
// Only add select all links if we have approvals
AbsCell[] selectAllRow = new AbsCell[] {
AbsCell.Null,
int line=-1;
- while (beginIndicesPerApprover.size() > 0) {
+ while (!beginIndicesPerApprover.isEmpty()) {
int beginIndex = beginIndicesPerApprover.remove(0);
int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0));
List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex);
} else {
Identity au = org.getIdentity(trans, user);
if(au!=null) {
- if(au.type().equals("MECHID")) {
+ if("MECHID".equals(au.type())) {
Identity managedBy = au.responsibleTo();
if(managedBy==null) {
title ="title=" + au.type();
title="title=Not a User at " + org.getName();
}
}
- userCell = new RefCell(prevUser=user,
+ prevUser=user;
+ userCell = new RefCell(prevUser,
TODO_ILM_INFO+user.substring(0, user.length()-DOMAIN_OF_USER.length()),
true,
title);
} else {
- userCell = new TextCell(prevUser=user);
+ userCell = new TextCell(prevUser);
}
AbsCell[] sa = new AbsCell[] {
userCell,
if(numLeft>0) {
msg = "After these, there will be " + numLeft + " approvals left to process";
}
- if(rv.size()==0) {
+ if(rv.isEmpty()) {
if (numLeft>0) {
msg = "No Approvals to process at this time for user " + userParam +". You have "
+ numLeft + " other approvals to process.";
private static ErrMessage errMsg;
private static Map<String,PlaceArtifact> placeArtifact;
private static RosettaEnv env;
+
+ private static boolean doExit;
public static void main(String[] args) {
int exitCode = 0;
+ doExit = true;
try {
AAFSSO aafsso = new AAFSSO(args);
if(aafsso.loginOnly()) {
env = new RosettaEnv(access.getProperties());
Deque<String> cmds = new ArrayDeque<String>();
for(String p : args) {
- if(p.indexOf('=')<0) {
+ if("-noexit".equalsIgnoreCase(p)) {
+ doExit = false;
+ } else if(p.indexOf('=') < 0) {
cmds.add(p);
}
}
System.out.println(" showpass <mechID> [<machine>]");
System.out.println(" check <mechID> [<machine>]");
System.out.println(" genkeypair");
- System.exit(1);
+ if (doExit) {
+ System.exit(1);
+ }
}
TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000"));
} catch (Exception e) {
e.printStackTrace();
}
- if(exitCode!=0) {
+ if(exitCode != 0 && doExit) {
System.exit(exitCode);
}
}
String[] args;
args = new String[] {
"-login",
- "-noexit",
+ "-noExit",
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
- "noexit=true",
+ "-noExit",
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
"place",
+ "-noExit",
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"create"
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"read"
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"copy"
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"update"
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"delete"
};
CmAgent.main(args);
inStream.reset();
args = new String[] {
+ "-noExit",
"showpass"
};
CmAgent.main(args);
public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, CadiException {
securityInfo = si;
if((alias=sendAlias) == null) {
- if(si.default_alias == null) {
+ if(si.defaultAlias == null) {
throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias");
} else {
- alias = si.default_alias;
+ alias = si.defaultAlias;
}
}
public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
public static final String REGEX_COMMA = "\\s*,\\s*";
- public static final String SslKeyManagerFactoryAlgorithm;
+ public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM;
- private SSLSocketFactory scf;
- private X509KeyManager[] km;
- private X509TrustManager[] tm;
- public final String default_alias;
+ private SSLSocketFactory socketFactory;
+ private X509KeyManager[] x509KeyManager;
+ private X509TrustManager[] x509TrustManager;
+ public final String defaultAlias;
private NetMask[] trustMasks;
- private SSLContext ctx;
+ private SSLContext context;
private HostnameVerifier maskHV;
public final Access access;
// Change Key Algorithms for IBM's VM. Could put in others, if needed.
