diff --git a/.env b/.env new file mode 100644 index 00000000..37764862 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=voms diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..4d11746e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,12 @@ +language: java +dist: trusty +sudo: required +services: + - docker +jdk: + - openjdk8 +script: + - mvn clean package +cache: + directories: + - "$HOME/.m2/repository" diff --git a/Jenkinsfile b/Jenkinsfile index e476d3fd..7555af91 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,9 +1,24 @@ +@Library('sd')_ +def kubeLabel = getKubeLabel() + pipeline { - agent { label 'maven' } + + agent { + kubernetes { + label "${kubeLabel}" + cloud 'Kube mwdevel' + defaultContainer 'runner' + inheritFrom 'ci-template' + } + } + parameters { booleanParam(name: 'BUILD_DOCKER_IMAGES', defaultValue: false, description: 'Triggers the building of docker images required for development') } + + triggers { cron('@daily') } + options { timeout(time: 1, unit: 'HOURS') buildDiscarder(logRotator(numToKeepStr: '5')) @@ -19,7 +34,6 @@ pipeline { } stage('build-docker-images') { - agent { label 'docker' } when { expression { return params.BUILD_DOCKER_IMAGES } } diff --git a/README.md b/README.md index 9172e55f..6d51b630 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # VOMS Admin server +[![Build Status](https://travis-ci.org/italiangrid/voms-admin-server.svg?branch=develop)](https://travis-ci.org/italiangrid/voms-admin-server) + The Virtual Organization Membership Service is a Grid attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles diff --git a/compose/.env b/compose/.env new file mode 100644 index 00000000..d0e93af4 --- /dev/null +++ b/compose/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=voms-admin-server diff --git a/compose/assets/hostcert/star_local_io.cert.pem b/compose/assets/hostcert/star_local_io.cert.pem new file mode 100644 index 00000000..f4410372 --- /dev/null +++ b/compose/assets/hostcert/star_local_io.cert.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 784 (0x310) + Signature Algorithm: sha512WithRSAEncryption + Issuer: C=IT, O=IGI, CN=Test CA + Validity + Not Before: Apr 20 09:55:23 2017 GMT + Not After : Apr 18 09:55:23 2027 GMT + Subject: C=IT, O=IGI, CN=*.local.io + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c6:1c:fa:92:9e:ed:0d:5f:bc:3e:49:5e:90:14: + 02:a7:78:de:b6:cf:57:23:81:4d:7f:81:8e:ae:43: + 67:8b:ff:83:4c:c1:1e:f8:ab:c1:40:d5:72:e4:65: + c8:ff:7b:f7:6c:ac:b4:b7:43:f2:e7:98:b7:c9:76: + 25:8c:e3:81:9a:c4:77:ba:12:f6:47:0e:01:ea:80: + e8:d3:bb:28:7d:b8:1b:f6:dd:51:8c:9e:3f:26:25: + 23:ab:f0:a6:ae:5e:4f:cf:ad:18:3d:cc:b1:2f:91: + 01:84:17:d5:17:44:be:d2:fa:20:0d:ff:87:07:63: + 52:0f:9c:c3:32:62:23:68:9c:e7:40:06:98:65:69: + 11:4b:38:88:0e:8b:7b:fe:23:c4:15:db:ee:f8:a6: + 48:ee:91:89:14:35:5b:6f:f2:85:53:21:62:7b:a5: + 7a:38:53:63:6d:f3:21:bb:9b:18:1e:e4:a0:c0:95: + c0:68:61:75:da:77:00:3a:15:75:42:1d:30:47:58: + 2f:0e:9b:14:06:38:97:03:a3:20:d5:06:e2:70:81: + e3:b5:2a:ac:69:97:dc:87:df:5c:9a:80:c4:2c:36: + 62:75:f3:01:59:5a:2f:56:70:a0:2a:c7:2a:a8:6b: + da:1c:b4:f8:92:d5:11:39:c9:21:30:e9:f1:53:7f: + 34:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + E4:A0:F6:A4:A4:4C:AC:A9:C1:2E:42:B3:24:15:B6:4D:EF:7E:F9:52 + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection + X509v3 Authority Key Identifier: + keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 + + X509v3 Subject Alternative Name: + DNS:*.local.io + Signature Algorithm: sha512WithRSAEncryption + f6:3e:b2:2c:23:6c:34:54:2b:68:cb:de:d3:da:68:50:29:92: + 92:39:5e:90:19:9e:c6:08:06:c3:c1:21:24:10:bd:93:a2:28: + 4f:d6:7a:2b:8f:14:0b:86:b6:17:d9:8c:4a:c6:a6:af:10:39: + 66:d6:2c:be:b2:d4:76:19:ab:5a:4c:02:fc:a2:a3:8c:a4:8d: + 85:38:9b:9f:2b:84:4b:ed:c4:ca:a7:f6:bc:53:bb:ef:a2:12: + 75:e5:dd:b1:83:66:ce:91:ff:8d:76:de:3e:e6:9d:26:bd:aa: + f5:a2:23:40:0b:d7:3e:9f:9a:5f:79:df:96:d6:a4:55:86:f5: + f7:9f:86:6b:8d:1b:5b:0d:c0:29:40:84:0a:d7:0b:61:ea:6a: + 40:14:c8:4a:5e:48:7f:5f:4e:ff:32:3e:28:90:b3:11:a1:2b: + 8e:11:5b:ad:86:f4:57:d0:93:6e:91:3b:b0:99:16:46:07:e7: + 7a:df:4c:4e:50:22:03:6f:48:7d:c7:f8:20:9f:2f:dc:58:ed: + d8:84:52:a7:36:e3:84:fa:16:b4:d5:ff:d6:b1:30:66:14:49: + d4:0c:06:ee:74:2f:04:16:a4:ac:08:e3:8f:ed:bc:f4:61:e3: + 73:aa:23:bd:45:82:d6:cc:d3:59:2e:4f:0a:b1:38:d9:b5:ac: + 92:e9:e6:04 +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgICAxAwDQYJKoZIhvcNAQENBQAwLTELMAkGA1UEBhMCSVQx +DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzA0MjAwOTU1MjNa +Fw0yNzA0MTgwOTU1MjNaMDAxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxEzAR +BgNVBAMMCioubG9jYWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDGHPqSnu0NX7w+SV6QFAKneN62z1cjgU1/gY6uQ2eL/4NMwR74q8FA1XLkZcj/ +e/dsrLS3Q/LnmLfJdiWM44GaxHe6EvZHDgHqgOjTuyh9uBv23VGMnj8mJSOr8Kau +Xk/PrRg9zLEvkQGEF9UXRL7S+iAN/4cHY1IPnMMyYiNonOdABphlaRFLOIgOi3v+ +I8QV2+74pkjukYkUNVtv8oVTIWJ7pXo4U2Nt8yG7mxge5KDAlcBoYXXadwA6FXVC +HTBHWC8OmxQGOJcDoyDVBuJwgeO1Kqxpl9yH31yagMQsNmJ18wFZWi9WcKAqxyqo +a9octPiS1RE5ySEw6fFTfzT1AgMBAAGjgbgwgbUwDAYDVR0TAQH/BAIwADAdBgNV +HQ4EFgQU5KD2pKRMrKnBLkKzJBW2Te9++VIwDgYDVR0PAQH/BAQDAgXgMD4GA1Ud +JQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQB +BggrBgEFBQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAVBgNV +HREEDjAMggoqLmxvY2FsLmlvMA0GCSqGSIb3DQEBDQUAA4IBAQD2PrIsI2w0VCto +y97T2mhQKZKSOV6QGZ7GCAbDwSEkEL2ToihP1norjxQLhrYX2YxKxqavEDlm1iy+ +stR2GataTAL8oqOMpI2FOJufK4RL7cTKp/a8U7vvohJ15d2xg2bOkf+Ndt4+5p0m +var1oiNAC9c+n5pfed+W1qRVhvX3n4ZrjRtbDcApQIQK1wth6mpAFMhKXkh/X07/ +Mj4okLMRoSuOEVuthvRX0JNukTuwmRZGB+d630xOUCIDb0h9x/ggny/cWO3YhFKn +NuOE+ha01f/WsTBmFEnUDAbudC8EFqSsCOOP7bz0YeNzqiO9RYLWzNNZLk8KsTjZ +tayS6eYE +-----END CERTIFICATE----- diff --git a/compose/assets/hostcert/star_local_io.key.pem b/compose/assets/hostcert/star_local_io.key.pem new file mode 100644 index 00000000..e300a071 --- /dev/null +++ b/compose/assets/hostcert/star_local_io.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxhz6kp7tDV+8PklekBQCp3jets9XI4FNf4GOrkNni/+DTMEe ++KvBQNVy5GXI/3v3bKy0t0Py55i3yXYljOOBmsR3uhL2Rw4B6oDo07sofbgb9t1R +jJ4/JiUjq/Cmrl5Pz60YPcyxL5EBhBfVF0S+0vogDf+HB2NSD5zDMmIjaJznQAaY +ZWkRSziIDot7/iPEFdvu+KZI7pGJFDVbb/KFUyFie6V6OFNjbfMhu5sYHuSgwJXA +aGF12ncAOhV1Qh0wR1gvDpsUBjiXA6Mg1QbicIHjtSqsaZfch99cmoDELDZidfMB +WVovVnCgKscqqGvaHLT4ktUROckhMOnxU3809QIDAQABAoIBAENc3yazu07s2okj +UXAUHcLsKm5mme6MrNlKKEXAzZigzPhwQiOz4wY0jdhzc6DLehoNr3UROareFr/9 +2E7LnOoPG9a9U9hdPvGJ26EC5oW48GlEX9I8jKRfxH1WWpa3otOuu6tnymeuGqHb +qK08xtXeDsAzvqoYb3K3jve2vut2tRXniXoTg/Cgns4WF8/LuZBU6L1ocePIX4R0 +2tNX3z7qoQP9Grf1VVhBD08ZODPz7ckaZr6F5vBauHqwn3zR1Ui0xl2hVjxZFcRV +FCTI3ny77kNYk49xWpPBh5vCWTpzC0sbQ7/pcp6swGq7RZBaMerJXi8LjQ5vD95j +54hrrAECgYEA7kP7jLBiPkDgHwNWdGiUy4dbaN3JwKcCKKWuixkI+vrDxQmwuxEn +3yvcsq+7PtSmGnYsV+xn9EXQpqLOitzHsmxta5Yc3v7YRwpjmoJUcRSdAehvC6d4 +QGdSm7v8IraO+9//wqGDnVfHaWAlterRBevkh+kRchC+FYQH5wZfvLUCgYEA1Nvq +Vbe5+BOHhJWDWz3XSL4gSZrqsZaGp19brEPD4DKpzfyR04spV4dDnB+se3EqDkwn +4cmgY1Fy0/IQ5Y3lBbTv1DcywU07QCZXL0Sfv6Snl97xfx77g58xaFmxj4dvLlyG +w84oPotIOCFM2sJLcXlVyEoSVjYXnC2wktJY/0ECgYEAlTy9naSJFIccGjDEAQvU +TxsMFUX97Y5t2rnT9soKhvF0l8D3EmSvfaiChuVtOfCFzcNBCR1JC4aDJyyIhA+/ +gTFK4/1VPhOPsgd+1bNWYrHPmfdVPo550pUk9+iqB7AjJP5ruyPhRTdK7uTLGgPn +Qnc7YCmKxNBZzy4wqPKkGpUCgYAa4TqSYIUngq/WWlsgJosNMJU7Nkj07CFM+YnG +EzilE0DGNmLj5+rslrQ+/vD1FbFN5OgUZzXN1Pc/NI5VrrmBIvw2PFI4ftxAmZbg +7TWPKefQEeNFPlBcqrm+h7UYfu3XWO/bwijq3QPdsrbV2TtVtRDUHiZ6pJIOsuZd +ZBrBAQKBgQDQYb1pe9Fj4ChtWbCGpzb3F5xyErAXiO0stn69PN8wr4JMRNFr71KX +ebzJzW6Q1IE10qhDvCQnX0DD0yqAUtBsCMpN7Pve2xFBHtZLs83Th7kbqJhbeZ1P +DTkDvx0q4GEDtwssm4qIdT01ZY2F+DuDqMuuGDyORDjjUh35vAjw/Q== +-----END RSA PRIVATE KEY----- diff --git a/compose/assets/hr/application.yml b/compose/assets/hr/application.yml new file mode 100644 index 00000000..f3195052 --- /dev/null +++ b/compose/assets/hr/application.yml @@ -0,0 +1,15 @@ +server: + port: 9999 + +spring: + profiles: + include: + - fixture + +service: + api-user: + username: api-user + password: pwd + metrics-user: + username: metrics + password: pwd diff --git a/compose/assets/hr/fixture/institutes.csv b/compose/assets/hr/fixture/institutes.csv new file mode 100644 index 00000000..5377f33f --- /dev/null +++ b/compose/assets/hr/fixture/institutes.csv @@ -0,0 +1,4 @@ +id|longname|town|country +000000|Institute 0|Some place 0|IT| +000001|Apple Records|3 Abbey Road |GB| +000002|Sitcky Fingers|1 Ruby Tuesday Rd.|GB| diff --git a/compose/assets/hr/fixture/participations.csv b/compose/assets/hr/fixture/participations.csv new file mode 100644 index 00000000..294fbcfe --- /dev/null +++ b/compose/assets/hr/fixture/participations.csv @@ -0,0 +1,5 @@ +experiment|institute|person_id|start_date|end_date +TEST|000000|1|01-FEB-08| +TEST|000002|2|01-FEB-08| +TEST|000001|3|01-FEB-08|01-FEB-09| +TEST|000001|3|01-FEB-10| diff --git a/compose/assets/hr/fixture/vo_persons.csv b/compose/assets/hr/fixture/vo_persons.csv new file mode 100644 index 00000000..8b6d813d --- /dev/null +++ b/compose/assets/hr/fixture/vo_persons.csv @@ -0,0 +1,4 @@ +person_id|first_name|name|email|physical_email|institute +1|ANDREA|CECCANTI|ANDREA.CECCANTI@cnaf.infn.it|ACECCANT@cern.ch|000000 +2|KEITH|RICHARDS|keith@example.com|keith@cern.ch|000002 +3|PAUL|MC CARTNEY|paul@example.com|paul@cern.ch|000001 diff --git a/compose/assets/voms-admin/hr/hr.properties b/compose/assets/voms-admin/hr/hr.properties new file mode 100644 index 00000000..e2ce06ba --- /dev/null +++ b/compose/assets/voms-admin/hr/hr.properties @@ -0,0 +1,4 @@ +experiment=test +api.endpoint=http://hr:9999 +api.username=api-user +api.password=pwd diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml new file mode 100644 index 00000000..07143004 --- /dev/null +++ b/compose/docker-compose.yml @@ -0,0 +1,94 @@ +version: '3.5' + +volumes: + trustanchors: + cabundle: + db_data: + +services: + trust: + image: indigoiam/trustanchors:latest + environment: + - FORCE_TRUST_ANCHORS_UPDATE=1 + volumes: + - trustanchors:/etc/grid-security/certificates + - cabundle:/etc/pki + + db: + image: mariadb:latest + container_name: db + ports: + - "3306:3306" + volumes: + - db_data:/var/lib/mysql + + environment: + MYSQL_ROOT_PASSWORD: pwd + MYSQL_USER: voms + MYSQL_PASSWORD: pwd + MYSQL_DATABASE: voms_test + + hr: + image: indigoiam/cern-hr-db-api:latest + volumes: + - ./assets/hr/application.yml:/hr/application.yml:ro + - ./assets/hr/fixture/:/hr/src/test/resources/db/csv:ro + ports: + - "9999:9999" + environment: + TZ: UTC + + adminserver: + image: italiangrid/voms-admin-server-dev-centos7:latest + domainname: local.io + depends_on: + - db + + volumes: + - trustanchors:/etc/grid-security/certificates/ + - ./assets/hostcert/star_local_io.cert.pem:/etc/grid-security/hostcert.pem + - ./assets/hostcert/star_local_io.key.pem:/etc/grid-security/hostkey.pem + - ..:/code:ro + - ~/git/orgdb-fake-users/:/orgdb-fake-users:ro + - ~/git/voms-migrate:/migrate:ro + - ~/oracle:/oracle-rpm:ro + - ./assets/voms-admin/hr:/hr:ro + # - ~/orgdb:/orgdb:ro + + ports: + - "1044:1044" + - "8443:8443" + + environment: + # This is the VOMS Admin configuration + # + VOMS_VO_COUNT: 1 # 0 creates 1 VO, 1 two VOs, ... + VOMS_HOSTNAME: dev.local.io + MAILHOST: mail + MYSQL_ROOT_PASSWORD: pwd + + # VOMS_LOG_LEVEL: debug + VOMS_DEBUG: y + + # Comment the following line to skip tarball installation + VOMS_DEPLOY_TARBALL: y + + # VOMS_ADMIN_SERVER_PACKAGE_URL: http://ci-01.cnaf.infn.it/download/voms/versions/jenkins-release_voms_packages-13/sl6/x86_64/voms-admin-server-3.5.1-1.el6.centos.noarch.rpm + # VOMS_ADMIN_SERVER_VERSION: 3.3.3 + # VOMS_DEBUG_SUSPEND: y + # VOMS_PRE_CONFIGURE: y + # VOMS_SKIP_CONFIGURE: y + VOMS_SKIP_JAVA_SETUP: y + # VOMS_UPGRADE_DB: y + + # VOMS_LOAD_DB_DUMP: y + VOMS_DEV_MODE: y + + VOMS_CONFIGURE_OPTIONS: --skip-ca-check --admin-skip-ca-check + VOMS_ARGS: --war /code/voms-admin-server/target/voms-admin.war + + # ENABLE_YOURKIT: y + # ENABLE_JREBEL: y + # ENABLE_JMX: y + # HIBERNATE_LOG_LEVEL: DEBUG + # STRUTS_LOG_LEVEL: DEBUG diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 25eb4a0e..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,157 +0,0 @@ -version: '2' - -services: - data: - image: busybox - volumes: - - /var/lib/mysql - command: /bin/true - - db: - image: mariadb:latest - container_name: db - ports: - - "3306:3306" - volumes_from: - - data - - environment: - MYSQL_ROOT_PASSWORD: pwd - MYSQL_USER: voms - MYSQL_PASSWORD: pwd - MYSQL_DATABASE: voms_test - - mail: - image: jlynn/python-smtp - ports: - - "25:25" - - adminserver: - image: italiangrid/voms-admin-server:latest - domainname: local.io - - volumes: - - /etc/voms - - /etc/grid-security - - .:/code:ro - - ~/.jrebel:/home/voms/.jrebel:rw - - ~/jrebel:/jrebel:ro - - ~/yourkit:/yourkit:ro - - ~/git/voms-admin-server/docker/voms-admin-server/setup:/scripts:ro - - ~/git/orgdb-fake-users/:/orgdb-fake-users:ro - - ~/git/voms-migrate:/migrate:ro - # - ~/orgdb:/orgdb:ro - - ports: - # 20001 is the default yourkit port - # - "20001:20001" - # 6002 is the default JMX port used when enabling JMX - # - "6002:6002" - # 1044 is the debug port - - "1044:1044" - - "8443" - - links: - - db - - mail - - environment: - # This is need for haproxy to properly load balance stuff... - TCP_PORTS: 8443 - - # This is the VOMS Admin configuration - # - VOMS_VO_COUNT: 1 # 0 creates 1 VO, 1 two VOs, ... - VOMS_HOSTNAME: dev.local.io - MAILHOST: mail - MYSQL_ROOT_PASSWORD: pwd - - # VOMS_LOG_LEVEL: debug - VOMS_DEBUG: y - - # Comment the following line to skip tarball installation - VOMS_DEPLOY_TARBALL: y - - # VOMS_ADMIN_SERVER_PACKAGE_URL: http://ci-01.cnaf.infn.it/download/voms/versions/jenkins-release_voms_packages-13/sl6/x86_64/voms-admin-server-3.5.1-1.el6.centos.noarch.rpm - # VOMS_ADMIN_SERVER_VERSION: 3.3.3 - # VOMS_DEBUG_SUSPEND: y - VOMS_PRE_CONFIGURE: y - # VOMS_SKIP_CONFIGURE: y - VOMS_UPGRADE_DB: y - - # VOMS_LOAD_DB_DUMP: y - VOMS_DEV_MODE: y - - VOMS_CONFIGURE_OPTIONS: --skip-ca-check --admin-skip-ca-check - VOMS_ARGS: --war /code/voms-admin-server/target/voms-admin.war - - # ENABLE_YOURKIT: y - # ENABLE_JREBEL: y - # ENABLE_JMX: y - # HIBERNATE_LOG_LEVEL: DEBUG - # STRUTS_LOG_LEVEL: DEBUG - - extra_hosts: - - "voms.local.io:192.168.99.101" - - voms: - image: italiangrid/voms-dev:centos6 - domainname: local.io - - depends_on: - - db - - adminserver - - lb - - cap_add: - # The capability below is useful to - # run gdb - - SYS_PTRACE - - volumes: - - $HOME/git/voms-giaco:/voms:ro - - $HOME/git/voms-mysql-plugin:/voms-mysql-plugin:ro - - volumes_from: - - adminserver - - ports: - - "15000:15000" - - links: - - db - - tty: true - - environment: - # Uncomment to build VOMS from sources - # inside the container - VOMS_BUILD_FROM_SOURCES: y - - VOMS_GIT_REPO: file:///voms - VOMS_GIT_BRANCH: ssl11-andrea - - # Uncomment to build voms-mysql-plugin from - # source inside the container - VOMS_BUILD_MYSQL_PLUGIN: y - VOMS_MYSQL_GIT_REPO: file:///voms-mysql-plugin - - VOMS_MYSQL_GIT_BRANCH: fix/VOMS-748 - - lb: - image: dockercloud/haproxy:latest - ports: - - "8443:8443" - - "1936:1936" - - environment: - - MODE=tcp - - DOCKER_TLS_VERIFY - - DOCKER_HOST - - DOCKER_CERT_PATH - - volumes: - - $DOCKER_CERT_PATH:$DOCKER_CERT_PATH - - links: - - adminserver diff --git a/docker/prod/Dockerfile b/docker/prod/Dockerfile new file mode 100644 index 00000000..f1570d8e --- /dev/null +++ b/docker/prod/Dockerfile @@ -0,0 +1,6 @@ +FROM java:8 + +VOLUME /etc/voms-admin +VOLUME /var/log/voms-admin + +EXPOSE 8443 1044 diff --git a/docker/voms-admin-server/build-image.sh b/docker/prod/build-image.sh similarity index 100% rename from docker/voms-admin-server/build-image.sh rename to docker/prod/build-image.sh diff --git a/docker/voms-admin-server/dev/centos6/.env b/docker/voms-admin-server/dev/centos6/.env new file mode 100644 index 00000000..f77df07b --- /dev/null +++ b/docker/voms-admin-server/dev/centos6/.env @@ -0,0 +1 @@ +DOCKER_IMAGE=italiangrid/voms-admin-server-dev-centos6 diff --git a/docker/voms-admin-server/Dockerfile b/docker/voms-admin-server/dev/centos6/Dockerfile similarity index 88% rename from docker/voms-admin-server/Dockerfile rename to docker/voms-admin-server/dev/centos6/Dockerfile index d86bd69f..925f8db6 100644 --- a/docker/voms-admin-server/Dockerfile +++ b/docker/voms-admin-server/dev/centos6/Dockerfile @@ -1,4 +1,4 @@ -FROM italiangrid/base-dev +FROM italiangrid/base-dev:latest RUN sed -i 's/socket_timeout=3/socket_timeout=1/' /etc/yum/pluginconf.d/fastestmirror.conf && \ echo "include_only=.garr.it,.cern.ch" >> /etc/yum/pluginconf.d/fastestmirror.conf && \ @@ -6,7 +6,7 @@ RUN sed -i 's/socket_timeout=3/socket_timeout=1/' /etc/yum/pluginconf.d/fastestm ADD setup /scripts -RUN yum -y -d2 install sudo && sh /scripts/setup-voms-user.sh +RUN yum -y install sudo && sh /scripts/setup-voms-user.sh RUN chmod 755 "/scripts/run.sh" RUN cp /scripts/emi-oracle-11.repo /etc/yum.repos.d && \ diff --git a/docker/voms-admin-server/setup/configure-vos.sh b/docker/voms-admin-server/dev/centos6/setup/configure-vos.sh similarity index 84% rename from docker/voms-admin-server/setup/configure-vos.sh rename to docker/voms-admin-server/dev/centos6/setup/configure-vos.sh index ccd48701..4b8914ab 100644 --- a/docker/voms-admin-server/setup/configure-vos.sh +++ b/docker/voms-admin-server/dev/centos6/setup/configure-vos.sh @@ -3,6 +3,8 @@ set -ex VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} VO_COUNT=${VOMS_VO_COUNT:-1} +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} +VOMS_SMTP_HOST=${VOMS_SMTP_HOST:-mail} BASE_CORE_PORT=${VOMS_BASE_CORE_PORT:-15000} configure_vo(){ @@ -15,9 +17,9 @@ configure_vo(){ --dbname ${VO_NAME} \ --dbusername $VOMS_DB_USERNAME \ --dbpassword $VOMS_DB_PASSWORD \ - --dbhost db \ + --dbhost ${VOMS_MYSQL_HOST} \ --mail-from $VOMS_MAIL_FROM \ - --smtp-host mail \ + --smtp-host ${VOMS_SMTP_HOST} \ --membership-check-period 60 \ --hostname ${VOMS_HOSTNAME} \ --core-port $((${BASE_CORE_PORT}+$1)) \ diff --git a/docker/voms-admin-server/setup/create-schemas.sh b/docker/voms-admin-server/dev/centos6/setup/create-schemas.sh similarity index 77% rename from docker/voms-admin-server/setup/create-schemas.sh rename to docker/voms-admin-server/dev/centos6/setup/create-schemas.sh index 173b14e7..06c3e173 100644 --- a/docker/voms-admin-server/setup/create-schemas.sh +++ b/docker/voms-admin-server/dev/centos6/setup/create-schemas.sh @@ -1,6 +1,8 @@ #!/bin/bash set -x +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} + VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} VO_COUNT=${VOMS_VO_COUNT:-1} @@ -14,7 +16,7 @@ create_vo_schema(){ EOF cat ${tmp_file} - cat ${tmp_file} | mysql -hdb -uroot -p${MYSQL_ROOT_PASSWORD} + cat ${tmp_file} | mysql -h${VOMS_MYSQL_HOST} -uroot -p${MYSQL_ROOT_PASSWORD} } diff --git a/docker/voms-admin-server/setup/emi-oracle-11.repo b/docker/voms-admin-server/dev/centos6/setup/emi-oracle-11.repo similarity index 100% rename from docker/voms-admin-server/setup/emi-oracle-11.repo rename to docker/voms-admin-server/dev/centos6/setup/emi-oracle-11.repo diff --git a/docker/voms-admin-server/setup/load-db-dump.sh b/docker/voms-admin-server/dev/centos6/setup/load-db-dump.sh similarity index 100% rename from docker/voms-admin-server/setup/load-db-dump.sh rename to docker/voms-admin-server/dev/centos6/setup/load-db-dump.sh diff --git a/docker/voms-admin-server/setup/logback.xml b/docker/voms-admin-server/dev/centos6/setup/logback.xml similarity index 100% rename from docker/voms-admin-server/setup/logback.xml rename to docker/voms-admin-server/dev/centos6/setup/logback.xml diff --git a/docker/voms-admin-server/dev/centos6/setup/orgdb-util.sh b/docker/voms-admin-server/dev/centos6/setup/orgdb-util.sh new file mode 100644 index 00000000..78346cf2 --- /dev/null +++ b/docker/voms-admin-server/dev/centos6/setup/orgdb-util.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -ex + +source /etc/sysconfig/voms-admin + +OJDBC_JAR=${OJDBC_JAR:-${ORACLE_LIBRARY_PATH}/ojdbc6.jar} +ORACLE_ENV="LD_LIBRARY_PATH=$ORACLE_LIBRARY_PATH TNS_ADMIN=$TNS_ADMIN" + +TNS_ADMIN=/home/voms LD_LIBRARY_PATH=${ORACLE_LIBRARY_PATH} java -cp ${OJDBC_JAR}:'/var/lib/voms-admin/lib/*':/usr/share/java/voms-admin.jar org.glite.security.voms.admin.integration.orgdb.tools.OrgDBUtil -c /etc/voms-admin/test_0/orgdb.properties $@ diff --git a/docker/voms-admin-server/setup/orgdb.template b/docker/voms-admin-server/dev/centos6/setup/orgdb.template similarity index 100% rename from docker/voms-admin-server/setup/orgdb.template rename to docker/voms-admin-server/dev/centos6/setup/orgdb.template diff --git a/docker/voms-admin-server/setup/run.sh b/docker/voms-admin-server/dev/centos6/setup/run.sh similarity index 94% rename from docker/voms-admin-server/setup/run.sh rename to docker/voms-admin-server/dev/centos6/setup/run.sh index 6afad0b5..d1c95a2d 100755 --- a/docker/voms-admin-server/setup/run.sh +++ b/docker/voms-admin-server/dev/centos6/setup/run.sh @@ -6,13 +6,16 @@ VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} VO_COUNT=${VOMS_VO_COUNT:-1} VOMS_BASE_CORE_PORT=${VOMS_BASE_CORE_PORT:-15000} +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} +VOMS_MYSQL_PORT=${VOMS_MYSQL_PORT:-3306} # Wait for database service to be up -mysql_host=db -mysql_port=3306 +mysql_host=${VOMS_MYSQL_HOST} +mysql_port=${VOMS_MYSQL_PORT} echo -n "waiting for TCP connection to $mysql_host:$mysql_port..." + while ! nc -w 1 $mysql_host $mysql_port 2>/dev/null do echo -n . @@ -45,8 +48,11 @@ cp ${SCRIPTS_PREFIX}/tnsnames.ora /home/voms chown voms:voms /home/voms/tnsnames.ora ## Setup certificates -cp /etc/grid-security/hostcert.pem /etc/grid-security/vomscert.pem -cp /etc/grid-security/hostkey.pem /etc/grid-security/vomskey.pem +VOMS_X509_CERT=${VOMS_X509_CERT:-/etc/grid-security/hostcert.pem} +VOMS_X509_KEY=${VOMS_X509_KEY:-/etc/grid-security/hostkey.pem} + +cp ${VOMS_X509_CERT} /etc/grid-security/vomscert.pem +cp ${VOMS_X509_KEY} /etc/grid-security/vomskey.pem chown voms:voms /etc/grid-security/voms*.pem # Do this or voms-admin webapp will fail silently and always return 503 diff --git a/docker/voms-admin-server/setup/setup-java.sh b/docker/voms-admin-server/dev/centos6/setup/setup-java.sh similarity index 100% rename from docker/voms-admin-server/setup/setup-java.sh rename to docker/voms-admin-server/dev/centos6/setup/setup-java.sh diff --git a/docker/voms-admin-server/setup/setup-voms-user.sh b/docker/voms-admin-server/dev/centos6/setup/setup-voms-user.sh similarity index 100% rename from docker/voms-admin-server/setup/setup-voms-user.sh rename to docker/voms-admin-server/dev/centos6/setup/setup-voms-user.sh diff --git a/docker/voms-admin-server/setup/test_0.dump.sql b/docker/voms-admin-server/dev/centos6/setup/test_0.dump.sql similarity index 100% rename from docker/voms-admin-server/setup/test_0.dump.sql rename to docker/voms-admin-server/dev/centos6/setup/test_0.dump.sql diff --git a/docker/voms-admin-server/setup/tnsnames.ora b/docker/voms-admin-server/dev/centos6/setup/tnsnames.ora similarity index 100% rename from docker/voms-admin-server/setup/tnsnames.ora rename to docker/voms-admin-server/dev/centos6/setup/tnsnames.ora diff --git a/docker/voms-admin-server/setup/upgrade-db.sh b/docker/voms-admin-server/dev/centos6/setup/upgrade-db.sh similarity index 100% rename from docker/voms-admin-server/setup/upgrade-db.sh rename to docker/voms-admin-server/dev/centos6/setup/upgrade-db.sh diff --git a/docker/voms-admin-server/dev/centos7/.env b/docker/voms-admin-server/dev/centos7/.env new file mode 100644 index 00000000..16064204 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/.env @@ -0,0 +1 @@ +DOCKER_IMAGE=italiangrid/voms-admin-server-dev-centos7 diff --git a/docker/voms-admin-server/dev/centos7/Dockerfile b/docker/voms-admin-server/dev/centos7/Dockerfile new file mode 100644 index 00000000..881aaaa7 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/Dockerfile @@ -0,0 +1,18 @@ +FROM centos:7 + +ENV VOMS_DB_USERNAME voms +ENV VOMS_DB_PASSWORD pwd +ENV VOMS_DB_NAME voms_test +ENV VOMS_MAIL_FROM voms-admin@dev.local.io +ENV VOMS_HOSTNAME dev.local.io + +ADD setup /scripts +ADD setup/repo/*.repo /etc/yum.repos.d/ + +RUN chmod +x /scripts/run.sh +RUN yum -y install sudo && sh /scripts/setup-voms-user.sh && sh /scripts/setup.sh + +VOLUME /var/log/voms-admin +CMD /scripts/run.sh + +EXPOSE 8443 1044 diff --git a/docker/voms-admin-server/dev/centos7/setup/configure-vos.sh b/docker/voms-admin-server/dev/centos7/setup/configure-vos.sh new file mode 100644 index 00000000..630b5db1 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/configure-vos.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -ex + +VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} +VO_COUNT=${VOMS_VO_COUNT:-1} +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} +VOMS_SMTP_HOST=${VOMS_SMTP_HOST:-mail} +BASE_CORE_PORT=${VOMS_BASE_CORE_PORT:-15000} + +configure_vo(){ + + VO_NAME=${VO_NAME_PREFIX}_$1 + voms-configure install \ + --vo ${VO_NAME} \ + --dbtype mysql \ + --deploy-database \ + --dbname ${VO_NAME} \ + --dbusername ${VOMS_DB_USERNAME} \ + --dbpassword $VOMS_DB_PASSWORD \ + --dbhost ${VOMS_MYSQL_HOST} \ + --mail-from $VOMS_MAIL_FROM \ + --smtp-host ${VOMS_SMTP_HOST} \ + --membership-check-period 60 \ + --hostname ${VOMS_HOSTNAME} \ + --core-port $((${BASE_CORE_PORT}+$1)) \ + ${CONFIGURE_VO_OPTIONS} +} + +for i in $(seq 0 ${VO_COUNT}); do + configure_vo $i +done + +if [[ -f "/etc/voms-admin/voms-admin-server.properties" ]]; then + sed -i -e "s#localhost#${VOMS_HOSTNAME}#g" \ + /etc/voms-admin/voms-admin-server.properties +fi diff --git a/docker/voms-admin-server/dev/centos7/setup/create-schemas.sh b/docker/voms-admin-server/dev/centos7/setup/create-schemas.sh new file mode 100644 index 00000000..06c3e173 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/create-schemas.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -x + +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} + +VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} +VO_COUNT=${VOMS_VO_COUNT:-1} + +create_vo_schema(){ + + tmp_file=$(mktemp /tmp/create-schema-$1-XXX.sql) + + cat << EOF > ${tmp_file} + CREATE DATABASE IF NOT EXISTS test_$1; + GRANT ALL ON test_$1.* TO '${VOMS_DB_USERNAME}'@'%' IDENTIFIED BY '${VOMS_DB_PASSWORD}'; +EOF + + cat ${tmp_file} + cat ${tmp_file} | mysql -h${VOMS_MYSQL_HOST} -uroot -p${MYSQL_ROOT_PASSWORD} +} + + +for i in $(seq 0 ${VO_COUNT}); do + create_vo_schema $i; +done diff --git a/docker/voms-admin-server/dev/centos7/setup/hr.template b/docker/voms-admin-server/dev/centos7/setup/hr.template new file mode 100644 index 00000000..e15d0521 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/hr.template @@ -0,0 +1,2 @@ +voms.external-validators = orgdb +voms.ext.orgdb.configClass = org.glite.security.voms.admin.integration.cern.HrDbConfigurator diff --git a/docker/voms-admin-server/dev/centos7/setup/load-db-dump.sh b/docker/voms-admin-server/dev/centos7/setup/load-db-dump.sh new file mode 100644 index 00000000..aa8c9cb7 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/load-db-dump.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -ex + +SCRIPTS_PREFIX=${SCRIPTS_PREFIX:-/scripts} +VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} +VO_COUNT=${VOMS_VO_COUNT:-1} + +load_db_dump(){ + + VO_NAME=${VO_NAME_PREFIX}_$1 + dump_file=${VO_NAME}.dump.sql + if [[ -f ${SCRIPTS_PREFIX}/${dump_file} ]]; then + echo "Loading dump file ${SCRIPTS_PREFIX}/${dump_file} for VO ${VO_NAME}" + cat ${SCRIPTS_PREFIX}/${dump_file} | mysql -hdb -u${VOMS_DB_USERNAME} -p${VOMS_DB_PASSWORD} ${VO_NAME} + else + echo "${dump_file} not found" + fi +} + +for i in $(seq 0 ${VO_COUNT}); do + load_db_dump $i +done diff --git a/docker/voms-admin-server/dev/centos7/setup/logback.xml b/docker/voms-admin-server/dev/centos7/setup/logback.xml new file mode 100644 index 00000000..e78e45cd --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/logback.xml @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + %date{yyyy-MM-dd HH:mm:ss.SSS'Z',UTC} - [%contextName] %level [%thread] [%logger{0}] - %msg%n + + + + + + + + diff --git a/docker/voms-admin-server/dev/centos7/setup/orgdb-util.sh b/docker/voms-admin-server/dev/centos7/setup/orgdb-util.sh new file mode 100644 index 00000000..78346cf2 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/orgdb-util.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -ex + +source /etc/sysconfig/voms-admin + +OJDBC_JAR=${OJDBC_JAR:-${ORACLE_LIBRARY_PATH}/ojdbc6.jar} +ORACLE_ENV="LD_LIBRARY_PATH=$ORACLE_LIBRARY_PATH TNS_ADMIN=$TNS_ADMIN" + +TNS_ADMIN=/home/voms LD_LIBRARY_PATH=${ORACLE_LIBRARY_PATH} java -cp ${OJDBC_JAR}:'/var/lib/voms-admin/lib/*':/usr/share/java/voms-admin.jar org.glite.security.voms.admin.integration.orgdb.tools.OrgDBUtil -c /etc/voms-admin/test_0/orgdb.properties $@ diff --git a/docker/voms-admin-server/dev/centos7/setup/orgdb.template b/docker/voms-admin-server/dev/centos7/setup/orgdb.template new file mode 100644 index 00000000..ceb4f281 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/orgdb.template @@ -0,0 +1,4 @@ +voms.external-validators = orgdb +voms.ext.orgdb.configClass = org.glite.security.voms.admin.integration.orgdb.OrgDBConfigurator +voms.ext.orgdb.experimentName = ATLAS +voms.ext.orgdb.membership_check.period = 30 diff --git a/docker/voms-admin-server/dev/centos7/setup/repo/igi-test-ca.repo b/docker/voms-admin-server/dev/centos7/setup/repo/igi-test-ca.repo new file mode 100644 index 00000000..0710cdde --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/repo/igi-test-ca.repo @@ -0,0 +1,8 @@ +[Test-CA] +name=Test-CA +baseurl=https://ci.cloud.cnaf.infn.it/job/repo_test_ca/lastSuccessfulBuild/artifact/yum/ +protect=1 +enabled=1 +priority=1 +gpgcheck=0 +sslverify=0 diff --git a/docker/voms-admin-server/dev/centos7/setup/repo/pkg-voms.repo b/docker/voms-admin-server/dev/centos7/setup/repo/pkg-voms.repo new file mode 100644 index 00000000..ba5168f7 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/repo/pkg-voms.repo @@ -0,0 +1,8 @@ +[pkg-VOMS] +name=pkg-VOMS +baseurl=https://ci.cloud.cnaf.infn.it/job/pkg.voms/job/v0120.01/lastSuccessfulBuild/artifact/artifacts/stage-area/centos7 +protect=1 +enabled=1 +priority=1 +gpgcheck=0 +sslverify=1 diff --git a/docker/voms-admin-server/dev/centos7/setup/repo/voms-externals.repo b/docker/voms-admin-server/dev/centos7/setup/repo/voms-externals.repo new file mode 100644 index 00000000..3721a0bb --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/repo/voms-externals.repo @@ -0,0 +1,8 @@ +[voms-externals] +name=voms-externals +baseurl=https://repo.cloud.cnaf.infn.it/repository/voms-externals-rpm/centos7 +protect=1 +enabled=1 +priority=1 +gpgcheck=0 +sslverify=1 diff --git a/docker/voms-admin-server/dev/centos7/setup/run.sh b/docker/voms-admin-server/dev/centos7/setup/run.sh new file mode 100755 index 00000000..eb02892e --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/run.sh @@ -0,0 +1,219 @@ +#!/bin/bash +set -ex + +SCRIPTS_PREFIX=${SCRIPTS_PREFIX:-/scripts} +VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} +VO_COUNT=${VOMS_VO_COUNT:-1} + +VOMS_BASE_CORE_PORT=${VOMS_BASE_CORE_PORT:-15000} +VOMS_MYSQL_HOST=${VOMS_MYSQL_HOST:-db} +VOMS_MYSQL_PORT=${VOMS_MYSQL_PORT:-3306} + +# Wait for database service to be up +mysql_host=${VOMS_MYSQL_HOST} +mysql_port=${VOMS_MYSQL_PORT} + +echo -n "waiting for TCP connection to $mysql_host:$mysql_port..." + + +while ! nc -w 1 $mysql_host $mysql_port 2>/dev/null +do + echo -n . + sleep 1 +done + +echo 'Database server is up.' + +## Create database schemas +/bin/bash ${SCRIPTS_PREFIX}/create-schemas.sh + +if [[ -n "${VOMS_ADMIN_SERVER_PACKAGE_URL}" ]]; then + yum -y remove voms-admin-server + yum -y install ${VOMS_ADMIN_SERVER_PACKAGE_URL} +fi + +# Install requested voms-admin-server version +if [[ -n "${VOMS_ADMIN_SERVER_VERSION}" ]]; then + yum -y remove voms-admin-server + yum install -y voms-admin-server-${VOMS_ADMIN_SERVER_VERSION} +fi + +# Install requested voms-admin client +if [[ -n "${VOMS_ADMIN_CLIENT_VERSION}" ]]; then + yum -y remove voms-admin-client + yum install -y voms-admin-client-${VOMS_ADMIN_CLIENT_VERSION} +fi + +cp ${SCRIPTS_PREFIX}/tnsnames.ora /home/voms +chown voms:voms /home/voms/tnsnames.ora + +## Setup certificates +VOMS_X509_CERT=${VOMS_X509_CERT:-/etc/grid-security/hostcert.pem} +VOMS_X509_KEY=${VOMS_X509_KEY:-/etc/grid-security/hostkey.pem} + +cp ${VOMS_X509_CERT} /etc/grid-security/vomscert.pem +cp ${VOMS_X509_KEY} /etc/grid-security/vomskey.pem +chown voms:voms /etc/grid-security/voms*.pem + +# Do this or voms-admin webapp will fail silently and always return 503 +mkdir -p /etc/grid-security/vomsdir + +## Preconfigure using existing package, if requested, or if just skipping +## the deployment of a tarball +if [[ -z ${VOMS_DEPLOY_TARBALL} ]]; then + VOMS_PRE_CONFIGURE=y +fi + +if [[ -n ${VOMS_LOAD_DB_DUMP} ]]; then + /bin/bash ${SCRIPTS_PREFIX}/load-db-dump.sh +fi + +if [[ -n ${VOMS_PRE_CONFIGURE} ]]; then + echo "Running preconfiguration..." + CONFIGURE_VO_OPTIONS=${VOMS_PRE_CONFIGURE_OPTIONS} /bin/bash ${SCRIPTS_PREFIX}/configure-vos.sh +fi + +if [[ -n "${VOMS_DEPLOY_TARBALL}" ]]; then + echo "Istalling VOMS development tarball from /code" + + ## Install new code + ls -l /code + + old_jars=$(ls /var/lib/voms-admin/lib/*.jar) + for j in ${old_jars}; do + echo "Removing: $j" && rm -rf $j + done + + old_jars=$(ls /var/lib/voms-admin/lib/) + echo "Old jars after removal: ${old_jars}" + + tar -C / -xvzf /code/voms-admin-server/target/voms-admin-server.tar.gz + + chown -R voms:voms /var/lib/voms-admin/work /var/log/voms-admin + + if [[ -n "$VOMS_UPGRADE_DB" ]]; then + echo "Running database upgrade..." + /bin/bash ${SCRIPTS_PREFIX}/upgrade-db.sh + fi + + skip_configuration=false + + ## Skip configuration if requested + [ -n "$VOMS_SKIP_CONFIGURE" ] && skip_configuration=true + + ## But only if configuration for the VO exists + for i in $(seq 0 ${VO_CONT}); do + VO_NAME=${VO_NAME_PREFIX}_$i + [ ! -e "/etc/voms-admin/${VO_NAME}/service.properties" ] && skip_configuration=false + done + + if [[ "$skip_configuration" = "false" ]]; then + echo "Running configuration..." + CONFIGURE_VO_OPTIONS=${VOMS_CONFIGURE_OPTIONS} /bin/bash ${SCRIPTS_PREFIX}/configure-vos.sh + fi +fi + +# Setup logging so that everything goes to stdout +cp ${SCRIPTS_PREFIX}/logback.xml /etc/voms-admin/voms-admin-server.logback + +for i in $(seq 0 ${VO_COUNT}); do + VO_NAME=${VO_NAME_PREFIX}_$i + cp ${SCRIPTS_PREFIX}/logback.xml /etc/voms-admin/${VO_NAME}/logback.xml + chown voms:voms /etc/voms-admin/${VO_NAME}/logback.xml +done + +chown voms:voms /etc/voms-admin/voms-admin-server.logback + +# Setup orgdb.properties, if the orgdb volume is mounted, only for the +# first configured VO +if [ -e "/orgdb/orgdb.properties" ]; then + cp /orgdb/orgdb.properties /etc/voms-admin/test_0/orgdb.properties + chown voms:voms /etc/voms-admin/test_0/orgdb.properties + + # Just a newline + echo >> /etc/voms-admin/test_0/service.properties + cat ${SCRIPTS_PREFIX}/orgdb.template >> /etc/voms-admin/test_0/service.properties +fi + +if [ -e "/hr/hr.properties" ]; then + cp /hr/hr.properties /etc/voms-admin/test_0/hr.properties + chown voms:voms /etc/voms-admin/test_0/hr.properties + + # Just a newline + echo >> /etc/voms-admin/test_0/service.properties + cat ${SCRIPTS_PREFIX}/hr.template >> /etc/voms-admin/test_0/service.properties +fi + +# Deploy test vos +for i in $(seq 0 ${VO_COUNT}); do + VO_NAME=${VO_NAME_PREFIX}_$i + touch "/var/lib/voms-admin/vo.d/$VO_NAME" +done + +# Set log levels +VOMS_LOG_LEVEL=${VOMS_LOG_LEVEL:-INFO} +JAVA_LOG_LEVEL=${JAVA_LOG_LEVEL:-ERROR} + +VOMS_JAVA_OPTS="-Dvoms.dev=true -DVOMS_LOG_LEVEL=${VOMS_LOG_LEVEL} -DJAVA_LOG_LEVEL=${JAVA_LOG_LEVEL} ${VOMS_JAVA_OPTS}" + +if [ -n "$ENABLE_YOUR_KIT" ]; then + YOUR_KIT_OPTS=${VOMS_YOUR_KIT_OPTS:-"-javaagent:/yourkit/libyjpagent.so,delay=10000,port=20001"} + VOMS_JAVA_OPTS="${VOMS_YOUR_KIT_OPTS} ${VOMS_JAVA_OPTS}" +fi + +if [ -n "$ENABLE_JREBEL" ]; then + if [ -n "$ENABLE_YOUR_KIT" ]; then + echo "YourKit is enabled... will ignore Jrebel" + else + JREBEL_OPTS=${VOMS_JREBEL_OPTS:-"-javaagent:/jrebel/jrebel.jar -Drebel.stats=false -Drebel.usage_reporting=false -Drebel.struts2_plugin=true -Drebel.tiles2_plugin=true"} + VOMS_JAVA_OPTS="${JREBEL_OPTS} ${VOMS_JAVA_OPTS}" + fi +fi + +if [ -z "$VOMS_DEBUG_PORT" ]; then + VOMS_DEBUG_PORT=1044 +fi + +if [ -z "$VOMS_DEBUG_SUSPEND" ]; then + VOMS_DEBUG_SUSPEND="n" +fi + +if [ ! -z "$VOMS_DEBUG" ]; then + VOMS_JAVA_OPTS="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=$VOMS_DEBUG_PORT,suspend=$VOMS_DEBUG_SUSPEND $VOMS_JAVA_OPTS" +fi + +if [ -n "$ENABLE_JMX" ]; then + JMX_PORT=${VOMS_JMX_PORT:-6002} + VOMS_JAVA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} -Dcom.sun.management.jmxremote.rmi.port=${JMX_PORT} -Djava.rmi.server.hostname=dev.local.io -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false $VOMS_JAVA_OPTS" +fi + +VOMS_JAR=${VOMS_JAR:-/usr/share/java/voms-container.jar} +VOMS_MAIN_CLASS=${VOMS_MAIN_CLASS:-org.italiangrid.voms.container.Container} +ORACLE_LIBRARY_PATH=${ORACLE_LIBRARY_PATH:-/usr/lib64/oracle/11.2.0.3.0/client/lib64} +OJDBC_JAR=${OJDBC_JAR:-${ORACLE_LIBRARY_PATH}/ojdbc6.jar} +TNS_ADMIN=${TNS_ADMIN:-/home/voms} + +ORACLE_ENV="LD_LIBRARY_PATH=$ORACLE_LIBRARY_PATH TNS_ADMIN=$TNS_ADMIN" + +if [ -z "$VOMS_SKIP_JAVA_SETUP" ]; then + /bin/bash ${SCRIPTS_PREFIX}/setup-java.sh +fi + +java -version + +## Add test0 admin +for i in $(seq 0 ${VO_COUNT}); do + VO_NAME=${VO_NAME_PREFIX}_$i + voms-db-util add-admin --vo ${VO_NAME} \ + --cert /usr/share/igi-test-ca/test0.cert.pem \ + || echo "Error creating test0 admin. Does it already exist?" +done + +# Start service +if [ -n "$VOMS_DEV_MODE" ]; then + echo "su voms -s /bin/bash -c \"$ORACLE_ENV java $VOMS_JAVA_OPTS -cp $VOMS_JAR:$OJDBC_JAR $VOMS_MAIN_CLASS $VOMS_ARGS\"" > /root/start-voms-admin.sh + echo "VOMS Admin startup command saved in /root/start-voms-admin.sh . User docker exec to enter this container and start/stop the service as you like" + sleep infinity +else + su voms -s /bin/bash -c "$ORACLE_ENV java $VOMS_JAVA_OPTS -cp $VOMS_JAR:$OJDBC_JAR $VOMS_MAIN_CLASS $VOMS_ARGS" +fi diff --git a/docker/voms-admin-server/dev/centos7/setup/setup-java.sh b/docker/voms-admin-server/dev/centos7/setup/setup-java.sh new file mode 100644 index 00000000..529edc51 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/setup-java.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -ex + +JRE_HOME=${JRE_HOME:-/usr/lib/jvm/jre-1.8.0-openjdk.x86_64} +JDK_HOME=${JDK_HOME:-/usr/lib/jvm/java-1.8.0-openjdk.x86_64} + +update-alternatives --set java ${JRE_HOME}/bin/java +update-alternatives --set javac ${JDK_HOME}/bin/javac diff --git a/docker/voms-admin-server/dev/centos7/setup/setup-voms-user.sh b/docker/voms-admin-server/dev/centos7/setup/setup-voms-user.sh new file mode 100644 index 00000000..9904909a --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/setup-voms-user.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -ex + +VOMS_USER=${VOMS_USER:-voms} +VOMS_USER_UID=${VOMS_USER_UID:-1234} +VOMS_USER_HOME=${VOMS_USER_HOME:-/home/${VOMS_USER}} + +# Add voms user to the sudoers +echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +adduser --uid ${VOMS_USER_UID} ${VOMS_USER} +usermod -a -G wheel ${VOMS_USER} diff --git a/docker/voms-admin-server/dev/centos7/setup/setup.sh b/docker/voms-admin-server/dev/centos7/setup/setup.sh new file mode 100644 index 00000000..2e74b209 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/setup.