static {
- if(System.getProperty("java.vm.vendor").equalsIgnoreCase("IBM Corporation")) {
- SslKeyManagerFactoryAlgorithm = "IbmX509";
+ if ("IBM Corporation".equalsIgnoreCase(System.getProperty("java.vm.vendor"))) {
+ SSL_KEY_MANAGER_FACTORY_ALGORITHM = "IbmX509";
} else {
- SslKeyManagerFactoryAlgorithm = "SunX509";
+ SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509";
}
}
initializeTrustManager();
- default_alias = access.getProperty(Config.CADI_ALIAS, null);
+ defaultAlias = access.getProperty(Config.CADI_ALIAS, null);
initializeTrustMasks();
- String https_protocols = Config.logProp(access, Config.CADI_PROTOCOLS,
+ String httpsProtocols = Config.logProp(access, Config.CADI_PROTOCOLS,
access.getProperty(HTTPS_PROTOCOLS, HTTPS_PROTOCOLS_DEFAULT)
);
- System.setProperty(HTTPS_PROTOCOLS, https_protocols);
- System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, https_protocols);
- if("1.7".equals(System.getProperty("java.specification.version")) && https_protocols.contains("TLSv1.2")) {
+ System.setProperty(HTTPS_PROTOCOLS, httpsProtocols);
+ System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsProtocols);
+ if ("1.7".equals(System.getProperty("java.specification.version")) && httpsProtocols.contains("TLSv1.2")) {
System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT);
}
- ctx = SSLContext.getInstance("TLS");
- ctx.init(km, tm, null);
- SSLContext.setDefault(ctx);
- scf = ctx.getSocketFactory();
+ context = SSLContext.getInstance("TLS");
+ context.init(x509KeyManager, x509TrustManager, null);
+ SSLContext.setDefault(context);
+ socketFactory = context.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | CertificateException | UnrecoverableKeyException | IOException e) {
throw new CadiException(e);
}
* @return the scf
*/
public SSLSocketFactory getSSLSocketFactory() {
- return scf;
+ return socketFactory;
}
public SSLContext getSSLContext() {
- return ctx;
+ return context;
}
/**
* @return the km
*/
public X509KeyManager[] getKeyManagers() {
- return km;
+ return x509KeyManager;
}
public void checkClientTrusted(X509Certificate[] certarr) throws CertificateException {
- for(X509TrustManager xtm : tm) {
+ for (X509TrustManager xtm : x509TrustManager) {
xtm.checkClientTrusted(certarr, SECURITY_ALGO);
}
}
public void checkServerTrusted(X509Certificate[] certarr) throws CertificateException {
- for(X509TrustManager xtm : tm) {
+ for (X509TrustManager xtm : x509TrustManager) {
xtm.checkServerTrusted(certarr, SECURITY_ALGO);
}
}
public void setSocketFactoryOn(HttpsURLConnection hsuc) {
- hsuc.setSSLSocketFactory(scf);
- if(maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) {
+ hsuc.setSSLSocketFactory(socketFactory);
+ if (maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) {
hsuc.setHostnameVerifier(maskHV);
}
}
protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException {
String keyStore = access.getProperty(Config.CADI_KEYSTORE, null);
- if(keyStore != null && !new File(keyStore).exists()) {
+ if (keyStore != null && !new File(keyStore).exists()) {
throw new CadiException(keyStore + " does not exist");
}
String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null);
keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false);
+ if (keyStore == null || keyStorePasswd == null) {
+ x509KeyManager = new X509KeyManager[0];
+ return;
+ }
String keyPasswd = access.getProperty(Config.CADI_KEY_PASSWORD, null);
keyPasswd = (keyPasswd == null) ? keyStorePasswd : access.decrypt(keyPasswd, false);
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);
- if(keyStore == null || keyStorePasswd == null) {
- km = new X509KeyManager[0];
- } else {
- ArrayList<X509KeyManager> kmal = new ArrayList<X509KeyManager>();
- File file;
- for(String ksname : keyStore.split(REGEX_COMMA)) {
- file = new File(ksname);
- String keystoreFormat;
- if(ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) {
- keystoreFormat = "PKCS12";
- } else {
- keystoreFormat = "JKS";
- }
- if(file.exists()) {
- FileInputStream fis = new FileInputStream(file);
- try {
- KeyStore ks = KeyStore.getInstance(keystoreFormat);
- ks.load(fis, keyStorePasswd.toCharArray());
- kmf.init(ks, keyPasswd.toCharArray());
- } finally {
- fis.close();
- }
- }
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM);
+
+ ArrayList<X509KeyManager> keyManagers = new ArrayList<>();
+ File file;
+ for (String ksname : keyStore.split(REGEX_COMMA)) {
+ String keystoreFormat;
+ if (ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) {
+ keystoreFormat = "PKCS12";
+ } else {
+ keystoreFormat = "JKS";
}
- for(KeyManager km : kmf.getKeyManagers()) {
- if(km instanceof X509KeyManager) {
- kmal.add((X509KeyManager)km);
+
+ file = new File(ksname);
+ if (file.exists()) {
+ FileInputStream fis = new FileInputStream(file);
+ try {
+ KeyStore ks = KeyStore.getInstance(keystoreFormat);
+ ks.load(fis, keyStorePasswd.toCharArray());
+ keyManagerFactory.init(ks, keyPasswd.toCharArray());
+ } finally {
+ fis.close();
}
}
- km = new X509KeyManager[kmal.size()];
- kmal.toArray(km);
}
+ for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
+ if (keyManager instanceof X509KeyManager) {
+ keyManagers.add((X509KeyManager)keyManager);
+ }
+ }
+ x509KeyManager = new X509KeyManager[keyManagers.size()];
+ keyManagers.toArray(x509KeyManager);
}
protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException {
String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null);
- if(trustStore != null && !new File(trustStore).exists()) {
+ if (trustStore != null && !new File(trustStore).exists()) {
throw new CadiException(trustStore + " does not exist");
}
+ if (trustStore == null) {
+ return;
+ }
+
String trustStorePasswd = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null);
trustStorePasswd = (trustStorePasswd == null) ? "changeit"/*defacto Java Trust Pass*/ : access.decrypt(trustStorePasswd, false);
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);
- if(trustStore != null) {
- File file;
- for(String tsname : trustStore.split(REGEX_COMMA)) {
- file = new File(tsname);
- if(file.exists()) {
- FileInputStream fis = new FileInputStream(file);
- try {
- KeyStore ts = KeyStore.getInstance("JKS");
- ts.load(fis, trustStorePasswd.toCharArray());
- tmf.init(ts);
- } finally {
- fis.close();
- }
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM);
+ File file;
+ for (String trustStoreName : trustStore.split(REGEX_COMMA)) {
+ file = new File(trustStoreName);
+ if (file.exists()) {
+ FileInputStream fis = new FileInputStream(file);
+ try {
+ KeyStore ts = KeyStore.getInstance("JKS");
+ ts.load(fis, trustStorePasswd.toCharArray());
+ trustManagerFactory.init(ts);
+ } finally {
+ fis.close();
}
}
+ }
- TrustManager tms[] = tmf.getTrustManagers();
- if(tms != null && tms.length>0) {
- tm = new X509TrustManager[tms.length];
- for(int i = 0; i < tms.length; ++i) {
- try {
- tm[i] = (X509TrustManager)tms[i];
- } catch (ClassCastException e) {
- access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(), "skipped in SecurityInfo");
- }
- }
- }
+ TrustManager trustManagers[] = trustManagerFactory.getTrustManagers();
+ if (trustManagers == null || trustManagers.length == 0) {
+ return;
}
+ x509TrustManager = new X509TrustManager[trustManagers.length];
+ for (int i = 0; i < trustManagers.length; ++i) {
+ try {
+ x509TrustManager[i] = (X509TrustManager)trustManagers[i];
+ } catch (ClassCastException e) {
+ access.log(Level.WARN, "Non X509 TrustManager", x509TrustManager[i].getClass().getName(), "skipped in SecurityInfo");
+ }
+ }
}
protected void initializeTrustMasks() throws AccessException {
String tips = access.getProperty(Config.CADI_TRUST_MASKS, null);
- if(tips != null) {
- access.log(Level.INIT, "Explicitly accepting valid X509s from", tips);
- String[] ipsplit = tips.split(REGEX_COMMA);
- trustMasks = new NetMask[ipsplit.length];
- for(int i = 0; i < ipsplit.length; ++i) {
- try {
- trustMasks[i] = new NetMask(ipsplit[i]);