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -ex + +UMD_REPO_RPM_URL="http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm" + +yum clean all +yum install -y hostname epel-release +yum -y install ${UMD_REPO_RPM_URL} +yum -y update +yum -y install openssl java-1.8.0-openjdk-devel nc mysql voms-admin-server voms-admin-client igi-test-ca + diff --git a/docker/voms-admin-server/dev/centos7/setup/test_0.dump.sql b/docker/voms-admin-server/dev/centos7/setup/test_0.dump.sql new file mode 100644 index 00000000..daf148e6 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/test_0.dump.sql @@ -0,0 +1,1029 @@ +-- MySQL dump 10.13 Distrib 5.1.73, for redhat-linux-gnu (x86_64) +-- +-- Host: db Database: test_0 +-- ------------------------------------------------------ +-- Server version 5.5.5-10.1.20-MariaDB-1~jessie + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `acl2` +-- + +DROP TABLE IF EXISTS `acl2`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `acl2` ( + `acl_id` bigint(20) NOT NULL AUTO_INCREMENT, + `group_id` bigint(20) NOT NULL, + `defaultACL` bit(1) NOT NULL, + `role_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`acl_id`), + UNIQUE KEY `group_id` (`group_id`,`defaultACL`,`role_id`), + KEY `FK2D98E8FCFA8B04` (`group_id`), + KEY `FK2D98E8720C9B10` (`role_id`), + CONSTRAINT `FK2D98E8720C9B10` FOREIGN KEY (`role_id`) REFERENCES `roles` (`rid`) ON DELETE CASCADE, + CONSTRAINT `FK2D98E8FCFA8B04` FOREIGN KEY (`group_id`) REFERENCES `groups` (`gid`) ON DELETE CASCADE +) ENGINE=InnoDB AUTO_INCREMENT=441 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `acl2` +-- + +LOCK TABLES `acl2` WRITE; +/*!40000 ALTER TABLE `acl2` DISABLE KEYS */; +INSERT INTO `acl2` VALUES (1,1,'\0',NULL),(2,1,'\0',1),(100,1,'\0',2),(138,1,'\0',3),(176,1,'\0',4),(215,1,'\0',5),(246,1,'\0',6),(285,1,'\0',7),(325,1,'\0',8),(363,1,'\0',9),(404,1,'\0',10),(3,2,'\0',NULL),(4,2,'\0',1),(98,2,'\0',2),(139,2,'\0',3),(162,2,'\0',4),(204,2,'\0',5),(244,2,'\0',6),(286,2,'\0',7),(321,2,'\0',8),(361,2,'\0',9),(402,2,'\0',10),(5,3,'\0',NULL),(6,3,'\0',1),(120,3,'\0',2),(158,3,'\0',3),(198,3,'\0',4),(238,3,'\0',5),(278,3,'\0',6),(304,3,'\0',7),(346,3,'\0',8),(385,3,'\0',9),(425,3,'\0',10),(7,4,'\0',NULL),(8,4,'\0',1),(101,4,'\0',2),(141,4,'\0',3),(181,4,'\0',4),(221,4,'\0',5),(258,4,'\0',6),(298,4,'\0',7),(340,4,'\0',8),(380,4,'\0',9),(405,4,'\0',10),(9,5,'\0',NULL),(10,5,'\0',1),(113,5,'\0',2),(154,5,'\0',3),(195,5,'\0',4),(239,5,'\0',5),(279,5,'\0',6),(319,5,'\0',7),(360,5,'\0',8),(397,5,'\0',9),(436,5,'\0',10),(11,6,'\0',NULL),(12,6,'\0',1),(95,6,'\0',2),(135,6,'\0',3),(172,6,'\0',4),(210,6,'\0',5),(254,6,'\0',6),(295,6,'\0',7),(342,6,'\0',8),(381,6,'\0',9),(421,6,'\0',10),(13,7,'\0',NULL),(14,7,'\0',1),(88,7,'\0',2),(156,7,'\0',3),(196,7,'\0',4),(235,7,'\0',5),(276,7,'\0',6),(312,7,'\0',7),(351,7,'\0',8),(393,7,'\0',9),(433,7,'\0',10),(15,8,'\0',NULL),(16,8,'\0',1),(109,8,'\0',2),(147,8,'\0',3),(189,8,'\0',4),(228,8,'\0',5),(256,8,'\0',6),(296,8,'\0',7),(336,8,'\0',8),(377,8,'\0',9),(413,8,'\0',10),(17,9,'\0',NULL),(18,9,'\0',1),(89,9,'\0',2),(128,9,'\0',3),(171,9,'\0',4),(206,9,'\0',5),(247,9,'\0',6),(290,9,'\0',7),(330,9,'\0',8),(395,9,'\0',9),(434,9,'\0',10),(19,10,'\0',NULL),(20,10,'\0',1),(106,10,'\0',2),(145,10,'\0',3),(191,10,'\0',4),(229,10,'\0',5),(269,10,'\0',6),(311,10,'\0',7),(347,10,'\0',8),(386,10,'\0',9),(428,10,'\0',10),(21,11,'\0',NULL),(22,11,'\0',1),(91,11,'\0',2),(131,11,'\0',3),(179,11,'\0',4),(219,11,'\0',5),(261,11,'\0',6),(301,11,'\0',7),(338,11,'\0',8),(378,11,'\0',9),(417,11,'\0',10),(23,12,'\0',NULL),(24,12,'\0',1),(116,12,'\0',2),(152,12,'\0',3),(193,12,'\0',4),(231,12,'\0',5),(272,12,'\0',6),(317,12,'\0',7),(358,12,'\0',8),(399,12,'\0',9),(439,12,'\0',10),(25,13,'\0',NULL),(26,13,'\0',1),(93,13,'\0',2),(133,13,'\0',3),(174,13,'\0',4),(213,13,'\0',5),(252,13,'\0',6),(293,13,'\0',7),(332,13,'\0',8),(373,13,'\0',9),(419,13,'\0',10),(27,14,'\0',NULL),(28,14,'\0',1),(86,14,'\0',2),(124,14,'\0',3),(167,14,'\0',4),(233,14,'\0',5),(274,14,'\0',6),(314,14,'\0',7),(354,14,'\0',8),(391,14,'\0',9),(431,14,'\0',10),(29,15,'\0',NULL),(30,15,'\0',1),(111,15,'\0',2),(150,15,'\0',3),(187,15,'\0',4),(226,15,'\0',5),(265,15,'\0',6),(307,15,'\0',7),(334,15,'\0',8),(375,15,'\0',9),(415,15,'\0',10),(31,16,'\0',NULL),(32,16,'\0',1),(82,16,'\0',2),(126,16,'\0',3),(169,16,'\0',4),(208,16,'\0',5),(250,16,'\0',6),(288,16,'\0',7),(328,16,'\0',8),(367,16,'\0',9),(409,16,'\0',10),(33,17,'\0',NULL),(34,17,'\0',1),(104,17,'\0',2),(143,17,'\0',3),(183,17,'\0',4),(223,17,'\0',5),(267,17,'\0',6),(309,17,'\0',7),(349,17,'\0',8),(389,17,'\0',9),(426,17,'\0',10),(35,18,'\0',NULL),(36,18,'\0',1),(84,18,'\0',2),(122,18,'\0',3),(164,18,'\0',4),(201,18,'\0',5),(241,18,'\0',6),(281,18,'\0',7),(323,18,'\0',8),(369,18,'\0',9),(411,18,'\0',10),(37,19,'\0',NULL),(38,19,'\0',1),(118,19,'\0',2),(159,19,'\0',3),(185,19,'\0',4),(225,19,'\0',5),(264,19,'\0',6),(305,19,'\0',7),(344,19,'\0',8),(383,19,'\0',9),(423,19,'\0',10),(39,20,'\0',NULL),(40,20,'\0',1),(103,20,'\0',2),(136,20,'\0',3),(177,20,'\0',4),(217,20,'\0',5),(260,20,'\0',6),(283,20,'\0',7),(326,20,'\0',8),(365,20,'\0',9),(407,20,'\0',10),(41,21,'\0',NULL),(42,21,'\0',1),(102,21,'\0',2),(142,21,'\0',3),(182,21,'\0',4),(216,21,'\0',5),(259,21,'\0',6),(299,21,'\0',7),(341,21,'\0',8),(364,21,'\0',9),(406,21,'\0',10),(43,22,'\0',NULL),(44,22,'\0',1),(114,22,'\0',2),(155,22,'\0',3),(199,22,'\0',4),(240,22,'\0',5),(280,22,'\0',6),(320,22,'\0',7),(356,22,'\0',8),(398,22,'\0',9),(437,22,'\0',10),(45,23,'\0',NULL),(46,23,'\0',1),(96,23,'\0',2),(130,23,'\0',3),(173,23,'\0',4),(211,23,'\0',5),(255,23,'\0',6),(300,23,'\0',7),(343,23,'\0',8),(382,23,'\0',9),(422,23,'\0',10),(47,24,'\0',NULL),(48,24,'\0',1),(115,24,'\0',2),(157,24,'\0',3),(197,24,'\0',4),(236,24,'\0',5),(271,24,'\0',6),(313,24,'\0',7),(352,24,'\0',8),(394,24,'\0',9),(438,24,'\0',10),(49,25,'\0',NULL),(50,25,'\0',1),(110,25,'\0',2),(148,25,'\0',3),(190,25,'\0',4),(212,25,'\0',5),(257,25,'\0',6),(297,25,'\0',7),(337,25,'\0',8),(372,25,'\0',9),(414,25,'\0',10),(51,26,'\0',NULL),(52,26,'\0',1),(90,26,'\0',2),(129,26,'\0',3),(166,26,'\0',4),(207,26,'\0',5),(248,26,'\0',6),(291,26,'\0',7),(353,26,'\0',8),(396,26,'\0',9),(435,26,'\0',10),(53,27,'\0',NULL),(54,27,'\0',1),(107,27,'\0',2),(149,27,'\0',3),(192,27,'\0',4),(230,27,'\0',5),(270,27,'\0',6),(306,27,'\0',7),(348,27,'\0',8),(387,27,'\0',9),(429,27,'\0',10),(55,28,'\0',NULL),(56,28,'\0',1),(81,28,'\0',2),(121,28,'\0',3),(161,28,'\0',4),(203,28,'\0',5),(249,28,'\0',6),(292,28,'\0',7),(331,28,'\0',8),(371,28,'\0',9),(408,28,'\0',10),(57,29,'\0',NULL),(58,29,'\0',1),(108,29,'\0',2),(146,29,'\0',3),(186,29,'\0',4),(222,29,'\0',5),(263,29,'\0',6),(303,29,'\0',7),(345,29,'\0',8),(388,29,'\0',9),(430,29,'\0',10),(59,30,'\0',NULL),(60,30,'\0',1),(99,30,'\0',2),(140,30,'\0',3),(163,30,'\0',4),(205,30,'\0',5),(245,30,'\0',6),(287,30,'\0',7),(322,30,'\0',8),(362,30,'\0',9),(403,30,'\0',10),(61,31,'\0',NULL),(62,31,'\0',1),(97,31,'\0',2),(137,31,'\0',3),(178,31,'\0',4),(218,31,'\0',5),(243,31,'\0',6),(284,31,'\0',7),(327,31,'\0',8),(366,31,'\0',9),(401,31,'\0',10),(63,32,'\0',NULL),(64,32,'\0',1),(119,32,'\0',2),(160,32,'\0',3),(200,32,'\0',4),(237,32,'\0',5),(277,32,'\0',6),(316,32,'\0',7),(357,32,'\0',8),(384,32,'\0',9),(424,32,'\0',10),(65,33,'\0',NULL),(66,33,'\0',1),(92,33,'\0',2),(132,33,'\0',3),(180,33,'\0',4),(220,33,'\0',5),(262,33,'\0',6),(302,33,'\0',7),(339,33,'\0',8),(379,33,'\0',9),(418,33,'\0',10),(67,34,'\0',NULL),(68,34,'\0',1),(117,34,'\0',2),(153,34,'\0',3),(194,34,'\0',4),(232,34,'\0',5),(273,34,'\0',6),(318,34,'\0',7),(359,34,'\0',8),(400,34,'\0',9),(440,34,'\0',10),(69,35,'\0',NULL),(70,35,'\0',1),(94,35,'\0',2),(134,35,'\0',3),(175,35,'\0',4),(214,35,'\0',5),(253,35,'\0',6),(294,35,'\0',7),(333,35,'\0',8),(374,35,'\0',9),(420,35,'\0',10),(71,36,'\0',NULL),(72,36,'\0',1),(87,36,'\0',2),(125,36,'\0',3),(168,36,'\0',4),(234,36,'\0',5),(275,36,'\0',6),(315,36,'\0',7),(355,36,'\0',8),(392,36,'\0',9),(432,36,'\0',10),(73,37,'\0',NULL),(74,37,'\0',1),(112,37,'\0',2),(151,37,'\0',3),(188,37,'\0',4),(227,37,'\0',5),(266,37,'\0',6),(308,37,'\0',7),(335,37,'\0',8),(376,37,'\0',9),(416,37,'\0',10),(75,38,'\0',NULL),(76,38,'\0',1),(83,38,'\0',2),(127,38,'\0',3),(170,38,'\0',4),(209,38,'\0',5),(251,38,'\0',6),(289,38,'\0',7),(329,38,'\0',8),(368,38,'\0',9),(410,38,'\0',10),(77,39,'\0',NULL),(78,39,'\0',1),(105,39,'\0',2),(144,39,'\0',3),(184,39,'\0',4),(224,39,'\0',5),(268,39,'\0',6),(310,39,'\0',7),(350,39,'\0',8),(390,39,'\0',9),(427,39,'\0',10),(79,40,'\0',NULL),(80,40,'\0',1),(85,40,'\0',2),(123,40,'\0',3),(165,40,'\0',4),(202,40,'\0',5),(242,40,'\0',6),(282,40,'\0',7),(324,40,'\0',8),(370,40,'\0',9),(412,40,'\0',10); +/*!40000 ALTER TABLE `acl2` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `acl2_permissions` +-- + +DROP TABLE IF EXISTS `acl2_permissions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `acl2_permissions` ( + `acl_id` bigint(20) NOT NULL, + `permissions` int(11) DEFAULT NULL, + `admin_id` bigint(20) NOT NULL, + PRIMARY KEY (`acl_id`,`admin_id`), + KEY `FK35C6CFADA4AD9904` (`admin_id`), + KEY `FK35C6CFADD91CE8A3` (`acl_id`), + CONSTRAINT `FK35C6CFADA4AD9904` FOREIGN KEY (`admin_id`) REFERENCES `admins` (`adminid`), + CONSTRAINT `FK35C6CFADD91CE8A3` FOREIGN KEY (`acl_id`) REFERENCES `acl2` (`acl_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `acl2_permissions` +-- + +LOCK TABLES `acl2_permissions` WRITE; +/*!40000 ALTER TABLE `acl2_permissions` DISABLE KEYS */; +INSERT INTO `acl2_permissions` VALUES (1,16383,1),(1,16383,2),(1,16383,6),(1,16383,7),(1,16383,8),(2,16383,1),(2,16383,2),(2,16383,6),(2,16383,7),(2,16383,8),(3,16383,1),(3,16383,2),(3,16383,6),(3,16383,7),(3,16383,8),(4,16383,1),(4,16383,2),(4,16383,6),(4,16383,7),(4,16383,8),(5,16383,1),(5,16383,2),(5,16383,6),(5,16383,7),(5,16383,8),(6,16383,1),(6,16383,2),(6,16383,6),(6,16383,7),(6,16383,8),(7,16383,1),(7,16383,2),(7,16383,6),(7,16383,7),(7,16383,8),(8,16383,1),(8,16383,2),(8,16383,6),(8,16383,7),(8,16383,8),(9,16383,1),(9,16383,2),(9,16383,6),(9,16383,7),(9,16383,8),(10,16383,1),(10,16383,2),(10,16383,6),(10,16383,7),(10,16383,8),(11,16383,1),(11,16383,2),(11,16383,6),(11,16383,7),(11,16383,8),(12,16383,1),(12,16383,2),(12,16383,6),(12,16383,7),(12,16383,8),(13,16383,1),(13,16383,2),(13,16383,6),(13,16383,7),(13,16383,8),(14,16383,1),(14,16383,2),(14,16383,6),(14,16383,7),(14,16383,8),(15,16383,1),(15,16383,2),(15,16383,6),(15,16383,7),(15,16383,8),(16,16383,1),(16,16383,2),(16,16383,6),(16,16383,7),(16,16383,8),(17,16383,1),(17,16383,2),(17,16383,6),(17,16383,7),(17,16383,8),(18,16383,1),(18,16383,2),(18,16383,6),(18,16383,7),(18,16383,8),(19,16383,1),(19,16383,2),(19,16383,6),(19,16383,7),(19,16383,8),(20,16383,1),(20,16383,2),(20,16383,6),(20,16383,7),(20,16383,8),(21,16383,1),(21,16383,2),(21,16383,6),(21,16383,7),(21,16383,8),(22,16383,1),(22,16383,2),(22,16383,6),(22,16383,7),(22,16383,8),(23,16383,1),(23,16383,2),(23,16383,6),(23,16383,7),(23,16383,8),(24,16383,1),(24,16383,2),(24,16383,6),(24,16383,7),(24,16383,8),(25,16383,1),(25,16383,2),(25,16383,6),(25,16383,7),(25,16383,8),(26,16383,1),(26,16383,2),(26,16383,6),(26,16383,7),(26,16383,8),(27,16383,1),(27,16383,2),(27,16383,6),(27,16383,7),(27,16383,8),(28,16383,1),(28,16383,2),(28,16383,6),(28,16383,7),(28,16383,8),(29,16383,1),(29,16383,2),(29,16383,6),(29,16383,7),(29,16383,8),(30,16383,1),(30,16383,2),(30,16383,6),(30,16383,7),(30,16383,8),(31,16383,1),(31,16383,2),(31,16383,6),(31,16383,7),(31,16383,8),(32,16383,1),(32,16383,2),(32,16383,6),(32,16383,7),(32,16383,8),(33,16383,1),(33,16383,2),(33,16383,6),(33,16383,7),(33,16383,8),(34,16383,1),(34,16383,2),(34,16383,6),(34,16383,7),(34,16383,8),(35,16383,1),(35,16383,2),(35,16383,6),(35,16383,7),(35,16383,8),(36,16383,1),(36,16383,2),(36,16383,6),(36,16383,7),(36,16383,8),(37,16383,1),(37,16383,2),(37,16383,6),(37,16383,7),(37,16383,8),(38,16383,1),(38,16383,2),(38,16383,6),(38,16383,7),(38,16383,8),(39,16383,1),(39,16383,2),(39,16383,6),(39,16383,7),(39,16383,8),(40,16383,1),(40,16383,2),(40,16383,6),(40,16383,7),(40,16383,8),(41,16383,1),(41,16383,2),(41,16383,6),(41,16383,7),(41,16383,8),(42,16383,1),(42,16383,2),(42,16383,6),(42,16383,7),(42,16383,8),(43,16383,1),(43,16383,2),(43,16383,6),(43,16383,7),(43,16383,8),(44,16383,1),(44,16383,2),(44,16383,6),(44,16383,7),(44,16383,8),(45,16383,1),(45,16383,2),(45,16383,6),(45,16383,7),(45,16383,8),(46,16383,1),(46,16383,2),(46,16383,6),(46,16383,7),(46,16383,8),(47,16383,1),(47,16383,2),(47,16383,6),(47,16383,7),(47,16383,8),(48,16383,1),(48,16383,2),(48,16383,6),(48,16383,7),(48,16383,8),(49,16383,1),(49,16383,2),(49,16383,6),(49,16383,7),(49,16383,8),(50,16383,1),(50,16383,2),(50,16383,6),(50,16383,7),(50,16383,8),(51,16383,1),(51,16383,2),(51,16383,6),(51,16383,7),(51,16383,8),(52,16383,1),(52,16383,2),(52,16383,6),(52,16383,7),(52,16383,8),(53,16383,1),(53,16383,2),(53,16383,6),(53,16383,7),(53,16383,8),(54,16383,1),(54,16383,2),(54,16383,6),(54,16383,7),(54,16383,8),(55,16383,1),(55,16383,2),(55,16383,6),(55,16383,7),(55,16383,8),(56,16383,1),(56,16383,2),(56,16383,6),(56,16383,7),(56,16383,8),(57,16383,1),(57,16383,2),(57,16383,6),(57,16383,7),(57,16383,8),(58,16383,1),(58,16383,2),(58,16383,6),(58,16383,7),(58,16383,8),(59,16383,1),(59,16383,2),(59,16383,6),(59,16383,7),(59,16383,8),(60,16383,1),(60,16383,2),(60,16383,6),(60,16383,7),(60,16383,8),(61,16383,1),(61,16383,2),(61,16383,6),(61,16383,7),(61,16383,8),(62,16383,1),(62,16383,2),(62,16383,6),(62,16383,7),(62,16383,8),(63,16383,1),(63,16383,2),(63,16383,6),(63,16383,7),(63,16383,8),(64,16383,1),(64,16383,2),(64,16383,6),(64,16383,7),(64,16383,8),(65,16383,1),(65,16383,2),(65,16383,6),(65,16383,7),(65,16383,8),(66,16383,1),(66,16383,2),(66,16383,6),(66,16383,7),(66,16383,8),(67,16383,1),(67,16383,2),(67,16383,6),(67,16383,7),(67,16383,8),(68,16383,1),(68,16383,2),(68,16383,6),(68,16383,7),(68,16383,8),(69,16383,1),(69,16383,2),(69,16383,6),(69,16383,7),(69,16383,8),(70,16383,1),(70,16383,2),(70,16383,6),(70,16383,7),(70,16383,8),(71,16383,1),(71,16383,2),(71,16383,6),(71,16383,7),(71,16383,8),(72,16383,1),(72,16383,2),(72,16383,6),(72,16383,7),(72,16383,8),(73,16383,1),(73,16383,2),(73,16383,6),(73,16383,7),(73,16383,8),(74,16383,1),(74,16383,2),(74,16383,6),(74,16383,7),(74,16383,8),(75,16383,1),(75,16383,2),(75,16383,6),(75,16383,7),(75,16383,8),(76,16383,1),(76,16383,2),(76,16383,6),(76,16383,7),(76,16383,8),(77,16383,1),(77,16383,2),(77,16383,6),(77,16383,7),(77,16383,8),(78,16383,1),(78,16383,2),(78,16383,6),(78,16383,7),(78,16383,8),(79,16383,1),(79,16383,2),(79,16383,6),(79,16383,7),(79,16383,8),(80,16383,1),(80,16383,2),(80,16383,6),(80,16383,7),(80,16383,8),(81,16383,1),(81,16383,2),(81,16383,6),(81,16383,7),(81,16383,8),(82,16383,1),(82,16383,2),(82,16383,6),(82,16383,7),(82,16383,8),(83,16383,1),(83,16383,2),(83,16383,6),(83,16383,7),(83,16383,8),(84,16383,1),(84,16383,2),(84,16383,6),(84,16383,7),(84,16383,8),(85,16383,1),(85,16383,2),(85,16383,6),(85,16383,7),(85,16383,8),(86,16383,1),(86,16383,2),(86,16383,6),(86,16383,7),(86,16383,8),(87,16383,1),(87,16383,2),(87,16383,6),(87,16383,7),(87,16383,8),(88,16383,1),(88,16383,2),(88,16383,6),(88,16383,7),(88,16383,8),(89,16383,1),(89,16383,2),(89,16383,6),(89,16383,7),(89,16383,8),(90,16383,1),(90,16383,2),(90,16383,6),(90,16383,7),(90,16383,8),(91,16383,1),(91,16383,2),(91,16383,6),(91,16383,7),(91,16383,8),(92,16383,1),(92,16383,2),(92,16383,6),(92,16383,7),(92,16383,8),(93,16383,1),(93,16383,2),(93,16383,6),(93,16383,7),(93,16383,8),(94,16383,1),(94,16383,2),(94,16383,6),(94,16383,7),(94,16383,8),(95,16383,1),(95,16383,2),(95,16383,6),(95,16383,7),(95,16383,8),(96,16383,1),(96,16383,2),(96,16383,6),(96,16383,7),(96,16383,8),(97,16383,1),(97,16383,2),(97,16383,6),(97,16383,7),(97,16383,8),(98,16383,1),(98,16383,2),(98,16383,6),(98,16383,7),(98,16383,8),(99,16383,1),(99,16383,2),(99,16383,6),(99,16383,7),(99,16383,8),(100,16383,1),(100,16383,2),(100,16383,6),(100,16383,7),(100,16383,8),(101,16383,1),(101,16383,2),(101,16383,6),(101,16383,7),(101,16383,8),(102,16383,1),(102,16383,2),(102,16383,6),(102,16383,7),(102,16383,8),(103,16383,1),(103,16383,2),(103,16383,6),(103,16383,7),(103,16383,8),(104,16383,1),(104,16383,2),(104,16383,6),(104,16383,7),(104,16383,8),(105,16383,1),(105,16383,2),(105,16383,6),(105,16383,7),(105,16383,8),(106,16383,1),(106,16383,2),(106,16383,6),(106,16383,7),(106,16383,8),(107,16383,1),(107,16383,2),(107,16383,6),(107,16383,7),(107,16383,8),(108,16383,1),(108,16383,2),(108,16383,6),(108,16383,7),(108,16383,8),(109,16383,1),(109,16383,2),(109,16383,6),(109,16383,7),(109,16383,8),(110,16383,1),(110,16383,2),(110,16383,6),(110,16383,7),(110,16383,8),(111,16383,1),(111,16383,2),(111,16383,6),(111,16383,7),(111,16383,8),(112,16383,1),(112,16383,2),(112,16383,6),(112,16383,7),(112,16383,8),(113,16383,1),(113,16383,2),(113,16383,6),(113,16383,7),(113,16383,8),(114,16383,1),(114,16383,2),(114,16383,6),(114,16383,7),(114,16383,8),(115,16383,1),(115,16383,2),(115,16383,6),(115,16383,7),(115,16383,8),(116,16383,1),(116,16383,2),(116,16383,6),(116,16383,7),(116,16383,8),(117,16383,1),(117,16383,2),(117,16383,6),(117,16383,7),(117,16383,8),(118,16383,1),(118,16383,2),(118,16383,6),(118,16383,7),(118,16383,8),(119,16383,1),(119,16383,2),(119,16383,6),(119,16383,7),(119,16383,8),(120,16383,1),(120,16383,2),(120,16383,6),(120,16383,7),(120,16383,8),(121,16383,1),(121,16383,2),(121,16383,6),(121,16383,7),(121,16383,8),(122,16383,1),(122,16383,2),(122,16383,6),(122,16383,7),(122,16383,8),(123,16383,1),(123,16383,2),(123,16383,6),(123,16383,7),(123,16383,8),(124,16383,1),(124,16383,2),(124,16383,6),(124,16383,7),(124,16383,8),(125,16383,1),(125,16383,2),(125,16383,6),(125,16383,7),(125,16383,8),(126,16383,1),(126,16383,2),(126,16383,6),(126,16383,7),(126,16383,8),(127,16383,1),(127,16383,2),(127,16383,6),(127,16383,7),(127,16383,8),(128,16383,1),(128,16383,2),(128,16383,6),(128,16383,7),(128,16383,8),(129,16383,1),(129,16383,2),(129,16383,6),(129,16383,7),(129,16383,8),(130,16383,1),(130,16383,2),(130,16383,6),(130,16383,7),(130,16383,8),(131,16383,1),(131,16383,2),(131,16383,6),(131,16383,7),(131,16383,8),(132,16383,1),(132,16383,2),(132,16383,6),(132,16383,7),(132,16383,8),(133,16383,1),(133,16383,2),(133,16383,6),(133,16383,7),(133,16383,8),(134,16383,1),(134,16383,2),(134,16383,6),(134,16383,7),(134,16383,8),(135,16383,1),(135,16383,2),(135,16383,6),(135,16383,7),(135,16383,8),(136,16383,1),(136,16383,2),(136,16383,6),(136,16383,7),(136,16383,8),(137,16383,1),(137,16383,2),(137,16383,6),(137,16383,7),(137,16383,8),(138,16383,1),(138,16383,2),(138,16383,6),(138,16383,7),(138,16383,8),(139,16383,1),(139,16383,2),(139,16383,6),(139,16383,7),(139,16383,8),(140,16383,1),(140,16383,2),(140,16383,6),(140,16383,7),(140,16383,8),(141,16383,1),(141,16383,2),(141,16383,6),(141,16383,7),(141,16383,8),(142,16383,1),(142,16383,2),(142,16383,6),(142,16383,7),(142,16383,8),(143,16383,1),(143,16383,2),(143,16383,6),(143,16383,7),(143,16383,8),(144,16383,1),(144,16383,2),(144,16383,6),(144,16383,7),(144,16383,8),(145,16383,1),(145,16383,2),(145,16383,6),(145,16383,7),(145,16383,8),(146,16383,1),(146,16383,2),(146,16383,6),(146,16383,7),(146,16383,8),(147,16383,1),(147,16383,2),(147,16383,6),(147,16383,7),(147,16383,8),(148,16383,1),(148,16383,2),(148,16383,6),(148,16383,7),(148,16383,8),(149,16383,1),(149,16383,2),(149,16383,6),(149,16383,7),(149,16383,8),(150,16383,1),(150,16383,2),(150,16383,6),(150,16383,7),(150,16383,8),(151,16383,1),(151,16383,2),(151,16383,6),(151,16383,7),(151,16383,8),(152,16383,1),(152,16383,2),(152,16383,6),(152,16383,7),(152,16383,8),(153,16383,1),(153,16383,2),(153,16383,6),(153,16383,7),(153,16383,8),(154,16383,1),(154,16383,2),(154,16383,6),(154,16383,7),(154,16383,8),(155,16383,1),(155,16383,2),(155,16383,6),(155,16383,7),(155,16383,8),(156,16383,1),(156,16383,2),(156,16383,6),(156,16383,7),(156,16383,8),(157,16383,1),(157,16383,2),(157,16383,6),(157,16383,7),(157,16383,8),(158,16383,1),(158,16383,2),(158,16383,6),(158,16383,7),(158,16383,8),(159,16383,1),(159,16383,2),(159,16383,6),(159,16383,7),(159,16383,8),(160,16383,1),(160,16383,2),(160,16383,6),(160,16383,7),(160,16383,8),(161,16383,1),(161,16383,2),(161,16383,6),(161,16383,7),(161,16383,8),(162,16383,1),(162,16383,2),(162,16383,6),(162,16383,7),(162,16383,8),(163,16383,1),(163,16383,2),(163,16383,6),(163,16383,7),(163,16383,8),(164,16383,1),(164,16383,2),(164,16383,6),(164,16383,7),(164,16383,8),(165,16383,1),(165,16383,2),(165,16383,6),(165,16383,7),(165,16383,8),(166,16383,1),(166,16383,2),(166,16383,6),(166,16383,7),(166,16383,8),(167,16383,1),(167,16383,2),(167,16383,6),(167,16383,7),(167,16383,8),(168,16383,1),(168,16383,2),(168,16383,6),(168,16383,7),(168,16383,8),(169,16383,1),(169,16383,2),(169,16383,6),(169,16383,7),(169,16383,8),(170,16383,1),(170,16383,2),(170,16383,6),(170,16383,7),(170,16383,8),(171,16383,1),(171,16383,2),(171,16383,6),(171,16383,7),(171,16383,8),(172,16383,1),(172,16383,2),(172,16383,6),(172,16383,7),(172,16383,8),(173,16383,1),(173,16383,2),(173,16383,6),(173,16383,7),(173,16383,8),(174,16383,1),(174,16383,2),(174,16383,6),(174,16383,7),(174,16383,8),(175,16383,1),(175,16383,2),(175,16383,6),(175,16383,7),(175,16383,8),(176,16383,1),(176,16383,2),(176,16383,6),(176,16383,7),(176,16383,8),(177,16383,1),(177,16383,2),(177,16383,6),(177,16383,7),(177,16383,8),(178,16383,1),(178,16383,2),(178,16383,6),(178,16383,7),(178,16383,8),(179,16383,1),(179,16383,2),(179,16383,6),(179,16383,7),(179,16383,8),(180,16383,1),(180,16383,2),(180,16383,6),(180,16383,7),(180,16383,8),(181,16383,1),(181,16383,2),(181,16383,6),(181,16383,7),(181,16383,8),(182,16383,1),(182,16383,2),(182,16383,6),(182,16383,7),(182,16383,8),(183,16383,1),(183,16383,2),(183,16383,6),(183,16383,7),(183,16383,8),(184,16383,1),(184,16383,2),(184,16383,6),(184,16383,7),(184,16383,8),(185,16383,1),(185,16383,2),(185,16383,6),(185,16383,7),(185,16383,8),(186,16383,1),(186,16383,2),(186,16383,6),(186,16383,7),(186,16383,8),(187,16383,1),(187,16383,2),(187,16383,6),(187,16383,7),(187,16383,8),(188,16383,1),(188,16383,2),(188,16383,6),(188,16383,7),(188,16383,8),(189,16383,1),(189,16383,2),(189,16383,6),(189,16383,7),(189,16383,8),(190,16383,1),(190,16383,2),(190,16383,6),(190,16383,7),(190,16383,8),(191,16383,1),(191,16383,2),(191,16383,6),(191,16383,7),(191,16383,8),(192,16383,1),(192,16383,2),(192,16383,6),(192,16383,7),(192,16383,8),(193,16383,1),(193,16383,2),(193,16383,6),(193,16383,7),(193,16383,8),(194,16383,1),(194,16383,2),(194,16383,6),(194,16383,7),(194,16383,8),(195,16383,1),(195,16383,2),(195,16383,6),(195,16383,7),(195,16383,8),(196,16383,1),(196,16383,2),(196,16383,6),(196,16383,7),(196,16383,8),(197,16383,1),(197,16383,2),(197,16383,6),(197,16383,7),(197,16383,8),(198,16383,1),(198,16383,2),(198,16383,6),(198,16383,7),(198,16383,8),(199,16383,1),(199,16383,2),(199,16383,6),(199,16383,7),(199,16383,8),(200,16383,1),(200,16383,2),(200,16383,6),(200,16383,7),(200,16383,8),(201,16383,1),(201,16383,2),(201,16383,6),(201,16383,7),(201,16383,8),(202,16383,1),(202,16383,2),(202,16383,6),(202,16383,7),(202,16383,8),(203,16383,1),(203,16383,2),(203,16383,6),(203,16383,7),(203,16383,8),(204,16383,1),(204,16383,2),(204,16383,6),(204,16383,7),(204,16383,8),(205,16383,1),(205,16383,2),(205,16383,6),(205,16383,7),(205,16383,8),(206,16383,1),(206,16383,2),(206,16383,6),(206,16383,7),(206,16383,8),(207,16383,1),(207,16383,2),(207,16383,6),(207,16383,7),(207,16383,8),(208,16383,1),(208,16383,2),(208,16383,6),(208,16383,7),(208,16383,8),(209,16383,1),(209,16383,2),(209,16383,6),(209,16383,7),(209,16383,8),(210,16383,1),(210,16383,2),(210,16383,6),(210,16383,7),(210,16383,8),(211,16383,1),(211,16383,2),(211,16383,6),(211,16383,7),(211,16383,8),(212,16383,1),(212,16383,2),(212,16383,6),(212,16383,7),(212,16383,8),(213,16383,1),(213,16383,2),(213,16383,6),(213,16383,7),(213,16383,8),(214,16383,1),(214,16383,2),(214,16383,6),(214,16383,7),(214,16383,8),(215,16383,1),(215,16383,2),(215,16383,6),(215,16383,7),(215,16383,8),(216,16383,1),(216,16383,2),(216,16383,6),(216,16383,7),(216,16383,8),(217,16383,1),(217,16383,2),(217,16383,6),(217,16383,7),(217,16383,8),(218,16383,1),(218,16383,2),(218,16383,6),(218,16383,7),(218,16383,8),(219,16383,1),(219,16383,2),(219,16383,6),(219,16383,7),(219,16383,8),(220,16383,1),(220,16383,2),(220,16383,6),(220,16383,7),(220,16383,8),(221,16383,1),(221,16383,2),(221,16383,6),(221,16383,7),(221,16383,8),(222,16383,1),(222,16383,2),(222,16383,6),(222,16383,7),(222,16383,8),(223,16383,1),(223,16383,2),(223,16383,6),(223,16383,7),(223,16383,8),(224,16383,1),(224,16383,2),(224,16383,6),(224,16383,7),(224,16383,8),(225,16383,1),(225,16383,2),(225,16383,6),(225,16383,7),(225,16383,8),(226,16383,1),(226,16383,2),(226,16383,6),(226,16383,7),(226,16383,8),(227,16383,1),(227,16383,2),(227,16383,6),(227,16383,7),(227,16383,8),(228,16383,1),(228,16383,2),(228,16383,6),(228,16383,7),(228,16383,8),(229,16383,1),(229,16383,2),(229,16383,6),(229,16383,7),(229,16383,8),(230,16383,1),(230,16383,2),(230,16383,6),(230,16383,7),(230,16383,8),(231,16383,1),(231,16383,2),(231,16383,6),(231,16383,7),(231,16383,8),(232,16383,1),(232,16383,2),(232,16383,6),(232,16383,7),(232,16383,8),(233,16383,1),(233,16383,2),(233,16383,6),(233,16383,7),(233,16383,8),(234,16383,1),(234,16383,2),(234,16383,6),(234,16383,7),(234,16383,8),(235,16383,1),(235,16383,2),(235,16383,6),(235,16383,7),(235,16383,8),(236,16383,1),(236,16383,2),(236,16383,6),(236,16383,7),(236,16383,8),(237,16383,1),(237,16383,2),(237,16383,6),(237,16383,7),(237,16383,8),(238,16383,1),(238,16383,2),(238,16383,6),(238,16383,7),(238,16383,8),(239,16383,1),(239,16383,2),(239,16383,6),(239,16383,7),(239,16383,8),(240,16383,1),(240,16383,2),(240,16383,6),(240,16383,7),(240,16383,8),(241,16383,1),(241,16383,2),(241,16383,6),(241,16383,7),(241,16383,8),(242,16383,1),(242,16383,2),(242,16383,6),(242,16383,7),(242,16383,8),(243,16383,1),(243,16383,2),(243,16383,6),(243,16383,7),(243,16383,8),(244,16383,1),(244,16383,2),(244,16383,6),(244,16383,7),(244,16383,8),(245,16383,1),(245,16383,2),(245,16383,6),(245,16383,7),(245,16383,8),(246,16383,1),(246,16383,2),(246,16383,6),(246,16383,7),(246,16383,8),(247,16383,1),(247,16383,2),(247,16383,6),(247,16383,7),(247,16383,8),(248,16383,1),(248,16383,2),(248,16383,6),(248,16383,7),(248,16383,8),(249,16383,1),(249,16383,2),(249,16383,6),(249,16383,7),(249,16383,8),(250,16383,1),(250,16383,2),(250,16383,6),(250,16383,7),(250,16383,8),(251,16383,1),(251,16383,2),(251,16383,6),(251,16383,7),(251,16383,8),(252,16383,1),(252,16383,2),(252,16383,6),(252,16383,7),(252,16383,8),(253,16383,1),(253,16383,2),(253,16383,6),(253,16383,7),(253,16383,8),(254,16383,1),(254,16383,2),(254,16383,6),(254,16383,7),(254,16383,8),(255,16383,1),(255,16383,2),(255,16383,6),(255,16383,7),(255,16383,8),(256,16383,1),(256,16383,2),(256,16383,6),(256,16383,7),(256,16383,8),(257,16383,1),(257,16383,2),(257,16383,6),(257,16383,7),(257,16383,8),(258,16383,1),(258,16383,2),(258,16383,6),(258,16383,7),(258,16383,8),(259,16383,1),(259,16383,2),(259,16383,6),(259,16383,7),(259,16383,8),(260,16383,1),(260,16383,2),(260,16383,6),(260,16383,7),(260,16383,8),(261,16383,1),(261,16383,2),(261,16383,6),(261,16383,7),(261,16383,8),(262,16383,1),(262,16383,2),(262,16383,6),(262,16383,7),(262,16383,8),(263,16383,1),(263,16383,2),(263,16383,6),(263,16383,7),(263,16383,8),(264,16383,1),(264,16383,2),(264,16383,6),(264,16383,7),(264,16383,8),(265,16383,1),(265,16383,2),(265,16383,6),(265,16383,7),(265,16383,8),(266,16383,1),(266,16383,2),(266,16383,6),(266,16383,7),(266,16383,8),(267,16383,1),(267,16383,2),(267,16383,6),(267,16383,7),(267,16383,8),(268,16383,1),(268,16383,2),(268,16383,6),(268,16383,7),(268,16383,8),(269,16383,1),(269,16383,2),(269,16383,6),(269,16383,7),(269,16383,8),(270,16383,1),(270,16383,2),(270,16383,6),(270,16383,7),(270,16383,8),(271,16383,1),(271,16383,2),(271,16383,6),(271,16383,7),(271,16383,8),(272,16383,1),(272,16383,2),(272,16383,6),(272,16383,7),(272,16383,8),(273,16383,1),(273,16383,2),(273,16383,6),(273,16383,7),(273,16383,8),(274,16383,1),(274,16383,2),(274,16383,6),(274,16383,7),(274,16383,8),(275,16383,1),(275,16383,2),(275,16383,6),(275,16383,7),(275,16383,8),(276,16383,1),(276,16383,2),(276,16383,6),(276,16383,7),(276,16383,8),(277,16383,1),(277,16383,2),(277,16383,6),(277,16383,7),(277,16383,8),(278,16383,1),(278,16383,2),(278,16383,6),(278,16383,7),(278,16383,8),(279,16383,1),(279,16383,2),(279,16383,6),(279,16383,7),(279,16383,8),(280,16383,1),(280,16383,2),(280,16383,6),(280,16383,7),(280,16383,8),(281,16383,1),(281,16383,2),(281,16383,6),(281,16383,7),(281,16383,8),(282,16383,1),(282,16383,2),(282,16383,6),(282,16383,7),(282,16383,8),(283,16383,1),(283,16383,2),(283,16383,6),(283,16383,7),(283,16383,8),(284,16383,1),(284,16383,2),(284,16383,6),(284,16383,7),(284,16383,8),(285,16383,1),(285,16383,2),(285,16383,6),(285,16383,7),(285,16383,8),(286,16383,1),(286,16383,2),(286,16383,6),(286,16383,7),(286,16383,8),(287,16383,1),(287,16383,2),(287,16383,6),(287,16383,7),(287,16383,8),(288,16383,1),(288,16383,2),(288,16383,6),(288,16383,7),(288,16383,8),(289,16383,1),(289,16383,2),(289,16383,6),(289,16383,7),(289,16383,8),(290,16383,1),(290,16383,2),(290,16383,6),(290,16383,7),(290,16383,8),(291,16383,1),(291,16383,2),(291,16383,6),(291,16383,7),(291,16383,8),(292,16383,1),(292,16383,2),(292,16383,6),(292,16383,7),(292,16383,8),(293,16383,1),(293,16383,2),(293,16383,6),(293,16383,7),(293,16383,8),(294,16383,1),(294,16383,2),(294,16383,6),(294,16383,7),(294,16383,8),(295,16383,1),(295,16383,2),(295,16383,6),(295,16383,7),(295,16383,8),(296,16383,1),(296,16383,2),(296,16383,6),(296,16383,7),(296,16383,8),(297,16383,1),(297,16383,2),(297,16383,6),(297,16383,7),(297,16383,8),(298,16383,1),(298,16383,2),(298,16383,6),(298,16383,7),(298,16383,8),(299,16383,1),(299,16383,2),(299,16383,6),(299,16383,7),(299,16383,8),(300,16383,1),(300,16383,2),(300,16383,6),(300,16383,7),(300,16383,8),(301,16383,1),(301,16383,2),(301,16383,6),(301,16383,7),(301,16383,8),(302,16383,1),(302,16383,2),(302,16383,6),(302,16383,7),(302,16383,8),(303,16383,1),(303,16383,2),(303,16383,6),(303,16383,7),(303,16383,8),(304,16383,1),(304,16383,2),(304,16383,6),(304,16383,7),(304,16383,8),(305,16383,1),(305,16383,2),(305,16383,6),(305,16383,7),(305,16383,8),(306,16383,1),(306,16383,2),(306,16383,6),(306,16383,7),(306,16383,8),(307,16383,1),(307,16383,2),(307,16383,6),(307,16383,7),(307,16383,8),(308,16383,1),(308,16383,2),(308,16383,6),(308,16383,7),(308,16383,8),(309,16383,1),(309,16383,2),(309,16383,6),(309,16383,7),(309,16383,8),(310,16383,1),(310,16383,2),(310,16383,6),(310,16383,7),(310,16383,8),(311,16383,1),(311,16383,2),(311,16383,6),(311,16383,7),(311,16383,8),(312,16383,1),(312,16383,2),(312,16383,6),(312,16383,7),(312,16383,8),(313,16383,1),(313,16383,2),(313,16383,6),(313,16383,7),(313,16383,8),(314,16383,1),(314,16383,2),(314,16383,6),(314,16383,7),(314,16383,8),(315,16383,1),(315,16383,2),(315,16383,6),(315,16383,7),(315,16383,8),(316,16383,1),(316,16383,2),(316,16383,6),(316,16383,7),(316,16383,8),(317,16383,1),(317,16383,2),(317,16383,6),(317,16383,7),(317,16383,8),(318,16383,1),(318,16383,2),(318,16383,6),(318,16383,7),(318,16383,8),(319,16383,1),(319,16383,2),(319,16383,6),(319,16383,7),(319,16383,8),(320,16383,1),(320,16383,2),(320,16383,6),(320,16383,7),(320,16383,8),(321,16383,1),(321,16383,2),(321,16383,6),(321,16383,7),(321,16383,8),(322,16383,1),(322,16383,2),(322,16383,6),(322,16383,7),(322,16383,8),(323,16383,1),(323,16383,2),(323,16383,6),(323,16383,7),(323,16383,8),(324,16383,1),(324,16383,2),(324,16383,6),(324,16383,7),(324,16383,8),(325,16383,1),(325,16383,2),(325,16383,6),(325,16383,7),(325,16383,8),(326,16383,1),(326,16383,2),(326,16383,6),(326,16383,7),(326,16383,8),(327,16383,1),(327,16383,2),(327,16383,6),(327,16383,7),(327,16383,8),(328,16383,1),(328,16383,2),(328,16383,6),(328,16383,7),(328,16383,8),(329,16383,1),(329,16383,2),(329,16383,6),(329,16383,7),(329,16383,8),(330,16383,1),(330,16383,2),(330,16383,6),(330,16383,7),(330,16383,8),(331,16383,1),(331,16383,2),(331,16383,6),(331,16383,7),(331,16383,8),(332,16383,1),(332,16383,2),(332,16383,6),(332,16383,7),(332,16383,8),(333,16383,1),(333,16383,2),(333,16383,6),(333,16383,7),(333,16383,8),(334,16383,1),(334,16383,2),(334,16383,6),(334,16383,7),(334,16383,8),(335,16383,1),(335,16383,2),(335,16383,6),(335,16383,7),(335,16383,8),(336,16383,1),(336,16383,2),(336,16383,6),(336,16383,7),(336,16383,8),(337,16383,1),(337,16383,2),(337,16383,6),(337,16383,7),(337,16383,8),(338,16383,1),(338,16383,2),(338,16383,6),(338,16383,7),(338,16383,8),(339,16383,1),(339,16383,2),(339,16383,6),(339,16383,7),(339,16383,8),(340,16383,1),(340,16383,2),(340,16383,6),(340,16383,7),(340,16383,8),(341,16383,1),(341,16383,2),(341,16383,6),(341,16383,7),(341,16383,8),(342,16383,1),(342,16383,2),(342,16383,6),(342,16383,7),(342,16383,8),(343,16383,1),(343,16383,2),(343,16383,6),(343,16383,7),(343,16383,8),(344,16383,1),(344,16383,2),(344,16383,6),(344,16383,7),(344,16383,8),(345,16383,1),(345,16383,2),(345,16383,6),(345,16383,7),(345,16383,8),(346,16383,1),(346,16383,2),(346,16383,6),(346,16383,7),(346,16383,8),(347,16383,1),(347,16383,2),(347,16383,6),(347,16383,7),(347,16383,8),(348,16383,1),(348,16383,2),(348,16383,6),(348,16383,7),(348,16383,8),(349,16383,1),(349,16383,2),(349,16383,6),(349,16383,7),(349,16383,8),(350,16383,1),(350,16383,2),(350,16383,6),(350,16383,7),(350,16383,8),(351,16383,1),(351,16383,2),(351,16383,6),(351,16383,7),(351,16383,8),(352,16383,1),(352,16383,2),(352,16383,6),(352,16383,7),(352,16383,8),(353,16383,1),(353,16383,2),(353,16383,6),(353,16383,7),(353,16383,8),(354,16383,1),(354,16383,2),(354,16383,6),(354,16383,7),(354,16383,8),(355,16383,1),(355,16383,2),(355,16383,6),(355,16383,7),(355,16383,8),(356,16383,1),(356,16383,2),(356,16383,6),(356,16383,7),(356,16383,8),(357,16383,1),(357,16383,2),(357,16383,6),(357,16383,7),(357,16383,8),(358,16383,1),(358,16383,2),(358,16383,6),(358,16383,7),(358,16383,8),(359,16383,1),(359,16383,2),(359,16383,6),(359,16383,7),(359,16383,8),(360,16383,1),(360,16383,2),(360,16383,6),(360,16383,7),(360,16383,8),(361,16383,1),(361,16383,2),(361,16383,6),(361,16383,7),(361,16383,8),(362,16383,1),(362,16383,2),(362,16383,6),(362,16383,7),(362,16383,8),(363,16383,1),(363,16383,2),(363,16383,6),(363,16383,7),(363,16383,8),(364,16383,1),(364,16383,2),(364,16383,6),(364,16383,7),(364,16383,8),(365,16383,1),(365,16383,2),(365,16383,6),(365,16383,7),(365,16383,8),(366,16383,1),(366,16383,2),(366,16383,6),(366,16383,7),(366,16383,8),(367,16383,1),(367,16383,2),(367,16383,6),(367,16383,7),(367,16383,8),(368,16383,1),(368,16383,2),(368,16383,6),(368,16383,7),(368,16383,8),(369,16383,1),(369,16383,2),(369,16383,6),(369,16383,7),(369,16383,8),(370,16383,1),(370,16383,2),(370,16383,6),(370,16383,7),(370,16383,8),(371,16383,1),(371,16383,2),(371,16383,6),(371,16383,7),(371,16383,8),(372,16383,1),(372,16383,2),(372,16383,6),(372,16383,7),(372,16383,8),(373,16383,1),(373,16383,2),(373,16383,6),(373,16383,7),(373,16383,8),(374,16383,1),(374,16383,2),(374,16383,6),(374,16383,7),(374,16383,8),(375,16383,1),(375,16383,2),(375,16383,6),(375,16383,7),(375,16383,8),(376,16383,1),(376,16383,2),(376,16383,6),(376,16383,7),(376,16383,8),(377,16383,1),(377,16383,2),(377,16383,6),(377,16383,7),(377,16383,8),(378,16383,1),(378,16383,2),(378,16383,6),(378,16383,7),(378,16383,8),(379,16383,1),(379,16383,2),(379,16383,6),(379,16383,7),(379,16383,8),(380,16383,1),(380,16383,2),(380,16383,6),(380,16383,7),(380,16383,8),(381,16383,1),(381,16383,2),(381,16383,6),(381,16383,7),(381,16383,8),(382,16383,1),(382,16383,2),(382,16383,6),(382,16383,7),(382,16383,8),(383,16383,1),(383,16383,2),(383,16383,6),(383,16383,7),(383,16383,8),(384,16383,1),(384,16383,2),(384,16383,6),(384,16383,7),(384,16383,8),(385,16383,1),(385,16383,2),(385,16383,6),(385,16383,7),(385,16383,8),(386,16383,1),(386,16383,2),(386,16383,6),(386,16383,7),(386,16383,8),(387,16383,1),(387,16383,2),(387,16383,6),(387,16383,7),(387,16383,8),(388,16383,1),(388,16383,2),(388,16383,6),(388,16383,7),(388,16383,8),(389,16383,1),(389,16383,2),(389,16383,6),(389,16383,7),(389,16383,8),(390,16383,1),(390,16383,2),(390,16383,6),(390,16383,7),(390,16383,8),(391,16383,1),(391,16383,2),(391,16383,6),(391,16383,7),(391,16383,8),(392,16383,1),(392,16383,2),(392,16383,6),(392,16383,7),(392,16383,8),(393,16383,1),(393,16383,2),(393,16383,6),(393,16383,7),(393,16383,8),(394,16383,1),(394,16383,2),(394,16383,6),(394,16383,7),(394,16383,8),(395,16383,1),(395,16383,2),(395,16383,6),(395,16383,7),(395,16383,8),(396,16383,1),(396,16383,2),(396,16383,6),(396,16383,7),(396,16383,8),(397,16383,1),(397,16383,2),(397,16383,6),(397,16383,7),(397,16383,8),(398,16383,1),(398,16383,2),(398,16383,6),(398,16383,7),(398,16383,8),(399,16383,1),(399,16383,2),(399,16383,6),(399,16383,7),(399,16383,8),(400,16383,1),(400,16383,2),(400,16383,6),(400,16383,7),(400,16383,8),(401,16383,1),(401,16383,2),(401,16383,6),(401,16383,7),(401,16383,8),(402,16383,1),(402,16383,2),(402,16383,6),(402,16383,7),(402,16383,8),(403,16383,1),(403,16383,2),(403,16383,6),(403,16383,7),(403,16383,8),(404,16383,1),(404,16383,2),(404,16383,6),(404,16383,7),(404,16383,8),(405,16383,1),(405,16383,2),(405,16383,6),(405,16383,7),(405,16383,8),(406,16383,1),(406,16383,2),(406,16383,6),(406,16383,7),(406,16383,8),(407,16383,1),(407,16383,2),(407,16383,6),(407,16383,7),(407,16383,8),(408,16383,1),(408,16383,2),(408,16383,6),(408,16383,7),(408,16383,8),(409,16383,1),(409,16383,2),(409,16383,6),(409,16383,7),(409,16383,8),(410,16383,1),(410,16383,2),(410,16383,6),(410,16383,7),(410,16383,8),(411,16383,1),(411,16383,2),(411,16383,6),(411,16383,7),(411,16383,8),(412,16383,1),(412,16383,2),(412,16383,6),(412,16383,7),(412,16383,8),(413,16383,1),(413,16383,2),(413,16383,6),(413,16383,7),(413,16383,8),(414,16383,1),(414,16383,2),(414,16383,6),(414,16383,7),(414,16383,8),(415,16383,1),(415,16383,2),(415,16383,6),(415,16383,7),(415,16383,8),(416,16383,1),(416,16383,2),(416,16383,6),(416,16383,7),(416,16383,8),(417,16383,1),(417,16383,2),(417,16383,6),(417,16383,7),(417,16383,8),(418,16383,1),(418,16383,2),(418,16383,6),(418,16383,7),(418,16383,8),(419,16383,1),(419,16383,2),(419,16383,6),(419,16383,7),(419,16383,8),(420,16383,1),(420,16383,2),(420,16383,6),(420,16383,7),(420,16383,8),(421,16383,1),(421,16383,2),(421,16383,6),(421,16383,7),(421,16383,8),(422,16383,1),(422,16383,2),(422,16383,6),(422,16383,7),(422,16383,8),(423,16383,1),(423,16383,2),(423,16383,6),(423,16383,7),(423,16383,8),(424,16383,1),(424,16383,2),(424,16383,6),(424,16383,7),(424,16383,8),(425,16383,1),(425,16383,2),(425,16383,6),(425,16383,7),(425,16383,8),(426,16383,1),(426,16383,2),(426,16383,6),(426,16383,7),(426,16383,8),(427,16383,1),(427,16383,2),(427,16383,6),(427,16383,7),(427,16383,8),(428,16383,1),(428,16383,2),(428,16383,6),(428,16383,7),(428,16383,8),(429,16383,1),(429,16383,2),(429,16383,6),(429,16383,7),(429,16383,8),(430,16383,1),(430,16383,2),(430,16383,6),(430,16383,7),(430,16383,8),(431,16383,1),(431,16383,2),(431,16383,6),(431,16383,7),(431,16383,8),(432,16383,1),(432,16383,2),(432,16383,6),(432,16383,7),(432,16383,8),(433,16383,1),(433,16383,2),(433,16383,6),(433,16383,7),(433,16383,8),(434,16383,1),(434,16383,2),(434,16383,6),(434,16383,7),(434,16383,8),(435,16383,1),(435,16383,2),(435,16383,6),(435,16383,7),(435,16383,8),(436,16383,1),(436,16383,2),(436,16383,6),(436,16383,7),(436,16383,8),(437,16383,1),(437,16383,2),(437,16383,6),(437,16383,7),(437,16383,8),(438,16383,1),(438,16383,2),(438,16383,6),(438,16383,7),(438,16383,8),(439,16383,1),(439,16383,2),(439,16383,6),(439,16383,7),(439,16383,8),(440,16383,1),(440,16383,2),(440,16383,6),(440,16383,7),(440,16383,8); +/*!40000 ALTER TABLE `acl2_permissions` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `admins` +-- + +DROP TABLE IF EXISTS `admins`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `admins` ( + `adminid` bigint(20) NOT NULL AUTO_INCREMENT, + `dn` varchar(255) NOT NULL, + `email_address` varchar(255) DEFAULT NULL, + `ca` smallint(6) NOT NULL, + PRIMARY KEY (`adminid`), + UNIQUE KEY `dn` (`dn`), + KEY `FKAB3A67047C6FEB32` (`ca`), + CONSTRAINT `FKAB3A67047C6FEB32` FOREIGN KEY (`ca`) REFERENCES `ca` (`cid`) +) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `admins` +-- + +LOCK TABLES `admins` WRITE; +/*!40000 ALTER TABLE `admins` DISABLE KEYS */; +INSERT INTO `admins` VALUES (1,'/O=VOMS/O=System/CN=Internal VOMS Process',NULL,5),(2,'/O=VOMS/O=System/CN=Local Database Administrator',NULL,5),(3,'/O=VOMS/O=System/CN=Absolutely Anyone',NULL,5),(4,'/O=VOMS/O=System/CN=Any Authenticated User',NULL,5),(5,'/O=VOMS/O=System/CN=Unauthenticated Client',NULL,5),(6,'/test_0/Role=VO-Admin',NULL,7),(7,'/C=IT/O=IGI/CN=dev.local.io',NULL,3),(8,'/C=IT/O=IGI/CN=test0','andrea.ceccanti@cnaf.infn.it',3); +/*!40000 ALTER TABLE `admins` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `attributes` +-- + +DROP TABLE IF EXISTS `attributes`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `attributes` ( + `a_id` bigint(20) NOT NULL AUTO_INCREMENT, + `a_desc` text, + `a_name` varchar(255) NOT NULL, + `a_uniq` bit(1) NOT NULL, + PRIMARY KEY (`a_id`), + UNIQUE KEY `a_name` (`a_name`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `attributes` +-- + +LOCK TABLES `attributes` WRITE; +/*!40000 ALTER TABLE `attributes` DISABLE KEYS */; +INSERT INTO `attributes` VALUES (1,'nickname','nickname','\0'),(2,'favourite_pet','favourite_pet','\0'),(3,'contagious_disease','contagious_disease','\0'); +/*!40000 ALTER TABLE `attributes` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `aup` +-- + +DROP TABLE IF EXISTS `aup`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `aup` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `description` varchar(255) DEFAULT NULL, + `reacceptancePeriod` int(11) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `name` (`name`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `aup` +-- + +LOCK TABLES `aup` WRITE; +/*!40000 ALTER TABLE `aup` DISABLE KEYS */; +INSERT INTO `aup` VALUES (1,'VO-AUP','',365); +/*!40000 ALTER TABLE `aup` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `aup_acc_record` +-- + +DROP TABLE IF EXISTS `aup_acc_record`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `aup_acc_record` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `aup_version_id` bigint(20) NOT NULL, + `usr_id` bigint(20) NOT NULL, + `last_acceptance_date` datetime NOT NULL, + `valid` bit(1) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `aup_version_id` (`aup_version_id`,`usr_id`), + KEY `FKB1979B32EE2D4487` (`usr_id`), + KEY `FKB1979B32815F1678` (`aup_version_id`), + CONSTRAINT `FKB1979B32815F1678` FOREIGN KEY (`aup_version_id`) REFERENCES `aup_version` (`id`), + CONSTRAINT `FKB1979B32EE2D4487` FOREIGN KEY (`usr_id`) REFERENCES `usr` (`userid`) +) ENGINE=InnoDB AUTO_INCREMENT=201 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `aup_acc_record` +-- + +LOCK TABLES `aup_acc_record` WRITE; +/*!40000 ALTER TABLE `aup_acc_record` DISABLE KEYS */; +INSERT INTO `aup_acc_record` VALUES (1,1,1,'2017-03-21 17:49:50',''),(2,1,2,'2017-03-21 17:49:50',''),(3,1,3,'2017-03-21 17:49:51',''),(4,1,4,'2017-03-21 17:49:52',''),(5,1,5,'2017-03-21 17:49:52',''),(6,1,6,'2017-03-21 17:49:53',''),(7,1,7,'2017-03-21 17:49:53',''),(8,1,8,'2017-03-21 17:49:54',''),(9,1,9,'2017-03-21 17:49:55',''),(10,1,10,'2017-03-21 17:49:55',''),(11,1,11,'2017-03-21 17:49:55',''),(12,1,12,'2017-03-21 17:49:56',''),(13,1,13,'2017-03-21 17:49:56',''),(14,1,14,'2017-03-21 17:49:57',''),(15,1,15,'2017-03-21 17:49:57',''),(16,1,16,'2017-03-21 17:49:57',''),(17,1,17,'2017-03-21 17:49:58',''),(18,1,18,'2017-03-21 17:49:58',''),(19,1,19,'2017-03-21 17:49:59',''),(20,1,20,'2017-03-21 17:49:59',''),(21,1,21,'2017-03-21 17:50:00',''),(22,1,22,'2017-03-21 17:50:00',''),(23,1,23,'2017-03-21 17:50:01',''),(24,1,24,'2017-03-21 17:50:01',''),(25,1,25,'2017-03-21 17:50:02',''),(26,1,26,'2017-03-21 17:50:02',''),(27,1,27,'2017-03-21 17:50:03',''),(28,1,28,'2017-03-21 17:50:03',''),(29,1,29,'2017-03-21 17:50:04',''),(30,1,30,'2017-03-21 17:50:04',''),(31,1,31,'2017-03-21 17:50:04',''),(32,1,32,'2017-03-21 17:50:05',''),(33,1,33,'2017-03-21 17:50:05',''),(34,1,34,'2017-03-21 17:50:05',''),(35,1,35,'2017-03-21 17:50:06',''),(36,1,36,'2017-03-21 17:50:07',''),(37,1,37,'2017-03-21 17:50:08',''),(38,1,38,'2017-03-21 17:50:08',''),(39,1,39,'2017-03-21 17:50:08',''),(40,1,40,'2017-03-21 17:50:09',''),(41,1,41,'2017-03-21 17:50:09',''),(42,1,42,'2017-03-21 17:50:10',''),(43,1,43,'2017-03-21 17:50:10',''),(44,1,44,'2017-03-21 17:50:11',''),(45,1,45,'2017-03-21 17:50:11',''),(46,1,46,'2017-03-21 17:50:11',''),(47,1,47,'2017-03-21 17:50:12',''),(48,1,48,'2017-03-21 17:50:12',''),(49,1,49,'2017-03-21 17:50:12',''),(50,1,50,'2017-03-21 17:50:13',''),(51,1,51,'2017-03-21 17:50:13',''),(52,1,52,'2017-03-21 17:50:14',''),(53,1,53,'2017-03-21 17:50:14',''),(54,1,54,'2017-03-21 17:50:15',''),(55,1,55,'2017-03-21 17:50:15',''),(56,1,56,'2017-03-21 17:50:15',''),(57,1,57,'2017-03-21 17:50:16',''),(58,1,58,'2017-03-21 17:50:16',''),(59,1,59,'2017-03-21 17:50:16',''),(60,1,60,'2017-03-21 17:50:17',''),(61,1,61,'2017-03-21 17:50:17',''),(62,1,62,'2017-03-21 17:50:17',''),(63,1,63,'2017-03-21 17:50:18',''),(64,1,64,'2017-03-21 17:50:18',''),(65,1,65,'2017-03-21 17:50:19',''),(66,1,66,'2017-03-21 17:50:19',''),(67,1,67,'2017-03-21 17:50:20',''),(68,1,68,'2017-03-21 17:50:21',''),(69,1,69,'2017-03-21 17:50:21',''),(70,1,70,'2017-03-21 17:50:22',''),(71,1,71,'2017-03-21 17:50:22',''),(72,1,72,'2017-03-21 17:50:23',''),(73,1,73,'2017-03-21 17:50:23',''),(74,1,74,'2017-03-21 17:50:24',''),(75,1,75,'2017-03-21 17:50:24',''),(76,1,76,'2017-03-21 17:50:24',''),(77,1,77,'2017-03-21 17:50:25',''),(78,1,78,'2017-03-21 17:50:25',''),(79,1,79,'2017-03-21 17:50:26',''),(80,1,80,'2017-03-21 17:50:26',''),(81,1,81,'2017-03-21 17:50:26',''),(82,1,82,'2017-03-21 17:50:27',''),(83,1,83,'2017-03-21 17:50:27',''),(84,1,84,'2017-03-21 17:50:28',''),(85,1,85,'2017-03-21 17:50:29',''),(86,1,86,'2017-03-21 17:50:29',''),(87,1,87,'2017-03-21 17:50:30',''),(88,1,88,'2017-03-21 17:50:30',''),(89,1,89,'2017-03-21 17:50:30',''),(90,1,90,'2017-03-21 17:50:31',''),(91,1,91,'2017-03-21 17:50:31',''),(92,1,92,'2017-03-21 17:50:32',''),(93,1,93,'2017-03-21 17:50:32',''),(94,1,94,'2017-03-21 17:50:32',''),(95,1,95,'2017-03-21 17:50:33',''),(96,1,96,'2017-03-21 17:50:33',''),(97,1,97,'2017-03-21 17:50:34',''),(98,1,98,'2017-03-21 17:50:34',''),(99,1,99,'2017-03-21 17:50:34',''),(100,1,100,'2017-03-21 17:50:35',''),(101,1,101,'2017-03-21 17:50:35',''),(102,1,102,'2017-03-21 17:50:36',''),(103,1,103,'2017-03-21 17:50:36',''),(104,1,104,'2017-03-21 17:50:37',''),(105,1,105,'2017-03-21 17:50:38',''),(106,1,106,'2017-03-21 17:50:38',''),(107,1,107,'2017-03-21 17:50:39',''),(108,1,108,'2017-03-21 17:50:39',''),(109,1,109,'2017-03-21 17:50:39',''),(110,1,110,'2017-03-21 17:50:40',''),(111,1,111,'2017-03-21 17:50:40',''),(112,1,112,'2017-03-21 17:50:41',''),(113,1,113,'2017-03-21 17:50:41',''),(114,1,114,'2017-03-21 17:50:41',''),(115,1,115,'2017-03-21 17:50:42',''),(116,1,116,'2017-03-21 17:50:42',''),(117,1,117,'2017-03-21 17:50:43',''),(118,1,118,'2017-03-21 17:50:43',''),(119,1,119,'2017-03-21 17:50:43',''),(120,1,120,'2017-03-21 17:50:44',''),(121,1,121,'2017-03-21 17:50:44',''),(122,1,122,'2017-03-21 17:50:45',''),(123,1,123,'2017-03-21 17:50:45',''),(124,1,124,'2017-03-21 17:50:46',''),(125,1,125,'2017-03-21 17:50:46',''),(126,1,126,'2017-03-21 17:50:47',''),(127,1,127,'2017-03-21 17:50:47',''),(128,1,128,'2017-03-21 17:50:48',''),(129,1,129,'2017-03-21 17:50:49',''),(130,1,130,'2017-03-21 17:50:49',''),(131,1,131,'2017-03-21 17:50:49',''),(132,1,132,'2017-03-21 17:50:50',''),(133,1,133,'2017-03-21 17:50:50',''),(134,1,134,'2017-03-21 17:50:50',''),(135,1,135,'2017-03-21 17:50:51',''),(136,1,136,'2017-03-21 17:50:51',''),(137,1,137,'2017-03-21 17:50:52',''),(138,1,138,'2017-03-21 17:50:52',''),(139,1,139,'2017-03-21 17:50:53',''),(140,1,140,'2017-03-21 17:50:53',''),(141,1,141,'2017-03-21 17:50:53',''),(142,1,142,'2017-03-21 17:50:54',''),(143,1,143,'2017-03-21 17:50:54',''),(144,1,144,'2017-03-21 17:50:54',''),(145,1,145,'2017-03-21 17:50:55',''),(146,1,146,'2017-03-21 17:50:55',''),(147,1,147,'2017-03-21 17:50:55',''),(148,1,148,'2017-03-21 17:50:56',''),(149,1,149,'2017-03-21 17:50:56',''),(150,1,150,'2017-03-21 17:50:56',''),(151,1,151,'2017-03-21 17:50:57',''),(152,1,152,'2017-03-21 17:50:57',''),(153,1,153,'2017-03-21 17:50:58',''),(154,1,154,'2017-03-21 17:50:58',''),(155,1,155,'2017-03-21 17:50:58',''),(156,1,156,'2017-03-21 17:50:59',''),(157,1,157,'2017-03-21 17:50:59',''),(158,1,158,'2017-03-21 17:50:59',''),(159,1,159,'2017-03-21 17:51:00',''),(160,1,160,'2017-03-21 17:51:00',''),(161,1,161,'2017-03-21 17:51:00',''),(162,1,162,'2017-03-21 17:51:01',''),(163,1,163,'2017-03-21 17:51:01',''),(164,1,164,'2017-03-21 17:51:02',''),(165,1,165,'2017-03-21 17:51:02',''),(166,1,166,'2017-03-21 17:51:02',''),(167,1,167,'2017-03-21 17:51:03',''),(168,1,168,'2017-03-21 17:51:03',''),(169,1,169,'2017-03-21 17:51:04',''),(170,1,170,'2017-03-21 17:51:04',''),(171,1,171,'2017-03-21 17:51:04',''),(172,1,172,'2017-03-21 17:51:05',''),(173,1,173,'2017-03-21 17:51:05',''),(174,1,174,'2017-03-21 17:51:05',''),(175,1,175,'2017-03-21 17:51:06',''),(176,1,176,'2017-03-21 17:51:06',''),(177,1,177,'2017-03-21 17:51:06',''),(178,1,178,'2017-03-21 17:51:07',''),(179,1,179,'2017-03-21 17:51:08',''),(180,1,180,'2017-03-21 17:51:08',''),(181,1,181,'2017-03-21 17:51:09',''),(182,1,182,'2017-03-21 17:51:09',''),(183,1,183,'2017-03-21 17:51:10',''),(184,1,184,'2017-03-21 17:51:10',''),(185,1,185,'2017-03-21 17:51:11',''),(186,1,186,'2017-03-21 17:51:11',''),(187,1,187,'2017-03-21 17:51:11',''),(188,1,188,'2017-03-21 17:51:12',''),(189,1,189,'2017-03-21 17:51:12',''),(190,1,190,'2017-03-21 17:51:12',''),(191,1,191,'2017-03-21 17:51:13',''),(192,1,192,'2017-03-21 17:51:13',''),(193,1,193,'2017-03-21 17:51:14',''),(194,1,194,'2017-03-21 17:51:14',''),(195,1,195,'2017-03-21 17:51:15',''),(196,1,196,'2017-03-21 17:51:15',''),(197,1,197,'2017-03-21 17:51:15',''),(198,1,198,'2017-03-21 17:51:16',''),(199,1,199,'2017-03-21 17:51:16',''),(200,1,200,'2017-03-21 17:51:16',''); +/*!40000 ALTER TABLE `aup_acc_record` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `aup_version` +-- + +DROP TABLE IF EXISTS `aup_version`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `aup_version` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `aup_id` bigint(20) NOT NULL, + `version` varchar(255) NOT NULL, + `url` varchar(255) DEFAULT NULL, + `text` varchar(255) DEFAULT NULL, + `creationTime` datetime NOT NULL, + `lastForcedReacceptanceTime` datetime DEFAULT NULL, + `active` bit(1) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `aup_id` (`aup_id`,`version`), + KEY `fk_aup_version_aup` (`aup_id`), + CONSTRAINT `fk_aup_version_aup` FOREIGN KEY (`aup_id`) REFERENCES `aup` (`id`) ON DELETE CASCADE +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `aup_version` +-- + +LOCK TABLES `aup_version` WRITE; +/*!40000 ALTER TABLE `aup_version` DISABLE KEYS */; +INSERT INTO `aup_version` VALUES (1,1,'1.0','file:/etc/voms-admin/test_0/vo-aup.txt',NULL,'2017-03-21 17:47:27',NULL,''); +/*!40000 ALTER TABLE `aup_version` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `ca` +-- + +DROP TABLE IF EXISTS `ca`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `ca` ( + `cid` smallint(6) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `description` varchar(255) DEFAULT NULL, + `subject_string` varchar(255) NOT NULL, + PRIMARY KEY (`cid`), + UNIQUE KEY `subject_string` (`subject_string`) +) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `ca` +-- + +LOCK TABLES `ca` WRITE; +/*!40000 ALTER TABLE `ca` DISABLE KEYS */; +INSERT INTO `ca` VALUES (1,'2017-03-21 17:47:27',NULL,'/C=IT/O=INFN/CN=INFN Certification Authority'),(2,'2017-03-21 17:47:27',NULL,'/C=IT/O=IGI/CN=Test CA 2'),(3,'2017-03-21 17:47:27',NULL,'/C=IT/O=IGI/CN=Test CA'),(4,'2017-03-21 17:47:27',NULL,'/C=IT/O=IGI/CN=Test CA (SHA 256)'),(5,'2017-03-21 17:47:27','A dummy CA for local org.glite.security.voms.admin.persistence.error mainteneance','/O=VOMS/O=System/CN=Dummy Certificate Authority'),(6,'2017-03-21 17:47:27','A virtual CA for VOMS groups.','/O=VOMS/O=System/CN=VOMS Group'),(7,'2017-03-21 17:47:27','A virtual CA for VOMS roles.','/O=VOMS/O=System/CN=VOMS Role'),(8,'2017-03-21 17:47:27','A virtual CA for authz manager attributes','/O=VOMS/O=System/CN=Authorization Manager Attributes'); +/*!40000 ALTER TABLE `ca` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `certificate` +-- + +DROP TABLE IF EXISTS `certificate`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `certificate` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `subject_string` varchar(255) NOT NULL, + `suspended` bit(1) NOT NULL, + `suspended_reason` varchar(255) DEFAULT NULL, + `suspension_reason_code` varchar(255) DEFAULT NULL, + `ca_id` smallint(6) NOT NULL, + `usr_id` bigint(20) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `ca_id` (`ca_id`,`subject_string`), + KEY `FK745F4197EE2D4487` (`usr_id`), + KEY `FK745F419782107F70` (`ca_id`), + CONSTRAINT `FK745F419782107F70` FOREIGN KEY (`ca_id`) REFERENCES `ca` (`cid`), + CONSTRAINT `FK745F4197EE2D4487` FOREIGN KEY (`usr_id`) REFERENCES `usr` (`userid`) +) ENGINE=InnoDB AUTO_INCREMENT=201 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `certificate` +-- + +LOCK TABLES `certificate` WRITE; +/*!40000 ALTER TABLE `certificate` DISABLE KEYS */; +INSERT INTO `certificate` VALUES (1,'2017-03-21 17:49:50','/C=IT/O=IGI/CN=CONRAD BASSETTE','\0',NULL,NULL,3,1),(2,'2017-03-21 17:49:50','/C=IT/O=IGI/CN=MICHAELA MCPHERREN','\0',NULL,NULL,3,2),(3,'2017-03-21 17:49:51','/C=IT/O=IGI/CN=TINY KABLER','\0',NULL,NULL,3,3),(4,'2017-03-21 17:49:52','/C=IT/O=IGI/CN=HAI JACOBOVITS','\0',NULL,NULL,3,4),(5,'2017-03-21 17:49:52','/C=IT/O=IGI/CN=MCKENZIE DELANG','\0',NULL,NULL,3,5),(6,'2017-03-21 17:49:53','/C=IT/O=IGI/CN=CECILY ANDERTON','\0',NULL,NULL,3,6),(7,'2017-03-21 17:49:53','/C=IT/O=IGI/CN=LATESHA SPINOZA','\0',NULL,NULL,3,7),(8,'2017-03-21 17:49:54','/C=IT/O=IGI/CN=SHAQUANA KONON','\0',NULL,NULL,3,8),(9,'2017-03-21 17:49:55','/C=IT/O=IGI/CN=DANNIE WALSH','\0',NULL,NULL,3,9),(10,'2017-03-21 17:49:55','/C=IT/O=IGI/CN=EUNICE ORLEANS','\0',NULL,NULL,3,10),(11,'2017-03-21 17:49:55','/C=IT/O=IGI/CN=LAHOMA PRESTINO','\0',NULL,NULL,3,11),(12,'2017-03-21 17:49:56','/C=IT/O=IGI/CN=DOREEN BOURDEAU','\0',NULL,NULL,3,12),(13,'2017-03-21 17:49:56','/C=IT/O=IGI/CN=WAI PINKERTON','\0',NULL,NULL,3,13),(14,'2017-03-21 17:49:57','/C=IT/O=IGI/CN=KACY COLLICA','\0',NULL,NULL,3,14),(15,'2017-03-21 17:49:57','/C=IT/O=IGI/CN=ADINA PIERETTI','\0',NULL,NULL,3,15),(16,'2017-03-21 17:49:57','/C=IT/O=IGI/CN=ANTHONY ELNICKI','\0',NULL,NULL,3,16),(17,'2017-03-21 17:49:58','/C=IT/O=IGI/CN=ERIC RADWAN','\0',NULL,NULL,3,17),(18,'2017-03-21 17:49:58','/C=IT/O=IGI/CN=MARX DALMATA','\0',NULL,NULL,3,18),(19,'2017-03-21 17:49:59','/C=IT/O=IGI/CN=MADALINE SHERROD','\0',NULL,NULL,3,19),(20,'2017-03-21 17:49:59','/C=IT/O=IGI/CN=ABEL BURBACK','\0',NULL,NULL,3,20),(21,'2017-03-21 17:50:00','/C=IT/O=IGI/CN=CALLIE NAGINDAS','\0',NULL,NULL,3,21),(22,'2017-03-21 17:50:00','/C=IT/O=IGI/CN=ABE LERWILL','\0',NULL,NULL,3,22),(23,'2017-03-21 17:50:01','/C=IT/O=IGI/CN=LOUIS WHITELIGHTNIN','\0',NULL,NULL,3,23),(24,'2017-03-21 17:50:01','/C=IT/O=IGI/CN=SHAWNNA LANGLINAIS','\0',NULL,NULL,3,24),(25,'2017-03-21 17:50:02','/C=IT/O=IGI/CN=CHAD CAVALIERO','\0',NULL,NULL,3,25),(26,'2017-03-21 17:50:02','/C=IT/O=IGI/CN=LAKEISHA MCMORRIS','\0',NULL,NULL,3,26),(27,'2017-03-21 17:50:03','/C=IT/O=IGI/CN=RODNEY HACHER','\0',NULL,NULL,3,27),(28,'2017-03-21 17:50:03','/C=IT/O=IGI/CN=CARLA DAEHN','\0',NULL,NULL,3,28),(29,'2017-03-21 17:50:04','/C=IT/O=IGI/CN=MARLON KRUPPENBACHER','\0',NULL,NULL,3,29),(30,'2017-03-21 17:50:04','/C=IT/O=IGI/CN=VERTIE STAMER','\0',NULL,NULL,3,30),(31,'2017-03-21 17:50:04','/C=IT/O=IGI/CN=DELLA BARKLOW','\0',NULL,NULL,3,31),(32,'2017-03-21 17:50:05','/C=IT/O=IGI/CN=CECILIA LALL','\0',NULL,NULL,3,32),(33,'2017-03-21 17:50:05','/C=IT/O=IGI/CN=TIERA DOWLIN','\0',NULL,NULL,3,33),(34,'2017-03-21 17:50:05','/C=IT/O=IGI/CN=DETRA TATAR','\0',NULL,NULL,3,34),(35,'2017-03-21 17:50:06','/C=IT/O=IGI/CN=JULES TOTTEN','\0',NULL,NULL,3,35),(36,'2017-03-21 17:50:07','/C=IT/O=IGI/CN=DORTHA HOBDAY','\0',NULL,NULL,3,36),(37,'2017-03-21 17:50:08','/C=IT/O=IGI/CN=BERENICE ORLOWSKY','\0',NULL,NULL,3,37),(38,'2017-03-21 17:50:08','/C=IT/O=IGI/CN=BRITTANEY DENIER','\0',NULL,NULL,3,38),(39,'2017-03-21 17:50:08','/C=IT/O=IGI/CN=ALITA HONTZ','\0',NULL,NULL,3,39),(40,'2017-03-21 17:50:09','/C=IT/O=IGI/CN=FREEMAN KOBIE','\0',NULL,NULL,3,40),(41,'2017-03-21 17:50:09','/C=IT/O=IGI/CN=LEEANNA VOIGT','\0',NULL,NULL,3,41),(42,'2017-03-21 17:50:10','/C=IT/O=IGI/CN=JOSH PAULINA','\0',NULL,NULL,3,42),(43,'2017-03-21 17:50:10','/C=IT/O=IGI/CN=DACIA SHAUB','\0',NULL,NULL,3,43),(44,'2017-03-21 17:50:11','/C=IT/O=IGI/CN=FREDERICK WIRTA','\0',NULL,NULL,3,44),(45,'2017-03-21 17:50:11','/C=IT/O=IGI/CN=TRICIA WIESER','\0',NULL,NULL,3,45),(46,'2017-03-21 17:50:11','/C=IT/O=IGI/CN=ELIN GOSTOMSKI','\0',NULL,NULL,3,46),(47,'2017-03-21 17:50:12','/C=IT/O=IGI/CN=FREDRICK LINNELL','\0',NULL,NULL,3,47),(48,'2017-03-21 17:50:12','/C=IT/O=IGI/CN=LYNN RIGHTMYER','\0',NULL,NULL,3,48),(49,'2017-03-21 17:50:12','/C=IT/O=IGI/CN=SIMA WEST','\0',NULL,NULL,3,49),(50,'2017-03-21 17:50:13','/C=IT/O=IGI/CN=YUKIKO DONOHO','\0',NULL,NULL,3,50),(51,'2017-03-21 17:50:13','/C=IT/O=IGI/CN=LASHONDA WESTHOUSE','\0',NULL,NULL,3,51),(52,'2017-03-21 17:50:14','/C=IT/O=IGI/CN=CARMON PARLOR','\0',NULL,NULL,3,52),(53,'2017-03-21 17:50:14','/C=IT/O=IGI/CN=BESS SWETT','\0',NULL,NULL,3,53),(54,'2017-03-21 17:50:14','/C=IT/O=IGI/CN=JACKSON LEDDON','\0',NULL,NULL,3,54),(55,'2017-03-21 17:50:15','/C=IT/O=IGI/CN=GENNA HANISKO','\0',NULL,NULL,3,55),(56,'2017-03-21 17:50:15','/C=IT/O=IGI/CN=JUDIE WICKINGS','\0',NULL,NULL,3,56),(57,'2017-03-21 17:50:16','/C=IT/O=IGI/CN=KATHLENE SCHNECKLOTH','\0',NULL,NULL,3,57),(58,'2017-03-21 17:50:16','/C=IT/O=IGI/CN=OTIS TOPLK','\0',NULL,NULL,3,58),(59,'2017-03-21 17:50:16','/C=IT/O=IGI/CN=BERNARDO DEISHER','\0',NULL,NULL,3,59),(60,'2017-03-21 17:50:17','/C=IT/O=IGI/CN=LIZ WILCINSKI','\0',NULL,NULL,3,60),(61,'2017-03-21 17:50:17','/C=IT/O=IGI/CN=CHU KURLAND','\0',NULL,NULL,3,61),(62,'2017-03-21 17:50:17','/C=IT/O=IGI/CN=VAL KAUFFMANN','\0',NULL,NULL,3,62),(63,'2017-03-21 17:50:18','/C=IT/O=IGI/CN=JOEY FREIMUTH','\0',NULL,NULL,3,63),(64,'2017-03-21 17:50:18','/C=IT/O=IGI/CN=CHANCE BARRO','\0',NULL,NULL,3,64),(65,'2017-03-21 17:50:19','/C=IT/O=IGI/CN=VI SZWARC','\0',NULL,NULL,3,65),(66,'2017-03-21 17:50:19','/C=IT/O=IGI/CN=CARITA ABT','\0',NULL,NULL,3,66),(67,'2017-03-21 17:50:20','/C=IT/O=IGI/CN=COURTNEY VEIGEL','\0',NULL,NULL,3,67),(68,'2017-03-21 17:50:21','/C=IT/O=IGI/CN=ALDA MANGUS','\0',NULL,NULL,3,68),(69,'2017-03-21 17:50:21','/C=IT/O=IGI/CN=BERTHA MAUFFRAY','\0',NULL,NULL,3,69),(70,'2017-03-21 17:50:22','/C=IT/O=IGI/CN=PAULITA DOSTIE','\0',NULL,NULL,3,70),(71,'2017-03-21 17:50:22','/C=IT/O=IGI/CN=NELLIE BURKHARD','\0',NULL,NULL,3,71),(72,'2017-03-21 17:50:23','/C=IT/O=IGI/CN=XOCHITL FELLEMAN','\0',NULL,NULL,3,72),(73,'2017-03-21 17:50:23','/C=IT/O=IGI/CN=KEN OBRADOVICH','\0',NULL,NULL,3,73),(74,'2017-03-21 17:50:24','/C=IT/O=IGI/CN=WANITA DARRAH','\0',NULL,NULL,3,74),(75,'2017-03-21 17:50:24','/C=IT/O=IGI/CN=WILHELMINA MONARREZ','\0',NULL,NULL,3,75),(76,'2017-03-21 17:50:24','/C=IT/O=IGI/CN=LETA STENBERG','\0',NULL,NULL,3,76),(77,'2017-03-21 17:50:25','/C=IT/O=IGI/CN=BERT DEODATO','\0',NULL,NULL,3,77),(78,'2017-03-21 17:50:25','/C=IT/O=IGI/CN=IRMA LANOIE','\0',NULL,NULL,3,78),(79,'2017-03-21 17:50:26','/C=IT/O=IGI/CN=OTIS FLATTERY','\0',NULL,NULL,3,79),(80,'2017-03-21 17:50:26','/C=IT/O=IGI/CN=NOBUKO LAITE','\0',NULL,NULL,3,80),(81,'2017-03-21 17:50:26','/C=IT/O=IGI/CN=JED CATTS','\0',NULL,NULL,3,81),(82,'2017-03-21 17:50:27','/C=IT/O=IGI/CN=PAUL BOHLER','\0',NULL,NULL,3,82),(83,'2017-03-21 17:50:27','/C=IT/O=IGI/CN=CHANCE SAVEL','\0',NULL,NULL,3,83),(84,'2017-03-21 17:50:28','/C=IT/O=IGI/CN=TIJUANA CABBLE','\0',NULL,NULL,3,84),(85,'2017-03-21 17:50:29','/C=IT/O=IGI/CN=AZZIE TORELLI','\0',NULL,NULL,3,85),(86,'2017-03-21 17:50:29','/C=IT/O=IGI/CN=CARYLON VERSTRAETE','\0',NULL,NULL,3,86),(87,'2017-03-21 17:50:30','/C=IT/O=IGI/CN=WAVA BENKEN','\0',NULL,NULL,3,87),(88,'2017-03-21 17:50:30','/C=IT/O=IGI/CN=VENNIE DOMENICK','\0',NULL,NULL,3,88),(89,'2017-03-21 17:50:30','/C=IT/O=IGI/CN=FREDDA HYTEN','\0',NULL,NULL,3,89),(90,'2017-03-21 17:50:31','/C=IT/O=IGI/CN=HAYDEE BZHYAN','\0',NULL,NULL,3,90),(91,'2017-03-21 17:50:31','/C=IT/O=IGI/CN=ELIJAH BURDELL','\0',NULL,NULL,3,91),(92,'2017-03-21 17:50:32','/C=IT/O=IGI/CN=BETHANIE CASTILLA','\0',NULL,NULL,3,92),(93,'2017-03-21 17:50:32','/C=IT/O=IGI/CN=LESLIE HANCOCK','\0',NULL,NULL,3,93),(94,'2017-03-21 17:50:32','/C=IT/O=IGI/CN=XENIA HAULBROOK','\0',NULL,NULL,3,94),(95,'2017-03-21 17:50:33','/C=IT/O=IGI/CN=YUKO CROMBIE','\0',NULL,NULL,3,95),(96,'2017-03-21 17:50:33','/C=IT/O=IGI/CN=JALEESA HANIFAN','\0',NULL,NULL,3,96),(97,'2017-03-21 17:50:34','/C=IT/O=IGI/CN=KRYSTIN LYBRAND','\0',NULL,NULL,3,97),(98,'2017-03-21 17:50:34','/C=IT/O=IGI/CN=KORY MCPARLAND','\0',NULL,NULL,3,98),(99,'2017-03-21 17:50:34','/C=IT/O=IGI/CN=WAN SAMMON','\0',NULL,NULL,3,99),(100,'2017-03-21 17:50:35','/C=IT/O=IGI/CN=HANH ATCITTY','\0',NULL,NULL,3,100),(101,'2017-03-21 17:50:35','/C=IT/O=IGI/CN=ANGELIC URBINA','\0',NULL,NULL,3,101),(102,'2017-03-21 17:50:36','/C=IT/O=IGI/CN=AUSTIN CARABAJAL','\0',NULL,NULL,3,102),(103,'2017-03-21 17:50:36','/C=IT/O=IGI/CN=INGA DINGFELDER','\0',NULL,NULL,3,103),(104,'2017-03-21 17:50:37','/C=IT/O=IGI/CN=LIVIA ASHBACHER','\0',NULL,NULL,3,104),(105,'2017-03-21 17:50:38','/C=IT/O=IGI/CN=BROOKE LEBEDEFF','\0',NULL,NULL,3,105),(106,'2017-03-21 17:50:38','/C=IT/O=IGI/CN=SUNSHINE BUTTARO','\0',NULL,NULL,3,106),(107,'2017-03-21 17:50:39','/C=IT/O=IGI/CN=TWYLA TIBWELL','\0',NULL,NULL,3,107),(108,'2017-03-21 17:50:39','/C=IT/O=IGI/CN=MILLARD CARAVELLA','\0',NULL,NULL,3,108),(109,'2017-03-21 17:50:39','/C=IT/O=IGI/CN=MARGURITE AYOOB','\0',NULL,NULL,3,109),(110,'2017-03-21 17:50:40','/C=IT/O=IGI/CN=MARIKO TENN','\0',NULL,NULL,3,110),(111,'2017-03-21 17:50:40','/C=IT/O=IGI/CN=JINNY KRUGER','\0',NULL,NULL,3,111),(112,'2017-03-21 17:50:41','/C=IT/O=IGI/CN=RETHA PINCHBECK','\0',NULL,NULL,3,112),(113,'2017-03-21 17:50:41','/C=IT/O=IGI/CN=KIMBERY LOBDELL','\0',NULL,NULL,3,113),(114,'2017-03-21 17:50:41','/C=IT/O=IGI/CN=SHIRELY BORGATTI','\0',NULL,NULL,3,114),(115,'2017-03-21 17:50:42','/C=IT/O=IGI/CN=TODD OKKEN','\0',NULL,NULL,3,115),(116,'2017-03-21 17:50:42','/C=IT/O=IGI/CN=RUPERT MONTALBO','\0',NULL,NULL,3,116),(117,'2017-03-21 17:50:43','/C=IT/O=IGI/CN=JIMMIE ISRAELSEN','\0',NULL,NULL,3,117),(118,'2017-03-21 17:50:43','/C=IT/O=IGI/CN=STEPANIE VOLNER','\0',NULL,NULL,3,118),(119,'2017-03-21 17:50:43','/C=IT/O=IGI/CN=ULRIKE KEMPSON','\0',NULL,NULL,3,119),(120,'2017-03-21 17:50:44','/C=IT/O=IGI/CN=JINA MEGO','\0',NULL,NULL,3,120),(121,'2017-03-21 17:50:44','/C=IT/O=IGI/CN=VANNA JOOS','\0',NULL,NULL,3,121),(122,'2017-03-21 17:50:45','/C=IT/O=IGI/CN=TONA RAROGAL','\0',NULL,NULL,3,122),(123,'2017-03-21 17:50:45','/C=IT/O=IGI/CN=BRYAN HEMERLY','\0',NULL,NULL,3,123),(124,'2017-03-21 17:50:46','/C=IT/O=IGI/CN=ALEEN DARCO','\0',NULL,NULL,3,124),(125,'2017-03-21 17:50:46','/C=IT/O=IGI/CN=MARGUERITE MITCHLER','\0',NULL,NULL,3,125),(126,'2017-03-21 17:50:47','/C=IT/O=IGI/CN=ELLENA BEICHNER','\0',NULL,NULL,3,126),(127,'2017-03-21 17:50:47','/C=IT/O=IGI/CN=PEGGY DATY','\0',NULL,NULL,3,127),(128,'2017-03-21 17:50:48','/C=IT/O=IGI/CN=ELNORA HOMBY','\0',NULL,NULL,3,128),(129,'2017-03-21 17:50:49','/C=IT/O=IGI/CN=DREAMA LUCKENBAUGH','\0',NULL,NULL,3,129),(130,'2017-03-21 17:50:49','/C=IT/O=IGI/CN=HORTENCIA TICA','\0',NULL,NULL,3,130),(131,'2017-03-21 17:50:49','/C=IT/O=IGI/CN=OTTO BEUMER','\0',NULL,NULL,3,131),(132,'2017-03-21 17:50:50','/C=IT/O=IGI/CN=ZACHARY BIHM','\0',NULL,NULL,3,132),(133,'2017-03-21 17:50:50','/C=IT/O=IGI/CN=ANNMARIE MUSILLI','\0',NULL,NULL,3,133),(134,'2017-03-21 17:50:50','/C=IT/O=IGI/CN=SAL LUTGEN','\0',NULL,NULL,3,134),(135,'2017-03-21 17:50:51','/C=IT/O=IGI/CN=DAMON HUMMINGBIRD','\0',NULL,NULL,3,135),(136,'2017-03-21 17:50:51','/C=IT/O=IGI/CN=GRACIE PADIONG','\0',NULL,NULL,3,136),(137,'2017-03-21 17:50:52','/C=IT/O=IGI/CN=MARSHALL PORTEUS','\0',NULL,NULL,3,137),(138,'2017-03-21 17:50:52','/C=IT/O=IGI/CN=ISIDRA CLAP','\0',NULL,NULL,3,138),(139,'2017-03-21 17:50:53','/C=IT/O=IGI/CN=CHUNG PONTONIO','\0',NULL,NULL,3,139),(140,'2017-03-21 17:50:53','/C=IT/O=IGI/CN=CLAUDIA GRAYSON','\0',NULL,NULL,3,140),(141,'2017-03-21 17:50:53','/C=IT/O=IGI/CN=JONELL POWROZNIK','\0',NULL,NULL,3,141),(142,'2017-03-21 17:50:54','/C=IT/O=IGI/CN=KIMBERLEE BRUMMET','\0',NULL,NULL,3,142),(143,'2017-03-21 17:50:54','/C=IT/O=IGI/CN=JEWELL DELSORDO','\0',NULL,NULL,3,143),(144,'2017-03-21 17:50:54','/C=IT/O=IGI/CN=FERMINA WHITNER','\0',NULL,NULL,3,144),(145,'2017-03-21 17:50:55','/C=IT/O=IGI/CN=MARTHA HOLLMANN','\0',NULL,NULL,3,145),(146,'2017-03-21 17:50:55','/C=IT/O=IGI/CN=DEIDRE HINGSTON','\0',NULL,NULL,3,146),(147,'2017-03-21 17:50:55','/C=IT/O=IGI/CN=DEWITT MOHLKE','\0',NULL,NULL,3,147),(148,'2017-03-21 17:50:56','/C=IT/O=IGI/CN=PETRONILA ALSANDOR','\0',NULL,NULL,3,148),(149,'2017-03-21 17:50:56','/C=IT/O=IGI/CN=TERI GRECH','\0',NULL,NULL,3,149),(150,'2017-03-21 17:50:56','/C=IT/O=IGI/CN=CLINT GOLUB','\0',NULL,NULL,3,150),(151,'2017-03-21 17:50:57','/C=IT/O=IGI/CN=TRULA GROTHAUS','\0',NULL,NULL,3,151),(152,'2017-03-21 17:50:57','/C=IT/O=IGI/CN=TORY BURDEX','\0',NULL,NULL,3,152),(153,'2017-03-21 17:50:58','/C=IT/O=IGI/CN=NELLIE RUSCHE','\0',NULL,NULL,3,153),(154,'2017-03-21 17:50:58','/C=IT/O=IGI/CN=BRENDA ROMON','\0',NULL,NULL,3,154),(155,'2017-03-21 17:50:58','/C=IT/O=IGI/CN=WARREN ZURAWIK','\0',NULL,NULL,3,155),(156,'2017-03-21 17:50:59','/C=IT/O=IGI/CN=JANYCE HOLJE','\0',NULL,NULL,3,156),(157,'2017-03-21 17:50:59','/C=IT/O=IGI/CN=LELIA BUSHNER','\0',NULL,NULL,3,157),(158,'2017-03-21 17:50:59','/C=IT/O=IGI/CN=CHESTER DESUE','\0',NULL,NULL,3,158),(159,'2017-03-21 17:51:00','/C=IT/O=IGI/CN=MELLISSA MAKINEN','\0',NULL,NULL,3,159),(160,'2017-03-21 17:51:00','/C=IT/O=IGI/CN=ADRIAN DACHS','\0',NULL,NULL,3,160),(161,'2017-03-21 17:51:00','/C=IT/O=IGI/CN=WAN COSIER','\0',NULL,NULL,3,161),(162,'2017-03-21 17:51:01','/C=IT/O=IGI/CN=DORATHY CARDON','\0',NULL,NULL,3,162),(163,'2017-03-21 17:51:01','/C=IT/O=IGI/CN=GLYNDA STARN','\0',NULL,NULL,3,163),(164,'2017-03-21 17:51:02','/C=IT/O=IGI/CN=MITCHELL CRIMIN','\0',NULL,NULL,3,164),(165,'2017-03-21 17:51:02','/C=IT/O=IGI/CN=KATHERIN GIRLING','\0',NULL,NULL,3,165),(166,'2017-03-21 17:51:02','/C=IT/O=IGI/CN=ELISHA MANSER','\0',NULL,NULL,3,166),(167,'2017-03-21 17:51:03','/C=IT/O=IGI/CN=ARVILLA BERTELS','\0',NULL,NULL,3,167),(168,'2017-03-21 17:51:03','/C=IT/O=IGI/CN=HANNAH TAMMO','\0',NULL,NULL,3,168),(169,'2017-03-21 17:51:04','/C=IT/O=IGI/CN=RUDOLF STETZ','\0',NULL,NULL,3,169),(170,'2017-03-21 17:51:04','/C=IT/O=IGI/CN=CATHARINE PAYWA','\0',NULL,NULL,3,170),(171,'2017-03-21 17:51:04','/C=IT/O=IGI/CN=CATALINA VANHOOSER','\0',NULL,NULL,3,171),(172,'2017-03-21 17:51:05','/C=IT/O=IGI/CN=NICOLLE VAUTOUR','\0',NULL,NULL,3,172),(173,'2017-03-21 17:51:05','/C=IT/O=IGI/CN=ROSELIA ERDMANN','\0',NULL,NULL,3,173),(174,'2017-03-21 17:51:05','/C=IT/O=IGI/CN=SLYVIA BEADNELL','\0',NULL,NULL,3,174),(175,'2017-03-21 17:51:06','/C=IT/O=IGI/CN=SOLEDAD RAZER','\0',NULL,NULL,3,175),(176,'2017-03-21 17:51:06','/C=IT/O=IGI/CN=MICHALE VRABEL','\0',NULL,NULL,3,176),(177,'2017-03-21 17:51:06','/C=IT/O=IGI/CN=RAMIRO VANGUILDER','\0',NULL,NULL,3,177),(178,'2017-03-21 17:51:07','/C=IT/O=IGI/CN=ISA GALLEHER','\0',NULL,NULL,3,178),(179,'2017-03-21 17:51:08','/C=IT/O=IGI/CN=CHRISTENA STALLEY','\0',NULL,NULL,3,179),(180,'2017-03-21 17:51:08','/C=IT/O=IGI/CN=MARILU NABARRETE','\0',NULL,NULL,3,180),(181,'2017-03-21 17:51:09','/C=IT/O=IGI/CN=MYRIAM CRONQUIST','\0',NULL,NULL,3,181),(182,'2017-03-21 17:51:09','/C=IT/O=IGI/CN=VICTOR VANSLYKE','\0',NULL,NULL,3,182),(183,'2017-03-21 17:51:10','/C=IT/O=IGI/CN=JACKELINE BRITT','\0',NULL,NULL,3,183),(184,'2017-03-21 17:51:10','/C=IT/O=IGI/CN=KEVIN SWOPE','\0',NULL,NULL,3,184),(185,'2017-03-21 17:51:11','/C=IT/O=IGI/CN=EMERITA SWICEGOOD','\0',NULL,NULL,3,185),(186,'2017-03-21 17:51:11','/C=IT/O=IGI/CN=FANNIE BUGNI','\0',NULL,NULL,3,186),(187,'2017-03-21 17:51:11','/C=IT/O=IGI/CN=TERESA SKRETOWICZ','\0',NULL,NULL,3,187),(188,'2017-03-21 17:51:12','/C=IT/O=IGI/CN=LASANDRA KHN','\0',NULL,NULL,3,188),(189,'2017-03-21 17:51:12','/C=IT/O=IGI/CN=KARIE MCVINNEY','\0',NULL,NULL,3,189),(190,'2017-03-21 17:51:12','/C=IT/O=IGI/CN=CRYSTLE HASSEL','\0',NULL,NULL,3,190),(191,'2017-03-21 17:51:13','/C=IT/O=IGI/CN=WILLIAN GREAM','\0',NULL,NULL,3,191),(192,'2017-03-21 17:51:13','/C=IT/O=IGI/CN=MILDRED WOJTAS','\0',NULL,NULL,3,192),(193,'2017-03-21 17:51:14','/C=IT/O=IGI/CN=ALISON HUBERTY','\0',NULL,NULL,3,193),(194,'2017-03-21 17:51:14','/C=IT/O=IGI/CN=DELFINA MCGARR','\0',NULL,NULL,3,194),(195,'2017-03-21 17:51:15','/C=IT/O=IGI/CN=CUC PIZZO','\0',NULL,NULL,3,195),(196,'2017-03-21 17:51:15','/C=IT/O=IGI/CN=DAKOTA BILLINGSLY','\0',NULL,NULL,3,196),(197,'2017-03-21 17:51:15','/C=IT/O=IGI/CN=NAM GUEVANA','\0',NULL,NULL,3,197),(198,'2017-03-21 17:51:16','/C=IT/O=IGI/CN=HYE HOGGAN','\0',NULL,NULL,3,198),(199,'2017-03-21 17:51:16','/C=IT/O=IGI/CN=ELFRIEDE BUETI','\0',NULL,NULL,3,199),(200,'2017-03-21 17:51:16','/C=IT/O=IGI/CN=HIRAM LAMPMAN','\0',NULL,NULL,3,200); +/*!40000 ALTER TABLE `certificate` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `certificate_request` +-- + +DROP TABLE IF EXISTS `certificate_request`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `certificate_request` ( + `certificate` tinyblob, + `certificateIssuer` varchar(255) NOT NULL, + `certificateSubject` varchar(255) NOT NULL, + `request_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + KEY `FK47CA53E7D75D60A4` (`request_id`), + CONSTRAINT `FK47CA53E7D75D60A4` FOREIGN KEY (`request_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `certificate_request` +-- + +LOCK TABLES `certificate_request` WRITE; +/*!40000 ALTER TABLE `certificate_request` DISABLE KEYS */; +/*!40000 ALTER TABLE `certificate_request` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `group_attrs` +-- + +DROP TABLE IF EXISTS `group_attrs`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `group_attrs` ( + `a_id` bigint(20) NOT NULL, + `g_id` bigint(20) NOT NULL, + `a_value` varchar(255) DEFAULT NULL, + PRIMARY KEY (`a_id`,`g_id`), + KEY `FK40B1A2E2DEFC581C` (`g_id`), + KEY `FK40B1A2E2566C2A8F` (`a_id`), + CONSTRAINT `FK40B1A2E2566C2A8F` FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`), + CONSTRAINT `FK40B1A2E2DEFC581C` FOREIGN KEY (`g_id`) REFERENCES `groups` (`gid`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `group_attrs` +-- + +LOCK TABLES `group_attrs` WRITE; +/*!40000 ALTER TABLE `group_attrs` DISABLE KEYS */; +INSERT INTO `group_attrs` VALUES (3,2,'g_1'),(3,3,'g_2'),(3,4,'g_3'),(3,5,'g_4'),(3,6,'g_5'),(3,7,'g_6'),(3,8,'g_7'),(3,9,'g_8'),(3,10,'g_9'),(3,11,'g_10'); +/*!40000 ALTER TABLE `group_attrs` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `group_membership_req` +-- + +DROP TABLE IF EXISTS `group_membership_req`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `group_membership_req` ( + `groupName` varchar(255) NOT NULL, + `request_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + KEY `FKBD145E75D75D60A4` (`request_id`), + CONSTRAINT `FKBD145E75D75D60A4` FOREIGN KEY (`request_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `group_membership_req` +-- + +LOCK TABLES `group_membership_req` WRITE; +/*!40000 ALTER TABLE `group_membership_req` DISABLE KEYS */; +/*!40000 ALTER TABLE `group_membership_req` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `groups` +-- + +DROP TABLE IF EXISTS `groups`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `groups` ( + `gid` bigint(20) NOT NULL AUTO_INCREMENT, + `dn` varchar(255) NOT NULL, + `description` varchar(255) DEFAULT NULL, + `parent` bigint(20) DEFAULT NULL, + `must` bit(1) NOT NULL, + `restricted` bit(1) DEFAULT NULL, + PRIMARY KEY (`gid`), + UNIQUE KEY `dn` (`dn`), + KEY `FKB63DD9D4A3771CD3` (`parent`), + CONSTRAINT `FKB63DD9D4A3771CD3` FOREIGN KEY (`parent`) REFERENCES `groups` (`gid`) +) ENGINE=InnoDB AUTO_INCREMENT=41 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `groups` +-- + +LOCK TABLES `groups` WRITE; +/*!40000 ALTER TABLE `groups` DISABLE KEYS */; +INSERT INTO `groups` VALUES (1,'/test_0',NULL,1,'',NULL),(2,'/test_0/g_1',NULL,1,'',NULL),(3,'/test_0/g_2',NULL,1,'',NULL),(4,'/test_0/g_3',NULL,1,'',NULL),(5,'/test_0/g_4',NULL,1,'',NULL),(6,'/test_0/g_5',NULL,1,'',NULL),(7,'/test_0/g_6',NULL,1,'',NULL),(8,'/test_0/g_7',NULL,1,'',NULL),(9,'/test_0/g_8',NULL,1,'',NULL),(10,'/test_0/g_9',NULL,1,'',NULL),(11,'/test_0/g_10',NULL,1,'',NULL),(12,'/test_0/g_11',NULL,1,'',NULL),(13,'/test_0/g_12',NULL,1,'',NULL),(14,'/test_0/g_13',NULL,1,'',NULL),(15,'/test_0/g_14',NULL,1,'',NULL),(16,'/test_0/g_15',NULL,1,'',NULL),(17,'/test_0/g_16',NULL,1,'',NULL),(18,'/test_0/g_17',NULL,1,'',NULL),(19,'/test_0/g_18',NULL,1,'',NULL),(20,'/test_0/g_19',NULL,1,'',NULL),(21,'/test_0/g_20',NULL,1,'',NULL),(22,'/test_0/g_21',NULL,1,'',NULL),(23,'/test_0/g_22',NULL,1,'',NULL),(24,'/test_0/g_23',NULL,1,'',NULL),(25,'/test_0/g_24',NULL,1,'',NULL),(26,'/test_0/g_25',NULL,1,'',NULL),(27,'/test_0/g_26',NULL,1,'',NULL),(28,'/test_0/g_27',NULL,1,'',NULL),(29,'/test_0/g_28',NULL,1,'',NULL),(30,'/test_0/g_29',NULL,1,'',NULL),(31,'/test_0/g_30',NULL,1,'',NULL),(32,'/test_0/g_31',NULL,1,'',NULL),(33,'/test_0/g_32',NULL,1,'',NULL),(34,'/test_0/g_33',NULL,1,'',NULL),(35,'/test_0/g_34',NULL,1,'',NULL),(36,'/test_0/g_35',NULL,1,'',NULL),(37,'/test_0/g_36',NULL,1,'',NULL),(38,'/test_0/g_37',NULL,1,'',NULL),(39,'/test_0/g_38',NULL,1,'',NULL),(40,'/test_0/g_39',NULL,1,'',NULL); +/*!40000 ALTER TABLE `groups` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `m` +-- + +DROP TABLE IF EXISTS `m`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `m` ( + `mapping_id` bigint(20) NOT NULL AUTO_INCREMENT, + `gid` bigint(20) NOT NULL, + `rid` bigint(20) DEFAULT NULL, + `userid` bigint(20) NOT NULL, + PRIMARY KEY (`mapping_id`), + UNIQUE KEY `gid` (`gid`,`rid`,`userid`), + KEY `fk_m_groups` (`gid`), + KEY `fk_m_roles` (`rid`), + KEY `fk_m_usr` (`userid`), + CONSTRAINT `fk_m_groups` FOREIGN KEY (`gid`) REFERENCES `groups` (`gid`) ON DELETE CASCADE, + CONSTRAINT `fk_m_roles` FOREIGN KEY (`rid`) REFERENCES `roles` (`rid`) ON DELETE CASCADE, + CONSTRAINT `fk_m_usr` FOREIGN KEY (`userid`) REFERENCES `usr` (`userid`) +) ENGINE=InnoDB AUTO_INCREMENT=313 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `m` +-- + +LOCK TABLES `m` WRITE; +/*!40000 ALTER TABLE `m` DISABLE KEYS */; +INSERT INTO `m` VALUES (1,1,NULL,1),(2,1,NULL,2),(3,1,NULL,3),(4,1,NULL,4),(5,1,NULL,5),(6,1,NULL,6),(7,1,NULL,7),(8,1,NULL,8),(9,1,NULL,9),(10,1,NULL,10),(11,1,NULL,11),(12,1,NULL,12),(13,1,NULL,13),(14,1,NULL,14),(15,1,NULL,15),(16,1,NULL,16),(17,1,NULL,17),(18,1,NULL,18),(19,1,NULL,19),(20,1,NULL,20),(21,1,NULL,21),(22,1,NULL,22),(23,1,NULL,23),(24,1,NULL,24),(25,1,NULL,25),(26,1,NULL,26),(27,1,NULL,27),(28,1,NULL,28),(29,1,NULL,29),(30,1,NULL,30),(31,1,NULL,31),(32,1,NULL,32),(33,1,NULL,33),(34,1,NULL,34),(35,1,NULL,35),(36,1,NULL,36),(37,1,NULL,37),(38,1,NULL,38),(39,1,NULL,39),(40,1,NULL,40),(41,1,NULL,41),(42,1,NULL,42),(43,1,NULL,43),(44,1,NULL,44),(45,1,NULL,45),(46,1,NULL,46),(47,1,NULL,47),(48,1,NULL,48),(49,1,NULL,49),(50,1,NULL,50),(51,1,NULL,51),(52,1,NULL,52),(53,1,NULL,53),(54,1,NULL,54),(55,1,NULL,55),(56,1,NULL,56),(57,1,NULL,57),(58,1,NULL,58),(59,1,NULL,59),(60,1,NULL,60),(61,1,NULL,61),(62,1,NULL,62),(63,1,NULL,63),(64,1,NULL,64),(65,1,NULL,65),(66,1,NULL,66),(67,1,NULL,67),(68,1,NULL,68),(69,1,NULL,69),(70,1,NULL,70),(71,1,NULL,71),(72,1,NULL,72),(73,1,NULL,73),(74,1,NULL,74),(75,1,NULL,75),(76,1,NULL,76),(77,1,NULL,77),(78,1,NULL,78),(79,1,NULL,79),(80,1,NULL,80),(81,1,NULL,81),(82,1,NULL,82),(83,1,NULL,83),(84,1,NULL,84),(85,1,NULL,85),(86,1,NULL,86),(87,1,NULL,87),(88,1,NULL,88),(89,1,NULL,89),(90,1,NULL,90),(91,1,NULL,91),(92,1,NULL,92),(93,1,NULL,93),(94,1,NULL,94),(95,1,NULL,95),(96,1,NULL,96),(97,1,NULL,97),(98,1,NULL,98),(99,1,NULL,99),(100,1,NULL,100),(101,1,NULL,101),(102,1,NULL,102),(103,1,NULL,103),(104,1,NULL,104),(105,1,NULL,105),(106,1,NULL,106),(107,1,NULL,107),(108,1,NULL,108),(109,1,NULL,109),(110,1,NULL,110),(111,1,NULL,111),(112,1,NULL,112),(113,1,NULL,113),(114,1,NULL,114),(115,1,NULL,115),(116,1,NULL,116),(117,1,NULL,117),(118,1,NULL,118),(119,1,NULL,119),(120,1,NULL,120),(121,1,NULL,121),(122,1,NULL,122),(123,1,NULL,123),(124,1,NULL,124),(125,1,NULL,125),(126,1,NULL,126),(127,1,NULL,127),(128,1,NULL,128),(129,1,NULL,129),(130,1,NULL,130),(131,1,NULL,131),(132,1,NULL,132),(133,1,NULL,133),(134,1,NULL,134),(135,1,NULL,135),(136,1,NULL,136),(137,1,NULL,137),(138,1,NULL,138),(139,1,NULL,139),(140,1,NULL,140),(141,1,NULL,141),(142,1,NULL,142),(143,1,NULL,143),(144,1,NULL,144),(145,1,NULL,145),(146,1,NULL,146),(147,1,NULL,147),(148,1,NULL,148),(149,1,NULL,149),(150,1,NULL,150),(151,1,NULL,151),(152,1,NULL,152),(153,1,NULL,153),(154,1,NULL,154),(155,1,NULL,155),(156,1,NULL,156),(157,1,NULL,157),(158,1,NULL,158),(159,1,NULL,159),(160,1,NULL,160),(161,1,NULL,161),(162,1,NULL,162),(163,1,NULL,163),(164,1,NULL,164),(165,1,NULL,165),(166,1,NULL,166),(167,1,NULL,167),(168,1,NULL,168),(169,1,NULL,169),(170,1,NULL,170),(171,1,NULL,171),(172,1,NULL,172),(173,1,NULL,173),(174,1,NULL,174),(175,1,NULL,175),(176,1,NULL,176),(177,1,NULL,177),(178,1,NULL,178),(179,1,NULL,179),(180,1,NULL,180),(181,1,NULL,181),(182,1,NULL,182),(183,1,NULL,183),(184,1,NULL,184),(185,1,NULL,185),(186,1,NULL,186),(187,1,NULL,187),(188,1,NULL,188),(189,1,NULL,189),(190,1,NULL,190),(191,1,NULL,191),(192,1,NULL,192),(193,1,NULL,193),(194,1,NULL,194),(195,1,NULL,195),(196,1,NULL,196),(197,1,NULL,197),(198,1,NULL,198),(199,1,NULL,199),(200,1,NULL,200),(302,1,1,100),(303,1,1,101),(304,1,1,102),(305,1,1,103),(306,1,1,104),(307,1,1,105),(308,1,1,106),(309,1,1,107),(310,1,1,108),(311,1,1,109),(312,1,1,110),(201,2,NULL,1),(202,2,NULL,2),(203,2,NULL,3),(204,2,NULL,4),(205,2,NULL,5),(206,2,NULL,6),(207,2,NULL,7),(208,2,NULL,8),(209,2,NULL,9),(210,2,NULL,10),(211,2,NULL,11),(212,2,NULL,12),(213,2,NULL,13),(214,2,NULL,14),(215,2,NULL,15),(216,2,NULL,16),(217,2,NULL,17),(218,2,NULL,18),(219,2,NULL,19),(220,2,NULL,20),(221,2,NULL,21),(222,2,NULL,22),(223,2,NULL,23),(224,2,NULL,24),(225,2,NULL,25),(226,2,NULL,26),(227,2,NULL,27),(228,2,NULL,28),(229,2,NULL,29),(230,2,NULL,30),(231,3,NULL,30),(232,3,NULL,31),(233,3,NULL,32),(234,3,NULL,33),(235,3,NULL,34),(236,3,NULL,35),(237,3,NULL,36),(238,3,NULL,37),(239,3,NULL,38),(240,3,NULL,39),(241,3,NULL,40),(242,3,NULL,41),(243,3,NULL,42),(244,3,NULL,43),(245,3,NULL,44),(246,3,NULL,45),(247,3,NULL,46),(248,3,NULL,47),(249,3,NULL,48),(250,3,NULL,49),(251,3,NULL,50),(252,3,NULL,51),(253,3,NULL,52),(254,3,NULL,53),(255,3,NULL,54),(256,3,NULL,55),(257,3,NULL,56),(258,3,NULL,57),(259,3,NULL,58),(260,3,NULL,59),(261,3,NULL,60),(262,3,NULL,61),(263,3,NULL,62),(264,3,NULL,63),(265,3,NULL,64),(266,3,NULL,65),(267,3,NULL,66),(268,3,NULL,67),(269,3,NULL,68),(270,3,NULL,69),(271,3,NULL,70),(272,3,NULL,71),(273,3,NULL,72),(274,3,NULL,73),(275,3,NULL,74),(276,3,NULL,75),(277,3,NULL,76),(278,3,NULL,77),(279,3,NULL,78),(280,3,NULL,79),(281,3,NULL,80),(282,3,NULL,81),(283,3,NULL,82),(284,3,NULL,83),(285,3,NULL,84),(286,3,NULL,85),(287,3,NULL,86),(288,3,NULL,87),(289,3,NULL,88),(290,3,NULL,89),(291,3,NULL,90),(292,3,NULL,91),(293,3,NULL,92),(294,3,NULL,93),(295,3,NULL,94),(296,3,NULL,95),(297,3,NULL,96),(298,3,NULL,97),(299,3,NULL,98),(300,3,NULL,99),(301,3,NULL,100); +/*!40000 ALTER TABLE `m` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `managers` +-- + +DROP TABLE IF EXISTS `managers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `managers` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `description` varchar(255) NOT NULL, + `email_address` varchar(255) NOT NULL, + `name` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `name` (`name`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `managers` +-- + +LOCK TABLES `managers` WRITE; +/*!40000 ALTER TABLE `managers` DISABLE KEYS */; +/*!40000 ALTER TABLE `managers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `managers_groups` +-- + +DROP TABLE IF EXISTS `managers_groups`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `managers_groups` ( + `manager_id` bigint(20) NOT NULL, + `group_id` bigint(20) NOT NULL, + PRIMARY KEY (`manager_id`,`group_id`), + KEY `FK8F5E11CDFCFA8B04` (`group_id`), + KEY `FK8F5E11CDABC81A12` (`manager_id`), + CONSTRAINT `FK8F5E11CDABC81A12` FOREIGN KEY (`manager_id`) REFERENCES `managers` (`id`), + CONSTRAINT `FK8F5E11CDFCFA8B04` FOREIGN KEY (`group_id`) REFERENCES `groups` (`gid`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `managers_groups` +-- + +LOCK TABLES `managers_groups` WRITE; +/*!40000 ALTER TABLE `managers_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `managers_groups` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `membership_rem_req` +-- + +DROP TABLE IF EXISTS `membership_rem_req`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `membership_rem_req` ( + `reason` varchar(255) NOT NULL, + `request_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + KEY `FK1877BC10D75D60A4` (`request_id`), + CONSTRAINT `FK1877BC10D75D60A4` FOREIGN KEY (`request_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `membership_rem_req` +-- + +LOCK TABLES `membership_rem_req` WRITE; +/*!40000 ALTER TABLE `membership_rem_req` DISABLE KEYS */; +/*!40000 ALTER TABLE `membership_rem_req` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `periodic_notifications` +-- + +DROP TABLE IF EXISTS `periodic_notifications`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `periodic_notifications` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `lastNotificationTime` datetime NOT NULL, + `notificationType` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `notificationType` (`notificationType`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `periodic_notifications` +-- + +LOCK TABLES `periodic_notifications` WRITE; +/*!40000 ALTER TABLE `periodic_notifications` DISABLE KEYS */; +/*!40000 ALTER TABLE `periodic_notifications` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `personal_info` +-- + +DROP TABLE IF EXISTS `personal_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `personal_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `value` varchar(255) DEFAULT NULL, + `visible` bit(1) DEFAULT NULL, + `personal_info_type_id` bigint(20) NOT NULL, + PRIMARY KEY (`id`), + KEY `FK229FDF4DA8D3C6BC` (`personal_info_type_id`), + CONSTRAINT `FK229FDF4DA8D3C6BC` FOREIGN KEY (`personal_info_type_id`) REFERENCES `personal_info_type` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `personal_info` +-- + +LOCK TABLES `personal_info` WRITE; +/*!40000 ALTER TABLE `personal_info` DISABLE KEYS */; +/*!40000 ALTER TABLE `personal_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `personal_info_type` +-- + +DROP TABLE IF EXISTS `personal_info_type`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `personal_info_type` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `description` varchar(255) DEFAULT NULL, + `type` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `type` (`type`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `personal_info_type` +-- + +LOCK TABLES `personal_info_type` WRITE; +/*!40000 ALTER TABLE `personal_info_type` DISABLE KEYS */; +/*!40000 ALTER TABLE `personal_info_type` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `req` +-- + +DROP TABLE IF EXISTS `req`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `req` ( + `request_id` bigint(20) NOT NULL AUTO_INCREMENT, + `approver_ca` varchar(255) DEFAULT NULL, + `approver_dn` varchar(255) DEFAULT NULL, + `completionDate` datetime DEFAULT NULL, + `creationDate` datetime DEFAULT NULL, + `expirationDate` datetime DEFAULT NULL, + `status` varchar(255) NOT NULL, + `requester_info_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + UNIQUE KEY `requester_info_id` (`requester_info_id`), + KEY `FK1B89EC37E889D` (`requester_info_id`), + CONSTRAINT `FK1B89EC37E889D` FOREIGN KEY (`requester_info_id`) REFERENCES `requester_info` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `req` +-- + +LOCK TABLES `req` WRITE; +/*!40000 ALTER TABLE `req` DISABLE KEYS */; +/*!40000 ALTER TABLE `req` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `requester_info` +-- + +DROP TABLE IF EXISTS `requester_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `requester_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `address` varchar(255) DEFAULT NULL, + `certificateIssuer` varchar(255) NOT NULL, + `certificateSubject` varchar(255) NOT NULL, + `emailAddress` varchar(255) NOT NULL, + `institution` varchar(255) DEFAULT NULL, + `name` varchar(255) DEFAULT NULL, + `phoneNumber` varchar(255) DEFAULT NULL, + `surname` varchar(255) DEFAULT NULL, + `voMember` bit(1) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `requester_info` +-- + +LOCK TABLES `requester_info` WRITE; +/*!40000 ALTER TABLE `requester_info` DISABLE KEYS */; +/*!40000 ALTER TABLE `requester_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `requester_personal_info` +-- + +DROP TABLE IF EXISTS `requester_personal_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `requester_personal_info` ( + `requester_id` bigint(20) NOT NULL, + `pi_value` varchar(255) DEFAULT NULL, + `pi_key` varchar(255) NOT NULL, + PRIMARY KEY (`requester_id`,`pi_key`), + KEY `FK7E3D7FCAD500B8D2` (`requester_id`), + CONSTRAINT `FK7E3D7FCAD500B8D2` FOREIGN KEY (`requester_id`) REFERENCES `requester_info` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `requester_personal_info` +-- + +LOCK TABLES `requester_personal_info` WRITE; +/*!40000 ALTER TABLE `requester_personal_info` DISABLE KEYS */; +/*!40000 ALTER TABLE `requester_personal_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `role_attrs` +-- + +DROP TABLE IF EXISTS `role_attrs`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `role_attrs` ( + `a_id` bigint(20) NOT NULL, + `g_id` bigint(20) NOT NULL, + `r_id` bigint(20) NOT NULL, + `a_value` varchar(255) DEFAULT NULL, + PRIMARY KEY (`a_id`,`g_id`,`r_id`), + KEY `FK6BDE9799DEFC581C` (`g_id`), + KEY `FK6BDE9799566C2A8F` (`a_id`), + KEY `FK6BDE979920304994` (`r_id`), + CONSTRAINT `FK6BDE979920304994` FOREIGN KEY (`r_id`) REFERENCES `roles` (`rid`) ON DELETE CASCADE, + CONSTRAINT `FK6BDE9799566C2A8F` FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`), + CONSTRAINT `FK6BDE9799DEFC581C` FOREIGN KEY (`g_id`) REFERENCES `groups` (`gid`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `role_attrs` +-- + +LOCK TABLES `role_attrs` WRITE; +/*!40000 ALTER TABLE `role_attrs` DISABLE KEYS */; +INSERT INTO `role_attrs` VALUES (2,2,1,'g_1 in VO-Admin'),(2,3,1,'g_2 in VO-Admin'),(2,4,1,'g_3 in VO-Admin'),(2,5,1,'g_4 in VO-Admin'),(2,6,1,'g_5 in VO-Admin'),(2,7,1,'g_6 in VO-Admin'),(2,8,1,'g_7 in VO-Admin'),(2,9,1,'g_8 in VO-Admin'),(2,10,1,'g_9 in VO-Admin'),(2,11,1,'g_10 in VO-Admin'); +/*!40000 ALTER TABLE `role_attrs` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `role_membership_req` +-- + +DROP TABLE IF EXISTS `role_membership_req`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `role_membership_req` ( + `groupName` varchar(255) DEFAULT NULL, + `roleName` varchar(255) DEFAULT NULL, + `request_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + KEY `FK3B9C79ED75D60A4` (`request_id`), + CONSTRAINT `FK3B9C79ED75D60A4` FOREIGN KEY (`request_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `role_membership_req` +-- + +LOCK TABLES `role_membership_req` WRITE; +/*!40000 ALTER TABLE `role_membership_req` DISABLE KEYS */; +/*!40000 ALTER TABLE `role_membership_req` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `roles` +-- + +DROP TABLE IF EXISTS `roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `roles` ( + `rid` bigint(20) NOT NULL AUTO_INCREMENT, + `role` varchar(255) NOT NULL, + PRIMARY KEY (`rid`), + UNIQUE KEY `role` (`role`) +) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `roles` +-- + +LOCK TABLES `roles` WRITE; +/*!40000 ALTER TABLE `roles` DISABLE KEYS */; +INSERT INTO `roles` VALUES (2,'r_1'),(3,'r_2'),(4,'r_3'),(5,'r_4'),(6,'r_5'),(7,'r_6'),(8,'r_7'),(9,'r_8'),(10,'r_9'),(1,'VO-Admin'); +/*!40000 ALTER TABLE `roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `sign_aup_task` +-- + +DROP TABLE IF EXISTS `sign_aup_task`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `sign_aup_task` ( + `task_id` bigint(20) NOT NULL, + `aup_id` bigint(20) NOT NULL, + PRIMARY KEY (`task_id`), + KEY `FK7FCB416ADA1C6363` (`aup_id`), + KEY `FK7FCB416A32B8C70C` (`task_id`), + CONSTRAINT `FK7FCB416A32B8C70C` FOREIGN KEY (`task_id`) REFERENCES `task` (`task_id`), + CONSTRAINT `FK7FCB416ADA1C6363` FOREIGN KEY (`aup_id`) REFERENCES `aup` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `sign_aup_task` +-- + +LOCK TABLES `sign_aup_task` WRITE; +/*!40000 ALTER TABLE `sign_aup_task` DISABLE KEYS */; +/*!40000 ALTER TABLE `sign_aup_task` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `task` +-- + +DROP TABLE IF EXISTS `task`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `task` ( + `task_id` bigint(20) NOT NULL