- } catch (MaskFormatException e) {
- throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e);
- }
+ if (tips == null) {
+ return;
+ }
+
+ access.log(Level.INIT, "Explicitly accepting valid X509s from", tips);
+ String[] ipsplit = tips.split(REGEX_COMMA);
+ trustMasks = new NetMask[ipsplit.length];
+ for (int i = 0; i < ipsplit.length; ++i) {
+ try {
+ trustMasks[i] = new NetMask(ipsplit[i]);
+ } catch (MaskFormatException e) {
+ throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e);
}
}
-
- if(trustMasks != null) {
- final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier();
- HttpsURLConnection.setDefaultHostnameVerifier(maskHV = new HostnameVerifier() {
- @Override
- public boolean verify(final String urlHostName, final SSLSession session) {
- try {
- // This will pick up /etc/host entries as well as DNS
- InetAddress ia = InetAddress.getByName(session.getPeerHost());
- for(NetMask tmask : trustMasks) {
- if(tmask.isInNet(ia.getHostAddress())) {
- return true;
- }
+
+ final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier();
+ maskHV = new HostnameVerifier() {
+ @Override
+ public boolean verify(final String urlHostName, final SSLSession session) {
+ try {
+ // This will pick up /etc/host entries as well as DNS
+ InetAddress ia = InetAddress.getByName(session.getPeerHost());
+ for (NetMask tmask : trustMasks) {
+ if (tmask.isInNet(ia.getHostAddress())) {
+ return true;
}
- } catch (UnknownHostException e) {
- // It's ok. do normal Verify
}
- return origHV.verify(urlHostName, session);
- };
- });
- }
+ } catch (UnknownHostException e) {
+ // It's ok. do normal Verify
+ }
+ return origHV.verify(urlHostName, session);
+ };
+ };
+ HttpsURLConnection.setDefaultHostnameVerifier(maskHV);
}
}
try {
certFactory = CertificateFactory.getInstance("X.509");
messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone
- tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm);
+ tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM);
} catch (Exception e) {
throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);
}
// Substandard, because System.in doesn't do Passwords..
public class SubStandardConsole implements MyConsole {
- BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
+ private final static char[] BLANK = new char[0];
+ private final BufferedReader br;
+
+ public SubStandardConsole() {
+ br = new BufferedReader(new InputStreamReader(System.in));
+ }
+
@Override
public String readLine(String fmt, Object... args) {
String rv;
public char[] readPassword(String fmt, Object... args) {
try {
System.out.printf(fmt,args);
- return br.readLine().toCharArray();
+ String response = br.readLine();
+ return response==null?BLANK:response.toCharArray();
+
} catch (IOException e) {
System.err.println("uh oh...");
- return new char[0];
+ return BLANK;
}
}
assertNotNull(si.getSSLSocketFactory());
assertNotNull(si.getSSLContext());
assertNotNull(si.getKeyManagers());
+
+ access.setProperty(Config.CADI_TRUST_MASKS, "123.123.123.123");
+ si = new SecurityInfo(access);
}
@Test(expected = CadiException.class)
@SuppressWarnings("unused")
SecurityInfo si = new SecurityInfo(access);
}
+
+
+ @Test(expected = NumberFormatException.class)
+ public void badTrustMaskTest() throws CadiException {
+ access.setProperty(Config.CADI_TRUST_MASKS, "trustMask");
+ @SuppressWarnings("unused")
+ SecurityInfo si = new SecurityInfo(access);
+ }
@Test
public void coverageTest() throws CadiException {
import java.util.List;\r
\r
public class Imports implements Thematic{\r
- List<String> css,js;\r
+ List<String> css;\r
+ List<String> js;\r
public final int backdots;\r
-// public final File webDir;\r
private String theme;\r
\r
public Imports(int backdots) {\r
-// this.webDir = webDir;\r
\r
- css = new ArrayList<String>();\r
- js = new ArrayList<String>();\r
+ css = new ArrayList<>();\r
+ js = new ArrayList<>();\r
this.backdots = backdots;\r
theme = "";\r
}\r
Code Review / aaf / authz.git / commitdiff