AUTO_INCREMENT, + `completionDate` datetime DEFAULT NULL, + `creationDate` datetime DEFAULT NULL, + `expiryDate` datetime DEFAULT NULL, + `status` varchar(255) NOT NULL, + `admin_id` bigint(20) DEFAULT NULL, + `task_type_id` bigint(20) NOT NULL, + `usr_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`task_id`), + KEY `FK3635859AD54C57` (`task_type_id`), + KEY `FK363585EE2D4487` (`usr_id`), + KEY `FK363585A4AD9904` (`admin_id`), + CONSTRAINT `FK3635859AD54C57` FOREIGN KEY (`task_type_id`) REFERENCES `task_type` (`id`), + CONSTRAINT `FK363585A4AD9904` FOREIGN KEY (`admin_id`) REFERENCES `admins` (`adminid`), + CONSTRAINT `FK363585EE2D4487` FOREIGN KEY (`usr_id`) REFERENCES `usr` (`userid`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `task` +-- + +LOCK TABLES `task` WRITE; +/*!40000 ALTER TABLE `task` DISABLE KEYS */; +/*!40000 ALTER TABLE `task` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `task_log_record` +-- + +DROP TABLE IF EXISTS `task_log_record`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `task_log_record` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `adminDn` varchar(255) DEFAULT NULL, + `creation_time` datetime NOT NULL, + `event` varchar(255) NOT NULL, + `userDn` varchar(255) DEFAULT NULL, + `task_id` bigint(20) NOT NULL, + PRIMARY KEY (`id`), + KEY `FK77673CA632B8C70C` (`task_id`), + CONSTRAINT `FK77673CA632B8C70C` FOREIGN KEY (`task_id`) REFERENCES `task` (`task_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `task_log_record` +-- + +LOCK TABLES `task_log_record` WRITE; +/*!40000 ALTER TABLE `task_log_record` DISABLE KEYS */; +/*!40000 ALTER TABLE `task_log_record` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `task_type` +-- + +DROP TABLE IF EXISTS `task_type`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `task_type` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `description` varchar(255) DEFAULT NULL, + `name` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `name` (`name`) +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `task_type` +-- + +LOCK TABLES `task_type` WRITE; +/*!40000 ALTER TABLE `task_type` DISABLE KEYS */; +INSERT INTO `task_type` VALUES (1,'Tasks of this type are assigned to users that need to sign, or resign an AUP.','SignAUPTask'),(2,'Tasks of this type are assigned to VO admins that need to approve users\' requests.','ApproveUserRequestTask'); +/*!40000 ALTER TABLE `task_type` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `user_request_task` +-- + +DROP TABLE IF EXISTS `user_request_task`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `user_request_task` ( + `task_id` bigint(20) NOT NULL, + `req_id` bigint(20) NOT NULL, + PRIMARY KEY (`task_id`), + KEY `FKACB7D299D73AC35` (`req_id`), + KEY `FKACB7D2932B8C70C` (`task_id`), + CONSTRAINT `FKACB7D2932B8C70C` FOREIGN KEY (`task_id`) REFERENCES `task` (`task_id`), + CONSTRAINT `FKACB7D299D73AC35` FOREIGN KEY (`req_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `user_request_task` +-- + +LOCK TABLES `user_request_task` WRITE; +/*!40000 ALTER TABLE `user_request_task` DISABLE KEYS */; +/*!40000 ALTER TABLE `user_request_task` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `usr` +-- + +DROP TABLE IF EXISTS `usr`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `usr` ( + `userid` bigint(20) NOT NULL AUTO_INCREMENT, + `address` varchar(255) DEFAULT NULL, + `creation_time` datetime NOT NULL, + `dn` varchar(255) DEFAULT NULL, + `email_address` varchar(255) NOT NULL, + `end_time` datetime NOT NULL, + `institution` varchar(255) DEFAULT NULL, + `name` varchar(255) DEFAULT NULL, + `phone_number` varchar(255) DEFAULT NULL, + `surname` varchar(255) DEFAULT NULL, + `suspended` bit(1) DEFAULT NULL, + `suspension_reason` varchar(255) DEFAULT NULL, + `suspension_reason_code` varchar(255) DEFAULT NULL, + `ca` smallint(6) DEFAULT NULL, + PRIMARY KEY (`userid`), + KEY `FK1C5947C6FEB32` (`ca`), + CONSTRAINT `FK1C5947C6FEB32` FOREIGN KEY (`ca`) REFERENCES `ca` (`cid`) +) ENGINE=InnoDB AUTO_INCREMENT=201 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `usr` +-- + +LOCK TABLES `usr` WRITE; +/*!40000 ALTER TABLE `usr` DISABLE KEYS */; +INSERT INTO `usr` VALUES (1,'(some address)','2017-03-21 17:49:50','/C=IT/O=IGI/CN=CONRAD BASSETTE','CONRAD.BASSETTE.1@voms.test.io','2018-03-21 17:49:50','CNAF - Italian National Center for Research and Development (CNAF)','CONRAD',NULL,'BASSETTE','\0',NULL,NULL,NULL),(2,'(some address)','2017-03-21 17:49:50','/C=IT/O=IGI/CN=MICHAELA MCPHERREN','MICHAELA.MCPHERREN.2@voms.test.io','2018-03-21 17:49:50','CNAF - Italian National Center for Research and Development (CNAF)','MICHAELA',NULL,'MCPHERREN','\0',NULL,NULL,NULL),(3,'(some address)','2017-03-21 17:49:51','/C=IT/O=IGI/CN=TINY KABLER','TINY.KABLER.3@voms.test.io','2018-03-21 17:49:51','CNAF - Italian National Center for Research and Development (CNAF)','TINY',NULL,'KABLER','\0',NULL,NULL,NULL),(4,'(some address)','2017-03-21 17:49:52','/C=IT/O=IGI/CN=HAI JACOBOVITS','HAI.JACOBOVITS.4@voms.test.io','2018-03-21 17:49:52','CNAF - Italian National Center for Research and Development (CNAF)','HAI',NULL,'JACOBOVITS','\0',NULL,NULL,NULL),(5,'(some address)','2017-03-21 17:49:52','/C=IT/O=IGI/CN=MCKENZIE DELANG','MCKENZIE.DELANG.5@voms.test.io','2018-03-21 17:49:52','CNAF - Italian National Center for Research and Development (CNAF)','MCKENZIE',NULL,'DELANG','\0',NULL,NULL,NULL),(6,'(some address)','2017-03-21 17:49:53','/C=IT/O=IGI/CN=CECILY ANDERTON','CECILY.ANDERTON.6@voms.test.io','2018-03-21 17:49:53','CNAF - Italian National Center for Research and Development (CNAF)','CECILY',NULL,'ANDERTON','\0',NULL,NULL,NULL),(7,'(some address)','2017-03-21 17:49:53','/C=IT/O=IGI/CN=LATESHA SPINOZA','LATESHA.SPINOZA.7@voms.test.io','2018-03-21 17:49:53','CNAF - Italian National Center for Research and Development (CNAF)','LATESHA',NULL,'SPINOZA','\0',NULL,NULL,NULL),(8,'(some address)','2017-03-21 17:49:54','/C=IT/O=IGI/CN=SHAQUANA KONON','SHAQUANA.KONON.8@voms.test.io','2018-03-21 17:49:54','CNAF - Italian National Center for Research and Development (CNAF)','SHAQUANA',NULL,'KONON','\0',NULL,NULL,NULL),(9,'(some address)','2017-03-21 17:49:55','/C=IT/O=IGI/CN=DANNIE WALSH','DANNIE.WALSH.9@voms.test.io','2018-03-21 17:49:55','CNAF - Italian National Center for Research and Development (CNAF)','DANNIE',NULL,'WALSH','\0',NULL,NULL,NULL),(10,'(some address)','2017-03-21 17:49:55','/C=IT/O=IGI/CN=EUNICE ORLEANS','EUNICE.ORLEANS.10@voms.test.io','2018-03-21 17:49:55','CNAF - Italian National Center for Research and Development (CNAF)','EUNICE',NULL,'ORLEANS','\0',NULL,NULL,NULL),(11,'(some address)','2017-03-21 17:49:55','/C=IT/O=IGI/CN=LAHOMA PRESTINO','LAHOMA.PRESTINO.11@voms.test.io','2018-03-21 17:49:55','CNAF - Italian National Center for Research and Development (CNAF)','LAHOMA',NULL,'PRESTINO','\0',NULL,NULL,NULL),(12,'(some address)','2017-03-21 17:49:56','/C=IT/O=IGI/CN=DOREEN BOURDEAU','DOREEN.BOURDEAU.12@voms.test.io','2018-03-21 17:49:56','CNAF - Italian National Center for Research and Development (CNAF)','DOREEN',NULL,'BOURDEAU','\0',NULL,NULL,NULL),(13,'(some address)','2017-03-21 17:49:56','/C=IT/O=IGI/CN=WAI PINKERTON','WAI.PINKERTON.13@voms.test.io','2018-03-21 17:49:56','CNAF - Italian National Center for Research and Development (CNAF)','WAI',NULL,'PINKERTON','\0',NULL,NULL,NULL),(14,'(some address)','2017-03-21 17:49:57','/C=IT/O=IGI/CN=KACY COLLICA','KACY.COLLICA.14@voms.test.io','2018-03-21 17:49:57','CNAF - Italian National Center for Research and Development (CNAF)','KACY',NULL,'COLLICA','\0',NULL,NULL,NULL),(15,'(some address)','2017-03-21 17:49:57','/C=IT/O=IGI/CN=ADINA PIERETTI','ADINA.PIERETTI.15@voms.test.io','2018-03-21 17:49:57','CNAF - Italian National Center for Research and Development (CNAF)','ADINA',NULL,'PIERETTI','\0',NULL,NULL,NULL),(16,'(some address)','2017-03-21 17:49:57','/C=IT/O=IGI/CN=ANTHONY ELNICKI','ANTHONY.ELNICKI.16@voms.test.io','2018-03-21 17:49:57','CNAF - Italian National Center for Research and Development (CNAF)','ANTHONY',NULL,'ELNICKI','\0',NULL,NULL,NULL),(17,'(some address)','2017-03-21 17:49:58','/C=IT/O=IGI/CN=ERIC RADWAN','ERIC.RADWAN.17@voms.test.io','2018-03-21 17:49:58','CNAF - Italian National Center for Research and Development (CNAF)','ERIC',NULL,'RADWAN','\0',NULL,NULL,NULL),(18,'(some address)','2017-03-21 17:49:58','/C=IT/O=IGI/CN=MARX DALMATA','MARX.DALMATA.18@voms.test.io','2018-03-21 17:49:58','CNAF - Italian National Center for Research and Development (CNAF)','MARX',NULL,'DALMATA','\0',NULL,NULL,NULL),(19,'(some address)','2017-03-21 17:49:59','/C=IT/O=IGI/CN=MADALINE SHERROD','MADALINE.SHERROD.19@voms.test.io','2018-03-21 17:49:59','CNAF - Italian National Center for Research and Development (CNAF)','MADALINE',NULL,'SHERROD','\0',NULL,NULL,NULL),(20,'(some address)','2017-03-21 17:49:59','/C=IT/O=IGI/CN=ABEL BURBACK','ABEL.BURBACK.20@voms.test.io','2018-03-21 17:49:59','CNAF - Italian National Center for Research and Development (CNAF)','ABEL',NULL,'BURBACK','\0',NULL,NULL,NULL),(21,'(some address)','2017-03-21 17:50:00','/C=IT/O=IGI/CN=CALLIE NAGINDAS','CALLIE.NAGINDAS.21@voms.test.io','2018-03-21 17:50:00','CNAF - Italian National Center for Research and Development (CNAF)','CALLIE',NULL,'NAGINDAS','\0',NULL,NULL,NULL),(22,'(some address)','2017-03-21 17:50:00','/C=IT/O=IGI/CN=ABE LERWILL','ABE.LERWILL.22@voms.test.io','2018-03-21 17:50:00','CNAF - Italian National Center for Research and Development (CNAF)','ABE',NULL,'LERWILL','\0',NULL,NULL,NULL),(23,'(some address)','2017-03-21 17:50:01','/C=IT/O=IGI/CN=LOUIS WHITELIGHTNIN','LOUIS.WHITELIGHTNIN.23@voms.test.io','2018-03-21 17:50:01','CNAF - Italian National Center for Research and Development (CNAF)','LOUIS',NULL,'WHITELIGHTNIN','\0',NULL,NULL,NULL),(24,'(some address)','2017-03-21 17:50:01','/C=IT/O=IGI/CN=SHAWNNA LANGLINAIS','SHAWNNA.LANGLINAIS.24@voms.test.io','2018-03-21 17:50:01','CNAF - Italian National Center for Research and Development (CNAF)','SHAWNNA',NULL,'LANGLINAIS','\0',NULL,NULL,NULL),(25,'(some address)','2017-03-21 17:50:02','/C=IT/O=IGI/CN=CHAD CAVALIERO','CHAD.CAVALIERO.25@voms.test.io','2018-03-21 17:50:02','CNAF - Italian National Center for Research and Development (CNAF)','CHAD',NULL,'CAVALIERO','\0',NULL,NULL,NULL),(26,'(some address)','2017-03-21 17:50:02','/C=IT/O=IGI/CN=LAKEISHA MCMORRIS','LAKEISHA.MCMORRIS.26@voms.test.io','2018-03-21 17:50:02','CNAF - Italian National Center for Research and Development (CNAF)','LAKEISHA',NULL,'MCMORRIS','\0',NULL,NULL,NULL),(27,'(some address)','2017-03-21 17:50:03','/C=IT/O=IGI/CN=RODNEY HACHER','RODNEY.HACHER.27@voms.test.io','2018-03-21 17:50:03','CNAF - Italian National Center for Research and Development (CNAF)','RODNEY',NULL,'HACHER','\0',NULL,NULL,NULL),(28,'(some address)','2017-03-21 17:50:03','/C=IT/O=IGI/CN=CARLA DAEHN','CARLA.DAEHN.28@voms.test.io','2018-03-21 17:50:03','CNAF - Italian National Center for Research and Development (CNAF)','CARLA',NULL,'DAEHN','\0',NULL,NULL,NULL),(29,'(some address)','2017-03-21 17:50:04','/C=IT/O=IGI/CN=MARLON KRUPPENBACHER','MARLON.KRUPPENBACHER.29@voms.test.io','2018-03-21 17:50:04','CNAF - Italian National Center for Research and Development (CNAF)','MARLON',NULL,'KRUPPENBACHER','\0',NULL,NULL,NULL),(30,'(some address)','2017-03-21 17:50:04','/C=IT/O=IGI/CN=VERTIE STAMER','VERTIE.STAMER.30@voms.test.io','2018-03-21 17:50:04','CNAF - Italian National Center for Research and Development (CNAF)','VERTIE',NULL,'STAMER','\0',NULL,NULL,NULL),(31,'(some address)','2017-03-21 17:50:04','/C=IT/O=IGI/CN=DELLA BARKLOW','DELLA.BARKLOW.31@voms.test.io','2018-03-21 17:50:04','CNAF - Italian National Center for Research and Development (CNAF)','DELLA',NULL,'BARKLOW','\0',NULL,NULL,NULL),(32,'(some address)','2017-03-21 17:50:05','/C=IT/O=IGI/CN=CECILIA LALL','CECILIA.LALL.32@voms.test.io','2018-03-21 17:50:05','CNAF - Italian National Center for Research and Development (CNAF)','CECILIA',NULL,'LALL','\0',NULL,NULL,NULL),(33,'(some address)','2017-03-21 17:50:05','/C=IT/O=IGI/CN=TIERA DOWLIN','TIERA.DOWLIN.33@voms.test.io','2018-03-21 17:50:05','CNAF - Italian National Center for Research and Development (CNAF)','TIERA',NULL,'DOWLIN','\0',NULL,NULL,NULL),(34,'(some address)','2017-03-21 17:50:05','/C=IT/O=IGI/CN=DETRA TATAR','DETRA.TATAR.34@voms.test.io','2018-03-21 17:50:05','CNAF - Italian National Center for Research and Development (CNAF)','DETRA',NULL,'TATAR','\0',NULL,NULL,NULL),(35,'(some address)','2017-03-21 17:50:06','/C=IT/O=IGI/CN=JULES TOTTEN','JULES.TOTTEN.35@voms.test.io','2018-03-21 17:50:06','CNAF - Italian National Center for Research and Development (CNAF)','JULES',NULL,'TOTTEN','\0',NULL,NULL,NULL),(36,'(some address)','2017-03-21 17:50:07','/C=IT/O=IGI/CN=DORTHA HOBDAY','DORTHA.HOBDAY.36@voms.test.io','2018-03-21 17:50:07','CNAF - Italian National Center for Research and Development (CNAF)','DORTHA',NULL,'HOBDAY','\0',NULL,NULL,NULL),(37,'(some address)','2017-03-21 17:50:08','/C=IT/O=IGI/CN=BERENICE ORLOWSKY','BERENICE.ORLOWSKY.37@voms.test.io','2018-03-21 17:50:08','CNAF - Italian National Center for Research and Development (CNAF)','BERENICE',NULL,'ORLOWSKY','\0',NULL,NULL,NULL),(38,'(some address)','2017-03-21 17:50:08','/C=IT/O=IGI/CN=BRITTANEY DENIER','BRITTANEY.DENIER.38@voms.test.io','2018-03-21 17:50:08','CNAF - Italian National Center for Research and Development (CNAF)','BRITTANEY',NULL,'DENIER','\0',NULL,NULL,NULL),(39,'(some address)','2017-03-21 17:50:08','/C=IT/O=IGI/CN=ALITA HONTZ','ALITA.HONTZ.39@voms.test.io','2018-03-21 17:50:08','CNAF - Italian National Center for Research and Development (CNAF)','ALITA',NULL,'HONTZ','\0',NULL,NULL,NULL),(40,'(some address)','2017-03-21 17:50:09','/C=IT/O=IGI/CN=FREEMAN KOBIE','FREEMAN.KOBIE.40@voms.test.io','2018-03-21 17:50:09','CNAF - Italian National Center for Research and Development (CNAF)','FREEMAN',NULL,'KOBIE','\0',NULL,NULL,NULL),(41,'(some address)','2017-03-21 17:50:09','/C=IT/O=IGI/CN=LEEANNA VOIGT','LEEANNA.VOIGT.41@voms.test.io','2018-03-21 17:50:09','CNAF - Italian National Center for Research and Development (CNAF)','LEEANNA',NULL,'VOIGT','\0',NULL,NULL,NULL),(42,'(some address)','2017-03-21 17:50:10','/C=IT/O=IGI/CN=JOSH PAULINA','JOSH.PAULINA.42@voms.test.io','2018-03-21 17:50:10','CNAF - Italian National Center for Research and Development (CNAF)','JOSH',NULL,'PAULINA','\0',NULL,NULL,NULL),(43,'(some address)','2017-03-21 17:50:10','/C=IT/O=IGI/CN=DACIA SHAUB','DACIA.SHAUB.43@voms.test.io','2018-03-21 17:50:10','CNAF - Italian National Center for Research and Development (CNAF)','DACIA',NULL,'SHAUB','\0',NULL,NULL,NULL),(44,'(some address)','2017-03-21 17:50:11','/C=IT/O=IGI/CN=FREDERICK WIRTA','FREDERICK.WIRTA.44@voms.test.io','2018-03-21 17:50:11','CNAF - Italian National Center for Research and Development (CNAF)','FREDERICK',NULL,'WIRTA','\0',NULL,NULL,NULL),(45,'(some address)','2017-03-21 17:50:11','/C=IT/O=IGI/CN=TRICIA WIESER','TRICIA.WIESER.45@voms.test.io','2018-03-21 17:50:11','CNAF - Italian National Center for Research and Development (CNAF)','TRICIA',NULL,'WIESER','\0',NULL,NULL,NULL),(46,'(some address)','2017-03-21 17:50:11','/C=IT/O=IGI/CN=ELIN GOSTOMSKI','ELIN.GOSTOMSKI.46@voms.test.io','2018-03-21 17:50:11','CNAF - Italian National Center for Research and Development (CNAF)','ELIN',NULL,'GOSTOMSKI','\0',NULL,NULL,NULL),(47,'(some address)','2017-03-21 17:50:12','/C=IT/O=IGI/CN=FREDRICK LINNELL','FREDRICK.LINNELL.47@voms.test.io','2018-03-21 17:50:12','CNAF - Italian National Center for Research and Development (CNAF)','FREDRICK',NULL,'LINNELL','\0',NULL,NULL,NULL),(48,'(some address)','2017-03-21 17:50:12','/C=IT/O=IGI/CN=LYNN RIGHTMYER','LYNN.RIGHTMYER.48@voms.test.io','2018-03-21 17:50:12','CNAF - Italian National Center for Research and Development (CNAF)','LYNN',NULL,'RIGHTMYER','\0',NULL,NULL,NULL),(49,'(some address)','2017-03-21 17:50:12','/C=IT/O=IGI/CN=SIMA WEST','SIMA.WEST.49@voms.test.io','2018-03-21 17:50:12','CNAF - Italian National Center for Research and Development (CNAF)','SIMA',NULL,'WEST','\0',NULL,NULL,NULL),(50,'(some address)','2017-03-21 17:50:13','/C=IT/O=IGI/CN=YUKIKO DONOHO','YUKIKO.DONOHO.50@voms.test.io','2018-03-21 17:50:13','CNAF - Italian National Center for Research and Development (CNAF)','YUKIKO',NULL,'DONOHO','\0',NULL,NULL,NULL),(51,'(some address)','2017-03-21 17:50:13','/C=IT/O=IGI/CN=LASHONDA WESTHOUSE','LASHONDA.WESTHOUSE.51@voms.test.io','2018-03-21 17:50:13','CNAF - Italian National Center for Research and Development (CNAF)','LASHONDA',NULL,'WESTHOUSE','\0',NULL,NULL,NULL),(52,'(some address)','2017-03-21 17:50:14','/C=IT/O=IGI/CN=CARMON PARLOR','CARMON.PARLOR.52@voms.test.io','2018-03-21 17:50:14','CNAF - Italian National Center for Research and Development (CNAF)','CARMON',NULL,'PARLOR','\0',NULL,NULL,NULL),(53,'(some address)','2017-03-21 17:50:14','/C=IT/O=IGI/CN=BESS SWETT','BESS.SWETT.53@voms.test.io','2018-03-21 17:50:14','CNAF - Italian National Center for Research and Development (CNAF)','BESS',NULL,'SWETT','\0',NULL,NULL,NULL),(54,'(some address)','2017-03-21 17:50:14','/C=IT/O=IGI/CN=JACKSON LEDDON','JACKSON.LEDDON.54@voms.test.io','2018-03-21 17:50:14','CNAF - Italian National Center for Research and Development (CNAF)','JACKSON',NULL,'LEDDON','\0',NULL,NULL,NULL),(55,'(some address)','2017-03-21 17:50:15','/C=IT/O=IGI/CN=GENNA HANISKO','GENNA.HANISKO.55@voms.test.io','2018-03-21 17:50:15','CNAF - Italian National Center for Research and Development (CNAF)','GENNA',NULL,'HANISKO','\0',NULL,NULL,NULL),(56,'(some address)','2017-03-21 17:50:15','/C=IT/O=IGI/CN=JUDIE WICKINGS','JUDIE.WICKINGS.56@voms.test.io','2018-03-21 17:50:15','CNAF - Italian National Center for Research and Development (CNAF)','JUDIE',NULL,'WICKINGS','\0',NULL,NULL,NULL),(57,'(some address)','2017-03-21 17:50:16','/C=IT/O=IGI/CN=KATHLENE SCHNECKLOTH','KATHLENE.SCHNECKLOTH.57@voms.test.io','2018-03-21 17:50:16','CNAF - Italian National Center for Research and Development (CNAF)','KATHLENE',NULL,'SCHNECKLOTH','\0',NULL,NULL,NULL),(58,'(some address)','2017-03-21 17:50:16','/C=IT/O=IGI/CN=OTIS TOPLK','OTIS.TOPLK.58@voms.test.io','2018-03-21 17:50:16','CNAF - Italian National Center for Research and Development (CNAF)','OTIS',NULL,'TOPLK','\0',NULL,NULL,NULL),(59,'(some address)','2017-03-21 17:50:16','/C=IT/O=IGI/CN=BERNARDO DEISHER','BERNARDO.DEISHER.59@voms.test.io','2018-03-21 17:50:16','CNAF - Italian National Center for Research and Development (CNAF)','BERNARDO',NULL,'DEISHER','\0',NULL,NULL,NULL),(60,'(some address)','2017-03-21 17:50:17','/C=IT/O=IGI/CN=LIZ WILCINSKI','LIZ.WILCINSKI.60@voms.test.io','2018-03-21 17:50:17','CNAF - Italian National Center for Research and Development (CNAF)','LIZ',NULL,'WILCINSKI','\0',NULL,NULL,NULL),(61,'(some address)','2017-03-21 17:50:17','/C=IT/O=IGI/CN=CHU KURLAND','CHU.KURLAND.61@voms.test.io','2018-03-21 17:50:17','CNAF - Italian National Center for Research and Development (CNAF)','CHU',NULL,'KURLAND','\0',NULL,NULL,NULL),(62,'(some address)','2017-03-21 17:50:17','/C=IT/O=IGI/CN=VAL KAUFFMANN','VAL.KAUFFMANN.62@voms.test.io','2018-03-21 17:50:17','CNAF - Italian National Center for Research and Development (CNAF)','VAL',NULL,'KAUFFMANN','\0',NULL,NULL,NULL),(63,'(some address)','2017-03-21 17:50:18','/C=IT/O=IGI/CN=JOEY FREIMUTH','JOEY.FREIMUTH.63@voms.test.io','2018-03-21 17:50:18','CNAF - Italian National Center for Research and Development (CNAF)','JOEY',NULL,'FREIMUTH','\0',NULL,NULL,NULL),(64,'(some address)','2017-03-21 17:50:18','/C=IT/O=IGI/CN=CHANCE BARRO','CHANCE.BARRO.64@voms.test.io','2018-03-21 17:50:18','CNAF - Italian National Center for Research and Development (CNAF)','CHANCE',NULL,'BARRO','\0',NULL,NULL,NULL),(65,'(some address)','2017-03-21 17:50:19','/C=IT/O=IGI/CN=VI SZWARC','VI.SZWARC.65@voms.test.io','2018-03-21 17:50:19','CNAF - Italian National Center for Research and Development (CNAF)','VI',NULL,'SZWARC','\0',NULL,NULL,NULL),(66,'(some address)','2017-03-21 17:50:19','/C=IT/O=IGI/CN=CARITA ABT','CARITA.ABT.66@voms.test.io','2018-03-21 17:50:19','CNAF - Italian National Center for Research and Development (CNAF)','CARITA',NULL,'ABT','\0',NULL,NULL,NULL),(67,'(some address)','2017-03-21 17:50:20','/C=IT/O=IGI/CN=COURTNEY VEIGEL','COURTNEY.VEIGEL.67@voms.test.io','2018-03-21 17:50:20','CNAF - Italian National Center for Research and Development (CNAF)','COURTNEY',NULL,'VEIGEL','\0',NULL,NULL,NULL),(68,'(some address)','2017-03-21 17:50:21','/C=IT/O=IGI/CN=ALDA MANGUS','ALDA.MANGUS.68@voms.test.io','2018-03-21 17:50:21','CNAF - Italian National Center for Research and Development (CNAF)','ALDA',NULL,'MANGUS','\0',NULL,NULL,NULL),(69,'(some address)','2017-03-21 17:50:21','/C=IT/O=IGI/CN=BERTHA MAUFFRAY','BERTHA.MAUFFRAY.69@voms.test.io','2018-03-21 17:50:21','CNAF - Italian National Center for Research and Development (CNAF)','BERTHA',NULL,'MAUFFRAY','\0',NULL,NULL,NULL),(70,'(some address)','2017-03-21 17:50:22','/C=IT/O=IGI/CN=PAULITA DOSTIE','PAULITA.DOSTIE.70@voms.test.io','2018-03-21 17:50:22','CNAF - Italian National Center for Research and Development (CNAF)','PAULITA',NULL,'DOSTIE','\0',NULL,NULL,NULL),(71,'(some address)','2017-03-21 17:50:22','/C=IT/O=IGI/CN=NELLIE BURKHARD','NELLIE.BURKHARD.71@voms.test.io','2018-03-21 17:50:22','CNAF - Italian National Center for Research and Development (CNAF)','NELLIE',NULL,'BURKHARD','\0',NULL,NULL,NULL),(72,'(some address)','2017-03-21 17:50:23','/C=IT/O=IGI/CN=XOCHITL FELLEMAN','XOCHITL.FELLEMAN.72@voms.test.io','2018-03-21 17:50:23','CNAF - Italian National Center for Research and Development (CNAF)','XOCHITL',NULL,'FELLEMAN','\0',NULL,NULL,NULL),(73,'(some address)','2017-03-21 17:50:23','/C=IT/O=IGI/CN=KEN OBRADOVICH','KEN.OBRADOVICH.73@voms.test.io','2018-03-21 17:50:23','CNAF - Italian National Center for Research and Development (CNAF)','KEN',NULL,'OBRADOVICH','\0',NULL,NULL,NULL),(74,'(some address)','2017-03-21 17:50:24','/C=IT/O=IGI/CN=WANITA DARRAH','WANITA.DARRAH.74@voms.test.io','2018-03-21 17:50:24','CNAF - Italian National Center for Research and Development (CNAF)','WANITA',NULL,'DARRAH','\0',NULL,NULL,NULL),(75,'(some address)','2017-03-21 17:50:24','/C=IT/O=IGI/CN=WILHELMINA MONARREZ','WILHELMINA.MONARREZ.75@voms.test.io','2018-03-21 17:50:24','CNAF - Italian National Center for Research and Development (CNAF)','WILHELMINA',NULL,'MONARREZ','\0',NULL,NULL,NULL),(76,'(some address)','2017-03-21 17:50:24','/C=IT/O=IGI/CN=LETA STENBERG','LETA.STENBERG.76@voms.test.io','2018-03-21 17:50:24','CNAF - Italian National Center for Research and Development (CNAF)','LETA',NULL,'STENBERG','\0',NULL,NULL,NULL),(77,'(some address)','2017-03-21 17:50:25','/C=IT/O=IGI/CN=BERT DEODATO','BERT.DEODATO.77@voms.test.io','2018-03-21 17:50:25','CNAF - Italian National Center for Research and Development (CNAF)','BERT',NULL,'DEODATO','\0',NULL,NULL,NULL),(78,'(some address)','2017-03-21 17:50:25','/C=IT/O=IGI/CN=IRMA LANOIE','IRMA.LANOIE.78@voms.test.io','2018-03-21 17:50:25','CNAF - Italian National Center for Research and Development (CNAF)','IRMA',NULL,'LANOIE','\0',NULL,NULL,NULL),(79,'(some address)','2017-03-21 17:50:26','/C=IT/O=IGI/CN=OTIS FLATTERY','OTIS.FLATTERY.79@voms.test.io','2018-03-21 17:50:26','CNAF - Italian National Center for Research and Development (CNAF)','OTIS',NULL,'FLATTERY','\0',NULL,NULL,NULL),(80,'(some address)','2017-03-21 17:50:26','/C=IT/O=IGI/CN=NOBUKO LAITE','NOBUKO.LAITE.80@voms.test.io','2018-03-21 17:50:26','CNAF - Italian National Center for Research and Development (CNAF)','NOBUKO',NULL,'LAITE','\0',NULL,NULL,NULL),(81,'(some address)','2017-03-21 17:50:26','/C=IT/O=IGI/CN=JED CATTS','JED.CATTS.81@voms.test.io','2018-03-21 17:50:26','CNAF - Italian National Center for Research and Development (CNAF)','JED',NULL,'CATTS','\0',NULL,NULL,NULL),(82,'(some address)','2017-03-21 17:50:27','/C=IT/O=IGI/CN=PAUL BOHLER','PAUL.BOHLER.82@voms.test.io','2018-03-21 17:50:27','CNAF - Italian National Center for Research and Development (CNAF)','PAUL',NULL,'BOHLER','\0',NULL,NULL,NULL),(83,'(some address)','2017-03-21 17:50:27','/C=IT/O=IGI/CN=CHANCE SAVEL','CHANCE.SAVEL.83@voms.test.io','2018-03-21 17:50:27','CNAF - Italian National Center for Research and Development (CNAF)','CHANCE',NULL,'SAVEL','\0',NULL,NULL,NULL),(84,'(some address)','2017-03-21 17:50:28','/C=IT/O=IGI/CN=TIJUANA CABBLE','TIJUANA.CABBLE.84@voms.test.io','2018-03-21 17:50:28','CNAF - Italian National Center for Research and Development (CNAF)','TIJUANA',NULL,'CABBLE','\0',NULL,NULL,NULL),(85,'(some address)','2017-03-21 17:50:29','/C=IT/O=IGI/CN=AZZIE TORELLI','AZZIE.TORELLI.85@voms.test.io','2018-03-21 17:50:29','CNAF - Italian National Center for Research and Development (CNAF)','AZZIE',NULL,'TORELLI','\0',NULL,NULL,NULL),(86,'(some address)','2017-03-21 17:50:29','/C=IT/O=IGI/CN=CARYLON VERSTRAETE','CARYLON.VERSTRAETE.86@voms.test.io','2018-03-21 17:50:29','CNAF - Italian National Center for Research and Development (CNAF)','CARYLON',NULL,'VERSTRAETE','\0',NULL,NULL,NULL),(87,'(some address)','2017-03-21 17:50:30','/C=IT/O=IGI/CN=WAVA BENKEN','WAVA.BENKEN.87@voms.test.io','2018-03-21 17:50:30','CNAF - Italian National Center for Research and Development (CNAF)','WAVA',NULL,'BENKEN','\0',NULL,NULL,NULL),(88,'(some address)','2017-03-21 17:50:30','/C=IT/O=IGI/CN=VENNIE DOMENICK','VENNIE.DOMENICK.88@voms.test.io','2018-03-21 17:50:30','CNAF - Italian National Center for Research and Development (CNAF)','VENNIE',NULL,'DOMENICK','\0',NULL,NULL,NULL),(89,'(some address)','2017-03-21 17:50:30','/C=IT/O=IGI/CN=FREDDA HYTEN','FREDDA.HYTEN.89@voms.test.io','2018-03-21 17:50:30','CNAF - Italian National Center for Research and Development (CNAF)','FREDDA',NULL,'HYTEN','\0',NULL,NULL,NULL),(90,'(some address)','2017-03-21 17:50:31','/C=IT/O=IGI/CN=HAYDEE BZHYAN','HAYDEE.BZHYAN.90@voms.test.io','2018-03-21 17:50:31','CNAF - Italian National Center for Research and Development (CNAF)','HAYDEE',NULL,'BZHYAN','\0',NULL,NULL,NULL),(91,'(some address)','2017-03-21 17:50:31','/C=IT/O=IGI/CN=ELIJAH BURDELL','ELIJAH.BURDELL.91@voms.test.io','2018-03-21 17:50:31','CNAF - Italian National Center for Research and Development (CNAF)','ELIJAH',NULL,'BURDELL','\0',NULL,NULL,NULL),(92,'(some address)','2017-03-21 17:50:32','/C=IT/O=IGI/CN=BETHANIE CASTILLA','BETHANIE.CASTILLA.92@voms.test.io','2018-03-21 17:50:32','CNAF - Italian National Center for Research and Development (CNAF)','BETHANIE',NULL,'CASTILLA','\0',NULL,NULL,NULL),(93,'(some address)','2017-03-21 17:50:32','/C=IT/O=IGI/CN=LESLIE HANCOCK','LESLIE.HANCOCK.93@voms.test.io','2018-03-21 17:50:32','CNAF - Italian National Center for Research and Development (CNAF)','LESLIE',NULL,'HANCOCK','\0',NULL,NULL,NULL),(94,'(some address)','2017-03-21 17:50:32','/C=IT/O=IGI/CN=XENIA HAULBROOK','XENIA.HAULBROOK.94@voms.test.io','2018-03-21 17:50:32','CNAF - Italian National Center for Research and Development (CNAF)','XENIA',NULL,'HAULBROOK','\0',NULL,NULL,NULL),(95,'(some address)','2017-03-21 17:50:33','/C=IT/O=IGI/CN=YUKO CROMBIE','YUKO.CROMBIE.95@voms.test.io','2018-03-21 17:50:33','CNAF - Italian National Center for Research and Development (CNAF)','YUKO',NULL,'CROMBIE','\0',NULL,NULL,NULL),(96,'(some address)','2017-03-21 17:50:33','/C=IT/O=IGI/CN=JALEESA HANIFAN','JALEESA.HANIFAN.96@voms.test.io','2018-03-21 17:50:33','CNAF - Italian National Center for Research and Development (CNAF)','JALEESA',NULL,'HANIFAN','\0',NULL,NULL,NULL),(97,'(some address)','2017-03-21 17:50:34','/C=IT/O=IGI/CN=KRYSTIN LYBRAND','KRYSTIN.LYBRAND.97@voms.test.io','2018-03-21 17:50:34','CNAF - Italian National Center for Research and Development (CNAF)','KRYSTIN',NULL,'LYBRAND','\0',NULL,NULL,NULL),(98,'(some address)','2017-03-21 17:50:34','/C=IT/O=IGI/CN=KORY MCPARLAND','KORY.MCPARLAND.98@voms.test.io','2018-03-21 17:50:34','CNAF - Italian National Center for Research and Development (CNAF)','KORY',NULL,'MCPARLAND','\0',NULL,NULL,NULL),(99,'(some address)','2017-03-21 17:50:34','/C=IT/O=IGI/CN=WAN SAMMON','WAN.SAMMON.99@voms.test.io','2018-03-21 17:50:34','CNAF - Italian National Center for Research and Development (CNAF)','WAN',NULL,'SAMMON','\0',NULL,NULL,NULL),(100,'(some address)','2017-03-21 17:50:35','/C=IT/O=IGI/CN=HANH ATCITTY','HANH.ATCITTY.100@voms.test.io','2018-03-21 17:50:35','CNAF - Italian National Center for Research and Development (CNAF)','HANH',NULL,'ATCITTY','\0',NULL,NULL,NULL),(101,'(some address)','2017-03-21 17:50:35','/C=IT/O=IGI/CN=ANGELIC URBINA','ANGELIC.URBINA.101@voms.test.io','2018-03-21 17:50:35','CNAF - Italian National Center for Research and Development (CNAF)','ANGELIC',NULL,'URBINA','\0',NULL,NULL,NULL),(102,'(some address)','2017-03-21 17:50:36','/C=IT/O=IGI/CN=AUSTIN CARABAJAL','AUSTIN.CARABAJAL.102@voms.test.io','2018-03-21 17:50:36','CNAF - Italian National Center for Research and Development (CNAF)','AUSTIN',NULL,'CARABAJAL','\0',NULL,NULL,NULL),(103,'(some address)','2017-03-21 17:50:36','/C=IT/O=IGI/CN=INGA DINGFELDER','INGA.DINGFELDER.103@voms.test.io','2018-03-21 17:50:36','CNAF - Italian National Center for Research and Development (CNAF)','INGA',NULL,'DINGFELDER','\0',NULL,NULL,NULL),(104,'(some address)','2017-03-21 17:50:37','/C=IT/O=IGI/CN=LIVIA ASHBACHER','LIVIA.ASHBACHER.104@voms.test.io','2018-03-21 17:50:37','CNAF - Italian National Center for Research and Development (CNAF)','LIVIA',NULL,'ASHBACHER','\0',NULL,NULL,NULL),(105,'(some address)','2017-03-21 17:50:38','/C=IT/O=IGI/CN=BROOKE LEBEDEFF','BROOKE.LEBEDEFF.105@voms.test.io','2018-03-21 17:50:38','CNAF - Italian National Center for Research and Development (CNAF)','BROOKE',NULL,'LEBEDEFF','\0',NULL,NULL,NULL),(106,'(some address)','2017-03-21 17:50:38','/C=IT/O=IGI/CN=SUNSHINE BUTTARO','SUNSHINE.BUTTARO.106@voms.test.io','2018-03-21 17:50:38','CNAF - Italian National Center for Research and Development (CNAF)','SUNSHINE',NULL,'BUTTARO','\0',NULL,NULL,NULL),(107,'(some address)','2017-03-21 17:50:39','/C=IT/O=IGI/CN=TWYLA TIBWELL','TWYLA.TIBWELL.107@voms.test.io','2018-03-21 17:50:39','CNAF - Italian National Center for Research and Development (CNAF)','TWYLA',NULL,'TIBWELL','\0',NULL,NULL,NULL),(108,'(some address)','2017-03-21 17:50:39','/C=IT/O=IGI/CN=MILLARD CARAVELLA','MILLARD.CARAVELLA.108@voms.test.io','2018-03-21 17:50:39','CNAF - Italian National Center for Research and Development (CNAF)','MILLARD',NULL,'CARAVELLA','\0',NULL,NULL,NULL),(109,'(some address)','2017-03-21 17:50:39','/C=IT/O=IGI/CN=MARGURITE AYOOB','MARGURITE.AYOOB.109@voms.test.io','2018-03-21 17:50:39','CNAF - Italian National Center for Research and Development (CNAF)','MARGURITE',NULL,'AYOOB','\0',NULL,NULL,NULL),(110,'(some address)','2017-03-21 17:50:40','/C=IT/O=IGI/CN=MARIKO TENN','MARIKO.TENN.110@voms.test.io','2018-03-21 17:50:40','CNAF - Italian National Center for Research and Development (CNAF)','MARIKO',NULL,'TENN','\0',NULL,NULL,NULL),(111,'(some address)','2017-03-21 17:50:40','/C=IT/O=IGI/CN=JINNY KRUGER','JINNY.KRUGER.111@voms.test.io','2018-03-21 17:50:40','CNAF - Italian National Center for Research and Development (CNAF)','JINNY',NULL,'KRUGER','\0',NULL,NULL,NULL),(112,'(some address)','2017-03-21 17:50:41','/C=IT/O=IGI/CN=RETHA PINCHBECK','RETHA.PINCHBECK.112@voms.test.io','2018-03-21 17:50:41','CNAF - Italian National Center for Research and Development (CNAF)','RETHA',NULL,'PINCHBECK','\0',NULL,NULL,NULL),(113,'(some address)','2017-03-21 17:50:41','/C=IT/O=IGI/CN=KIMBERY LOBDELL','KIMBERY.LOBDELL.113@voms.test.io','2018-03-21 17:50:41','CNAF - Italian National Center for Research and Development (CNAF)','KIMBERY',NULL,'LOBDELL','\0',NULL,NULL,NULL),(114,'(some address)','2017-03-21 17:50:41','/C=IT/O=IGI/CN=SHIRELY BORGATTI','SHIRELY.BORGATTI.114@voms.test.io','2018-03-21 17:50:41','CNAF - Italian National Center for Research and Development (CNAF)','SHIRELY',NULL,'BORGATTI','\0',NULL,NULL,NULL),(115,'(some address)','2017-03-21 17:50:42','/C=IT/O=IGI/CN=TODD OKKEN','TODD.OKKEN.115@voms.test.io','2018-03-21 17:50:42','CNAF - Italian National Center for Research and Development (CNAF)','TODD',NULL,'OKKEN','\0',NULL,NULL,NULL),(116,'(some address)','2017-03-21 17:50:42','/C=IT/O=IGI/CN=RUPERT MONTALBO','RUPERT.MONTALBO.116@voms.test.io','2018-03-21 17:50:42','CNAF - Italian National Center for Research and Development (CNAF)','RUPERT',NULL,'MONTALBO','\0',NULL,NULL,NULL),(117,'(some address)','2017-03-21 17:50:43','/C=IT/O=IGI/CN=JIMMIE ISRAELSEN','JIMMIE.ISRAELSEN.117@voms.test.io','2018-03-21 17:50:43','CNAF - Italian National Center for Research and Development (CNAF)','JIMMIE',NULL,'ISRAELSEN','\0',NULL,NULL,NULL),(118,'(some address)','2017-03-21 17:50:43','/C=IT/O=IGI/CN=STEPANIE VOLNER','STEPANIE.VOLNER.118@voms.test.io','2018-03-21 17:50:43','CNAF - Italian National Center for Research and Development (CNAF)','STEPANIE',NULL,'VOLNER','\0',NULL,NULL,NULL),(119,'(some address)','2017-03-21 17:50:43','/C=IT/O=IGI/CN=ULRIKE KEMPSON','ULRIKE.KEMPSON.119@voms.test.io','2018-03-21 17:50:43','CNAF - Italian National Center for Research and Development (CNAF)','ULRIKE',NULL,'KEMPSON','\0',NULL,NULL,NULL),(120,'(some address)','2017-03-21 17:50:44','/C=IT/O=IGI/CN=JINA MEGO','JINA.MEGO.120@voms.test.io','2018-03-21 17:50:44','CNAF - Italian National Center for Research and Development (CNAF)','JINA',NULL,'MEGO','\0',NULL,NULL,NULL),(121,'(some address)','2017-03-21 17:50:44','/C=IT/O=IGI/CN=VANNA JOOS','VANNA.JOOS.121@voms.test.io','2018-03-21 17:50:44','CNAF - Italian National Center for Research and Development (CNAF)','VANNA',NULL,'JOOS','\0',NULL,NULL,NULL),(122,'(some address)','2017-03-21 17:50:45','/C=IT/O=IGI/CN=TONA RAROGAL','TONA.RAROGAL.122@voms.test.io','2018-03-21 17:50:45','CNAF - Italian National Center for Research and Development (CNAF)','TONA',NULL,'RAROGAL','\0',NULL,NULL,NULL),(123,'(some address)','2017-03-21 17:50:45','/C=IT/O=IGI/CN=BRYAN HEMERLY','BRYAN.HEMERLY.123@voms.test.io','2018-03-21 17:50:45','CNAF - Italian National Center for Research and Development (CNAF)','BRYAN',NULL,'HEMERLY','\0',NULL,NULL,NULL),(124,'(some address)','2017-03-21 17:50:46','/C=IT/O=IGI/CN=ALEEN DARCO','ALEEN.DARCO.124@voms.test.io','2018-03-21 17:50:46','CNAF - Italian National Center for Research and Development (CNAF)','ALEEN',NULL,'DARCO','\0',NULL,NULL,NULL),(125,'(some address)','2017-03-21 17:50:46','/C=IT/O=IGI/CN=MARGUERITE MITCHLER','MARGUERITE.MITCHLER.125@voms.test.io','2018-03-21 17:50:46','CNAF - Italian National Center for Research and Development (CNAF)','MARGUERITE',NULL,'MITCHLER','\0',NULL,NULL,NULL),(126,'(some address)','2017-03-21 17:50:47','/C=IT/O=IGI/CN=ELLENA BEICHNER','ELLENA.BEICHNER.126@voms.test.io','2018-03-21 17:50:47','CNAF - Italian National Center for Research and Development (CNAF)','ELLENA',NULL,'BEICHNER','\0',NULL,NULL,NULL),(127,'(some address)','2017-03-21 17:50:47','/C=IT/O=IGI/CN=PEGGY DATY','PEGGY.DATY.127@voms.test.io','2018-03-21 17:50:47','CNAF - Italian National Center for Research and Development (CNAF)','PEGGY',NULL,'DATY','\0',NULL,NULL,NULL),(128,'(some address)','2017-03-21 17:50:48','/C=IT/O=IGI/CN=ELNORA HOMBY','ELNORA.HOMBY.128@voms.test.io','2018-03-21 17:50:48','CNAF - Italian National Center for Research and Development (CNAF)','ELNORA',NULL,'HOMBY','\0',NULL,NULL,NULL),(129,'(some address)','2017-03-21 17:50:49','/C=IT/O=IGI/CN=DREAMA LUCKENBAUGH','DREAMA.LUCKENBAUGH.129@voms.test.io','2018-03-21 17:50:49','CNAF - Italian National Center for Research and Development (CNAF)','DREAMA',NULL,'LUCKENBAUGH','\0',NULL,NULL,NULL),(130,'(some address)','2017-03-21 17:50:49','/C=IT/O=IGI/CN=HORTENCIA TICA','HORTENCIA.TICA.130@voms.test.io','2018-03-21 17:50:49','CNAF - Italian National Center for Research and Development (CNAF)','HORTENCIA',NULL,'TICA','\0',NULL,NULL,NULL),(131,'(some address)','2017-03-21 17:50:49','/C=IT/O=IGI/CN=OTTO BEUMER','OTTO.BEUMER.131@voms.test.io','2018-03-21 17:50:49','CNAF - Italian National Center for Research and Development (CNAF)','OTTO',NULL,'BEUMER','\0',NULL,NULL,NULL),(132,'(some address)','2017-03-21 17:50:50','/C=IT/O=IGI/CN=ZACHARY BIHM','ZACHARY.BIHM.132@voms.test.io','2018-03-21 17:50:50','CNAF - Italian National Center for Research and Development (CNAF)','ZACHARY',NULL,'BIHM','\0',NULL,NULL,NULL),(133,'(some address)','2017-03-21 17:50:50','/C=IT/O=IGI/CN=ANNMARIE MUSILLI','ANNMARIE.MUSILLI.133@voms.test.io','2018-03-21 17:50:50','CNAF - Italian National Center for Research and Development (CNAF)','ANNMARIE',NULL,'MUSILLI','\0',NULL,NULL,NULL),(134,'(some address)','2017-03-21 17:50:50','/C=IT/O=IGI/CN=SAL LUTGEN','SAL.LUTGEN.134@voms.test.io','2018-03-21 17:50:50','CNAF - Italian National Center for Research and Development (CNAF)','SAL',NULL,'LUTGEN','\0',NULL,NULL,NULL),(135,'(some address)','2017-03-21 17:50:51','/C=IT/O=IGI/CN=DAMON HUMMINGBIRD','DAMON.HUMMINGBIRD.135@voms.test.io','2018-03-21 17:50:51','CNAF - Italian National Center for Research and Development (CNAF)','DAMON',NULL,'HUMMINGBIRD','\0',NULL,NULL,NULL),(136,'(some address)','2017-03-21 17:50:51','/C=IT/O=IGI/CN=GRACIE PADIONG','GRACIE.PADIONG.136@voms.test.io','2018-03-21 17:50:51','CNAF - Italian National Center for Research and Development (CNAF)','GRACIE',NULL,'PADIONG','\0',NULL,NULL,NULL),(137,'(some address)','2017-03-21 17:50:52','/C=IT/O=IGI/CN=MARSHALL PORTEUS','MARSHALL.PORTEUS.137@voms.test.io','2018-03-21 17:50:52','CNAF - Italian National Center for Research and Development (CNAF)','MARSHALL',NULL,'PORTEUS','\0',NULL,NULL,NULL),(138,'(some address)','2017-03-21 17:50:52','/C=IT/O=IGI/CN=ISIDRA CLAP','ISIDRA.CLAP.138@voms.test.io','2018-03-21 17:50:52','CNAF - Italian National Center for Research and Development (CNAF)','ISIDRA',NULL,'CLAP','\0',NULL,NULL,NULL),(139,'(some address)','2017-03-21 17:50:53','/C=IT/O=IGI/CN=CHUNG PONTONIO','CHUNG.PONTONIO.139@voms.test.io','2018-03-21 17:50:53','CNAF - Italian National Center for Research and Development (CNAF)','CHUNG',NULL,'PONTONIO','\0',NULL,NULL,NULL),(140,'(some address)','2017-03-21 17:50:53','/C=IT/O=IGI/CN=CLAUDIA GRAYSON','CLAUDIA.GRAYSON.140@voms.test.io','2018-03-21 17:50:53','CNAF - Italian National Center for Research and Development (CNAF)','CLAUDIA',NULL,'GRAYSON','\0',NULL,NULL,NULL),(141,'(some address)','2017-03-21 17:50:53','/C=IT/O=IGI/CN=JONELL POWROZNIK','JONELL.POWROZNIK.141@voms.test.io','2018-03-21 17:50:53','CNAF - Italian National Center for Research and Development (CNAF)','JONELL',NULL,'POWROZNIK','\0',NULL,NULL,NULL),(142,'(some address)','2017-03-21 17:50:54','/C=IT/O=IGI/CN=KIMBERLEE BRUMMET','KIMBERLEE.BRUMMET.142@voms.test.io','2018-03-21 17:50:54','CNAF - Italian National Center for Research and Development (CNAF)','KIMBERLEE',NULL,'BRUMMET','\0',NULL,NULL,NULL),(143,'(some address)','2017-03-21 17:50:54','/C=IT/O=IGI/CN=JEWELL DELSORDO','JEWELL.DELSORDO.143@voms.test.io','2018-03-21 17:50:54','CNAF - Italian National Center for Research and Development (CNAF)','JEWELL',NULL,'DELSORDO','\0',NULL,NULL,NULL),(144,'(some address)','2017-03-21 17:50:54','/C=IT/O=IGI/CN=FERMINA WHITNER','FERMINA.WHITNER.144@voms.test.io','2018-03-21 17:50:54','CNAF - Italian National Center for Research and Development (CNAF)','FERMINA',NULL,'WHITNER','\0',NULL,NULL,NULL),(145,'(some address)','2017-03-21 17:50:55','/C=IT/O=IGI/CN=MARTHA HOLLMANN','MARTHA.HOLLMANN.145@voms.test.io','2018-03-21 17:50:55','CNAF - Italian National Center for Research and Development (CNAF)','MARTHA',NULL,'HOLLMANN','\0',NULL,NULL,NULL),(146,'(some address)','2017-03-21 17:50:55','/C=IT/O=IGI/CN=DEIDRE HINGSTON','DEIDRE.HINGSTON.146@voms.test.io','2018-03-21 17:50:55','CNAF - Italian National Center for Research and Development (CNAF)','DEIDRE',NULL,'HINGSTON','\0',NULL,NULL,NULL),(147,'(some address)','2017-03-21 17:50:55','/C=IT/O=IGI/CN=DEWITT MOHLKE','DEWITT.MOHLKE.147@voms.test.io','2018-03-21 17:50:55','CNAF - Italian National Center for Research and Development (CNAF)','DEWITT',NULL,'MOHLKE','\0',NULL,NULL,NULL),(148,'(some address)','2017-03-21 17:50:56','/C=IT/O=IGI/CN=PETRONILA ALSANDOR','PETRONILA.ALSANDOR.148@voms.test.io','2018-03-21 17:50:56','CNAF - Italian National Center for Research and Development (CNAF)','PETRONILA',NULL,'ALSANDOR','\0',NULL,NULL,NULL),(149,'(some address)','2017-03-21 17:50:56','/C=IT/O=IGI/CN=TERI GRECH','TERI.GRECH.149@voms.test.io','2018-03-21 17:50:56','CNAF - Italian National Center for Research and Development (CNAF)','TERI',NULL,'GRECH','\0',NULL,NULL,NULL),(150,'(some address)','2017-03-21 17:50:56','/C=IT/O=IGI/CN=CLINT GOLUB','CLINT.GOLUB.150@voms.test.io','2018-03-21 17:50:56','CNAF - Italian National Center for Research and Development (CNAF)','CLINT',NULL,'GOLUB','\0',NULL,NULL,NULL),(151,'(some address)','2017-03-21 17:50:57','/C=IT/O=IGI/CN=TRULA GROTHAUS','TRULA.GROTHAUS.151@voms.test.io','2018-03-21 17:50:57','CNAF - Italian National Center for Research and Development (CNAF)','TRULA',NULL,'GROTHAUS','\0',NULL,NULL,NULL),(152,'(some address)','2017-03-21 17:50:57','/C=IT/O=IGI/CN=TORY BURDEX','TORY.BURDEX.152@voms.test.io','2018-03-21 17:50:57','CNAF - Italian National Center for Research and Development (CNAF)','TORY',NULL,'BURDEX','\0',NULL,NULL,NULL),(153,'(some address)','2017-03-21 17:50:58','/C=IT/O=IGI/CN=NELLIE RUSCHE','NELLIE.RUSCHE.153@voms.test.io','2018-03-21 17:50:58','CNAF - Italian National Center for Research and Development (CNAF)','NELLIE',NULL,'RUSCHE','\0',NULL,NULL,NULL),(154,'(some address)','2017-03-21 17:50:58','/C=IT/O=IGI/CN=BRENDA ROMON','BRENDA.ROMON.154@voms.test.io','2018-03-21 17:50:58','CNAF - Italian National Center for Research and Development (CNAF)','BRENDA',NULL,'ROMON','\0',NULL,NULL,NULL),(155,'(some address)','2017-03-21 17:50:58','/C=IT/O=IGI/CN=WARREN ZURAWIK','WARREN.ZURAWIK.155@voms.test.io','2018-03-21 17:50:58','CNAF - Italian National Center for Research and Development (CNAF)','WARREN',NULL,'ZURAWIK','\0',NULL,NULL,NULL),(156,'(some address)','2017-03-21 17:50:59','/C=IT/O=IGI/CN=JANYCE HOLJE','JANYCE.HOLJE.156@voms.test.io','2018-03-21 17:50:59','CNAF - Italian National Center for Research and Development (CNAF)','JANYCE',NULL,'HOLJE','\0',NULL,NULL,NULL),(157,'(some address)','2017-03-21 17:50:59','/C=IT/O=IGI/CN=LELIA BUSHNER','LELIA.BUSHNER.157@voms.test.io','2018-03-21 17:50:59','CNAF - Italian National Center for Research and Development (CNAF)','LELIA',NULL,'BUSHNER','\0',NULL,NULL,NULL),(158,'(some address)','2017-03-21 17:50:59','/C=IT/O=IGI/CN=CHESTER DESUE','CHESTER.DESUE.158@voms.test.io','2018-03-21 17:50:59','CNAF - Italian National Center for Research and Development (CNAF)','CHESTER',NULL,'DESUE','\0',NULL,NULL,NULL),(159,'(some address)','2017-03-21 17:51:00','/C=IT/O=IGI/CN=MELLISSA MAKINEN','MELLISSA.MAKINEN.159@voms.test.io','2018-03-21 17:51:00','CNAF - Italian National Center for Research and Development (CNAF)','MELLISSA',NULL,'MAKINEN','\0',NULL,NULL,NULL),(160,'(some address)','2017-03-21 17:51:00','/C=IT/O=IGI/CN=ADRIAN DACHS','ADRIAN.DACHS.160@voms.test.io','2018-03-21 17:51:00','CNAF - Italian National Center for Research and Development (CNAF)','ADRIAN',NULL,'DACHS','\0',NULL,NULL,NULL),(161,'(some address)','2017-03-21 17:51:00','/C=IT/O=IGI/CN=WAN COSIER','WAN.COSIER.161@voms.test.io','2018-03-21 17:51:00','CNAF - Italian National Center for Research and Development (CNAF)','WAN',NULL,'COSIER','\0',NULL,NULL,NULL),(162,'(some address)','2017-03-21 17:51:01','/C=IT/O=IGI/CN=DORATHY CARDON','DORATHY.CARDON.162@voms.test.io','2018-03-21 17:51:01','CNAF - Italian National Center for Research and Development (CNAF)','DORATHY',NULL,'CARDON','\0',NULL,NULL,NULL),(163,'(some address)','2017-03-21 17:51:01','/C=IT/O=IGI/CN=GLYNDA STARN','GLYNDA.STARN.163@voms.test.io','2018-03-21 17:51:01','CNAF - Italian National Center for Research and Development (CNAF)','GLYNDA',NULL,'STARN','\0',NULL,NULL,NULL),(164,'(some address)','2017-03-21 17:51:02','/C=IT/O=IGI/CN=MITCHELL CRIMIN','MITCHELL.CRIMIN.164@voms.test.io','2018-03-21 17:51:02','CNAF - Italian National Center for Research and Development (CNAF)','MITCHELL',NULL,'CRIMIN','\0',NULL,NULL,NULL),(165,'(some address)','2017-03-21 17:51:02','/C=IT/O=IGI/CN=KATHERIN GIRLING','KATHERIN.GIRLING.165@voms.test.io','2018-03-21 17:51:02','CNAF - Italian National Center for Research and Development (CNAF)','KATHERIN',NULL,'GIRLING','\0',NULL,NULL,NULL),(166,'(some address)','2017-03-21 17:51:02','/C=IT/O=IGI/CN=ELISHA MANSER','ELISHA.MANSER.166@voms.test.io','2018-03-21 17:51:02','CNAF - Italian National Center for Research and Development (CNAF)','ELISHA',NULL,'MANSER','\0',NULL,NULL,NULL),(167,'(some address)','2017-03-21 17:51:03','/C=IT/O=IGI/CN=ARVILLA BERTELS','ARVILLA.BERTELS.167@voms.test.io','2018-03-21 17:51:03','CNAF - Italian National Center for Research and Development (CNAF)','ARVILLA',NULL,'BERTELS','\0',NULL,NULL,NULL),(168,'(some address)','2017-03-21 17:51:03','/C=IT/O=IGI/CN=HANNAH TAMMO','HANNAH.TAMMO.168@voms.test.io','2018-03-21 17:51:03','CNAF - Italian National Center for Research and Development (CNAF)','HANNAH',NULL,'TAMMO','\0',NULL,NULL,NULL),(169,'(some address)','2017-03-21 17:51:04','/C=IT/O=IGI/CN=RUDOLF STETZ','RUDOLF.STETZ.169@voms.test.io','2018-03-21 17:51:04','CNAF - Italian National Center for Research and Development (CNAF)','RUDOLF',NULL,'STETZ','\0',NULL,NULL,NULL),(170,'(some address)','2017-03-21 17:51:04','/C=IT/O=IGI/CN=CATHARINE PAYWA','CATHARINE.PAYWA.170@voms.test.io','2018-03-21 17:51:04','CNAF - Italian National Center for Research and Development (CNAF)','CATHARINE',NULL,'PAYWA','\0',NULL,NULL,NULL),(171,'(some address)','2017-03-21 17:51:04','/C=IT/O=IGI/CN=CATALINA VANHOOSER','CATALINA.VANHOOSER.171@voms.test.io','2018-03-21 17:51:04','CNAF - Italian National Center for Research and Development (CNAF)','CATALINA',NULL,'VANHOOSER','\0',NULL,NULL,NULL),(172,'(some address)','2017-03-21 17:51:05','/C=IT/O=IGI/CN=NICOLLE VAUTOUR','NICOLLE.VAUTOUR.172@voms.test.io','2018-03-21 17:51:05','CNAF - Italian National Center for Research and Development (CNAF)','NICOLLE',NULL,'VAUTOUR','\0',NULL,NULL,NULL),(173,'(some address)','2017-03-21 17:51:05','/C=IT/O=IGI/CN=ROSELIA ERDMANN','ROSELIA.ERDMANN.173@voms.test.io','2018-03-21 17:51:05','CNAF - Italian National Center for Research and Development (CNAF)','ROSELIA',NULL,'ERDMANN','\0',NULL,NULL,NULL),(174,'(some address)','2017-03-21 17:51:05','/C=IT/O=IGI/CN=SLYVIA BEADNELL','SLYVIA.BEADNELL.174@voms.test.io','2018-03-21 17:51:05','CNAF - Italian National Center for Research and Development (CNAF)','SLYVIA',NULL,'BEADNELL','\0',NULL,NULL,NULL),(175,'(some address)','2017-03-21 17:51:06','/C=IT/O=IGI/CN=SOLEDAD RAZER','SOLEDAD.RAZER.175@voms.test.io','2018-03-21 17:51:06','CNAF - Italian National Center for Research and Development (CNAF)','SOLEDAD',NULL,'RAZER','\0',NULL,NULL,NULL),(176,'(some address)','2017-03-21 17:51:06','/C=IT/O=IGI/CN=MICHALE VRABEL','MICHALE.VRABEL.176@voms.test.io','2018-03-21 17:51:06','CNAF - Italian National Center for Research and Development (CNAF)','MICHALE',NULL,'VRABEL','\0',NULL,NULL,NULL),(177,'(some address)','2017-03-21 17:51:06','/C=IT/O=IGI/CN=RAMIRO VANGUILDER','RAMIRO.VANGUILDER.177@voms.test.io','2018-03-21 17:51:06','CNAF - Italian National Center for Research and Development (CNAF)','RAMIRO',NULL,'VANGUILDER','\0',NULL,NULL,NULL),(178,'(some address)','2017-03-21 17:51:07','/C=IT/O=IGI/CN=ISA GALLEHER','ISA.GALLEHER.178@voms.test.io','2018-03-21 17:51:07','CNAF - Italian National Center for Research and Development (CNAF)','ISA',NULL,'GALLEHER','\0',NULL,NULL,NULL),(179,'(some address)','2017-03-21 17:51:08','/C=IT/O=IGI/CN=CHRISTENA STALLEY','CHRISTENA.STALLEY.179@voms.test.io','2018-03-21 17:51:08','CNAF - Italian National Center for Research and Development (CNAF)','CHRISTENA',NULL,'STALLEY','\0',NULL,NULL,NULL),(180,'(some address)','2017-03-21 17:51:08','/C=IT/O=IGI/CN=MARILU NABARRETE','MARILU.NABARRETE.180@voms.test.io','2018-03-21 17:51:08','CNAF - Italian National Center for Research and Development (CNAF)','MARILU',NULL,'NABARRETE','\0',NULL,NULL,NULL),(181,'(some address)','2017-03-21 17:51:09','/C=IT/O=IGI/CN=MYRIAM CRONQUIST','MYRIAM.CRONQUIST.181@voms.test.io','2018-03-21 17:51:09','CNAF - Italian National Center for Research and Development (CNAF)','MYRIAM',NULL,'CRONQUIST','\0',NULL,NULL,NULL),(182,'(some address)','2017-03-21 17:51:09','/C=IT/O=IGI/CN=VICTOR VANSLYKE','VICTOR.VANSLYKE.182@voms.test.io','2018-03-21 17:51:09','CNAF - Italian National Center for Research and Development (CNAF)','VICTOR',NULL,'VANSLYKE','\0',NULL,NULL,NULL),(183,'(some address)','2017-03-21 17:51:10','/C=IT/O=IGI/CN=JACKELINE BRITT','JACKELINE.BRITT.183@voms.test.io','2018-03-21 17:51:10','CNAF - Italian National Center for Research and Development (CNAF)','JACKELINE',NULL,'BRITT','\0',NULL,NULL,NULL),(184,'(some address)','2017-03-21 17:51:10','/C=IT/O=IGI/CN=KEVIN SWOPE','KEVIN.SWOPE.184@voms.test.io','2018-03-21 17:51:10','CNAF - Italian National Center for Research and Development (CNAF)','KEVIN',NULL,'SWOPE','\0',NULL,NULL,NULL),(185,'(some address)','2017-03-21 17:51:11','/C=IT/O=IGI/CN=EMERITA SWICEGOOD','EMERITA.SWICEGOOD.185@voms.test.io','2018-03-21 17:51:11','CNAF - Italian National Center for Research and Development (CNAF)','EMERITA',NULL,'SWICEGOOD','\0',NULL,NULL,NULL),(186,'(some address)','2017-03-21 17:51:11','/C=IT/O=IGI/CN=FANNIE BUGNI','FANNIE.BUGNI.186@voms.test.io','2018-03-21 17:51:11','CNAF - Italian National Center for Research and Development (CNAF)','FANNIE',NULL,'BUGNI','\0',NULL,NULL,NULL),(187,'(some address)','2017-03-21 17:51:11','/C=IT/O=IGI/CN=TERESA SKRETOWICZ','TERESA.SKRETOWICZ.187@voms.test.io','2018-03-21 17:51:11','CNAF - Italian National Center for Research and Development (CNAF)','TERESA',NULL,'SKRETOWICZ','\0',NULL,NULL,NULL),(188,'(some address)','2017-03-21 17:51:12','/C=IT/O=IGI/CN=LASANDRA KHN','LASANDRA.KHN.188@voms.test.io','2018-03-21 17:51:12','CNAF - Italian National Center for Research and Development (CNAF)','LASANDRA',NULL,'KHN','\0',NULL,NULL,NULL),(189,'(some address)','2017-03-21 17:51:12','/C=IT/O=IGI/CN=KARIE MCVINNEY','KARIE.MCVINNEY.189@voms.test.io','2018-03-21 17:51:12','CNAF - Italian National Center for Research and Development (CNAF)','KARIE',NULL,'MCVINNEY','\0',NULL,NULL,NULL),(190,'(some address)','2017-03-21 17:51:12','/C=IT/O=IGI/CN=CRYSTLE HASSEL','CRYSTLE.HASSEL.190@voms.test.io','2018-03-21 17:51:12','CNAF - Italian National Center for Research and Development (CNAF)','CRYSTLE',NULL,'HASSEL','\0',NULL,NULL,NULL),(191,'(some address)','2017-03-21 17:51:13','/C=IT/O=IGI/CN=WILLIAN GREAM','WILLIAN.GREAM.191@voms.test.io','2018-03-21 17:51:13','CNAF - Italian National Center for Research and Development (CNAF)','WILLIAN',NULL,'GREAM','\0',NULL,NULL,NULL),(192,'(some address)','2017-03-21 17:51:13','/C=IT/O=IGI/CN=MILDRED WOJTAS','MILDRED.WOJTAS.192@voms.test.io','2018-03-21 17:51:13','CNAF - Italian National Center for Research and Development (CNAF)','MILDRED',NULL,'WOJTAS','\0',NULL,NULL,NULL),(193,'(some address)','2017-03-21 17:51:14','/C=IT/O=IGI/CN=ALISON HUBERTY','ALISON.HUBERTY.193@voms.test.io','2018-03-21 17:51:14','CNAF - Italian National Center for Research and Development (CNAF)','ALISON',NULL,'HUBERTY','\0',NULL,NULL,NULL),(194,'(some address)','2017-03-21 17:51:14','/C=IT/O=IGI/CN=DELFINA MCGARR','DELFINA.MCGARR.194@voms.test.io','2018-03-21 17:51:14','CNAF - Italian National Center for Research and Development (CNAF)','DELFINA',NULL,'MCGARR','\0',NULL,NULL,NULL),(195,'(some address)','2017-03-21 17:51:15','/C=IT/O=IGI/CN=CUC PIZZO','CUC.PIZZO.195@voms.test.io','2018-03-21 17:51:15','CNAF - Italian National Center for Research and Development (CNAF)','CUC',NULL,'PIZZO','\0',NULL,NULL,NULL),(196,'(some address)','2017-03-21 17:51:15','/C=IT/O=IGI/CN=DAKOTA BILLINGSLY','DAKOTA.BILLINGSLY.196@voms.test.io','2018-03-21 17:51:15','CNAF - Italian National Center for Research and Development (CNAF)','DAKOTA',NULL,'BILLINGSLY','\0',NULL,NULL,NULL),(197,'(some address)','2017-03-21 17:51:15','/C=IT/O=IGI/CN=NAM GUEVANA','NAM.GUEVANA.197@voms.test.io','2018-03-21 17:51:15','CNAF - Italian National Center for Research and Development (CNAF)','NAM',NULL,'GUEVANA','\0',NULL,NULL,NULL),(198,'(some address)','2017-03-21 17:51:16','/C=IT/O=IGI/CN=HYE HOGGAN','HYE.HOGGAN.198@voms.test.io','2018-03-21 17:51:16','CNAF - Italian National Center for Research and Development (CNAF)','HYE',NULL,'HOGGAN','\0',NULL,NULL,NULL),(199,'(some address)','2017-03-21 17:51:16','/C=IT/O=IGI/CN=ELFRIEDE BUETI','ELFRIEDE.BUETI.199@voms.test.io','2018-03-21 17:51:16','CNAF - Italian National Center for Research and Development (CNAF)','ELFRIEDE',NULL,'BUETI','\0',NULL,NULL,NULL),(200,'(some address)','2017-03-21 17:51:16','/C=IT/O=IGI/CN=HIRAM LAMPMAN','HIRAM.LAMPMAN.200@voms.test.io','2018-03-21 17:51:16','CNAF - Italian National Center for Research and Development (CNAF)','HIRAM',NULL,'LAMPMAN','\0',NULL,NULL,NULL); +/*!40000 ALTER TABLE `usr` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `usr_attrs` +-- + +DROP TABLE IF EXISTS `usr_attrs`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `usr_attrs` ( + `a_id` bigint(20) NOT NULL, + `u_id` bigint(20) NOT NULL, + `a_value` varchar(255) DEFAULT NULL, + PRIMARY KEY (`a_id`,`u_id`), + KEY `FKA39E0E3720331206` (`u_id`), + KEY `FKA39E0E37566C2A8F` (`a_id`), + CONSTRAINT `FKA39E0E3720331206` FOREIGN KEY (`u_id`) REFERENCES `usr` (`userid`), + CONSTRAINT `FKA39E0E37566C2A8F` FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `usr_attrs` +-- + +LOCK TABLES `usr_attrs` WRITE; +/*!40000 ALTER TABLE `usr_attrs` DISABLE KEYS */; +INSERT INTO `usr_attrs` VALUES (1,1,'CONRAD'),(1,2,'MICHAELA'),(1,3,'TINY'),(1,4,'HAI'),(1,5,'MCKENZIE'),(1,6,'CECILY'),(1,7,'LATESHA'),(1,8,'SHAQUANA'),(1,9,'DANNIE'),(1,10,'EUNICE'),(1,11,'LAHOMA'),(1,12,'DOREEN'),(1,13,'WAI'),(1,14,'KACY'),(1,15,'ADINA'),(1,16,'ANTHONY'),(1,17,'ERIC'),(1,18,'MARX'),(1,19,'MADALINE'),(1,20,'ABEL'),(1,21,'CALLIE'),(1,22,'ABE'),(1,23,'LOUIS'),(1,24,'SHAWNNA'),(1,25,'CHAD'),(1,26,'LAKEISHA'),(1,27,'RODNEY'),(1,28,'CARLA'),(1,29,'MARLON'),(1,30,'VERTIE'),(1,31,'DELLA'),(1,32,'CECILIA'),(1,33,'TIERA'),(1,34,'DETRA'),(1,35,'JULES'),(1,36,'DORTHA'),(1,37,'BERENICE'),(1,38,'BRITTANEY'),(1,39,'ALITA'),(1,40,'FREEMAN'),(1,41,'LEEANNA'),(1,42,'JOSH'),(1,43,'DACIA'),(1,44,'FREDERICK'),(1,45,'TRICIA'),(1,46,'ELIN'),(1,47,'FREDRICK'),(1,48,'LYNN'),(1,49,'SIMA'),(1,50,'YUKIKO'),(1,51,'LASHONDA'),(1,52,'CARMON'),(1,53,'BESS'),(1,54,'JACKSON'),(1,55,'GENNA'),(1,56,'JUDIE'),(1,57,'KATHLENE'),(1,58,'OTIS'),(1,59,'BERNARDO'),(1,60,'LIZ'),(1,61,'CHU'),(1,62,'VAL'),(1,63,'JOEY'),(1,64,'CHANCE'),(1,65,'VI'),(1,66,'CARITA'),(1,67,'COURTNEY'),(1,68,'ALDA'),(1,69,'BERTHA'),(1,70,'PAULITA'),(1,71,'NELLIE'),(1,72,'XOCHITL'),(1,73,'KEN'),(1,74,'WANITA'),(1,75,'WILHELMINA'),(1,76,'LETA'),(1,77,'BERT'),(1,78,'IRMA'),(1,79,'OTIS'),(1,80,'NOBUKO'),(1,81,'JED'),(1,82,'PAUL'),(1,83,'CHANCE'),(1,84,'TIJUANA'),(1,85,'AZZIE'),(1,86,'CARYLON'),(1,87,'WAVA'),(1,88,'VENNIE'),(1,89,'FREDDA'),(1,90,'HAYDEE'),(1,91,'ELIJAH'),(1,92,'BETHANIE'),(1,93,'LESLIE'),(1,94,'XENIA'),(1,95,'YUKO'),(1,96,'JALEESA'),(1,97,'KRYSTIN'),(1,98,'KORY'),(1,99,'WAN'),(1,100,'HANH'),(1,101,'ANGELIC'),(1,102,'AUSTIN'),(1,103,'INGA'),(1,104,'LIVIA'),(1,105,'BROOKE'),(1,106,'SUNSHINE'),(1,107,'TWYLA'),(1,108,'MILLARD'),(1,109,'MARGURITE'),(1,110,'MARIKO'),(1,111,'JINNY'),(1,112,'RETHA'),(1,113,'KIMBERY'),(1,114,'SHIRELY'),(1,115,'TODD'),(1,116,'RUPERT'),(1,117,'JIMMIE'),(1,118,'STEPANIE'),(1,119,'ULRIKE'),(1,120,'JINA'),(1,121,'VANNA'),(1,122,'TONA'),(1,123,'BRYAN'),(1,124,'ALEEN'),(1,125,'MARGUERITE'),(1,126,'ELLENA'),(1,127,'PEGGY'),(1,128,'ELNORA'),(1,129,'DREAMA'),(1,130,'HORTENCIA'),(1,131,'OTTO'),(1,132,'ZACHARY'),(1,133,'ANNMARIE'),(1,134,'SAL'),(1,135,'DAMON'),(1,136,'GRACIE'),(1,137,'MARSHALL'),(1,138,'ISIDRA'),(1,139,'CHUNG'),(1,140,'CLAUDIA'),(1,141,'JONELL'),(1,142,'KIMBERLEE'),(1,143,'JEWELL'),(1,144,'FERMINA'),(1,145,'MARTHA'),(1,146,'DEIDRE'),(1,147,'DEWITT'),(1,148,'PETRONILA'),(1,149,'TERI'),(1,150,'CLINT'),(1,151,'TRULA'),(1,152,'TORY'),(1,153,'NELLIE'),(1,154,'BRENDA'),(1,155,'WARREN'),(1,156,'JANYCE'),(1,157,'LELIA'),(1,158,'CHESTER'),(1,159,'MELLISSA'),(1,160,'ADRIAN'),(1,161,'WAN'),(1,162,'DORATHY'),(1,163,'GLYNDA'),(1,164,'MITCHELL'),(1,165,'KATHERIN'),(1,166,'ELISHA'),(1,167,'ARVILLA'),(1,168,'HANNAH'),(1,169,'RUDOLF'),(1,170,'CATHARINE'),(1,171,'CATALINA'),(1,172,'NICOLLE'),(1,173,'ROSELIA'),(1,174,'SLYVIA'),(1,175,'SOLEDAD'),(1,176,'MICHALE'),(1,177,'RAMIRO'),(1,178,'ISA'),(1,179,'CHRISTENA'),(1,180,'MARILU'),(1,181,'MYRIAM'),(1,182,'VICTOR'),(1,183,'JACKELINE'),(1,184,'KEVIN'),(1,185,'EMERITA'),(1,186,'FANNIE'),(1,187,'TERESA'),(1,188,'LASANDRA'),(1,189,'KARIE'),(1,190,'CRYSTLE'),(1,191,'WILLIAN'),(1,192,'MILDRED'),(1,193,'ALISON'),(1,194,'DELFINA'),(1,195,'CUC'),(1,196,'DAKOTA'),(1,197,'NAM'),(1,198,'HYE'),(1,199,'ELFRIEDE'),(1,200,'HIRAM'); +/*!40000 ALTER TABLE `usr_attrs` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `version` +-- + +DROP TABLE IF EXISTS `version`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `version` ( + `version` int(11) NOT NULL, + `admin_version` varchar(255) DEFAULT NULL, + PRIMARY KEY (`version`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `version` +-- + +LOCK TABLES `version` WRITE; +/*!40000 ALTER TABLE `version` DISABLE KEYS */; +INSERT INTO `version` VALUES (3,'3.3.3'); +/*!40000 ALTER TABLE `version` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `vo_membership_req` +-- + +DROP TABLE IF EXISTS `vo_membership_req`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `vo_membership_req` ( + `confirmId` varchar(255) NOT NULL, + `request_id` bigint(20) NOT NULL, + PRIMARY KEY (`request_id`), + KEY `FK28EE8AFBD75D60A4` (`request_id`), + CONSTRAINT `FK28EE8AFBD75D60A4` FOREIGN KEY (`request_id`) REFERENCES `req` (`request_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `vo_membership_req` +-- + +LOCK TABLES `vo_membership_req` WRITE; +/*!40000 ALTER TABLE `vo_membership_req` DISABLE KEYS */; +/*!40000 ALTER TABLE `vo_membership_req` ENABLE KEYS */; +UNLOCK TABLES; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2017-03-21 17:54:26 diff --git a/docker/voms-admin-server/dev/centos7/setup/tnsnames.ora b/docker/voms-admin-server/dev/centos7/setup/tnsnames.ora new file mode 100644 index 00000000..cb8e3488 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/tnsnames.ora @@ -0,0 +1,21 @@ +VOMS= +(DESCRIPTION = + (ADDRESS_LIST = + (ADDRESS = (PROTOCOL = TCP)(HOST = voms-db-02.cr.cnaf.infn.it)(PORT = 1521)) + ) + (CONNECT_DATA = + (SERVICE_NAME = vomsdb2.cr.cnaf.infn.it) + ) + ) + +COLLECTSRV = +(DESCRIPTION = + (ADDRESS = (PROTOCOL = TCP)(HOST = atlas-cluster.cr.cnaf.infn.it)(PORT = 1521)) + (CONNECT_DATA = + (SERVER = DEDICATED) + (SERVICE_NAME = collectsrv.cr.cnaf.infn.it) + (FAILOVER_MODE = + (TYPE = SELECT)(METHOD = BASIC)(RETRIES = 180)(DELAY = 5) + ) + ) + ) diff --git a/docker/voms-admin-server/dev/centos7/setup/upgrade-db.sh b/docker/voms-admin-server/dev/centos7/setup/upgrade-db.sh new file mode 100644 index 00000000..587ec0d1 --- /dev/null +++ b/docker/voms-admin-server/dev/centos7/setup/upgrade-db.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -ex + +VO_NAME_PREFIX=${VOMS_VO_NAME_PREFIX:-"test"} +VO_COUNT=${VOMS_VO_COUNT:-2} + +upgrade_db() { + VO_NAME=${VO_NAME_PREFIX}_$1 + if [[ -n "$VOMS_UPGRADE_DB" ]]; then + voms-db-util upgrade --vo ${VO_NAME} + fi +} + +for i in $(seq 0 ${VO_COUNT}); do + upgrade_db $i +done diff --git a/docker/voms-admin-server/push-image.sh b/docker/voms-admin-server/push-image.sh deleted file mode 100755 index 75b158e4..00000000 --- a/docker/voms-admin-server/push-image.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -ex - -VOMS_ADMIN_SERVER_IMAGE=${VOMS_ADMIN_SERVER_IMAGE:-"italiangrid/voms-admin-server"} - -# The current script directory -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd ${DIR} - -if [ -n ${DOCKER_REGISTRY_HOST} ]; then - docker tag ${VOMS_ADMIN_SERVER_IMAGE} ${DOCKER_REGISTRY_HOST}/${VOMS_ADMIN_SERVER_IMAGE} - docker push ${DOCKER_REGISTRY_HOST}/${VOMS_ADMIN_SERVER_IMAGE} -else - docker push ${VOMS_ADMIN_SERVER_IMAGE} -fi diff --git a/pom.xml b/pom.xml index 1971c9a5..47934cdc 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,8 @@ org.italiangrid voms-admin-parent - 3.7.0 + + 3.8.1 pom VOMS Admin Parent POM @@ -32,22 +33,25 @@ UTF-8 - 4.11 + 4.13.1 + 1.3 2.0.5-beta - 1.6.6 - 1.0.6 - 0.3.6 - 1.2.1 + 1.7.29 + 1.2.3 + 0.4.0 + 1.4 1.4 1.4 8.1.9.v20130131 + 1.1 2.11 - 21.0 + 29.0-jre var/log/voms-admin /code @@ -61,6 +65,19 @@ ${junit.version} + + org.hamcrest + hamcrest-core + ${hamcrest.version} + test + + + org.hamcrest + hamcrest-library + ${hamcrest.version} + test + + org.mockito mockito-core @@ -68,11 +85,13 @@ test + org.slf4j @@ -110,6 +129,12 @@ ${jetty.version} + + org.eclipse.jetty + jetty-client + ${jetty.version} + + org.italiangrid https-utils @@ -237,13 +262,13 @@ cnaf-releases CNAF releases - http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-releases/ + https://repo.cloud.cnaf.infn.it/repository/cnaf-releases/ cnaf-snapshots CNAF snapshots - http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-snapshots/ + https://repo.cloud.cnaf.infn.it/repository/cnaf-snapshots/ diff --git a/voms-admin-api/pom.xml b/voms-admin-api/pom.xml index 54391611..deabe256 100644 --- a/voms-admin-api/pom.xml +++ b/voms-admin-api/pom.xml @@ -5,7 +5,7 @@ org.italiangrid voms-admin-parent - 3.7.0 + 3.8.1 voms-admin-api diff --git a/voms-admin-api/src/main/resources/rebel.xml b/voms-admin-api/src/main/resources/rebel.xml deleted file mode 100644 index d4e7148d..00000000 --- a/voms-admin-api/src/main/resources/rebel.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - - - diff --git a/voms-admin-api/src/wsdl/glite-security-voms-attributes-2.0.2.wsdl b/voms-admin-api/src/wsdl/glite-security-voms-attributes-2.0.2.wsdl index 41a4346f..1e523e57 100644 --- a/voms-admin-api/src/wsdl/glite-security-voms-attributes-2.0.2.wsdl +++ b/voms-admin-api/src/wsdl/glite-security-voms-attributes-2.0.2.wsdl @@ -183,9 +183,6 @@ Built on Jun 14, 2005 (09:15:57 EDT)--> - - - @@ -233,12 +230,6 @@ Built on Jun 14, 2005 (09:15:57 EDT)--> - - - - - - @@ -361,16 +352,6 @@ Built on Jun 14, 2005 (09:15:57 EDT)--> - - - - - - - - - - @@ -651,30 +632,6 @@ Built on Jun 14, 2005 (09:15:57 EDT)--> - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/voms-admin-server/pom.xml b/voms-admin-server/pom.xml index 39f2b017..ed0b8667 100644 --- a/voms-admin-server/pom.xml +++ b/voms-admin-server/pom.xml @@ -16,545 +16,595 @@ limitations under the License. --> - - 4.0.0 - - - org.italiangrid - voms-admin-parent - 3.7.0 - - - voms-admin-server - war - VOMS Admin Server - - - ${project.version} - ${project.version} - 2.0.2 - - 2.3.32 - 2.0.1 - 3.7.1 - 5.2.8.Final - 0.9.5.2 - 2.5.3 - 2.2.2 - 3.2 - - - - - - ${basedir}/src/main/resources - - voms-admin.tld - version.properties - packaging.properties - - - - ${basedir}/src/main/resources - - version.properties - packaging.properties - logback.vomses.xml - rebel.xml - - true - - - - - org.apache.maven.plugins - maven-jar-plugin - - - package - - jar - - - - - - - - org.apache.maven.plugins - maven-war-plugin - - - - WEB-INF/classes/logback*.xml, - WEB-INF/lib/javax*.jar, - WEB-INF/lib/jetty-*.jar, - WEB-INF/lib/bcmail-*.jar, - WEB-INF/lib/bcprov-*.jar, - WEB-INF/lib/canl-*.jar, - WEB-INF/lib/voms-api-java-*.jar, - WEB-INF/lib/https-utils-*.jar, - WEB-INF/lib/org.apache.jasper.*.jar, - WEB-INF/lib/org.eclipse.jdt.core*.jar, - WEB-INF/lib/voms-container*.jar - - - - ${basedir}/src/main/resources - - voms-admin.tld - - - WEB-INF/classes/org/glite/security/voms/admin/jsp - - - - - - - - com.mycila - license-maven-plugin - -
${project.parent.basedir}/license/license.txt
- - src/test/resources/** - **/*.sql - **/*.jpage - **/*.template - **/*.wsdl - **/*.tld - **/*.wsdd - **/*.spec - **/*.pydevproject - **/*.js - **/rebel.xml - bin/** - src/config/sysconfig - src/main/webapp/common/struts/** - src/main/webapp/struts/** - src/main/webapp/style/** - src/main/webapp/assets/** - src/main/webapp/css/** - src/main/webapp/fonts/** - src/main/webapp/jquery-ui/** - src/main/webapp/jsps/** - src/main/resources/vomses-webapp/** - **/*.gitignore - resources/doc/** - resources/scripts/** - resources/templates/aup/** - resources/templates/** - - true -
- - - check-headers - verify - - check - - - -
-
- - voms-admin -
- - - - - org.italiangrid - voms-admin-api - ${project.version} - - - - org.italiangrid - voms-container - ${project.version} - - - - junit - junit - - - - org.mockito - mockito-core - test - - - - org.hibernate - hibernate-core - ${hibernate.version} - - - commons-logging - commons-logging - - - asm - asm-attrs - - - asm - asm - - - - - - org.hibernate - hibernate-c3p0 - ${hibernate.version} - - - - com.google.guava - guava - provided - - - - com.mchange - c3p0 - ${c3p0.version} - runtime - - - - org.eclipse.jetty - jetty-jsp - - - - javax.mail - mail - - - javax.activation - activation - - - - - - commons-collections - commons-collections - 3.2.1 - - - - commons-configuration - commons-configuration - 1.5 - - - commons-logging - commons-logging - - - - - - commons-cli - commons-cli - - - - org.apache.commons - commons-email - 1.1 - - - - org.apache.velocity - velocity - 1.5 - - - - org.apache.commons - commons-math3 - ${commons-math.version} - - - - - mysql - mysql-connector-java - 5.0.7 - - - - - org.apache.struts - struts2-core - ${struts.version} - - - javassist - javassist - - - - - - org.apache.struts - struts2-convention-plugin + + 4.0.0 + + + org.italiangrid + voms-admin-parent + 3.8.1 + + + voms-admin-server + war + VOMS Admin Server + + + ${project.version} + ${project.version} + 2.0.2 + + 2.5.26 + 2.5.2 + 4.0.3 + 5.2.17.Final + 0.9.5.4 + 2.5.3 + 3.0.8 + 3.2 + 5.5.1 + 2.2 + 2.13.3 + + + + + + ${basedir}/src/main/resources + + voms-admin.tld + version.properties + packaging.properties + + + + ${basedir}/src/main/resources + + version.properties + packaging.properties + logback.vomses.xml + rebel.xml + + true + + + + + org.apache.maven.plugins + maven-jar-plugin + + + package + + jar + + + + + + + + org.apache.maven.plugins + maven-war-plugin + + + + WEB-INF/classes/logback*.xml, + WEB-INF/lib/javax*.jar, + WEB-INF/lib/jetty-all-server*.jar, + WEB-INF/lib/jetty-jsp-*.jar, + WEB-INF/lib/bcmail-*.jar, + WEB-INF/lib/bcprov-*.jar, + WEB-INF/lib/canl-*.jar, + WEB-INF/lib/voms-api-java-*.jar, + WEB-INF/lib/https-utils-*.jar, + WEB-INF/lib/org.apache.jasper.*.jar, + WEB-INF/lib/org.eclipse.jdt.core*.jar, + WEB-INF/lib/voms-container*.jar + + + + ${basedir}/src/main/resources + + voms-admin.tld + + + WEB-INF/classes/org/glite/security/voms/admin/jsp + + + + + + + + com.mycila + license-maven-plugin + +
${project.parent.basedir}/license/license.txt
+ + src/test/resources/** + **/*.sql + **/*.jpage + **/*.template + **/*.wsdl + **/*.tld + **/*.wsdd + **/*.spec + **/*.pydevproject + **/*.js + **/rebel.xml + bin/** + src/config/sysconfig + src/main/webapp/common/struts/** + src/main/webapp/struts/** + src/main/webapp/style/** + src/main/webapp/assets/** + src/main/webapp/css/** + src/main/webapp/fonts/** + src/main/webapp/jquery-ui/** + src/main/webapp/jsps/** + src/main/resources/vomses-webapp/** + **/*.gitignore + resources/doc/** + resources/scripts/** + resources/templates/aup/** + resources/templates/** + + true +
+ + + check-headers + verify + + check + + + +
+
+ + voms-admin +
+ + + + + commons-io + commons-io + ${commons-io.version} + + + + org.italiangrid + voms-admin-api + ${project.version} + + + + org.italiangrid + voms-container + ${project.version} + + + + junit + junit + + + + org.hamcrest + hamcrest-core + test + + + + org.hamcrest + hamcrest-library + test + + + + org.mockito + mockito-core + test + + + + org.mock-server + mockserver-netty + ${mock-server.version} + test + + + + org.mock-server + mockserver-client-java + ${mock-server.version} + test + + + + org.hibernate + hibernate-core + ${hibernate.version} + + + commons-logging + commons-logging + + + asm + asm-attrs + + + asm + asm + + + + + + org.hibernate + hibernate-c3p0 + ${hibernate.version} + + + + com.google.guava + guava + provided + + + + com.mchange + c3p0 + ${c3p0.version} + runtime + + + + org.eclipse.jetty + jetty-jsp + + + + org.eclipse.jetty + jetty-client + + + + javax.mail + mail + + + javax.activation + activation + + + + + + commons-collections + commons-collections + 3.2.2 + + + + commons-configuration + commons-configuration + 1.5 + + + commons-logging + commons-logging + + + + + + commons-cli + commons-cli + + + + org.apache.commons + commons-email + 1.1 + + + + org.apache.velocity + velocity + 1.5 + + + + org.apache.commons + commons-math3 + ${commons-math.version} + + + + + mysql + mysql-connector-java + 8.0.16 + + + + + org.apache.struts + struts2-core + ${struts.version} + + + javassist + javassist + + + + + + org.apache.struts + struts2-convention-plugin - ${struts.version} - - - - com.jgeppert.struts2.bootstrap - struts2-bootstrap-plugin - ${struts.boostrap.plugin.version} - - - - com.jgeppert.struts2.jquery - struts2-jquery-plugin - ${struts.jquery.plugin.version} - - - - org.apache.struts - struts2-tiles-plugin - ${struts.version} - - - commons-logging - commons-logging-api - - - - - - - org.apache.tiles - tiles-jsp - ${tiles.version} - - - - org.apache.struts - struts2-json-plugin + ${struts.version} + + + + com.jgeppert.struts2.bootstrap + struts2-bootstrap-plugin + ${struts.bootstrap.plugin.version} + + + + com.jgeppert.struts2.jquery + struts2-jquery-plugin + ${struts.jquery.plugin.version} + + + + org.apache.struts + struts2-tiles-plugin + ${struts.version} + + + commons-logging + commons-logging-api + + + + + + + org.apache.tiles + tiles-jsp + ${tiles.version} + + + + org.apache.struts + struts2-json-plugin - ${struts.version} - - - - - org.opensaml - opensaml - ${opensaml.version} - - - org.slf4j - slf4j-api - - - org.slf4j - slf4j-log4j12 - - - org.slf4j - jcl-over-slf4j - - - org.slf4j - log4j-over-slf4j - - - org.slf4j - jul-to-slf4j - - - org.slf4j - jcl104-over-slf4j - - - org.bouncycastle - bcprov-ext-jdk15 - - - org.bouncycastle - bcprov-jdk15 - - - velocity - velocity - - - - - - - - org.slf4j - slf4j-api - - - - org.slf4j - log4j-over-slf4j - - - - org.slf4j - jcl-over-slf4j - - - - ch.qos.logback - logback-core - - - - ch.qos.logback - logback-classic - - - - org.italiangrid - https-utils - - - - - - EMI - - true - - - - / - /etc/voms-admin - voms - /usr/lib64/oracle/11.2.0.3.0/client/lib64 - /etc/voms - - - - - - maven-assembly-plugin - - - ${basedir}/src/assemble/tarball.xml - - voms-admin - - - - package - - single - - - - - - - - - - dev - - - /opt/voms/ - /opt/voms/etc/voms-admin - - /usr/lib64/oracle/11.2.0.3.0/client/lib64 - /opt/voms/etc/voms - - - - - prod - - - - - - - org.apache.maven.plugins - maven-war-plugin - - - ${basedir}/target/web.xml - - - WEB-INF/classes/logback*.xml, - WEB-INF/lib/javax*.jar, - WEB-INF/lib/jetty-*.jar, - WEB-INF/lib/bcmail-*.jar, - WEB-INF/lib/bcprov-*.jar, - WEB-INF/lib/canl-*.jar, - WEB-INF/lib/voms-api-java-*.jar, - WEB-INF/lib/https-utils-*.jar, - WEB-INF/lib/org.apache.jasper.*.jar, - WEB-INF/lib/org.eclipse.jdt.core*.jar, - WEB-INF/lib/voms-container*.jar - - - - ${basedir}/src/main/resources - - voms-admin.tld - - - WEB-INF/classes/org/glite/security/voms/admin/jsp - - - - - - - org.mortbay.jetty - jetty-jspc-maven-plugin - - - jspc - - jspc - - - - - - - - maven-assembly-plugin - - - ${basedir}/src/assemble/tarball.xml - - voms-admin - - - - package - - single - - - - - - - - + ${struts.version} +
+ + + + org.opensaml + opensaml + ${opensaml.version} + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + org.slf4j + jcl-over-slf4j + + + org.slf4j + log4j-over-slf4j + + + org.slf4j + jul-to-slf4j + + + org.slf4j + jcl104-over-slf4j + + + org.bouncycastle + bcprov-ext-jdk15 + + + org.bouncycastle + bcprov-jdk15 + + + velocity + velocity + + + + + + + + org.slf4j + slf4j-api + + + + org.apache.logging.log4j + log4j-to-slf4j + ${log4j2.version} + + + + org.slf4j + log4j-over-slf4j + + + + org.slf4j + jcl-over-slf4j + + + + ch.qos.logback + logback-core + + + + ch.qos.logback + logback-classic + + + + org.italiangrid + https-utils + +
+ + + + EMI + + true + + + + / + /etc/voms-admin + voms + /usr/lib64/oracle/11.2.0.3.0/client/lib64 + /etc/voms + + + + + + maven-assembly-plugin + + + ${basedir}/src/assemble/tarball.xml + + voms-admin + + + + package + + single + + + + + + + + + + dev + + + /opt/voms/ + /opt/voms/etc/voms-admin + + /usr/lib64/oracle/11.2.0.3.0/client/lib64 + /opt/voms/etc/voms + + + + + prod + + + + + + + org.apache.maven.plugins + maven-war-plugin + + + ${basedir}/target/web.xml + + + WEB-INF/classes/logback*.xml, + WEB-INF/lib/javax*.jar, + WEB-INF/lib/jetty-all-server*.jar, + WEB-INF/lib/jetty-jsp-*.jar, + WEB-INF/lib/bcmail-*.jar, + WEB-INF/lib/bcprov-*.jar, + WEB-INF/lib/canl-*.jar, + WEB-INF/lib/voms-api-java-*.jar, + WEB-INF/lib/https-utils-*.jar, + WEB-INF/lib/org.apache.jasper.*.jar, + WEB-INF/lib/org.eclipse.jdt.core*.jar, + WEB-INF/lib/voms-container*.jar + + + + ${basedir}/src/main/resources + + voms-admin.tld + + + WEB-INF/classes/org/glite/security/voms/admin/jsp + + + + + + + org.mortbay.jetty + jetty-jspc-maven-plugin + + + jspc + + jspc + + + + + + + + maven-assembly-plugin + + + ${basedir}/src/assemble/tarball.xml + + voms-admin + + + + package + + single + + + + + + + +
diff --git a/voms-admin-server/resources/jars/README.md b/voms-admin-server/resources/jars/README.md new file mode 100644 index 00000000..ec7c1508 --- /dev/null +++ b/voms-admin-server/resources/jars/README.md @@ -0,0 +1,11 @@ +Embedding the commons-io 1.3.2 jar here since we have a jar conflict. + +The voms-container (and canl) require 1.3.2 to work properly, while the latest +struts (and in particular the fileupload functionality used for certificate +upload) requires version 2.2. + +Things seem to work fine if 2.2 is embedded in the war, while 1.3.2 is in the +classpath of the voms-container jar, but since maven doesn't allow to manage +multiple versions of a dependency in the build of a component, and the tarball +is build in the voms-admin-server component, the easiest way of including the +1.3.2 jar in the tarball is by explicitly include the file from this directory. diff --git a/voms-admin-server/resources/jars/commons-io-1.3.2.jar b/voms-admin-server/resources/jars/commons-io-1.3.2.jar new file mode 100644 index 00000000..865c9e41 Binary files /dev/null and b/voms-admin-server/resources/jars/commons-io-1.3.2.jar differ diff --git a/voms-admin-server/resources/scripts/configure/voms-clean-tlr-util b/voms-admin-server/resources/scripts/configure/voms-clean-tlr-util new file mode 100644 index 00000000..6c575d2f --- /dev/null +++ b/voms-admin-server/resources/scripts/configure/voms-clean-tlr-util @@ -0,0 +1,6 @@ +#!/bin/bash + +VOMS_ADMIN_JAR=${VOMS_ADMIN_JAR:-/usr/share/java/voms-admin.jar} + +java -cp ${VOMS_ADMIN_JAR}':/var/lib/voms-admin/lib/*:/var/lib/voms-admin/tools' \ + org.glite.security.voms.admin.persistence.tools.CleanupTaskLogRecords $@ diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 482f1cbe..7ae10355 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.6 +#!/usr/bin/env python2 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders. @@ -39,11 +39,10 @@ import random +MYSQL = "mysql" +ORACLE = "oracle" -MYSQL="mysql" -ORACLE="oracle" - -usage="""%prog command [options] +usage = """%prog command [options] Commands: install: installs or reconfigures a VO @@ -61,6 +60,7 @@ VOMS_CERT = "/etc/grid-security/vomscert.pem" VOMS_KEY = "/etc/grid-security/vomskey.pem" + def execute_cmd(cmd, error_msg=None): status = os.system(cmd) @@ -71,55 +71,78 @@ def execute_cmd(cmd, error_msg=None): else: error_and_exit(error_msg) + def backup_dir_contents(d): logger.debug("Backing up contents for directory: %s", d) - backup_filez = glob.glob(os.path.join(d,"*_backup_*")) + backup_filez = glob.glob(os.path.join(d, "*_backup_*")) - ## Remove backup filez + # Remove backup filez for f in backup_filez: - ## Don't remove backup directories potentially created by the user + # Don't remove backup directories potentially created by the user if not os.path.isdir(f): os.remove(f) - filez = glob.glob(os.path.join(d,"*")) - backup_date = time.strftime("%d-%m-%Y_%H-%M-%S",time.gmtime()) + filez = glob.glob(os.path.join(d, "*")) + backup_date = time.strftime("%d-%m-%Y_%H-%M-%S", time.gmtime()) for f in filez: os.rename(f, f+"_backup_"+backup_date) -def check_args_and_options(options,args): + +def check_args_and_options(options, args): if len(args) != 1 or args[0] not in commands: - error_and_exit("Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) + error_and_exit( + "Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) + def setup_cl_options(): - ## Base options - parser.add_option("--vo", dest="vo", help="the VO being configured", metavar="VO") - parser.add_option("--config-owner", dest="config_owner", help="the USER that will own configuration files", metavar="USER", default="voms") - parser.add_option("--verbose", dest="verbose", action="store_true", help="Be verbose.", default=False) - parser.add_option("--dry-run", dest="dry_run", action="store_true", help="Dry run execution. No files are touched.", default=False) - - parser.add_option("--hostname", dest="hostname", help="the VOMS services HOSTNAME", metavar="HOSTNAME", default=socket.gethostname()) - - ## Certificate and trust anchors (used for both voms and voms-admin services) - parser.add_option("--cert", dest="cert", help="the certificate CERT used to run the VOMS services", metavar="CERT", default="/etc/grid-security/hostcert.pem") - parser.add_option("--key", dest="key", help="the private key used to run the VOMS services", metavar="KEY", default="/etc/grid-security/hostkey.pem") - parser.add_option("--trust-dir", dest="trust_dir", help="The directory where CA certificates are stored", metavar="DIR", default="/etc/grid-security/certificates") - parser.add_option("--trust-refresh-period", type="int", dest="trust_refresh_period", help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", default=3600) - - parser.add_option("--skip-voms-core", dest="skip_voms_core", action="store_true", help="Skips VOMS core configuration", default=False) - parser.add_option("--skip-voms-admin", dest="skip_voms_admin", action="store_true", help="Skips VOMS admin configuration", default=False) - parser.add_option("--skip-database", dest="skip_database", action="store_true", help="Skips database operations", default=False) - parser.add_option("--deploy-database", dest="deploy_database", action="store_true", help="Deploys the database for the VO being configured, if not present", default=True) - parser.add_option("--undeploy-database", dest="undeploy_database", action="store_true", help="Undeploys the database for the VO being removed", default=False) + # Base options + parser.add_option("--vo", dest="vo", + help="the VO being configured", metavar="VO") + parser.add_option("--config-owner", dest="config_owner", + help="the USER that will own configuration files", metavar="USER", default="voms") + parser.add_option("--verbose", dest="verbose", + action="store_true", help="Be verbose.", default=False) + parser.add_option("--dry-run", dest="dry_run", action="store_true", + help="Dry run execution. No files are touched.", default=False) + + parser.add_option("--hostname", dest="hostname", help="the VOMS services HOSTNAME", + metavar="HOSTNAME", default=socket.gethostname()) + + # Certificate and trust anchors (used for both voms and voms-admin services) + parser.add_option("--cert", dest="cert", help="the certificate CERT used to run the VOMS services", + metavar="CERT", default="/etc/grid-security/hostcert.pem") + parser.add_option("--key", dest="key", help="the private key used to run the VOMS services", + metavar="KEY", default="/etc/grid-security/hostkey.pem") + parser.add_option("--trust-dir", dest="trust_dir", help="The directory where CA certificates are stored", + metavar="DIR", default="/etc/grid-security/certificates") + parser.add_option("--trust-refresh-period", type="int", dest="trust_refresh_period", + help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", default=3600) + + parser.add_option("--skip-voms-core", dest="skip_voms_core", + action="store_true", help="Skips VOMS core configuration", default=False) + parser.add_option("--skip-voms-admin", dest="skip_voms_admin", + action="store_true", help="Skips VOMS admin configuration", default=False) + parser.add_option("--skip-database", dest="skip_database", + action="store_true", help="Skips database operations", default=False) + parser.add_option("--deploy-database", dest="deploy_database", action="store_true", + help="Deploys the database for the VO being configured, if not present", default=True) + parser.add_option("--undeploy-database", dest="undeploy_database", action="store_true", + help="Undeploys the database for the VO being removed", default=False) # Other base options - parser.add_option("--openssl", dest="openssl", help="the PATH to the openssl command", metavar="PATH", default="openssl") - - ## Admin service options - admin_opt_group = OptionGroup(parser, "VOMS admin options", "These options drive the basic configuration of the VOMS admin service.") - admin_opt_group.add_option("--admin-port", dest="admin_port", type="int", help="the PORT on which the admin service will bind", metavar="PORT", default=8443) - admin_opt_group.add_option("--admin-cert", dest="admin_cert", help="Grants CERT full administrator privileges in the VO", metavar="CERT") - admin_opt_group.add_option("--read-only", dest="read_only", action="store_true", help="Sets the VOMS admin service as read-only", default=False) + parser.add_option("--openssl", dest="openssl", + help="the PATH to the openssl command", metavar="PATH", default="openssl") + + # Admin service options + admin_opt_group = OptionGroup( + parser, "VOMS admin options", "These options drive the basic configuration of the VOMS admin service.") + admin_opt_group.add_option("--admin-port", dest="admin_port", type="int", + help="the PORT on which the admin service will bind", metavar="PORT", default=8443) + admin_opt_group.add_option("--admin-cert", dest="admin_cert", + help="Grants CERT full administrator privileges in the VO", metavar="CERT") + admin_opt_group.add_option("--read-only", dest="read_only", action="store_true", + help="Sets the VOMS admin service as read-only", default=False) admin_opt_group.add_option("--disable-ro-access-for-authenticated-clients", dest="read_only_auth_clients", action="store_false", @@ -132,7 +155,6 @@ def setup_cl_options(): help="Skips the check on the certificate issuer when authenticating VOMS Admin clients", default=False) - admin_opt_group.add_option("--disable-permission-cache", dest="permission_cache_disable", action="store_true", @@ -141,23 +163,28 @@ def setup_cl_options(): parser.add_option_group(admin_opt_group) - - ## DB options - db_opt_group = OptionGroup(parser, "Database configuration options", "These options configure VOMS database access") - db_opt_group.add_option("--dbtype", dest="dbtype", help="The database TYPE (mysql or oracle)", metavar="TYPE", default=MYSQL) - db_opt_group.add_option("--dbname", dest="dbname", help="Sets the VOMS database name to DBNAME", metavar="DBNAME") - db_opt_group.add_option("--dbusername", dest="dbusername", help="Sets the VOMS MySQL username to be created as USER", metavar="USER") - db_opt_group.add_option("--dbpassword", dest="dbpassword", help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") + # DB options + db_opt_group = OptionGroup( + parser, "Database configuration options", "These options configure VOMS database access") + db_opt_group.add_option("--dbtype", dest="dbtype", + help="The database TYPE (mysql or oracle)", metavar="TYPE", default=MYSQL) + db_opt_group.add_option("--dbname", dest="dbname", + help="Sets the VOMS database name to DBNAME", metavar="DBNAME") + db_opt_group.add_option("--dbusername", dest="dbusername", + help="Sets the VOMS MySQL username to be created as USER", metavar="USER") + db_opt_group.add_option("--dbpassword", dest="dbpassword", + help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") parser.add_option_group(db_opt_group) - ## Connection pool options - conn_pool_opt_group = OptionGroup(parser, "Database connection pool options", "These options configure the voms admin service database connection pool") + # Connection pool options + conn_pool_opt_group = OptionGroup(parser, "Database connection pool options", + "These options configure the voms admin service database connection pool") conn_pool_opt_group.add_option("--c3p0-acquire-increment", - type='int', - dest="c3p0_acquire_increment", - help="Sets the number of new connections that are acquired from the database connection pool is exausted.", - metavar="NUM", - default=1) + type='int', + dest="c3p0_acquire_increment", + help="Sets the number of new connections that are acquired from the database connection pool is exausted.", + metavar="NUM", + default=1) conn_pool_opt_group.add_option("--c3p0-idle-test-period", type='int', @@ -196,49 +223,76 @@ def setup_cl_options(): parser.add_option_group(conn_pool_opt_group) - ## MySQL specifics - mysql_opt_group = OptionGroup(parser, "MySQL-specific options", "These options are specific for MySQL database backend configuration") - mysql_opt_group.add_option("--createdb", dest="createdb", action="store_true", help="Creates the MySQL database schema when installing a VO", default=False) - mysql_opt_group.add_option("--dropdb", dest="dropdb", action="store_true", help="Drops the MySQL database schema when removing a VO", default=False) - - mysql_opt_group.add_option("--dbhost",dest="dbhost", help="Sets the HOST where the MySQL database is running", metavar="HOST", default="localhost") - mysql_opt_group.add_option("--dbport",dest="dbport", type='int', help="Sets the PORT where the MySQL database is listening", metavar="PORT", default="3306") - mysql_opt_group.add_option("--mysql-command", dest="mysql_command", help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") - mysql_opt_group.add_option("--dbauser", dest="dbauser", help="Sets MySQL administrator user to USER", metavar="USER", default="root") - mysql_opt_group.add_option("--dbapwd", dest="dbapwd", help="Sets MySQL administrator password to PWD", metavar="PWD") - mysql_opt_group.add_option("--dbapwdfile", dest="dbapwdfile", help="Reads MySQL administrator password from FILE", metavar="FILE") + # MySQL specifics + mysql_opt_group = OptionGroup(parser, "MySQL-specific options", + "These options are specific for MySQL database backend configuration") + mysql_opt_group.add_option("--createdb", dest="createdb", action="store_true", + help="Creates the MySQL database schema when installing a VO", default=False) + mysql_opt_group.add_option("--dropdb", dest="dropdb", action="store_true", + help="Drops the MySQL database schema when removing a VO", default=False) + + mysql_opt_group.add_option( + "--dbhost", dest="dbhost", help="Sets the HOST where the MySQL database is running", metavar="HOST", default="localhost") + mysql_opt_group.add_option("--dbport", dest="dbport", type='int', + help="Sets the PORT where the MySQL database is listening", metavar="PORT", default="3306") + mysql_opt_group.add_option("--mysql-command", dest="mysql_command", + help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") + mysql_opt_group.add_option("--dburlparams", dest="dburlparams", + help="Sets the DB URL params string", metavar="PARAMS") + mysql_opt_group.add_option("--dbauser", dest="dbauser", + help="Sets MySQL administrator user to USER", metavar="USER", default="root") + mysql_opt_group.add_option( + "--dbapwd", dest="dbapwd", help="Sets MySQL administrator password to PWD", metavar="PWD") + mysql_opt_group.add_option("--dbapwdfile", dest="dbapwdfile", + help="Reads MySQL administrator password from FILE", metavar="FILE") parser.add_option_group(mysql_opt_group) - ## ORACLE specifics - oracle_opt_group = OptionGroup(parser, "Oracle-specific options", "These options are specific for Oracle database backend configuration") - oracle_opt_group.add_option("--use-thin-driver", dest="use_thin_driver", action="store_true", help="Configures the Oracle database using the pure-java native driver", default=False) + # ORACLE specifics + oracle_opt_group = OptionGroup(parser, "Oracle-specific options", + "These options are specific for Oracle database backend configuration") + oracle_opt_group.add_option("--use-thin-driver", dest="use_thin_driver", action="store_true", + help="Configures the Oracle database using the pure-java native driver", default=False) parser.add_option_group(oracle_opt_group) - ## VOMS core specifics - voms_core_opt_group = OptionGroup(parser, "VOMS core options", "These options drive the configuration of the VOMS core service.") - voms_core_opt_group.add_option("--core-port", dest="core_port", type="int", help="the PORT on which the VOMS core service will bind", metavar="PORT") - voms_core_opt_group.add_option("--libdir", dest="libdir", help="the DIR where VOMS core will look for the database plugin modules.", metavar="PORT") - voms_core_opt_group.add_option("--logdir", dest="logdir", help="the VOMS core log directory DIR", metavar="DIR") - voms_core_opt_group.add_option("--sqlloc", dest="sqlloc", help="the PATH to the VOMS core database access library", metavar="PATH") - voms_core_opt_group.add_option("--uri", dest="uri", help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", metavar="URI") - voms_core_opt_group.add_option("--timeout", dest="timeout", type="int", help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) - voms_core_opt_group.add_option("--socktimeout", dest="socktimeout", type="int", help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", metavar="SECS", default=60) - voms_core_opt_group.add_option("--shortfqans", dest="shortfqans", action="store_true", help="Configures VOMS to use the short fqans syntax", default=False) - voms_core_opt_group.add_option("--skip-ca-check", dest="skip_ca_check", action="store_true", help="Configures VOMS to only consider a certificate subject when checking VO user membership", default=False) - voms_core_opt_group.add_option("--max-reqs", type="int", dest="max_reqs", help="Sets the maximum number of concurrent request that the VOMS service can handle.", default=50) + # VOMS core specifics + voms_core_opt_group = OptionGroup( + parser, "VOMS core options", "These options drive the configuration of the VOMS core service.") + voms_core_opt_group.add_option("--core-port", dest="core_port", type="int", + help="the PORT on which the VOMS core service will bind", metavar="PORT") + voms_core_opt_group.add_option( + "--libdir", dest="libdir", help="the DIR where VOMS core will look for the database plugin modules.", metavar="PORT") + voms_core_opt_group.add_option( + "--logdir", dest="logdir", help="the VOMS core log directory DIR", metavar="DIR") + voms_core_opt_group.add_option( + "--sqlloc", dest="sqlloc", help="the PATH to the VOMS core database access library", metavar="PATH") + voms_core_opt_group.add_option( + "--uri", dest="uri", help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", metavar="URI") + voms_core_opt_group.add_option("--timeout", dest="timeout", type="int", + help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) + voms_core_opt_group.add_option("--socktimeout", dest="socktimeout", type="int", + help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", metavar="SECS", default=60) + voms_core_opt_group.add_option("--shortfqans", dest="shortfqans", action="store_true", + help="Configures VOMS to use the short fqans syntax", default=False) + voms_core_opt_group.add_option("--skip-ca-check", dest="skip_ca_check", action="store_true", + help="Configures VOMS to only consider a certificate subject when checking VO user membership", default=False) + voms_core_opt_group.add_option("--max-reqs", type="int", dest="max_reqs", + help="Sets the maximum number of concurrent request that the VOMS service can handle.", default=50) parser.add_option_group(voms_core_opt_group) - ## Registration service specifics - registration_opt_group = OptionGroup(parser, "Registration service options", "These options configure the VOMS Admin registration service") - registration_opt_group.add_option("--disable-registration", dest="enable_registration", action="store_false", help="Disables registration service for the VO", default=True) - registration_opt_group.add_option("--aup-url", dest="aup_url", help="Sets a custom URL for the VO AUP.", metavar="URL") + # Registration service specifics + registration_opt_group = OptionGroup( + parser, "Registration service options", "These options configure the VOMS Admin registration service") + registration_opt_group.add_option("--disable-registration", dest="enable_registration", + action="store_false", help="Disables registration service for the VO", default=True) + registration_opt_group.add_option( + "--aup-url", dest="aup_url", help="Sets a custom URL for the VO AUP.", metavar="URL") registration_opt_group.add_option("--aup-signature-grace-period", type="int", dest="aup_signature_grace_period", help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", metavar="DAYS", default="15") - + registration_opt_group.add_option("--aup-reminders", dest="aup_reminders", help="Comma-separated list of instants (in days) before the end of AUP grace period when reminders must be sent to users that need to sign the AUP.", @@ -247,17 +301,17 @@ def setup_cl_options(): registration_opt_group.add_option("--enable-attribute-requests", dest="enable_attribute_requests", action="store_true", help="Enable attribute request at registration time.", default=False) - - registration_opt_group.add_option("--disable-mandatory-group-manager-selection", - dest="require_group_manager_selection", + + registration_opt_group.add_option("--disable-mandatory-group-manager-selection", + dest="require_group_manager_selection", action="store_false", - help="Disable manadatory group manager selection.", + help="Disable manadatory group manager selection.", default=True) registration_opt_group.add_option("--group-manager-role", type="string", dest="group_manager_role", help="Group manager role name. (default value: Group-Manager)", default="Group-Manager") - + registration_opt_group.add_option("--membership-request-lifetime", type="int", dest="membership_request_lifetime", help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", metavar="SECS", default=604800) @@ -270,19 +324,25 @@ def setup_cl_options(): parser.add_option_group(registration_opt_group) + # Membership checks configuration + membership_opt_group = OptionGroup( + parser, "Membership checks options", "These options configure the VOMS Admin membership checks") - ## Membership checks configuration - membership_opt_group = OptionGroup(parser, "Membership checks options", "These options configure the VOMS Admin membership checks") + membership_opt_group.add_option("--preserve-expired-members", action="store_true", dest="preserve_expired_members", + help="Do not suspend users whose membership has expired.", default=False) + membership_opt_group.add_option("--preserve-aup-failing-members", action="store_true", dest="preserve_aup_failing_members", + help="Do not suspend users that fail to sign the AUP in time.", default=False) + membership_opt_group.add_option("--disable-membership-end-time", action="store_true", + dest="disable_membership_end_time", help="Disable membership end time checks completely.", default=False) - membership_opt_group.add_option("--preserve-expired-members", action="store_true", dest="preserve_expired_members", help="Do not suspend users whose membership has expired.", default=False) - membership_opt_group.add_option("--preserve-aup-failing-members", action="store_true", dest="preserve_aup_failing_members", help="Do not suspend users that fail to sign the AUP in time.", default=False) - membership_opt_group.add_option("--disable-membership-end-time", action="store_true", dest="disable_membership_end_time", help="Disable membership end time checks completely.", default=False) - - membership_opt_group.add_option("--disable-membership-expiration-warnings", action="store_true", dest="disable_membership_expiration_warning", help="Disable membership expiration warnings.", default=False) + membership_opt_group.add_option("--disable-membership-expiration-warnings", action="store_true", + dest="disable_membership_expiration_warning", help="Disable membership expiration warnings.", default=False) - membership_opt_group.add_option("--membership-default-lifetime", type="int", dest="membership_default_lifetime", help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12) + membership_opt_group.add_option("--membership-default-lifetime", type="int", dest="membership_default_lifetime", + help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12) - membership_opt_group.add_option("--membership-check-period", type="int", dest="membership_check_period", help="The membership check background thread period (in seconds)", metavar="SECS", default=600) + membership_opt_group.add_option("--membership-check-period", type="int", dest="membership_check_period", + help="The membership check background thread period (in seconds)", metavar="SECS", default=600) membership_opt_group.add_option("--membership-expiration-warning-period", type="int", dest="membership_expiration_warning_period", help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", @@ -296,12 +356,14 @@ def setup_cl_options(): help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", metavar="DAYS", default=1) - parser.add_option_group(membership_opt_group) - saml_opt_group = OptionGroup(parser, "SAML Attribute Authority options", "These options configure the VOMS SAML attribute authority service") - saml_opt_group.add_option("--enable-saml", dest="enable_saml", action="store_true", help="Turns on the VOMS SAML service.", default=False) - saml_opt_group.add_option("--saml-lifetime", dest="saml_lifetime", type="int", help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) + saml_opt_group = OptionGroup(parser, "SAML Attribute Authority options", + "These options configure the VOMS SAML attribute authority service") + saml_opt_group.add_option("--enable-saml", dest="enable_saml", action="store_true", + help="Turns on the VOMS SAML service.", default=False) + saml_opt_group.add_option("--saml-lifetime", dest="saml_lifetime", type="int", + help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) saml_opt_group.add_option("--disable-compulsory-group-membership", action="store_false", dest="compulsory_group_membership", @@ -309,9 +371,10 @@ def setup_cl_options(): parser.add_option_group(saml_opt_group) - - x509aa_opt_group = OptionGroup(parser, "X.509 AC Attribute Authority options", "These options configure the VOMS X.509 attribute authority service") - x509aa_opt_group.add_option("--enable-x509-aa", dest="enable_x509_aa", action="store_true", help="Turns on the X.509 Attribute authority", default=False) + x509aa_opt_group = OptionGroup(parser, "X.509 AC Attribute Authority options", + "These options configure the VOMS X.509 attribute authority service") + x509aa_opt_group.add_option("--enable-x509-aa", dest="enable_x509_aa", action="store_true", + help="Turns on the X.509 Attribute authority", default=False) x509aa_opt_group.add_option("--x509-aa-port", dest="x509_aa_port", type="int", help="An additional port used to serve VOMS legacy request.", @@ -329,17 +392,25 @@ def setup_cl_options(): parser.add_option_group(x509aa_opt_group) - notification_opt_group = OptionGroup(parser, "Notification service options", "These options configure the VOMS Admin notification service") - notification_opt_group.add_option("--mail-from", dest="mail_from",help="The EMAIL address used for VOMS Admin notification messages.", metavar="EMAIL") - notification_opt_group.add_option("--smtp-host", dest="smtp_host",help="The HOST where VOMS Admin will deliver notification messages.", metavar="HOST") - notification_opt_group.add_option("--disable-notification", dest="disable_notification", action="store_true", help=" Turns off the VOMS admin notification service.", default=False) - notification_opt_group.add_option("--notification-username", dest="notification_username",help="SMTP authentication USERNAME", metavar="USERNAME", default="") - notification_opt_group.add_option("--notification-password", dest="notification_password",help="SMTP authentication PASSWORD", metavar="PASSWORD", default="") - notification_opt_group.add_option("--notification-use-tls", action="store_true", dest="notification_use_tls",help="Use TLS to connect to SMTP server", default=False) + notification_opt_group = OptionGroup( + parser, "Notification service options", "These options configure the VOMS Admin notification service") + notification_opt_group.add_option( + "--mail-from", dest="mail_from", help="The EMAIL address used for VOMS Admin notification messages.", metavar="EMAIL") + notification_opt_group.add_option( + "--smtp-host", dest="smtp_host", help="The HOST where VOMS Admin will deliver notification messages.", metavar="HOST") + notification_opt_group.add_option("--disable-notification", dest="disable_notification", + action="store_true", help=" Turns off the VOMS admin notification service.", default=False) + notification_opt_group.add_option("--notification-username", dest="notification_username", + help="SMTP authentication USERNAME", metavar="USERNAME", default="") + notification_opt_group.add_option("--notification-password", dest="notification_password", + help="SMTP authentication PASSWORD", metavar="PASSWORD", default="") + notification_opt_group.add_option("--notification-use-tls", action="store_true", + dest="notification_use_tls", help="Use TLS to connect to SMTP server", default=False) parser.add_option_group(notification_opt_group) - other_opt_group = OptionGroup(parser, "Other fancy options", "Configuration options that do not fall in the other categories") + other_opt_group = OptionGroup(parser, "Other fancy options", + "Configuration options that do not fall in the other categories") other_opt_group.add_option("--disable-conf-backup", dest="enable_conf_backup", action="store_false", @@ -361,14 +432,13 @@ def setup_cl_options(): parser.add_option_group(other_opt_group) - def configure_logging(options): """ Configures logging so that debug and info messages are routed to stdout and higher level messages are to stderr. Debug messages are shown only if verbose option is set """ class InfoAndBelowLoggingFilter(logging.Filter): - def filter(self,record): + def filter(self, record): if record.levelno <= logging.INFO: return 1 return 0 @@ -390,9 +460,10 @@ def filter(self,record): logger = logging.getLogger("voms-admin") logger.addHandler(out) logger.addHandler(err) - logger.propagate=False + logger.propagate = False logger.debug("Logging configured") + def check_required_options(options, required_opts): def option_name_from_var(var_name): return "--"+re.sub(r'_', '-', var_name) @@ -403,7 +474,8 @@ def option_name_from_var(var_name): missing_opts.append(option_name_from_var(o)) if len(missing_opts) > 0: - error_and_exit("Please set the following required options:\n\t%s" % '\n\t'.join(missing_opts)) + error_and_exit( + "Please set the following required options:\n\t%s" % '\n\t'.join(missing_opts)) def check_install_options(options): @@ -412,7 +484,8 @@ def check_install_options(options): error_and_exit("Please set the VO option") if options.skip_voms_core and options.skip_voms_admin: - error_and_exit("There's not much to do if --skip-voms-core and --skip-voms-admin are both set!") + error_and_exit( + "There's not much to do if --skip-voms-core and --skip-voms-admin are both set!") required_opts = ["vo", "dbusername", "dbpassword"] @@ -433,10 +506,12 @@ def check_remove_options(options): if not options.vo: error_and_exit("Please set the VO option") + def check_upgrade_options(options): if not options.vo: error_and_exit("Please set the VO option") + def service_cert_sanity_checks(options): if not os.path.exists(options.cert): error_and_exit("Service certificate %s not found." % options.cert) @@ -445,55 +520,66 @@ def service_cert_sanity_checks(options): error_and_exit("Service private key %s not found." % options.key) if not os.path.exists(options.trust_dir): - error_and_exit("Service trust anchor directory %s not found." % options.trust_dir) + error_and_exit( + "Service trust anchor directory %s not found." % options.trust_dir) + def config_owner_ids(options): try: pwd_info = pwd.getpwnam(options.config_owner) return (pwd_info[2], pwd_info[3]) except KeyError: - logger.warn("User %s is not configured on this system." % options.config_owner) + logger.warn("User %s is not configured on this system." % + options.config_owner) if os.geteuid() == 0: - error_and_exit("User %s is not configured on this system." % options.config_owner) + error_and_exit( + "User %s is not configured on this system." % options.config_owner) + def create_voms_service_certificate(options): if os.geteuid() == 0 and not options.dry_run: - logger.info("Creating VOMS services certificate in %s, %s" % (VOMS_CERT, VOMS_KEY)) + logger.info("Creating VOMS services certificate in %s, %s" % + (VOMS_CERT, VOMS_KEY)) shutil.copy(HOST_CERT, VOMS_CERT) shutil.copy(HOST_KEY, VOMS_KEY) (owner_id, owner_group_id) = config_owner_ids(options) - os.chown(VOMS_CERT,owner_id, owner_group_id) - os.chown(VOMS_KEY,owner_id, owner_group_id) + os.chown(VOMS_CERT, owner_id, owner_group_id) + os.chown(VOMS_KEY, owner_id, owner_group_id) - os.chmod(VOMS_CERT,0644) - os.chmod(VOMS_KEY,0400) + os.chmod(VOMS_CERT, 0644) + os.chmod(VOMS_KEY, 0400) options.cert = VOMS_CERT options.key = VOMS_KEY + def setup_service_certificate(options): service_cert_sanity_checks(options) if options.cert == HOST_CERT and options.key == HOST_KEY and os.geteuid() == 0: create_voms_service_certificate(options) + def driver_class(options): if options.dbtype == MYSQL: return VOMSDefaults.mysql_driver_class if options.dbtype == ORACLE: return VOMSDefaults.oracle_driver_class + def driver_dialect(options): if options.dbtype == MYSQL: return VOMSDefaults.mysql_dialect else: return VOMSDefaults.oracle_dialect + def change_owner_and_set_perms(path, owner_id, group_id, perms): if os.geteuid() == 0: os.chown(path, owner_id, group_id) os.chmod(path, perms) + def write_and_set_permissions(options, path, contents, perms): f = open(path, "w") f.write(contents) @@ -501,7 +587,8 @@ def write_and_set_permissions(options, path, contents, perms): os.chmod(path, perms) if os.getuid() == 0: (owner_id, group_id) = config_owner_ids(options) - os.chown(path,owner_id,group_id) + os.chown(path, owner_id, group_id) + def append_and_set_permissions(path, contents, owner_id, group_id, perms): f = open(path, "a") @@ -509,10 +596,18 @@ def append_and_set_permissions(path, contents, owner_id, group_id, perms): f.close() change_owner_and_set_perms(path, owner_id, group_id, perms) + def dburl_mysql(options): - return "jdbc:mysql://%s:%d/%s" % (options.dbhost, - options.dbport, - options.dbname) + if options.dburlparams: + return "jdbc:mysql://%s:%d/%s?%s" % (options.dbhost, + options.dbport, + options.dbname, + options.dburlparams) + else: + return "jdbc:mysql://%s:%d/%s" % (options.dbhost, + options.dbport, + options.dbname) + def dburl_oracle(options): if options.use_thin_driver: @@ -522,20 +617,24 @@ def dburl_oracle(options): else: return "jdbc:oracle:oci:@%s" % (options.dbname) + def dburl(options): if options.dbtype == MYSQL: return dburl_mysql(options) else: return dburl_oracle(options) + def create_admin_db_properties(options): db_options = dict(dbdriver=driver_class(options), dbdialect=driver_dialect(options), dburl=dburl(options)) - template = string.Template(open(VOMSDefaults.db_props_template,"r").read()) - db_properties = template.substitute(**dict(db_options.items()+options.__dict__.items())) + template = string.Template( + open(VOMSDefaults.db_props_template, "r").read()) + db_properties = template.substitute( + **dict(db_options.items()+options.__dict__.items())) logger.debug("Admin service database properties:\n%s" % db_properties) @@ -545,8 +644,10 @@ def create_admin_db_properties(options): db_properties, 0640) + def create_admin_service_properties(options): - template = string.Template(open(VOMSDefaults.service_props_template,"r").read()) + template = string.Template( + open(VOMSDefaults.service_props_template, "r").read()) service_props = template.substitute(**options.__dict__) logger.debug("Admin service properties:\n%s" % service_props) @@ -556,6 +657,7 @@ def create_admin_service_properties(options): service_props, 0640) + def create_endpoint_info(options): endpoint_path = admin_service_endpoint_path(options.vo) @@ -566,6 +668,8 @@ def create_endpoint_info(options): endpoint_path, url, 0644) + + def create_vomses(options): cert = X509Helper(options.cert, openssl_cmd=options.openssl) @@ -585,6 +689,8 @@ def create_vomses(options): vomses_path(options.vo), vomses, 0644) + + def create_lsc(options): cert = X509Helper(options.cert, openssl_cmd=options.openssl) lsc = "%s\n%s" % (cert.subject, cert.issuer) @@ -594,9 +700,11 @@ def create_lsc(options): lsc_path(options.vo), lsc, 0644) + + def create_aup(options): if not options.dry_run: - shutil.copyfile(VOMSDefaults.vo_aup_template,aup_path(options.vo)) + shutil.copyfile(VOMSDefaults.vo_aup_template, aup_path(options.vo)) if os.geteuid() == 0: (owner_id, group_id) = config_owner_ids(options) change_owner_and_set_perms(aup_path(options.vo), @@ -604,9 +712,11 @@ def create_aup(options): group_id, 0644) + def create_logging_configuration(options): if not options.dry_run: - shutil.copyfile(VOMSDefaults.logging_conf_template,admin_logging_conf_path(options.vo)) + shutil.copyfile(VOMSDefaults.logging_conf_template, + admin_logging_conf_path(options.vo)) if os.geteuid() == 0: (owner_id, group_id) = config_owner_ids(options) change_owner_and_set_perms(admin_logging_conf_path(options.vo), @@ -614,20 +724,22 @@ def create_logging_configuration(options): group_id, 0644) + def create_admin_configuration(options): if os.path.exists(admin_conf_dir(options.vo)): - logger.info("VOMS Admin service configuration for VO %s exists.", options.vo) + logger.info( + "VOMS Admin service configuration for VO %s exists.", options.vo) if not options.dry_run and options.enable_conf_backup: backup_dir_contents(admin_conf_dir(options.vo)) else: - ## Set the deploy database option if the VO is - ## installed for the first time on this host and this - ## is not meant as a replica + # Set the deploy database option if the VO is + # installed for the first time on this host and this + # is not meant as a replica if not options.skip_database: options.deploy_database = True # options.createdb = True - ## FIXME: set permissions + # FIXME: set permissions if not options.dry_run: os.makedirs(admin_conf_dir(options.vo)) @@ -643,28 +755,27 @@ def create_admin_configuration(options): def create_voms_conf(options): core_opts = dict(core_logfile=os.path.join(options.logdir, "voms.%s" % options.vo), - core_passfile=voms_pass_path(options.vo), - core_sqlloc=os.path.join(options.libdir, options.sqlloc)) - + core_passfile=voms_pass_path(options.vo), + core_sqlloc=os.path.join(options.libdir, options.sqlloc)) - template = string.Template(open(VOMSDefaults.voms_template,"r").read()) + template = string.Template(open(VOMSDefaults.voms_template, "r").read()) all_core_opts = dict(core_opts.items() + options.__dict__.items()) voms_props = template.substitute(**all_core_opts) if options.skip_ca_check: - voms_props+="\n--skipcacheck" + voms_props += "\n--skipcacheck" if options.shortfqans: - voms_props+="\n--shortfqans" + voms_props += "\n--shortfqans" logger.debug("VOMS Core configuration:\n%s" % voms_props) if not options.dry_run: - ## Core configuration + # Core configuration write_and_set_permissions(options, voms_conf_path(options.vo), voms_props, 0644) - ## Core password file + # Core password file write_and_set_permissions(options, voms_pass_path(options.vo), options.dbpassword+"\n", @@ -672,13 +783,15 @@ def create_voms_conf(options): logger.info("VOMS core service configured succesfully.") + def create_core_configuration(options): if os.path.exists(core_conf_dir(options.vo)): - logger.info("VOMS core service configuration for VO %s already exists.", options.vo) + logger.info( + "VOMS core service configuration for VO %s already exists.", options.vo) if not options.dry_run and options.enable_conf_backup: backup_dir_contents(core_conf_dir(options.vo)) else: - ## FIXME: set permissions + # FIXME: set permissions os.makedirs(core_conf_dir(options.vo)) create_voms_conf(options) @@ -687,6 +800,7 @@ def create_core_configuration(options): def generate_password(length=8, chars=string.ascii_uppercase + string.digits): return ''.join(random.choice(chars) for x in range(length)) + def setup_core_defaults(options): if not options.uri: options.uri = "%s:%d" % (options.hostname, options.core_port) @@ -706,7 +820,7 @@ def setup_core_defaults(options): def setup_defaults(options): if not options.dbname and options.dbtype == MYSQL: - options.dbname = "voms_%s" % (re.sub(r"[-.]","_",options.vo)) + options.dbname = "voms_%s" % (re.sub(r"[-.]", "_", options.vo)) if not options.dbhost: options.dbhost = "localhost" @@ -721,39 +835,52 @@ def setup_defaults(options): if options.createdb or options.dropdb: if not options.dbapwd: - error_and_exit("Please set at least the --dbapwd option when attempting MySQL schema creation/removal.") + error_and_exit( + "Please set at least the --dbapwd option when attempting MySQL schema creation/removal.") + def setup_admin_defaults(options): if not options.aup_url: options.aup_url = "file:%s" % aup_path(options.vo) + def create_mysql_db(options): createdb_cmd = mysql_util_cmd("create_db", options) if not options.dbapwd or len(options.dbapwd) == 0: - logger.warn("WARNING: No password has been specified for the mysql root account.") + logger.warn( + "WARNING: No password has been specified for the mysql root account.") execute_cmd(createdb_cmd, "Error creating MySQL database schema.") + def deploy_database(options): logger.info("Deploying database for VO %s", options.vo) if options.dbtype == MYSQL and options.createdb: create_mysql_db(options) - execute_cmd(voms_deploy_database_cmd(options.vo), "Error deploying VOMS database!") - logger.info("Adding VO administrator reading information from %s", options.cert) - execute_cmd(voms_add_admin_cmd(options.vo, options.cert, ignore_email=True), "Error adding VO administrator!") + execute_cmd(voms_deploy_database_cmd(options.vo), + "Error deploying VOMS database!") + logger.info( + "Adding VO administrator reading information from %s", options.cert) + execute_cmd(voms_add_admin_cmd(options.vo, options.cert, + ignore_email=True), "Error adding VO administrator!") if options.read_only_auth_clients: - logger.info("Adding read-only access to authenticated clients on the VO.") - execute_cmd(voms_ro_auth_clients_cmd(options.vo), "Error setting read-only access on the VO!") + logger.info( + "Adding read-only access to authenticated clients on the VO.") + execute_cmd(voms_ro_auth_clients_cmd(options.vo), + "Error setting read-only access on the VO!") if options.admin_cert: - logger.info("Adding VO administrator reading information from %s", options.admin_cert) - execute_cmd(voms_add_admin_cmd(options.vo, options.admin_cert), "Error adding VO administrator!") + logger.info( + "Adding VO administrator reading information from %s", options.admin_cert) + execute_cmd(voms_add_admin_cmd(options.vo, options.admin_cert), + "Error adding VO administrator!") + def do_admin_install(options): - logger.info("Configuring VOMS admin service for vo %s" , options.vo) + logger.info("Configuring VOMS admin service for vo %s", options.vo) setup_service_certificate(options) setup_admin_defaults(options) create_admin_configuration(options) @@ -763,7 +890,7 @@ def do_admin_install(options): def do_core_install(options): - logger.info("Configuring VOMS core service for vo %s" , options.vo) + logger.info("Configuring VOMS core service for vo %s", options.vo) if options.skip_voms_admin: setup_service_certificate(options) @@ -771,6 +898,7 @@ def do_core_install(options): create_core_configuration(options) pass + def do_install(options): check_install_options(options) setup_defaults(options) @@ -789,41 +917,49 @@ def upgrade_database(options): def undeploy_database(options): - logger.warning("Undeploying database for VO %s. The database contents will be lost.", options.vo) + logger.warning( + "Undeploying database for VO %s. The database contents will be lost.", options.vo) if options.dbtype == MYSQL and options.dropdb: - execute_cmd(mysql_util_cmd("drop_db", options), "Error dropping MySQL database for VO %s!" % options.vo) + execute_cmd(mysql_util_cmd("drop_db", options), + "Error dropping MySQL database for VO %s!" % options.vo) else: - execute_cmd(voms_undeploy_database_cmd(options.vo), "Error undeploying VOMS database for VO %s!" % (options.vo)) + execute_cmd(voms_undeploy_database_cmd(options.vo), + "Error undeploying VOMS database for VO %s!" % (options.vo)) + def remove_dir_and_contents(directory): logger.info("Removing directory %s and its contents", directory) if os.path.exists(directory): for i in glob.glob(directory+"/*"): - logger.debug("Removing %s",i) + logger.debug("Removing %s", i) os.remove(i) os.rmdir(directory) + def do_remove(options): check_remove_options(options) setup_defaults(options) if not options.skip_voms_admin: if not os.path.exists(admin_conf_dir(options.vo)): - logger.error("The VOMS Admin service for VO %s is not configured on this host.", options.vo) + logger.error( + "The VOMS Admin service for VO %s is not configured on this host.", options.vo) else: if options.undeploy_database: if not options.skip_database: undeploy_database(options) else: - logger.warning("Database will not be dropped since --skip-database option is set.") + logger.warning( + "Database will not be dropped since --skip-database option is set.") logger.info("Removing VOMS Admin service configuration") remove_dir_and_contents(admin_conf_dir(options.vo)) if not options.skip_voms_core: if not os.path.exists(core_conf_dir(options.vo)): - logger.error("The VOMS core service for VO %s is not configured on this host.", options.vo) + logger.error( + "The VOMS core service for VO %s is not configured on this host.", options.vo) else: logger.info("Removing VOMS core service configuration") remove_dir_and_contents(core_conf_dir(options.vo)) @@ -834,17 +970,20 @@ def do_upgrade(options): setup_defaults(options) if not os.path.exists(admin_conf_dir(options.vo)): - logger.error("The VOMS Admin service for VO %s is not configured on this host.", options.vo) + logger.error( + "The VOMS Admin service for VO %s is not configured on this host.", options.vo) else: logger.info("Upgrading database for VO %s to the latest version.", options.vo) upgrade_database(options) logger.info("Upgrade completed successfully.") + def error_and_exit(msg): logger.critical(msg) exit(1) + def main(): setup_cl_options() (options, args) = parser.parse_args() @@ -864,5 +1003,6 @@ def main(): except: logger.exception("Unexpected error caught!") + if __name__ == '__main__': main() diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index 06663068..712f880a 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.6 +#!/usr/bin/env python2 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders. @@ -19,12 +19,14 @@ # Andrea Ceccanti (INFN) # -import sys,string,os +import sys +import string +import os from sys import stderr, exit from optparse import OptionParser from voms_shared import VOMSDefaults, X509Helper, get_oracle_env -usage="""%prog [options] command +usage = """%prog [options] command Commands: check-connectivity: checks database connection @@ -40,33 +42,44 @@ """ parser = OptionParser(usage) -commands = ["deploy","undeploy","upgrade","check-connectivity","grant-read-only-access", "add-admin", "remove-admin"] +commands = ["deploy", "undeploy", "upgrade", "check-connectivity", + "grant-read-only-access", "add-admin", "remove-admin"] + def setup_cl_options(): - parser.add_option("--vo", dest="vo", help="the VO for which database operations are performed", metavar="VO") - parser.add_option("--dn", dest="admin_dn", help="the DN of the administrator certificate", metavar="DN") - parser.add_option("--ca", dest="admin_ca", help="the DN of the CA that issued the administrator certificate", metavar="DN") - parser.add_option("--email", dest="admin_email", help="the EMAIL address of the administrator", metavar="EMAIL") - parser.add_option("--cert", dest="admin_cert", help="the x.509 CERTIFICATE of the administrator being created", metavar="CERTIFICATE") - parser.add_option("--ignore-cert-email", dest="admin_ignore_cert_email", action="store_true", help="ignores the email address in the certificate passed in with the --cert option") + parser.add_option( + "--vo", dest="vo", help="the VO for which database operations are performed", metavar="VO") + parser.add_option("--dn", dest="admin_dn", + help="the DN of the administrator certificate", metavar="DN") + parser.add_option("--ca", dest="admin_ca", + help="the DN of the CA that issued the administrator certificate", metavar="DN") + parser.add_option("--email", dest="admin_email", + help="the EMAIL address of the administrator", metavar="EMAIL") + parser.add_option("--cert", dest="admin_cert", + help="the x.509 CERTIFICATE of the administrator being created", metavar="CERTIFICATE") + parser.add_option("--ignore-cert-email", dest="admin_ignore_cert_email", action="store_true", + help="ignores the email address in the certificate passed in with the --cert option") + def error_and_exit(msg): print >>stderr, msg exit(1) + def build_classpath(): - + jars = VOMSDefaults.voms_admin_libs - + if len(jars) == 0: raise ValueError, "voms-admin jar files not found!" - + jars.append(VOMSDefaults.voms_admin_jar) jars.append(VOMSDefaults.voms_admin_classes) - - return string.join(jars,":") -def do_basic_command(options,command): + return string.join(jars, ":") + + +def do_basic_command(options, command): cmd = "%s java -cp %s %s --command %s --vo %s" % (get_oracle_env(), build_classpath(), VOMSDefaults.schema_deployer_class, @@ -77,38 +90,39 @@ def do_basic_command(options,command): def do_add_admin(options): - + email = None - + if options.admin_cert: cert = X509Helper(options.admin_cert) dn = cert.subject ca = cert.issuer - + if not options.admin_ignore_cert_email: email = cert.email else: dn = options.admin_dn ca = options.admin_ca email = options.admin_email - + if not email: print "WARNING: No email was specified for this administrator! The new administrator will not receive VOMS Admin notifications" - + cmd = "%s java -cp %s %s --command add-admin --vo %s --dn '%s' --ca '%s'" % (get_oracle_env(), - build_classpath(), - VOMSDefaults.schema_deployer_class, - options.vo, - dn, - ca) + build_classpath(), + VOMSDefaults.schema_deployer_class, + options.vo, + dn, + ca) if email: cmd += " --email '%s' " % email - + status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) + def do_remove_admin(options): - + if options.admin_cert: cert = X509Helper(options.admin_cert) dn = cert.subject @@ -116,7 +130,7 @@ def do_remove_admin(options): else: dn = options.admin_dn ca = options.admin_ca - + cmd = "%s java -cp %s %s --command remove-admin --vo %s --dn '%s' --ca '%s' " % (get_oracle_env(), build_classpath(), VOMSDefaults.schema_deployer_class, @@ -126,29 +140,35 @@ def do_remove_admin(options): status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) -def check_args_and_options(options,args): + +def check_args_and_options(options, args): if len(args) != 1 or args[0] not in commands: - error_and_exit("Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) - + error_and_exit( + "Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) + if not options.vo: error_and_exit("Please specify a VO with the --vo option.") - - if args[0] in ("add-admin","remove-admin"): - + + if args[0] in ("add-admin", "remove-admin"): + if (not options.admin_dn or not options.admin_ca) and not options.admin_cert: - error_and_exit("Please specify an administrator either providing a certificate with the --cert option, or with the --dn and --ca options.") - + error_and_exit( + "Please specify an administrator either providing a certificate with the --cert option, or with the --dn and --ca options.") + if options.admin_cert and (options.admin_dn or options.admin_ca): - error_and_exit("The --cert option and --dn,--ca are mutually exclusive.") - + error_and_exit( + "The --cert option and --dn,--ca are mutually exclusive.") + if not options.admin_cert and options.admin_ignore_cert_email: - error_and_exit("The --ignore-cert-email must be used together with the --cert option.") + error_and_exit( + "The --ignore-cert-email must be used together with the --cert option.") + def main(): setup_cl_options() - (options,args) = parser.parse_args() + (options, args) = parser.parse_args() check_args_and_options(options, args) - + command = args[0] if command == "add-admin": @@ -157,6 +177,7 @@ def main(): do_remove_admin(options) else: do_basic_command(options, command) - + + if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py index 277cbec1..62a87609 100644 --- a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2.6 +#!/usr/bin/env python2 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders. @@ -19,8 +19,11 @@ # Andrea Ceccanti (INFN) from optparse import OptionParser -from sys import stderr,exit -import subprocess,re, string, socket +from sys import stderr, exit +import subprocess +import re +import string +import socket usage = """%prog [options] command @@ -35,22 +38,35 @@ """ parser = OptionParser(usage=usage) + def setup_cl_options(): - parser.add_option("--dbauser", dest="dbauser", help="Sets MySQL administrator user to USER", metavar="USER", default="root") - parser.add_option("--dbapwd", dest="dbapwd", help="Sets MySQL administrator password to PWD", metavar="PWD") - parser.add_option("--dbapwdfile", dest="dbapwdfile", help="Reads MySQL administrator password from FILE", metavar="FILE") - parser.add_option("--dbusername", dest="username", help="Sets the VOMS MySQL username to be created as USER", metavar="USER") - parser.add_option("--vomshost", dest="voms_host", help="Sets the HOST where VOMS is running", metavar="HOST") - parser.add_option("--dbpassword", dest="password", help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") - parser.add_option("--dbname", dest="dbname", help="Sets the VOMS database name to DBNAME", metavar="DBNAME") - parser.add_option("--dbhost",dest="host", help="Sets the HOST where MySQL is running", metavar="HOST", default="localhost") - parser.add_option("--dbport",dest="port", help="Sets the PORT where MySQL is listening", metavar="PORT", default="3306") - parser.add_option("--mysql-command", dest="command", help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") + parser.add_option("--dbauser", dest="dbauser", + help="Sets MySQL administrator user to USER", metavar="USER", default="root") + parser.add_option("--dbapwd", dest="dbapwd", + help="Sets MySQL administrator password to PWD", metavar="PWD") + parser.add_option("--dbapwdfile", dest="dbapwdfile", + help="Reads MySQL administrator password from FILE", metavar="FILE") + parser.add_option("--dbusername", dest="username", + help="Sets the VOMS MySQL username to be created as USER", metavar="USER") + parser.add_option("--vomshost", dest="voms_host", + help="Sets the HOST where VOMS is running", metavar="HOST") + parser.add_option("--dbpassword", dest="password", + help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") + parser.add_option("--dbname", dest="dbname", + help="Sets the VOMS database name to DBNAME", metavar="DBNAME") + parser.add_option("--dbhost", dest="host", + help="Sets the HOST where MySQL is running", metavar="HOST", default="localhost") + parser.add_option("--dbport", dest="port", + help="Sets the PORT where MySQL is listening", metavar="PORT", default="3306") + parser.add_option("--mysql-command", dest="command", + help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") + def error_and_exit(msg): print >>stderr, msg exit(1) - + + def build_mysql_command_preamble(options): if options.dbapwdfile: try: @@ -59,7 +75,7 @@ def build_mysql_command_preamble(options): error_and_exit(e.strerror) else: dbapwd = options.dbapwd - + if not dbapwd: mysql_cmd = "%s -u%s --host %s --port %s" % (options.command, options.dbauser, @@ -73,19 +89,20 @@ def build_mysql_command_preamble(options): options.port) return mysql_cmd - def db_exists(options): mysql_cmd = build_mysql_command_preamble(options) - - mysql_proc = subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE) + + mysql_proc = subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE) try: print >>mysql_proc.stdin, "use %s;" % options.dbname mysql_proc.stdin.close() except IOError as e: err_msg = mysql_proc.stderr.read() - error_and_exit("Error checking database existence: %s. %s" % (e, err_msg)) - + error_and_exit( + "Error checking database existence: %s. %s" % (e, err_msg)) + status = mysql_proc.wait() if status == 0: return True @@ -96,26 +113,30 @@ def db_exists(options): return False else: error_and_exit("Error checking schema existence: %s" % err_msg) - + + def create_db(options): print "Creating database %s" % options.dbname - + if db_exists(options): print "Schema for database %s already exists, will not create it..." % options.dbname else: mysql_cmd = build_mysql_command_preamble(options) - ## The database is not there, let's create it - mysql_proc = subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE) + # The database is not there, let's create it + mysql_proc = subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE) print >>mysql_proc.stdin, "create database %s;" % options.dbname mysql_proc.stdin.close() status = mysql_proc.wait() if status != 0: - error_and_exit("Error creating MySQL database %s: %s" % (options.dbname, mysql_proc.stdout.read())) - + error_and_exit("Error creating MySQL database %s: %s" % + (options.dbname, mysql_proc.stdout.read())) + grant_rw_access(options) - + print "Done." + def drop_db(options): print "Dropping database %s" % options.dbname if not db_exists(options): @@ -123,55 +144,67 @@ def drop_db(options): exit(1) else: mysql_cmd = build_mysql_command_preamble(options) - mysql_proc = subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE) + mysql_proc = subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE) print >>mysql_proc.stdin, "drop database %s;" % options.dbname mysql_proc.stdin.close() status = mysql_proc.wait() if status != 0: - error_and_exit("Error dropping MySQL database %s: %s" % (options.dbname, mysql_proc.stdout.read())) + error_and_exit("Error dropping MySQL database %s: %s" % + (options.dbname, mysql_proc.stdout.read())) print "Done." + def grant_rw_access(options): - print "Granting user %s read/write access on database %s" % (options.username, options.dbname) + print "Granting user %s read/write access on database %s" % ( + options.username, options.dbname) mysql_cmd = build_mysql_command_preamble(options) - + if len(options.username) > 16: - error_and_exit("MySQL database accont names cannot be longer than 16 characters.") - + error_and_exit( + "MySQL database accont names cannot be longer than 16 characters.") + if db_exists(options): - mysql_proc = subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE) - hosts = ['localhost','localhost.%',socket.gethostname(),socket.getfqdn()] - + mysql_proc = subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE) + hosts = ['localhost', 'localhost.%', + socket.gethostname(), socket.getfqdn()] + if options.voms_host: - hosts = [options.voms_host,options.voms_host + '.%'] - + hosts = [options.voms_host, options.voms_host + '.%'] + for host in hosts: print >>mysql_proc.stdin, "grant all privileges on %s.* to '%s'@'%s' identified by '%s' with grant option;" % (options.dbname, - options.username, - host, - options.password) + options.username, + host, + options.password) print >>mysql_proc.stdin, "flush privileges;" mysql_proc.stdin.close() status = mysql_proc.wait() if status != 0: - error_and_exit("Error granting read/write access to user %s on database %s: %s" % (options.username, + error_and_exit("Error granting read/write access to user %s on database %s: %s" % (options.username, options.dbname, mysql_proc.stdout.read())) + def grant_ro_access(): - print "Granting user %s read-only access on database %s" % (options.username, options.dbname) + print "Granting user %s read-only access on database %s" % ( + options.username, options.dbname) mysql_cmd = build_mysql_command_preamble(options) - + if len(options.username) > 16: - error_and_exit("MySQL database accont names cannot be longer than 16 characters.") - + error_and_exit( + "MySQL database accont names cannot be longer than 16 characters.") + if db_exists(options): - mysql_proc = subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE) - hosts = ['localhost','localhost.%',socket.gethostname(),socket.getfqdn()] - + mysql_proc = subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE) + hosts = ['localhost', 'localhost.%', + socket.gethostname(), socket.getfqdn()] + if options.voms_host: - hosts = [options.voms_host,options.voms_host + '.%'] - + hosts = [options.voms_host, options.voms_host + '.%'] + for host in hosts: print >>mysql_proc.stdin, "grant select on %s.* to '%s'@'%s' identified by '%s';" % (options.dbname, options.username, @@ -180,55 +213,63 @@ def grant_ro_access(): print >>mysql_proc.stdin, "flush privileges;" mysql_proc.stdin.close() status = mysql_proc.wait() - + if status != 0: - error_and_exit("Error granting read-only access to user %s on database %s: %s" % (options.username, + error_and_exit("Error granting read-only access to user %s on database %s: %s" % (options.username, options.dbname, mysql_proc.stdout.read())) - -supported_commands = {'create_db': create_db, - 'drop_db': drop_db, - 'grant_rw_access': grant_rw_access, + +supported_commands = {'create_db': create_db, + 'drop_db': drop_db, + 'grant_rw_access': grant_rw_access, 'grant_ro_access': grant_ro_access} -required_options = [ "username", "password", "dbname"] +required_options = ["username", "password", "dbname"] + def check_mysql_command(options): test_cmd = "%s --version" % options.command - proc = subprocess.Popen(test_cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + proc = subprocess.Popen(test_cmd, shell=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) (out, err) = proc.communicate() - + combined_output = "%s %s" % (out, err) - + status = proc.wait() - + if status != 0: - error_and_exit("Error executing %s: %s. Check your MySQL client installation." % (options.command, combined_output.strip())) - + error_and_exit("Error executing %s: %s. Check your MySQL client installation." % ( + options.command, combined_output.strip())) + + def check_args_and_options(options, args): if len(args) != 1 or args[0] not in supported_commands.keys(): - error_and_exit("Please specify a single command among the following:\n\t%s" % "\n\t".join(supported_commands.keys())) - + error_and_exit("Please specify a single command among the following:\n\t%s" % + "\n\t".join(supported_commands.keys())) + missing_options = [] - + if not options.username: - missing_options.append("--dbusername") + missing_options.append("--dbusername") if not options.password: missing_options.append("--dbpassword") if not options.dbname: missing_options.append("--dbname") - + if len(missing_options) != 0: - error_and_exit("Please specify the following missing options:\n\t%s" % "\n\t".join(missing_options)) - + error_and_exit("Please specify the following missing options:\n\t%s" % + "\n\t".join(missing_options)) + + def main(): setup_cl_options() (options, args) = parser.parse_args() - check_args_and_options(options,args) + check_args_and_options(options, args) check_mysql_command(options) - + supported_commands[args[0]](options) - + + if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/voms-admin-server/resources/scripts/configure/voms_shared.py b/voms-admin-server/resources/scripts/configure/voms_shared.py index 91d10d87..dc353a1c 100644 --- a/voms-admin-server/resources/scripts/configure/voms_shared.py +++ b/voms-admin-server/resources/scripts/configure/voms_shared.py @@ -21,62 +21,78 @@ __voms_version__ = "${pom.version}" __voms_prefix__ = "${package.prefix}" -import re, commands, exceptions, os.path, glob, platform +import re +import commands +import exceptions +import os.path +import glob +import platform + def mysql_util_cmd(command, options): db_cmd = "%s %s --dbauser %s --dbusername %s --dbpassword '%s' --dbname %s --dbhost %s --dbport %s --mysql-command %s" % (VOMSDefaults.voms_mysql_util, - command, - options.dbauser, - options.dbusername, - options.dbpassword, - options.dbname, - options.dbhost, - options.dbport, - options.mysql_command) - + command, + options.dbauser, + options.dbusername, + options.dbpassword, + options.dbname, + options.dbhost, + options.dbport, + options.mysql_command) + if options.dbapwdfile: dbapwd = open(options.dbapwdfile).read() options.dbapwd = dbapwd - + if options.dbapwd: db_cmd += " --dbapwd=%s" % options.dbapwd - + return db_cmd + def voms_add_admin_cmd(vo, cert, ignore_email=False): if ignore_email: return "%s %s" % (__voms_db_util_base_cmd(vo, "add-admin"), "--cert %s --ignore-cert-email" % cert) else: return "%s %s" % (__voms_db_util_base_cmd(vo, "add-admin"), "--cert %s" % cert) + def voms_ro_auth_clients_cmd(vo): return __voms_db_util_base_cmd(vo, "grant-read-only-access") - + + def voms_deploy_database_cmd(vo): return __voms_db_util_base_cmd(vo, "deploy") + def voms_undeploy_database_cmd(vo): return __voms_db_util_base_cmd(vo, "undeploy") + def voms_upgrade_database_cmd(vo): return __voms_db_util_base_cmd(vo, "upgrade") + def __voms_db_util_base_cmd(vo, command): return "%s %s --vo %s" % (VOMSDefaults.voms_db_util, command, vo) + def voms_version(): if __voms_version__ == "${pom.version": return "unset" return __voms_version__ + def voms_prefix(): if __voms_prefix__ == "${package.prefix}": return "/opt/voms" else: return __voms_prefix__ + def template_prefix(): - return os.path.join(voms_prefix(), "usr","share", "voms-admin","templates") + return os.path.join(voms_prefix(), "usr", "share", "voms-admin", "templates") + def admin_conf_dir(vo=None): if vo is None: @@ -84,178 +100,199 @@ def admin_conf_dir(vo=None): else: return os.path.join(voms_prefix(), "etc", "voms-admin", vo) + def core_conf_dir(vo=None): if vo is None: - return os.path.join(voms_prefix(), "etc","voms") + return os.path.join(voms_prefix(), "etc", "voms") else: - return os.path.join(voms_prefix(), "etc","voms", vo) + return os.path.join(voms_prefix(), "etc", "voms", vo) + def admin_db_properties_path(vo): return os.path.join(admin_conf_dir(vo), "database.properties") + def admin_service_properties_path(vo): return os.path.join(admin_conf_dir(vo), "service.properties") + def admin_service_endpoint_path(vo): return os.path.join(admin_conf_dir(vo), "service-endpoint") + def admin_logging_conf_path(vo): return os.path.join(admin_conf_dir(vo), "logback.xml") + def vomses_path(vo): return os.path.join(admin_conf_dir(vo), "vomses") + def lsc_path(vo): return os.path.join(admin_conf_dir(vo), "lsc") + def aup_path(vo): return os.path.join(admin_conf_dir(vo), "vo-aup.txt") + def voms_log_path(): - return os.path.join(voms_prefix(),"var", "log", "voms") + return os.path.join(voms_prefix(), "var", "log", "voms") + def voms_conf_path(vo): return os.path.join(core_conf_dir(), vo, "voms.conf") + def voms_pass_path(vo): return os.path.join(core_conf_dir(), vo, "voms.pass") + def voms_lib_dir(): - prefix=voms_prefix() - + prefix = voms_prefix() + plat = platform.machine() libdir = "lib" - + if plat == "x86_64": - ## FIXME: understand how this behaves in Debian + # FIXME: understand how this behaves in Debian libdir = "lib64" - - return os.path.join(prefix,"usr", libdir) + + return os.path.join(prefix, "usr", libdir, "voms") + class VOMSDefaults: db_props_template = os.path.join(template_prefix(), "database.properties") - service_props_template = os.path.join(template_prefix(),"service.properties") - voms_template = os.path.join(template_prefix(),"voms.conf") - - vo_aup_template = os.path.join(template_prefix(),"vo-aup.txt") + service_props_template = os.path.join( + template_prefix(), "service.properties") + voms_template = os.path.join(template_prefix(), "voms.conf") + + vo_aup_template = os.path.join(template_prefix(), "vo-aup.txt") logging_conf_template = os.path.join(template_prefix(), "logback.xml") - - voms_admin_war = os.path.join(voms_prefix(), "usr","share","webapps","voms-admin.war") - - voms_admin_libs = glob.glob(os.path.join(voms_prefix(),"var", "lib","voms-admin","lib")+"/*.jar") - voms_admin_classes = os.path.join(voms_prefix(),"var", "lib","voms-admin","tools") - voms_admin_jar = os.path.join(voms_prefix(), "usr", "share","java","voms-admin.jar") - - voms_db_util = os.path.join(voms_prefix(),"usr", "sbin","voms-db-util") - voms_mysql_util = os.path.join(voms_prefix(), "usr", "sbin", "voms-mysql-util") - + + voms_admin_war = os.path.join( + voms_prefix(), "usr", "share", "webapps", "voms-admin.war") + + voms_admin_libs = glob.glob(os.path.join( + voms_prefix(), "var", "lib", "voms-admin", "lib")+"/*.jar") + voms_admin_classes = os.path.join( + voms_prefix(), "var", "lib", "voms-admin", "tools") + voms_admin_jar = os.path.join( + voms_prefix(), "usr", "share", "java", "voms-admin.jar") + + voms_db_util = os.path.join(voms_prefix(), "usr", "sbin", "voms-db-util") + voms_mysql_util = os.path.join( + voms_prefix(), "usr", "sbin", "voms-mysql-util") + schema_deployer_class = "org.glite.security.voms.admin.persistence.deployer.SchemaDeployer" - + oracle_driver_class = "oracle.jdbc.driver.OracleDriver" oracle_dialect = "org.hibernate.dialect.Oracle9Dialect" - - mysql_driver_class = "org.gjt.mm.mysql.Driver" - mysql_dialect = "org.hibernate.dialect.MySQL5InnoDBDialect" + mysql_driver_class = "com.mysql.cj.jdbc.Driver" + mysql_dialect = "org.hibernate.dialect.MySQL5InnoDBDialect" def parse_sysconfig(): - sysconfig_filename = os.path.join(voms_prefix(), + sysconfig_filename = os.path.join(voms_prefix(), "etc", "sysconfig", "voms-admin") - + helper = PropertyHelper(sysconfig_filename) return helper + def get_oracle_env(): sysconfig = parse_sysconfig() template_str = "LD_LIBRARY_PATH=$ORACLE_LIBRARY_PATH TNS_ADMIN=$TNS_ADMIN" template = string.Template(template_str) return template.substitute(sysconfig) - -class VOMSError(exceptions.RuntimeError): + + +class VOMSError(exceptions.RuntimeError): pass + class PropertyHelper(dict): empty_or_comment_lines = re.compile("^\\s*$|^#.*$") property_matcher = re.compile("^\\s*([^=\\s]+)=?\\s*(\\S.*)$") - - def __init__(self,filename): + def __init__(self, filename): self._filename = filename self._load_properties() - + def _load_properties(self): - f = open(self._filename,"r") + f = open(self._filename, "r") for l in f: if re.match(PropertyHelper.empty_or_comment_lines, l) is None: - m = re.search(PropertyHelper.property_matcher,l) + m = re.search(PropertyHelper.property_matcher, l) if m: - PropertyHelper.__setitem__(self,m.groups()[0],m.groups()[1]) + PropertyHelper.__setitem__( + self, m.groups()[0], m.groups()[1]) f.close() - + def save_properties(self): def helper(l): - m = re.search(PropertyHelper.property_matcher,l) + m = re.search(PropertyHelper.property_matcher, l) if m: - return re.sub("=.*$","=%s" % self[m.groups()[0]],l) + return re.sub("=.*$", "=%s" % self[m.groups()[0]], l) else: return l - - f = open(self._filename,"rw+") - lines = map(helper,f.readlines()) + + f = open(self._filename, "rw+") + lines = map(helper, f.readlines()) f.seek(0) f.writelines(lines) f.truncate() f.close() - - + class X509Helper: - def __init__(self,filename, openssl_cmd=None): - self.filename= filename + def __init__(self, filename, openssl_cmd=None): + self.filename = filename self.openssl_cmd = openssl_cmd self.parse() - + def parse(self): - + if self.openssl_cmd: openssl = self.openssl_cmd else: openssl = 'openssl' - + base_cmd = openssl+' x509 -in \'%s\' -noout ' % self.filename - - status,subject = commands.getstatusoutput(base_cmd+'-subject') + + status, subject = commands.getstatusoutput(base_cmd+'-subject') if status: - raise VOMSError, "Error invoking openssl: "+ subject - - status,issuer = commands.getstatusoutput(base_cmd+'-issuer') + raise VOMSError, "Error invoking openssl: " + subject + + status, issuer = commands.getstatusoutput(base_cmd+'-issuer') if status: - raise VOMSError, "Error invoking openssl: "+ issuer - - - status,email = commands.getstatusoutput(base_cmd+'-email') + raise VOMSError, "Error invoking openssl: " + issuer + + status, email = commands.getstatusoutput(base_cmd+'-email') if status: - raise VOMSError, "Error invoking openssl: "+ email - - self.subject = re.sub(r'^subject= ','',subject.strip()) - self.issuer = re.sub(r'^issuer= ','',issuer.strip()) - self.subject = re.sub(r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=','/Email=',self.subject) - + raise VOMSError, "Error invoking openssl: " + email + + self.subject = re.sub(r'^subject= ', '', subject.strip()) + self.issuer = re.sub(r'^issuer= ', '', issuer.strip()) + self.subject = re.sub( + r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', '/Email=', self.subject) + # Handle emailAddress also in the CA DN (Bug #36490) - self.issuer = re.sub(r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=','/Email=',self.issuer) - + self.issuer = re.sub( + r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', '/Email=', self.issuer) + # Handle also UID - self.subject = re.sub(r'/(UserId|USERID|userId|userid|uid|Uid)=','/UID=',self.subject) - + self.subject = re.sub( + r'/(UserId|USERID|userId|userid|uid|Uid)=', '/UID=', self.subject) + self.email = email.strip() - + # Check that only first email address is taken from the certificate, the openssl -email command # returns one address per line emails = email.splitlines(False) if len(emails) > 0: self.email = emails[0] - - + def __repr__(self): return 'Subject:%s\nIssuer:%s\nEmail:%s' % (self.subject, self.issuer, self.email) diff --git a/voms-admin-server/resources/scripts/info-providers/voms-config-info-providers.sh b/voms-admin-server/resources/scripts/info-providers/voms-config-info-providers.sh index f4dc5c46..1818c27d 100644 --- a/voms-admin-server/resources/scripts/info-providers/voms-config-info-providers.sh +++ b/voms-admin-server/resources/scripts/info-providers/voms-config-info-providers.sh @@ -18,7 +18,7 @@ # determine the hostname -SERVICE_HOST=`hostname` +SERVICE_HOST=$(hostname -f) # configuration template INFO_PROVIDER_CONF_TEMPLATE_DIR="/usr/share/voms-admin/info-providers" diff --git a/voms-admin-server/resources/scripts/init/voms-vo-ctl.sh b/voms-admin-server/resources/scripts/init/voms-vo-ctl.sh new file mode 100755 index 00000000..1570f942 --- /dev/null +++ b/voms-admin-server/resources/scripts/init/voms-vo-ctl.sh @@ -0,0 +1,173 @@ +#!/bin/bash +if [ -n "${VERBOSE}" ]; then + set -x +fi +## return value +RETVAL=0 + +conf_dir="/etc/voms-admin/" +deploy_dir="/var/lib/voms-admin/vo.d" +configured_vos=$(find ${conf_dir} -maxdepth 1 -mindepth 1 -type d -exec basename {} \;) + +deploy_vos() { + vos=$1 + + if [ -z "$vos" ]; then + vos=$configured_vos + fi + + for vo in $vos; do + if [ $# -gt 1 ]; then + echo -n "Deploying vo($vo): " + fi + check_vo_name "$vo" + if [ -f $deploy_dir/$vo ]; then + if [ $# -gt 1 ]; then + success "already deployed" + fi + else + touch $deploy_dir/$vo + if [ $# -gt 1 ]; then + success + fi + fi + done +} + +undeploy_vos() { + vos=$1 + + if [ -z "$vos" ]; then + vos=$configured_vos + fi + + for vo in $vos; do + if [ $# -gt 1 ]; then + echo -n "Undeploying vo($vo): " + fi + if [ -f $deploy_dir/$vo ]; then + rm -f $deploy_dir/$vo + if [ $# -gt 1 ]; then + success + fi + else + if [ $# -gt 1 ]; then + success "was not deployed" + fi + fi + done +} + +check_vo_name() { + + for v in $configured_vos; do + [ "$v" = "$1" ] && return 0 + done + + failure "not configured" + exit 1 + +} + +deploy_dir_is_empty(){ + deployed_vos=`find $deploy_dir -maxdepth 1 -mindepth 1 -type f -exec basename {} \;` + if [ -z "$deployed_vos" ]; then + return 0; + else + return 1; + fi +} + +list(){ + + if [ -z "$configured_vos" ]; then + echo "no configured VO found" + return 0; + fi + + for v in ${configured_vos}; do + echo -n "$v" + if [ -f "${deploy_dir}/$v" ]; then + echo " (deployed)" + else + echo " (not deployed)" + fi + done +} + +init(){ + deploy_dir_is_empty + if [ $? -eq 0 ]; then + deploy_vos "$configured_vos" "verbose" + else + deployed_vos=`find $deploy_dir -maxdepth 1 -mindepth 1 -type f -exec basename {} \; | sort` + echo "Deployed VOs:" + for v in $deployed_vos; do + echo " $v" + done + fi + success +} + +success() +{ + + if [ ! -z "$1" ]; then + echo -n "$1" + fi + + RES_COL=60 + echo -en "\\033[${RES_COL}G" + echo -n "[ " + echo -en "\\033[1;32m" + echo -n OK + echo -en "\\033[0;39m" + echo -n " ]" + echo -ne "\r" + echo + + return 0 +} + + +failure() +{ + rc=$? + + if [ ! -z "$1" ]; then + echo -n "$1" + fi + + RES_COL=60 + echo -en "\\033[${RES_COL}G" + echo -n "[" + echo -en "\\033[1;31m" + echo -n FAILED + echo -en "\\033[0;39m" + echo -n "]" + echo -ne "\r" + echo + + return $rc +} + +case "$1" in + list) + list + ;; + + deploy) + deploy_vos "$2" "verbose" + ;; + + undeploy) + undeploy_vos "$2" "verbose" + ;; + + *) + echo "Usage: $0 {list|deploy|undeploy}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/voms-admin-server/resources/systemd/voms-admin.service b/voms-admin-server/resources/systemd/voms-admin.service new file mode 100644 index 00000000..8e158864 --- /dev/null +++ b/voms-admin-server/resources/systemd/voms-admin.service @@ -0,0 +1,15 @@ +[Unit] +Description=VOMS Admin service + +[Service] +WorkingDirectory=/var/lib/voms-admin +EnvironmentFile=-/etc/sysconfig/voms-admin +User=voms +Type=simple +ExecStart=/usr/bin/java $VOMS_JAVA_OPTS -cp /usr/share/java/voms-container.jar:$OJDBC_JAR org.italiangrid.voms.container.Container >/var/log/voms-admin/voms-admin.out 2>/var/log/voms-admin/voms-admin.err +ExecStop=/bin/kill -TERM $MAINPID +KillMode=process +SuccessExitStatus=143 + +[Install] +WantedBy=multi-user.target diff --git a/voms-admin-server/src/assemble/tarball.xml b/voms-admin-server/src/assemble/tarball.xml index 8234b630..adee81f8 100644 --- a/voms-admin-server/src/assemble/tarball.xml +++ b/voms-admin-server/src/assemble/tarball.xml @@ -81,6 +81,15 @@ 0755 + + + resources/jars + /var/lib/voms-admin/lib + + commons-io-1.3.2.jar + + 0644 + @@ -92,6 +101,7 @@ org.italiangrid:voms-container + commons-io:commons-io @@ -120,6 +130,14 @@ 0644 + + + resources/scripts/init/voms-vo-ctl.sh + /usr/sbin + voms-vo-ctl + 0755 + + resources/scripts/configure/voms_configure.py /usr/sbin @@ -190,6 +208,13 @@ 0755 true + + + resources/systemd/voms-admin.service + /usr/lib/systemd/system + 0644 + + src/main/resources/c3p0.properties /var/lib/voms-admin/tools diff --git a/voms-admin-server/src/config/sysconfig b/voms-admin-server/src/config/sysconfig index c3c00b99..12e38052 100644 --- a/voms-admin-server/src/config/sysconfig +++ b/voms-admin-server/src/config/sysconfig @@ -14,8 +14,5 @@ ORACLE_LIBRARY_PATH=${package.oracle_library_path} # Default oracle tnsnames.ora location TNS_ADMIN=${package.tns_admin} -# To debug the service, uncomment the following variable -# VOMS_DEBUG=y - -# Sets the VOMS debug port -# VOMS_DEBUG_PORT=8998 +# VOMS ADMIN JVM options +VOMS_JAVA_OPTS="-Xmx512m -Xms512m" diff --git a/voms-admin-server/src/main/java/it/infn/cnaf/voms/saml/axis_skeletons/AttributeAuthoritySoapBindingSkeleton.java b/voms-admin-server/src/main/java/it/infn/cnaf/voms/saml/axis_skeletons/AttributeAuthoritySoapBindingSkeleton.java index 6ecbeb29..a89fe3f5 100644 --- a/voms-admin-server/src/main/java/it/infn/cnaf/voms/saml/axis_skeletons/AttributeAuthoritySoapBindingSkeleton.java +++ b/voms-admin-server/src/main/java/it/infn/cnaf/voms/saml/axis_skeletons/AttributeAuthoritySoapBindingSkeleton.java @@ -22,9 +22,10 @@ package it.infn.cnaf.voms.saml.axis_skeletons; -public class AttributeAuthoritySoapBindingSkeleton implements - it.infn.cnaf.voms.saml.axis_skeletons.AttributeAuthorityPortType, - org.apache.axis.wsdl.Skeleton { +@SuppressWarnings({"serial", "rawtypes"}) +public class AttributeAuthoritySoapBindingSkeleton + implements it.infn.cnaf.voms.saml.axis_skeletons.AttributeAuthorityPortType, + org.apache.axis.wsdl.Skeleton { private it.infn.cnaf.voms.saml.axis_skeletons.AttributeAuthorityPortType impl; private static java.util.Map _myOperations = new java.util.Hashtable(); @@ -33,8 +34,7 @@ public class AttributeAuthoritySoapBindingSkeleton implements /** * Returns List of OperationDesc objects with this name */ - public static java.util.List getOperationDescByName( - java.lang.String methodName) { + public static java.util.List getOperationDescByName(java.lang.String methodName) { return (java.util.List) _myOperations.get(methodName); } @@ -51,17 +51,17 @@ public static java.util.Collection getOperationDescs() { org.apache.axis.description.OperationDesc _oper; org.apache.axis.description.FaultDesc _fault; org.apache.axis.description.ParameterDesc[] _params; - _params = new org.apache.axis.description.ParameterDesc[] { new org.apache.axis.description.ParameterDesc( - new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", - "AttributeQuery"), org.apache.axis.description.ParameterDesc.IN, - new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", - "AttributeQueryType"), org.opensaml.saml2.core.AttributeQuery.class, - false, false), }; - _oper = new org.apache.axis.description.OperationDesc("attributeQuery", - _params, new javax.xml.namespace.QName( - "urn:oasis:names:tc:SAML:2.0:protocol", "Response")); - _oper.setReturnType(new javax.xml.namespace.QName( - "urn:oasis:names:tc:SAML:2.0:protocol", "ResponseType")); + _params = new org.apache.axis.description.ParameterDesc[] { + new org.apache.axis.description.ParameterDesc( + new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", "AttributeQuery"), + org.apache.axis.description.ParameterDesc.IN, + new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", + "AttributeQueryType"), + org.opensaml.saml2.core.AttributeQuery.class, false, false),}; + _oper = new org.apache.axis.description.OperationDesc("attributeQuery", _params, + new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", "Response")); + _oper.setReturnType( + new javax.xml.namespace.QName("urn:oasis:names:tc:SAML:2.0:protocol", "ResponseType")); _oper.setElementQName(new javax.xml.namespace.QName("", "attributeQuery")); _oper.setSoapAction(""); _myOperationsList.add(_oper); @@ -77,14 +77,13 @@ public AttributeAuthoritySoapBindingSkeleton() { } public AttributeAuthoritySoapBindingSkeleton( - it.infn.cnaf.voms.saml.axis_skeletons.AttributeAuthorityPortType impl) { + it.infn.cnaf.voms.saml.axis_skeletons.AttributeAuthorityPortType impl) { this.impl = impl; } public org.opensaml.saml2.core.Response attributeQuery( - org.opensaml.saml2.core.AttributeQuery body) - throws java.rmi.RemoteException { + org.opensaml.saml2.core.AttributeQuery body) throws java.rmi.RemoteException { org.opensaml.saml2.core.Response ret = impl.attributeQuery(body); return ret; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/JSONSerializer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/JSONSerializer.java index c840a784..5fae36cd 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/JSONSerializer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/JSONSerializer.java @@ -25,15 +25,16 @@ public class JSONSerializer { - private static final VOMSPermission VO_ATTRIBUTE_READ_PERMISSIONS = VOMSPermission - .getEmptyPermissions().setAttributesReadPermission(); + private static final VOMSPermission VO_ATTRIBUTE_READ_PERMISSIONS = + VOMSPermission.getEmptyPermissions().setAttributesReadPermission(); - private static final VOMSPermission VO_MEMBERSHIP_READ_PERMISSIONS = VOMSPermission - .getEmptyPermissions().setMembershipReadPermission() - .setContainerReadPermission(); + private static final VOMSPermission VO_MEMBERSHIP_READ_PERMISSIONS = + VOMSPermission.getEmptyPermissions() + .setMembershipReadPermission() + .setContainerReadPermission(); - private static final VOMSPermission PI_READ_PERMISSIONS = VOMSPermission - .getEmptyPermissions().setPersonalInfoReadPermission(); + private static final VOMSPermission PI_READ_PERMISSIONS = + VOMSPermission.getEmptyPermissions().setPersonalInfoReadPermission(); public static VOMSUserJSON serialize(VOMSUser user) { @@ -56,16 +57,22 @@ public static VOMSUserJSON serialize(VOMSUser user) { json.attributesFrom(user); } - if (admin.hasPermissions(VOMSContext.getVoContext(), - VO_MEMBERSHIP_READ_PERMISSIONS)) { + if (admin.hasPermissions(VOMSContext.getVoContext(), VO_MEMBERSHIP_READ_PERMISSIONS)) { json.fqansFrom(user); } if (admin.hasPermissions(VOMSContext.getVoContext(), PI_READ_PERMISSIONS)) { json.personalInformationFrom(user); json.cernHrIdFrom(user); + } else { + + // filter out certificate details (suspension status & creation dates) + json.getCertificates().forEach(c -> { + c.setCreationTime(null); + c.setSuspended(null); + c.setSuspensionReason(null); + }); } - } return json; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/VOMSUserJSON.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/VOMSUserJSON.java index d2e98eb5..378d0468 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/VOMSUserJSON.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/apiv2/VOMSUserJSON.java @@ -58,7 +58,7 @@ public class VOMSUserJSON { Date endTime; - Boolean suspended = false; + Boolean suspended; SuspensionReason suspensionReasonCode; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfiguration.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfiguration.java index e5bf694d..f6c781d2 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfiguration.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfiguration.java @@ -16,6 +16,7 @@ package org.glite.security.voms.admin.configuration; import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.PERMISSION_CACHE_DISABLE; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.PI_REQUIRED_FIELDS; import static org.glite.security.voms.admin.util.SysconfigUtil.SYSCONFIG_CONF_DIR; import static org.glite.security.voms.admin.util.SysconfigUtil.SYSCONFIG_DEFAULT_FILE_PATH; @@ -34,6 +35,7 @@ import java.util.Iterator; import java.util.List; import java.util.Properties; +import java.util.Set; import javax.servlet.ServletContext; @@ -52,17 +54,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.common.base.Splitter; +import com.google.common.collect.Sets; + import eu.emi.security.authn.x509.impl.PEMCredential; -public final class VOMSConfiguration { +public class VOMSConfiguration { private static volatile VOMSConfiguration instance = null; public synchronized static VOMSConfiguration load(ServletContext context) { if (instance != null) - throw new VOMSConfigurationException( - "VOMS configuration already loaded!"); + throw new VOMSConfigurationException("VOMS configuration already loaded!"); instance = new VOMSConfiguration(context); @@ -82,7 +86,7 @@ public static VOMSConfiguration instance() { if (instance == null) throw new VOMSConfigurationException( - "VOMS configuration not loaded! Use the load method to load it."); + "VOMS configuration not loaded! Use the load method to load it."); return instance; @@ -103,19 +107,16 @@ private void loadConfDir() { if (config.getString(SYSCONFIG_CONF_DIR) == null) { log.warn("{} undefined in VOMS Admin sysconfig.", SYSCONFIG_CONF_DIR); - log.warn("Setting default value assuming EMI packaging: {}", - "/etc/voms-admin"); + log.warn("Setting default value assuming EMI packaging: {}", "/etc/voms-admin"); config.setProperty(SYSCONFIG_CONF_DIR, "/etc/voms-admin"); } - if (context != null - && context.getInitParameter(SYSCONFIG_CONF_DIR) != null) { + if (context != null && context.getInitParameter(SYSCONFIG_CONF_DIR) != null) { log.info("Setting {} from context: {}", SYSCONFIG_CONF_DIR, - context.getInitParameter(SYSCONFIG_CONF_DIR)); - config.setProperty(SYSCONFIG_CONF_DIR, - context.getInitParameter(SYSCONFIG_CONF_DIR)); + context.getInitParameter(SYSCONFIG_CONF_DIR)); + config.setProperty(SYSCONFIG_CONF_DIR, context.getInitParameter(SYSCONFIG_CONF_DIR)); } } @@ -152,18 +153,18 @@ private void loadHostAndPort() { if (context != null) { config.setProperty(VOMSConfigurationConstants.VOMS_SERVICE_PORT, - context.getInitParameter("PORT")); + context.getInitParameter("PORT")); config.setProperty(VOMSConfigurationConstants.VOMS_SERVICE_HOSTNAME, - context.getInitParameter("HOST")); + context.getInitParameter("HOST")); } } /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#addProperty(java.lang. - * String, java.lang.Object) + * @see org.apache.commons.configuration.Configuration#addProperty(java.lang. String, + * java.lang.Object) */ public void addProperty(String arg0, Object arg1) { @@ -183,8 +184,7 @@ public void clear() { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#clearProperty(java.lang - * .String) + * @see org.apache.commons.configuration.Configuration#clearProperty(java.lang .String) */ public void clearProperty(String arg0) { @@ -194,8 +194,7 @@ public void clearProperty(String arg0) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#containsKey(java.lang. - * String) + * @see org.apache.commons.configuration.Configuration#containsKey(java.lang. String) */ public boolean containsKey(String arg0) { @@ -205,8 +204,7 @@ public boolean containsKey(String arg0) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getBigDecimal(java.lang - * .String) + * @see org.apache.commons.configuration.Configuration#getBigDecimal(java.lang .String) */ public BigDecimal getBigDecimal(String arg0) { @@ -216,8 +214,8 @@ public BigDecimal getBigDecimal(String arg0) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getBigDecimal(java.lang - * .String, java.math.BigDecimal) + * @see org.apache.commons.configuration.Configuration#getBigDecimal(java.lang .String, + * java.math.BigDecimal) */ public BigDecimal getBigDecimal(String arg0, BigDecimal arg1) { @@ -227,8 +225,7 @@ public BigDecimal getBigDecimal(String arg0, BigDecimal arg1) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getBigInteger(java.lang - * .String) + * @see org.apache.commons.configuration.Configuration#getBigInteger(java.lang .String) */ public BigInteger getBigInteger(String arg0) { @@ -238,8 +235,8 @@ public BigInteger getBigInteger(String arg0) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getBigInteger(java.lang - * .String, java.math.BigInteger) + * @see org.apache.commons.configuration.Configuration#getBigInteger(java.lang .String, + * java.math.BigInteger) */ public BigInteger getBigInteger(String arg0, BigInteger arg1) { @@ -249,9 +246,7 @@ public BigInteger getBigInteger(String arg0, BigInteger arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getBoolean(java.lang.String - * ) + * @see org.apache.commons.configuration.Configuration#getBoolean(java.lang.String ) */ public boolean getBoolean(String arg0) { @@ -261,9 +256,7 @@ public boolean getBoolean(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getBoolean(java.lang.String - * , boolean) + * @see org.apache.commons.configuration.Configuration#getBoolean(java.lang.String , boolean) */ public boolean getBoolean(String arg0, boolean arg1) { @@ -273,9 +266,8 @@ public boolean getBoolean(String arg0, boolean arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getBoolean(java.lang.String - * , java.lang.Boolean) + * @see org.apache.commons.configuration.Configuration#getBoolean(java.lang.String , + * java.lang.Boolean) */ public Boolean getBoolean(String arg0, Boolean arg1) { @@ -285,8 +277,7 @@ public Boolean getBoolean(String arg0, Boolean arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getByte(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getByte(java.lang.String) */ public byte getByte(String arg0) { @@ -296,9 +287,7 @@ public byte getByte(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getByte(java.lang.String, - * byte) + * @see org.apache.commons.configuration.Configuration#getByte(java.lang.String, byte) */ public byte getByte(String arg0, byte arg1) { @@ -308,9 +297,7 @@ public byte getByte(String arg0, byte arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getByte(java.lang.String, - * java.lang.Byte) + * @see org.apache.commons.configuration.Configuration#getByte(java.lang.String, java.lang.Byte) */ public Byte getByte(String arg0, Byte arg1) { @@ -344,8 +331,7 @@ private String getCustomizedContentPath() { public Properties getDatabaseProperties() { - String propFileName = getConfigurationDirectoryPath() - + "/database.properties"; + String propFileName = getConfigurationDirectoryPath() + "/database.properties"; Properties props = new Properties(); @@ -355,8 +341,7 @@ public Properties getDatabaseProperties() { } catch (IOException e) { log.error("Error loading database properties: " + e.getMessage(), e); - throw new VOMSException( - "Error loading database properties: " + e.getMessage(), e); + throw new VOMSException("Error loading database properties: " + e.getMessage(), e); } return props; @@ -365,15 +350,13 @@ public Properties getDatabaseProperties() { public String getDefaultVOAUPURL() { - return String.format("file://%s/vo-aup.txt", - getConfigurationDirectoryPath()); + return String.format("file://%s/vo-aup.txt", getConfigurationDirectoryPath()); } /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getDouble(java.lang.String ) + * @see org.apache.commons.configuration.Configuration#getDouble(java.lang.String ) */ public double getDouble(String arg0) { @@ -383,9 +366,7 @@ public double getDouble(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getDouble(java.lang.String , - * double) + * @see org.apache.commons.configuration.Configuration#getDouble(java.lang.String , double) */ public double getDouble(String arg0, double arg1) { @@ -395,8 +376,7 @@ public double getDouble(String arg0, double arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getDouble(java.lang.String , + * @see org.apache.commons.configuration.Configuration#getDouble(java.lang.String , * java.lang.Double) */ public Double getDouble(String arg0, Double arg1) { @@ -404,19 +384,16 @@ public Double getDouble(String arg0, Double arg1) { return config.getDouble(arg0, arg1); } - private InputStream getExternalLogbackConfiguration() - throws FileNotFoundException { + private InputStream getExternalLogbackConfiguration() throws FileNotFoundException { String path = getConfigurationDirectoryPath() + "/logback.runtime.xml"; File f = new File(path); if (!f.exists()) - log.warn( - "External logging configuration not found at path '" + path + "'... "); + log.warn("External logging configuration not found at path '" + path + "'... "); if (!f.canRead()) - log.warn( - "External logging configuration is not readable: '" + path + "'... "); + log.warn("External logging configuration is not readable: '" + path + "'... "); return new FileInputStream(f); @@ -425,8 +402,7 @@ private InputStream getExternalLogbackConfiguration() /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getFloat(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getFloat(java.lang.String) */ public float getFloat(String arg0) { @@ -436,9 +412,7 @@ public float getFloat(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getFloat(java.lang.String, - * float) + * @see org.apache.commons.configuration.Configuration#getFloat(java.lang.String, float) */ public float getFloat(String arg0, float arg1) { @@ -448,9 +422,7 @@ public float getFloat(String arg0, float arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getFloat(java.lang.String, - * java.lang.Float) + * @see org.apache.commons.configuration.Configuration#getFloat(java.lang.String, java.lang.Float) */ public Float getFloat(String arg0, Float arg1) { @@ -460,8 +432,7 @@ public Float getFloat(String arg0, Float arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getInt(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getInt(java.lang.String) */ public int getInt(String arg0) { @@ -471,9 +442,7 @@ public int getInt(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getInt(java.lang.String, - * int) + * @see org.apache.commons.configuration.Configuration#getInt(java.lang.String, int) */ public int getInt(String arg0, int arg1) { @@ -483,9 +452,8 @@ public int getInt(String arg0, int arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getInteger(java.lang.String - * , java.lang.Integer) + * @see org.apache.commons.configuration.Configuration#getInteger(java.lang.String , + * java.lang.Integer) */ public Integer getInteger(String arg0, Integer arg1) { @@ -505,8 +473,7 @@ public Iterator getKeys() { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getKeys(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getKeys(java.lang.String) */ public Iterator getKeys(String arg0) { @@ -516,8 +483,7 @@ public Iterator getKeys(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getList(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getList(java.lang.String) */ public List getList(String arg0) { @@ -527,9 +493,7 @@ public List getList(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getList(java.lang.String, - * java.util.List) + * @see org.apache.commons.configuration.Configuration#getList(java.lang.String, java.util.List) */ public List getList(String arg0, List arg1) { @@ -541,16 +505,14 @@ public List getLocallyConfiguredVOs() { String configDirPath = getString(SYSCONFIG_CONF_DIR); if (configDirPath == null) - throw new VOMSConfigurationException( - "No value found for " + SYSCONFIG_CONF_DIR + "!"); + throw new VOMSConfigurationException("No value found for " + SYSCONFIG_CONF_DIR + "!"); List voList = new ArrayList(); File configDir = new File(configDirPath); if (!configDir.exists()) - throw new VOMSConfigurationException( - "Voms configuration directory does not exist"); + throw new VOMSConfigurationException("Voms configuration directory does not exist"); File[] filez = configDir.listFiles(); @@ -571,8 +533,7 @@ public List getLocallyConfiguredVOs() { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getLong(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getLong(java.lang.String) */ public long getLong(String arg0) { @@ -582,9 +543,7 @@ public long getLong(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getLong(java.lang.String, - * long) + * @see org.apache.commons.configuration.Configuration#getLong(java.lang.String, long) */ public long getLong(String arg0, long arg1) { @@ -594,9 +553,7 @@ public long getLong(String arg0, long arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getLong(java.lang.String, - * java.lang.Long) + * @see org.apache.commons.configuration.Configuration#getLong(java.lang.String, java.lang.Long) */ public Long getLong(String arg0, Long arg1) { @@ -606,8 +563,7 @@ public Long getLong(String arg0, Long arg1) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getProperties(java.lang - * .String) + * @see org.apache.commons.configuration.Configuration#getProperties(java.lang .String) */ public Properties getProperties(String arg0) { @@ -617,8 +573,7 @@ public Properties getProperties(String arg0) { /* * (non-Javadoc) * - * @see org.apache.commons.configuration.Configuration#getProperty(java.lang. - * String) + * @see org.apache.commons.configuration.Configuration#getProperty(java.lang. String) */ public Object getProperty(String arg0) { @@ -648,8 +603,7 @@ public ServletContext getServletContext() { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getShort(java.lang.String) + * @see org.apache.commons.configuration.Configuration#getShort(java.lang.String) */ public short getShort(String arg0) { @@ -659,9 +613,7 @@ public short getShort(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getShort(java.lang.String, - * short) + * @see org.apache.commons.configuration.Configuration#getShort(java.lang.String, short) */ public short getShort(String arg0, short arg1) { @@ -671,9 +623,7 @@ public short getShort(String arg0, short arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getShort(java.lang.String, - * java.lang.Short) + * @see org.apache.commons.configuration.Configuration#getShort(java.lang.String, java.lang.Short) */ public Short getShort(String arg0, Short arg1) { @@ -683,8 +633,7 @@ public Short getShort(String arg0, Short arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getString(java.lang.String ) + * @see org.apache.commons.configuration.Configuration#getString(java.lang.String ) */ public String getString(String arg0) { @@ -694,8 +643,7 @@ public String getString(String arg0) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getString(java.lang.String , + * @see org.apache.commons.configuration.Configuration#getString(java.lang.String , * java.lang.String) */ public String getString(String arg0, String arg1) { @@ -706,9 +654,7 @@ public String getString(String arg0, String arg1) { /* * (non-Javadoc) * - * @see - * org.apache.commons.configuration.Configuration#getStringArray(java.lang - * .String) + * @see org.apache.commons.configuration.Configuration#getStringArray(java.lang .String) */ public String[] getStringArray(String arg0) { @@ -751,30 +697,27 @@ public boolean isEmpty() { private void loadServiceCredentials() { - String certificateFileName = getString( - VOMSConfigurationConstants.VOMS_SERVICE_CERT_FILE, - "/etc/grid-security/hostcert.pem"); + String certificateFileName = getString(VOMSConfigurationConstants.VOMS_SERVICE_CERT_FILE, + "/etc/grid-security/hostcert.pem"); - String privateKeyFileName = getString( - VOMSConfigurationConstants.VOMS_SERVICE_KEY_FILE, - "/etc/grid-security/hostkey.pem"); + String privateKeyFileName = getString(VOMSConfigurationConstants.VOMS_SERVICE_KEY_FILE, + "/etc/grid-security/hostkey.pem"); /* load certificate */ - log.info("Loading credentials for VOMS Attribute authority from:" - + certificateFileName + "," + privateKeyFileName); + log.info("Loading credentials for VOMS Attribute authority from:" + certificateFileName + "," + + privateKeyFileName); try { - serviceCredential = new PEMCredential( - new FileInputStream(privateKeyFileName), - new FileInputStream(certificateFileName), (char[]) null); + serviceCredential = new PEMCredential(new FileInputStream(privateKeyFileName), + new FileInputStream(certificateFileName), (char[]) null); } catch (Throwable t) { log.error("Error loading service credentials: {}", t.getMessage(), t); throw new VOMSException(t.getMessage(), t); } - log.info("VOMS AA service credential's DN: " + DNUtil.getOpenSSLSubject( - serviceCredential.getCertificate().getSubjectX500Principal())); + log.info("VOMS AA service credential's DN: " + + DNUtil.getOpenSSLSubject(serviceCredential.getCertificate().getSubjectX500Principal())); } @@ -784,8 +727,8 @@ public void loadServiceProperties() { try { - PropertiesConfiguration vomsServiceProperties = new PropertiesConfiguration( - getVomsServicePropertiesFileName()); + PropertiesConfiguration vomsServiceProperties = + new PropertiesConfiguration(getVomsServicePropertiesFileName()); config.addConfiguration(vomsServiceProperties); } catch (ConfigurationException e) { @@ -794,8 +737,7 @@ public void loadServiceProperties() { if (log.isDebugEnabled()) log.error(e.getMessage(), e); - throw new VOMSConfigurationException( - "Error loading service properties from " + fileName, e); + throw new VOMSConfigurationException("Error loading service properties from " + fileName, e); } @@ -811,28 +753,24 @@ private void loadSysconfig() { sysconfigFilePath = SysconfigUtil.getSysconfigFilePath(); - PropertiesConfiguration sysconf = new PropertiesConfiguration( - sysconfigFilePath); + PropertiesConfiguration sysconf = new PropertiesConfiguration(sysconfigFilePath); config.addConfiguration(sysconf); log.debug("Loaded sysconfig from: {}", sysconfigFilePath); } catch (ConfigurationException e) { - log.error("Error parsing VOMS Admin system configuration file " - + sysconfigFilePath); + log.error("Error parsing VOMS Admin system configuration file " + sysconfigFilePath); throw new VOMSConfigurationException( - "Error parsing VOMS Admin system configuration file " - + SYSCONFIG_DEFAULT_FILE_PATH, - e); + "Error parsing VOMS Admin system configuration file " + SYSCONFIG_DEFAULT_FILE_PATH, e); } } private void loadVersionProperties() { - InputStream versionPropStream = this.getClass().getClassLoader() - .getResourceAsStream("version.properties"); + InputStream versionPropStream = + this.getClass().getClassLoader().getResourceAsStream("version.properties"); PropertiesConfiguration versionProperties = new PropertiesConfiguration(); try { @@ -843,8 +781,7 @@ private void loadVersionProperties() { } catch (ConfigurationException e) { log.error("Error configuring version properties:" + e.getMessage(), e); - throw new VOMSConfigurationException( - "Error configuring version properties!", e); + throw new VOMSConfigurationException("Error configuring version properties!", e); } } @@ -874,9 +811,8 @@ private List stringListToIntegerList(List list) { int ii = Integer.parseInt(i.trim()); timeList.add(ii); } catch (NumberFormatException nfe) { - throw new VOMSException( - "Error while parsing list '" + list + "': " + nfe.getMessage(), - nfe); + throw new VOMSException("Error while parsing list '" + list + "': " + nfe.getMessage(), + nfe); } } @@ -886,14 +822,12 @@ private List stringListToIntegerList(List list) { public List getAUPReminderIntervals() { - int signAUPTaskLifetime = config.getInteger( - VOMSConfigurationConstants.SIGN_AUP_TASK_LIFETIME, - VOMSConfigurationConstants.SIGN_AUP_TASK_LIFETIME_DEFAULT_VALUE); + int signAUPTaskLifetime = config.getInteger(VOMSConfigurationConstants.SIGN_AUP_TASK_LIFETIME, + VOMSConfigurationConstants.SIGN_AUP_TASK_LIFETIME_DEFAULT_VALUE); @SuppressWarnings("unchecked") - List reminderTimes = config.getList( - VOMSConfigurationConstants.SIGN_AUP_TASK_REMINDERS, Arrays.asList( - VOMSConfigurationConstants.SIGN_AUP_TASK_REMINDERS_DEFAULT_VALUE)); + List reminderTimes = config.getList(VOMSConfigurationConstants.SIGN_AUP_TASK_REMINDERS, + Arrays.asList(VOMSConfigurationConstants.SIGN_AUP_TASK_REMINDERS_DEFAULT_VALUE)); List intervals = stringListToIntegerList(reminderTimes); @@ -921,8 +855,7 @@ private String loadVomsesConfigurationString() { try { - String vomsesConf = FileUtils - .readFileToString(new File(vomsesConfFileName)); + String vomsesConf = FileUtils.readFileToString(new File(vomsesConfFileName)); return vomsesConf; } catch (IOException e) { @@ -940,11 +873,9 @@ private void loadVOName() { if (!config.containsKey("VO_NAME")) { if (context.getInitParameter("VO_NAME") != null) { - log.debug("Setting VO name from init parameter: {}", - context.getInitParameter("VO_NAME")); + log.debug("Setting VO name from init parameter: {}", context.getInitParameter("VO_NAME")); - config.setProperty(VOMSConfigurationConstants.VO_NAME, - context.getInitParameter("VO_NAME")); + config.setProperty(VOMSConfigurationConstants.VO_NAME, context.getInitParameter("VO_NAME")); } @@ -954,8 +885,7 @@ private void loadVOName() { } else { - config.setProperty(VOMSConfigurationConstants.VO_NAME, - config.getProperty("VO_NAME")); + config.setProperty(VOMSConfigurationConstants.VO_NAME, config.getProperty("VO_NAME")); } } @@ -982,36 +912,32 @@ public Configuration subset(String arg0) { @SuppressWarnings("unchecked") public List getExternalValidators() { - return config - .getList(VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_LIST); + return config.getList(VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_LIST); } public String getExternalValidatorConfigClass(String pluginName) { - String configClassPropertyName = String.format("%s.%s.%s", - VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, pluginName, - VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_CONFIG_SUFFIX); + String configClassPropertyName = + String.format("%s.%s.%s", VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, + pluginName, VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_CONFIG_SUFFIX); return config.getString(configClassPropertyName); } - public String getExternalValidatorProperty(String pluginName, - String pluginPropertyName, String defaultValue) { + public String getExternalValidatorProperty(String pluginName, String pluginPropertyName, + String defaultValue) { String propertyName = String.format("%s.%s.%s", - VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, pluginName, - pluginPropertyName); + VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, pluginName, pluginPropertyName); return config.getString(propertyName, defaultValue); } - public String getExternalValidatorProperty(String pluginName, - String pluginPropertyName) { + public String getExternalValidatorProperty(String pluginName, String pluginPropertyName) { String propertyName = String.format("%s.%s.%s", - VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, pluginName, - pluginPropertyName); + VOMSConfigurationConstants.VOMS_EXTERNAL_VALIDATOR_PREFIX, pluginName, pluginPropertyName); return config.getString(propertyName); @@ -1019,22 +945,20 @@ public String getExternalValidatorProperty(String pluginName, public void setRegistrationType(String registrationType) { - config.setProperty( - VOMSConfigurationConstants.VOMS_INTERNAL_REGISTRATION_TYPE, - registrationType); + config.setProperty(VOMSConfigurationConstants.VOMS_INTERNAL_REGISTRATION_TYPE, + registrationType); } public String getRegistrationType() { - return config.getString( - VOMSConfigurationConstants.VOMS_INTERNAL_REGISTRATION_TYPE, "default"); + return config.getString(VOMSConfigurationConstants.VOMS_INTERNAL_REGISTRATION_TYPE, "default"); } public VOMSPermission getUnauthenticatedClientPermissionMask() { - String unauthenticatedClientPermMask = getString( - VOMSConfigurationConstants.VOMS_UNAUTHENTICATED_CLIENT_PERMISSION_MASK, - "CONTAINER_READ|MEMBERSHIP_READ"); + String unauthenticatedClientPermMask = + getString(VOMSConfigurationConstants.VOMS_UNAUTHENTICATED_CLIENT_PERMISSION_MASK, + "CONTAINER_READ|MEMBERSHIP_READ"); VOMSPermission permMask = null; @@ -1044,12 +968,10 @@ public VOMSPermission getUnauthenticatedClientPermissionMask() { } catch (IllegalArgumentException e) { // Parse error on user set permission mask - log.error( - "Error parsing user set permission mask for unauthenticated client: '" + log.error("Error parsing user set permission mask for unauthenticated client: '" + unauthenticatedClientPermMask + "'"); log.error(e.getMessage()); - permMask = VOMSPermission.getContainerReadPermission() - .setMembershipReadPermission(); + permMask = VOMSPermission.getContainerReadPermission().setMembershipReadPermission(); } @@ -1059,21 +981,19 @@ public VOMSPermission getUnauthenticatedClientPermissionMask() { public String getServiceHostname() { - return config.getString(VOMSConfigurationConstants.VOMS_SERVICE_HOSTNAME, - "localhost"); + return config.getString(VOMSConfigurationConstants.VOMS_SERVICE_HOSTNAME, "localhost"); } public String getGroupManagerRoleName() { - return config.getString(VOMSConfigurationConstants.GROUP_MANAGER_ROLE_NAME, - "Group-Manager"); + return config.getString(VOMSConfigurationConstants.GROUP_MANAGER_ROLE_NAME, "Group-Manager"); } public int getExpiringUsersWarningInterval() { - String warningPeriodInDays = VOMSConfiguration.instance().getString( - VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD, - VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); + String warningPeriodInDays = VOMSConfiguration.instance() + .getString(VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD, + VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); Integer i; @@ -1084,22 +1004,21 @@ public int getExpiringUsersWarningInterval() { } catch (NumberFormatException e) { log.error( - "Error converting {} to an integer. The {} property should contain a positive integer! Using the default value instead.", - warningPeriodInDays); + "Error converting {} to an integer. The {} property should contain a positive integer! Using the default value instead.", + warningPeriodInDays); - return Integer.parseInt( - VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); + return Integer + .parseInt(VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); } if (i <= 0) { - log.warn( - "Negative warning period set for the property {}. Using the default value instead.", - VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD); + log.warn("Negative warning period set for the property {}. Using the default value instead.", + VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD); - return Integer.parseInt( - VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); + return Integer + .parseInt(VOMSConfigurationConstants.MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE); } return i; @@ -1119,11 +1038,18 @@ public PEMCredential getServiceCredential() { return serviceCredential; } - + public boolean permissionCacheDisabled() { return config.getBoolean(PERMISSION_CACHE_DISABLE, false); } + public Set getRequiredPersonalInfoFields() { + String requiredFields = + config.getString(PI_REQUIRED_FIELDS, VOMSConfigurationConstants.PI_REQUIRED_FIELDS_DEFAULT); + + return Sets.newHashSet(Splitter.on(",").trimResults().omitEmptyStrings().split(requiredFields)); + } + public void dump(PrintStream stream) { for (int i = 0; i < config.getNumberOfConfigurations(); i++) diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfigurationConstants.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfigurationConstants.java index 9b65a9bf..4fbc7bcd 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfigurationConstants.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/configuration/VOMSConfigurationConstants.java @@ -22,7 +22,8 @@ public interface VOMSConfigurationConstants { */ public static final String VO_NAME = "voms.vo.name"; - public static final String LOCALHOST_DEFAULTS_TO_LOCAL_ADMIN = "voms.localhost.defaults.to.local.admin"; + public static final String LOCALHOST_DEFAULTS_TO_LOCAL_ADMIN = + "voms.localhost.defaults.to.local.admin"; public static final String READONLY = "voms.readonly"; @@ -49,25 +50,35 @@ public interface VOMSConfigurationConstants { public static final String NOTIFICATION_RETRY_PERIOD = "voms.notification.retry_period"; public static final String NOTIFICATION_DISABLED = "voms.notification.disable"; - public static final String VO_MEMBERSHIP_EXPIRED_REQ_PURGER_PERIOD = "voms.request.vo_membership.expired_request_purger.period"; - public static final String UNCONFIRMED_REQUESTS_EXPIRATION_TIME = "voms.request.vo_membership.lifetime"; - public static final String VO_MEMBERSHIP_UNCONFIRMED_REQ_WARN_POLICY = "voms.request.vo_membership.warn_when_expired"; + public static final String VO_MEMBERSHIP_EXPIRED_REQ_PURGER_PERIOD = + "voms.request.vo_membership.expired_request_purger.period"; + public static final String UNCONFIRMED_REQUESTS_EXPIRATION_TIME = + "voms.request.vo_membership.lifetime"; + public static final String VO_MEMBERSHIP_UNCONFIRMED_REQ_WARN_POLICY = + "voms.request.vo_membership.warn_when_expired"; /** - * This configuration flag controls the user's ability to request attributes - * at VO registration time. + * This configuration flag controls the user's ability to request attributes at VO registration + * time. */ - public static final String VO_MEMBERSHIP_ENABLE_ATTRIBUTES_REQUEST = "voms.request.vo_membership.enable_attribute_requests"; - public static final String VO_MEMBERSHIP_REQUIRE_GROUP_MANAGER_SELECTION = "voms.request.vo_membership.require_group_manager_selection"; - + public static final String VO_MEMBERSHIP_ENABLE_ATTRIBUTES_REQUEST = + "voms.request.vo_membership.enable_attribute_requests"; + public static final String VO_MEMBERSHIP_REQUIRE_GROUP_MANAGER_SELECTION = + "voms.request.vo_membership.require_group_manager_selection"; + public static final String GROUP_MANAGER_ROLE_NAME = "voms.request.group_manager_role"; - - public static final String USER_MAX_RESULTS_PER_PAGE = "voms.pagination.user.max.results.per.page"; - public static final String ATTRIBUTES_MAX_RESULTS_PER_PAGE = "voms.pagination.attributes.max.results.per.page"; - public static final String GROUP_MAX_RESULTS_PER_PAGE = "voms.pagination.group.max.results.per.page"; - public static final String ROLE_MAX_RESULTS_PER_PAGE = "voms.pagination.role.max.results.per.page"; + + public static final String USER_MAX_RESULTS_PER_PAGE = + "voms.pagination.user.max.results.per.page"; + public static final String ATTRIBUTES_MAX_RESULTS_PER_PAGE = + "voms.pagination.attributes.max.results.per.page"; + public static final String GROUP_MAX_RESULTS_PER_PAGE = + "voms.pagination.group.max.results.per.page"; + public static final String ROLE_MAX_RESULTS_PER_PAGE = + "voms.pagination.role.max.results.per.page"; public static final String REGISTRATION_SERVICE_ENABLED = "voms.registration.enabled"; - public static final String READ_ACCESS_FOR_AUTHENTICATED_CLIENTS = "voms.read-access-for-authenticated-clients"; + public static final String READ_ACCESS_FOR_AUTHENTICATED_CLIENTS = + "voms.read-access-for-authenticated-clients"; /** * VERSION Properties */ @@ -80,14 +91,15 @@ public interface VOMSConfigurationConstants { */ public static final String GRID_AUP_URL = "voms.aup.grid_aup.initial_url"; public static final String VO_AUP_URL = "voms.aup.vo_aup.initial_url"; - + public static final String SIGN_AUP_TASK_LIFETIME = "voms.aup.sign_aup_task_lifetime"; public static final int SIGN_AUP_TASK_LIFETIME_DEFAULT_VALUE = 15; - - public static final String[] SIGN_AUP_TASK_REMINDERS_DEFAULT_VALUE = {"7","3","1"}; + + public static final String[] SIGN_AUP_TASK_REMINDERS_DEFAULT_VALUE = {"7", "3", "1"}; public static final String SIGN_AUP_TASK_REMINDERS = "voms.aup.sign_aup_task_reminders"; - - public static final String REQUIRE_AUP_SIGNATURE_FOR_CREATED_USERS = "voms.aup.require_signature_for_created_users"; + + public static final String REQUIRE_AUP_SIGNATURE_FOR_CREATED_USERS = + "voms.aup.require_signature_for_created_users"; public static final String SIGN_AUP_EXTENDS_MEMBERSHIP = "voms.aup.signature_extends_membership"; /** @@ -95,11 +107,15 @@ public interface VOMSConfigurationConstants { */ public static final String DEFAULT_MEMBERSHIP_LIFETIME = "voms.membership.default_lifetime"; public static final String MEMBERSHIP_CHECK_PERIOD = "voms.task.membership_check.period"; - public static final String DISABLE_MEMBERSHIP_EXPIRATION_WARNING="voms.membership.disable_expiration_warning"; - public static final String MEMBERSHIP_EXPIRATION_WARNING_PERIOD = "voms.membership.expiration_warning_period"; + public static final String DISABLE_MEMBERSHIP_EXPIRATION_WARNING = + "voms.membership.disable_expiration_warning"; + public static final String MEMBERSHIP_EXPIRATION_WARNING_PERIOD = + "voms.membership.expiration_warning_period"; public static final String MEMBERSHIP_EXPIRATION_WARNING_PERIOD_DEFAULT_VALUE = "15"; - public static final String MEMBERSHIP_EXPIRATION_GRACE_PERIOD = "voms.membership.expiration_grace_period"; - public static final String NOTIFICATION_WARNING_RESEND_PERIOD = "voms.membership.notification_resend_period"; + public static final String MEMBERSHIP_EXPIRATION_GRACE_PERIOD = + "voms.membership.expiration_grace_period"; + public static final String NOTIFICATION_WARNING_RESEND_PERIOD = + "voms.membership.notification_resend_period"; public static final String PRESERVE_EXPIRED_MEMBERS = "voms.preserve_expired_members"; public static final String PRESERVE_AUP_FAILING_MEMBERS = "voms.preserve_aup_failing_members"; public static final String DISABLE_MEMBERSHIP_END_TIME = "voms.disable_membership_end_time"; @@ -110,14 +126,17 @@ public interface VOMSConfigurationConstants { public static final String VOMS_SERVICE_CERT_FILE = "voms.service.cert"; public static final String VOMS_SERVICE_KEY_FILE = "voms.service.key"; public static final String VOMS_SAML_MAX_ASSERTION_LIFETIME = "voms.saml.max_assertion_lifetime"; - public static final String VOMS_AA_COMPULSORY_GROUP_MEMBERSHIP = "voms.aa.compulsory_group_membership"; + public static final String VOMS_AA_COMPULSORY_GROUP_MEMBERSHIP = + "voms.aa.compulsory_group_membership"; public static final String VOMS_AA_SAML_ACTIVATE_ENDPOINT = "voms.aa.activate_saml_endpoint"; public static final String VOMS_AA_X509_ACTIVATE_ENDPOINT = "voms.aa.x509.activate_endpoint"; public static final String VOMS_AA_X509_MAX_AC_VALIDITY = "voms.aa.x509.max_ac_validity"; public static final String VOMS_AA_X509_PRINT_STATS_PERIOD = "voms.aa.x509.print_stats_period"; - public static final String VOMS_AA_X509_LEGACY_FQAN_ENCODING = "voms.aa.x509.legacy_fqan_encoding"; + public static final String VOMS_AA_X509_LEGACY_FQAN_ENCODING = + "voms.aa.x509.legacy_fqan_encoding"; - public static final String VOMS_UNAUTHENTICATED_CLIENT_PERMISSION_MASK = "voms.unauthenticated_client_permission_mask"; + public static final String VOMS_UNAUTHENTICATED_CLIENT_PERMISSION_MASK = + "voms.unauthenticated_client_permission_mask"; /** * External validation plugin Properties @@ -132,8 +151,10 @@ public interface VOMSConfigurationConstants { */ public static final String VOMS_INTERNAL_REGISTRATION_TYPE = "___voms.regitration.type"; - public static final String VOMS_INTERNAL_RO_PERSONAL_INFORMATION = "___voms.read-only-personal-information"; - public static final String VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE = "___voms.read-only-membership-expiration"; + public static final String VOMS_INTERNAL_RO_PERSONAL_INFORMATION = + "___voms.read-only-personal-information"; + public static final String VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE = + "___voms.read-only-membership-expiration"; /** * Executor service properties @@ -146,8 +167,8 @@ public interface VOMSConfigurationConstants { public static final String VOMS_CSRF_GUARD_LOG_ONLY = "voms.csrf.log_only"; /** - * VOMS Admin service hostname. This property is needed to properly compute - * the service address when sending out email notifications. + * VOMS Admin service hostname. This property is needed to properly compute the service address + * when sending out email notifications. */ public static final String VOMS_SERVICE_HOSTNAME = "voms.hostname"; public static final String VOMS_SERVICE_PORT = "voms.port"; @@ -155,26 +176,45 @@ public interface VOMSConfigurationConstants { /** * The local path where monitored stats properties will be stored. */ - public static final String MONITORING_USER_STATS_BASE_PATH = "voms.monitoring.user_stats_base_path"; + public static final String MONITORING_USER_STATS_BASE_PATH = + "voms.monitoring.user_stats_base_path"; /** * The file name of the monitored stats properties. */ - public static final String MONITORING_USER_STATS_FILE_NAME = "voms.monitoring.user_stats_filename"; + public static final String MONITORING_USER_STATS_FILE_NAME = + "voms.monitoring.user_stats_filename"; /** * How often (in minutes) the stats will be updated * */ - public static final String MONITORING_USER_STATS_UPDATE_PERIOD = "voms.monitoring.user_stats_period"; + public static final String MONITORING_USER_STATS_UPDATE_PERIOD = + "voms.monitoring.user_stats_period"; /** * Whether to skip the checks on certificate issuers when authenticating clients */ public static final String SKIP_CA_CHECK = "voms.skip_ca_check"; - + /** * Should permission cache be disabled? */ public static final String PERMISSION_CACHE_DISABLE = "voms.permission_cache.disable"; + + /** + * comma-separated list of the personal information fields required at registration + */ + public static final String PI_REQUIRED_FIELDS = "voms.personal_info.required_fields"; + + public static final String PI_REQUIRED_FIELDS_DEFAULT = "institution,address,phoneNumber"; + + + public static final String EXPIRED_USER_CLEANUP_TASK_RUN_PERIOD = + "voms.expired_user_cleanup_task.run_period_sec"; + public static final String EXPIRED_USER_CLEANUP_TASK_CLEANUP_AFTER_DAYS = + "voms.expired_user_cleanup_task.cleanup_after_days"; + public static final String EXPIRED_USER_CLEANUP_TASK_BATCH_SIZE = + "voms.expired_user_cleanup_task.batch_size"; + } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/VOMSService.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/VOMSService.java index c68d57ee..3c07b210 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/VOMSService.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/VOMSService.java @@ -15,6 +15,7 @@ */ package org.glite.security.voms.admin.core; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.EXPIRED_USER_CLEANUP_TASK_RUN_PERIOD; import static org.glite.security.voms.admin.core.VOMSServiceConstants.DISABLE_BACKGROUND_TASK_PROPERTY; import java.io.File; @@ -44,6 +45,8 @@ import org.glite.security.voms.admin.core.tasks.UpdateCATask; import org.glite.security.voms.admin.core.tasks.UserStatsTask; import org.glite.security.voms.admin.core.tasks.VOMSExecutorService; +import org.glite.security.voms.admin.core.tasks.user_cleanup.DefaultCleanupUserLookupStrategy; +import org.glite.security.voms.admin.core.tasks.user_cleanup.ExpiredUserCleanupTask; import org.glite.security.voms.admin.core.validation.ValidationManager; import org.glite.security.voms.admin.error.VOMSFatalException; import org.glite.security.voms.admin.event.DebugEventLogListener; @@ -53,6 +56,7 @@ import org.glite.security.voms.admin.event.permission_cache.MembershipEventsCleanPermissionCacheListener; import org.glite.security.voms.admin.event.permission_cache.UserEventsCleanPermissionCacheListener; import org.glite.security.voms.admin.integration.PluginManager; +import org.glite.security.voms.admin.integration.cern.HrDbConfigurator; import org.glite.security.voms.admin.integration.orgdb.OrgDBConfigurator; import org.glite.security.voms.admin.integration.orgdb.servlet.OrgDbHibernateSessionFilter; import org.glite.security.voms.admin.notification.NotificationServiceFactory; @@ -93,9 +97,7 @@ public final class VOMSService { protected static void checkDatabaseVersion() { - final String detectedDbVersion = VOMSVersionDAO.instance() - .getVersion() - .getAdminVersion(); + final String detectedDbVersion = VOMSVersionDAO.instance().getVersion().getAdminVersion(); int detectedDbVersionInt = -1; @@ -103,10 +105,10 @@ protected static void checkDatabaseVersion() { detectedDbVersionInt = Math.abs(Integer.parseInt(detectedDbVersion)); } catch (NumberFormatException ex) { String msg = String.format( - "VOMS DATABASE SCHEMA ERROR: incompatible database. Found '%s' while expecting '%s'." - + " Please upgrade the database for this installation using 'voms-db-util upgrade'" - + " command.", - detectedDbVersion, SchemaVersion.VOMS_ADMIN_DB_VERSION); + "VOMS DATABASE SCHEMA ERROR: incompatible database. Found '%s' while expecting '%s'." + + " Please upgrade the database for this installation using 'voms-db-util upgrade'" + + " command.", + detectedDbVersion, SchemaVersion.VOMS_ADMIN_DB_VERSION); LOG.error(msg); throw new VOMSFatalException(msg); @@ -114,10 +116,10 @@ protected static void checkDatabaseVersion() { if (detectedDbVersionInt < SchemaVersion.VOMS_ADMIN_DB_VERSION_INT) { String msg = String.format( - "VOMS DATABASE SCHEMA ERROR: incompatible database. Found '%s' while expecting '%s'." - + " Please upgrade the database for this installation using 'voms-db-util upgrade'" - + " command.", - detectedDbVersion, SchemaVersion.VOMS_ADMIN_DB_VERSION); + "VOMS DATABASE SCHEMA ERROR: incompatible database. Found '%s' while expecting '%s'." + + " Please upgrade the database for this installation using 'voms-db-util upgrade'" + + " command.", + detectedDbVersion, SchemaVersion.VOMS_ADMIN_DB_VERSION); LOG.error(msg); throw new VOMSFatalException(msg); @@ -133,10 +135,10 @@ protected static void configureVelocity() { p.put("resource.loader", "cpath"); p.put("cpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); p.put("runtime.log.logsystem.class", - "org.glite.security.voms.admin.util.velocity.VelocityLogger"); + "org.glite.security.voms.admin.util.velocity.VelocityLogger"); Velocity.init(p); LOG.debug("Velocity setup ok!"); @@ -182,43 +184,49 @@ protected static void startBackgroundTasks() { DISABLE_BACKGROUND_TASK_PROPERTY); return; } - - + + VOMSConfiguration conf = VOMSConfiguration.instance(); List aupReminders = conf.getAUPReminderIntervals(); es.startBackgroundTask( - new SignAUPReminderCheckTask(DAOFactory.instance(), - EventManager.instance(), SystemTimeProvider.INSTANCE, aupReminders, - TimeUnit.DAYS), - VOMSConfigurationConstants.MEMBERSHIP_CHECK_PERIOD, 300L); - + new SignAUPReminderCheckTask(DAOFactory.instance(), EventManager.instance(), + SystemTimeProvider.INSTANCE, aupReminders, TimeUnit.DAYS), + VOMSConfigurationConstants.MEMBERSHIP_CHECK_PERIOD, 300L); + es.startBackgroundTask( - new CancelSignAUPTasksForExpiredUsersTask(DAOFactory.instance(), - EventManager.instance()), - VOMSConfigurationConstants.MEMBERSHIP_CHECK_PERIOD, 300L); - + new CancelSignAUPTasksForExpiredUsersTask(DAOFactory.instance(), EventManager.instance()), + VOMSConfigurationConstants.MEMBERSHIP_CHECK_PERIOD, 300L); + es.startBackgroundTask(new UpdateCATask(), - VOMSConfigurationConstants.TRUST_ANCHORS_REFRESH_PERIOD); + VOMSConfigurationConstants.TRUST_ANCHORS_REFRESH_PERIOD); es.startBackgroundTask(new TaskStatusUpdater(), 30L); - + es.startBackgroundTask( - new ExpiredRequestsPurgerTask(DAOFactory.instance(), - EventManager.instance()), - VOMSConfigurationConstants.VO_MEMBERSHIP_EXPIRED_REQ_PURGER_PERIOD, 300L); + new ExpiredRequestsPurgerTask(DAOFactory.instance(), EventManager.instance()), + VOMSConfigurationConstants.VO_MEMBERSHIP_EXPIRED_REQ_PURGER_PERIOD, 300L); es.startBackgroundTask(new UserStatsTask(), - VOMSConfigurationConstants.MONITORING_USER_STATS_UPDATE_PERIOD, - UserStatsTask.DEFAULT_PERIOD_IN_SECONDS); - + VOMSConfigurationConstants.MONITORING_USER_STATS_UPDATE_PERIOD, + UserStatsTask.DEFAULT_PERIOD_IN_SECONDS); + es.scheduleAtFixedRate(new PermissionCacheStatsLogger(true), 1, 60, TimeUnit.SECONDS); + + int expiredUserCleanupBatchSize = + conf.getInt(VOMSConfigurationConstants.EXPIRED_USER_CLEANUP_TASK_BATCH_SIZE, 10); + + ExpiredUserCleanupTask userCleanupTask = new ExpiredUserCleanupTask( + new DefaultCleanupUserLookupStrategy(conf), expiredUserCleanupBatchSize); + + es.startBackgroundTask(userCleanupTask, EXPIRED_USER_CLEANUP_TASK_RUN_PERIOD, + TimeUnit.MINUTES.toSeconds(30)); } protected static void startNotificationService() { - + if (System.getProperty(DISABLE_BACKGROUND_TASK_PROPERTY) != null) { LOG.warn("Background tasks disabled, as requested by system property {}", DISABLE_BACKGROUND_TASK_PROPERTY); @@ -230,11 +238,9 @@ protected static void startNotificationService() { PersistentNotificationService ns = PersistentNotificationService.INSTANCE; - ns.setNotificationSettings( - VOMSNotificationSettings.fromVOMSConfiguration()); + ns.setNotificationSettings(VOMSNotificationSettings.fromVOMSConfiguration()); - ns.setDao(DAOFactory.instance() - .getNotificationDAO()); + ns.setDao(DAOFactory.instance().getNotificationDAO()); ns.start(); } else { @@ -258,23 +264,21 @@ protected static void bootstrapAttributeAuthorityServices() { LOG.error("Error initializing OpenSAML:" + e.getMessage(), e); LOG.info("SAML endpoint will not be activated."); - conf.setProperty( - VOMSConfigurationConstants.VOMS_AA_SAML_ACTIVATE_ENDPOINT, false); + conf.setProperty(VOMSConfigurationConstants.VOMS_AA_SAML_ACTIVATE_ENDPOINT, false); } - boolean x509AcEndpointEnabled = conf.getBoolean( - VOMSConfigurationConstants.VOMS_AA_X509_ACTIVATE_ENDPOINT, false); + boolean x509AcEndpointEnabled = + conf.getBoolean(VOMSConfigurationConstants.VOMS_AA_X509_ACTIVATE_ENDPOINT, false); if (x509AcEndpointEnabled) { LOG.info("Bootstrapping VOMS X.509 attribute authority."); - ACGeneratorFactory.newACGenerator() - .configure(conf.getServiceCredential()); + ACGeneratorFactory.newACGenerator().configure(conf.getServiceCredential()); VOMSExecutorService es = VOMSExecutorService.instance(); es.scheduleAtFixedRate(new PrintX509AAStatsTask(), - PrintX509AAStatsTask.DEFAULT_PERIOD_IN_SECS, - PrintX509AAStatsTask.DEFAULT_PERIOD_IN_SECS, TimeUnit.SECONDS); + PrintX509AAStatsTask.DEFAULT_PERIOD_IN_SECS, PrintX509AAStatsTask.DEFAULT_PERIOD_IN_SECS, + TimeUnit.SECONDS); } else { LOG.info("X.509 attribute authority is disabled."); @@ -292,24 +296,24 @@ protected static void configureLogging(ServletContext ctxt) { File f = new File(loggingConf); if (!f.exists()) - throw new VOMSFatalException(String.format( - "Logging configuration " + "not found at path '%s'", loggingConf)); + throw new VOMSFatalException( + String.format("Logging configuration " + "not found at path '%s'", loggingConf)); if (!f.canRead()) - throw new VOMSFatalException(String - .format("Logging configuration " + "is not readable: %s", loggingConf)); + throw new VOMSFatalException( + String.format("Logging configuration " + "is not readable: %s", loggingConf)); LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory(); lc.setName(vo); - + JoranConfigurator configurator = new JoranConfigurator(); configurator.setContext(lc); - + lc.reset(); - + // We leave this here to avoid runtime errors for people that - // update the service, but not the logging configuration + // update the service, but not the logging configuration // FIXME: to be removed at some point lc.putProperty(VOMSConfigurationConstants.VO_NAME, vo); @@ -334,64 +338,58 @@ public static void bootstrapPersistence(VOMSConfiguration configuration) { private static void initializeDnValidator() { - VOMSAdminDnValidator.INSTANCE.initialize("/etc/grid-security/certificates", - true); + VOMSAdminDnValidator.INSTANCE.initialize("/etc/grid-security/certificates", true); } - private static void configureOrgDbHibernateSessionFitler(ServletContext ctxt){ - if (!VOMSConfiguration.instance().getRegistrationType().equals( - OrgDBConfigurator.ORGDB_REGISTRATION_TYPE)){ + private static void configureOrgDbHibernateSessionFitler(ServletContext ctxt) { + if (!VOMSConfiguration.instance() + .getRegistrationType() + .equals(OrgDBConfigurator.ORGDB_REGISTRATION_TYPE)) { return; } - - FilterRegistration.Dynamic fr = ctxt.addFilter("orgdb-hibernate-session-filter", - OrgDbHibernateSessionFilter.class); - + + FilterRegistration.Dynamic fr = + ctxt.addFilter("orgdb-hibernate-session-filter", OrgDbHibernateSessionFilter.class); + fr.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "*"); - + } - - - private static void setupGlobalApplicationObjects(ServletContext ctxt){ - + + + private static void setupGlobalApplicationObjects(ServletContext ctxt) { + AUP aup = DAOFactory.instance().getAUPDAO().getVOAUP(); - ctxt.setAttribute( - "registrationEnabled", - VOMSConfiguration.instance().getBoolean( - VOMSConfigurationConstants.REGISTRATION_SERVICE_ENABLED, true)); - - ctxt.setAttribute( - "readOnlyPI", - VOMSConfiguration.instance() - .getBoolean( - VOMSConfigurationConstants.VOMS_INTERNAL_RO_PERSONAL_INFORMATION, - false)); - - ctxt.setAttribute( - "readOnlyMembershipExpiration", - VOMSConfiguration.instance().getBoolean( - VOMSConfigurationConstants.VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE, - false)); - - ctxt.setAttribute( - "disableMembershipEndTime", - VOMSConfiguration.instance().getBoolean( - VOMSConfigurationConstants.DISABLE_MEMBERSHIP_END_TIME, false)); + ctxt.setAttribute("registrationEnabled", VOMSConfiguration.instance() + .getBoolean(VOMSConfigurationConstants.REGISTRATION_SERVICE_ENABLED, true)); + + ctxt.setAttribute("readOnlyPI", VOMSConfiguration.instance() + .getBoolean(VOMSConfigurationConstants.VOMS_INTERNAL_RO_PERSONAL_INFORMATION, false)); + + ctxt.setAttribute("readOnlyMembershipExpiration", VOMSConfiguration.instance() + .getBoolean(VOMSConfigurationConstants.VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE, false)); + + ctxt.setAttribute("disableMembershipEndTime", VOMSConfiguration.instance() + .getBoolean(VOMSConfigurationConstants.DISABLE_MEMBERSHIP_END_TIME, false)); ctxt.setAttribute("defaultAUP", aup); - + ctxt.setAttribute("orgdbEnabled", - VOMSConfiguration.instance().getRegistrationType().equals( - OrgDBConfigurator.ORGDB_REGISTRATION_TYPE)); - + VOMSConfiguration.instance() + .getRegistrationType() + .equals(OrgDBConfigurator.ORGDB_REGISTRATION_TYPE)); + + ctxt.setAttribute("hrEnabled", + VOMSConfiguration.instance() + .getRegistrationType() + .equals(HrDbConfigurator.HR_DB_REGISTRATION_TYPE)); + } - - + + public static void start(ServletContext ctxt) { - Thread - .setDefaultUncaughtExceptionHandler(new ThreadUncaughtExceptionHandler()); + Thread.setDefaultUncaughtExceptionHandler(new ThreadUncaughtExceptionHandler()); configureLogging(ctxt); @@ -426,34 +424,31 @@ public static void start(ServletContext ctxt) { bootstrapAttributeAuthorityServices(); - PluginManager.instance() - .configurePlugins(); + PluginManager.instance().configurePlugins(); - ValidationManager.instance() - .startMembershipChecker(); + ValidationManager.instance().startMembershipChecker(); initializeDnValidator(); configureOrgDbHibernateSessionFitler(ctxt); - + setupGlobalApplicationObjects(ctxt); - + LOG.info("VOMS-Admin started succesfully."); } private static void configureCertificateLookupPolicy(VOMSConfiguration conf) { - boolean skipCaCheck = conf - .getBoolean(VOMSConfigurationConstants.SKIP_CA_CHECK, false); + boolean skipCaCheck = conf.getBoolean(VOMSConfigurationConstants.SKIP_CA_CHECK, false); if (skipCaCheck) { LOG.info( - "CertificateLookupPolicy: VOMS Users, certificates and administrators will be looked up by certificate subject ({} == true)", - VOMSConfigurationConstants.SKIP_CA_CHECK); + "CertificateLookupPolicy: VOMS Users, certificates and administrators will be looked up by certificate subject ({} == true)", + VOMSConfigurationConstants.SKIP_CA_CHECK); } else { LOG.info( - "CertficateLookupPolicy: VOMS Users, certificates and administrators will be looked up by certificate subject AND issuer ({} == false)", - VOMSConfigurationConstants.SKIP_CA_CHECK); + "CertficateLookupPolicy: VOMS Users, certificates and administrators will be looked up by certificate subject AND issuer ({} == false)", + VOMSConfigurationConstants.SKIP_CA_CHECK); } LookupPolicyProvider.initialize(skipCaCheck); @@ -472,8 +467,7 @@ public static void stop() { VOMSExecutorService.shutdown(); - NotificationServiceFactory.getNotificationService() - .shutdownNow(); + NotificationServiceFactory.getNotificationService().shutdownNow(); HibernateFactory.shutdown(); diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/CleanupUserLookupStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/CleanupUserLookupStrategy.java new file mode 100644 index 00000000..d3553b93 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/CleanupUserLookupStrategy.java @@ -0,0 +1,24 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.core.tasks.user_cleanup; + +import org.hibernate.ScrollableResults; + +public interface CleanupUserLookupStrategy { + + ScrollableResults findUsersEligibleForCleanup(); + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/DefaultCleanupUserLookupStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/DefaultCleanupUserLookupStrategy.java new file mode 100644 index 00000000..4f13b79d --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/DefaultCleanupUserLookupStrategy.java @@ -0,0 +1,48 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.core.tasks.user_cleanup; + +import static java.util.Objects.isNull; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.EXPIRED_USER_CLEANUP_TASK_CLEANUP_AFTER_DAYS; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.hibernate.ScrollableResults; + +public class DefaultCleanupUserLookupStrategy implements CleanupUserLookupStrategy { + + VOMSConfiguration config; + VOMSUserDAO dao; + + public DefaultCleanupUserLookupStrategy(VOMSConfiguration config) { + this.config = config; + } + + @Override + public ScrollableResults findUsersEligibleForCleanup() { + + if (isNull(dao)) { + dao = VOMSUserDAO.instance(); + } + int numberOfDays = config.getInt(EXPIRED_USER_CLEANUP_TASK_CLEANUP_AFTER_DAYS, 30); + + return dao.findUsersExpiredSinceDays(numberOfDays); + } + + public void setDao(VOMSUserDAO dao) { + this.dao = dao; + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/ExpiredUserCleanupTask.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/ExpiredUserCleanupTask.java new file mode 100644 index 00000000..2330bd32 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/core/tasks/user_cleanup/ExpiredUserCleanupTask.java @@ -0,0 +1,83 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.core.tasks.user_cleanup; + +import org.glite.security.voms.admin.core.tasks.RegistrationServiceTask; +import org.glite.security.voms.admin.event.EventManager; +import org.glite.security.voms.admin.event.user.UserCleanedUpEvent; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.hibernate.ScrollableResults; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class ExpiredUserCleanupTask implements Runnable, RegistrationServiceTask { + public static final Logger LOG = LoggerFactory.getLogger(ExpiredUserCleanupTask.class); + + public static final int DEFAULT_BATCH_SIZE = 50; + + final CleanupUserLookupStrategy lookupStrategy; + int batchSize = DEFAULT_BATCH_SIZE; + VOMSUserDAO dao; + EventManager manager; + + public ExpiredUserCleanupTask(CleanupUserLookupStrategy lookupStrategy, int batchSize) { + this.lookupStrategy = lookupStrategy; + this.batchSize = batchSize; + } + + @Override + public void run() { + + if (dao == null) { + dao = VOMSUserDAO.instance(); + } + + if (manager == null) { + manager = EventManager.instance(); + } + + int processedUsers = 0; + ScrollableResults userCursor = lookupStrategy.findUsersEligibleForCleanup(); + + while (userCursor.next() && processedUsers < batchSize) { + VOMSUser user = (VOMSUser) userCursor.get(0); + + if (user.getTasks().isEmpty()) { + LOG.info("Deleting user '{} ({})' who expired on '{}'", user.getShortName(), user.getId(), + user.getEndTime()); + + dao.delete(user); + manager.dispatch(new UserCleanedUpEvent(user)); + } else { + LOG.info("Cleaning up tasks for user '{} ({})' who expired on '{}'", user.getShortName(), user.getId(), + user.getEndTime()); + dao.deleteTasks(user); + } + + processedUsers++; + } + } + + + public void setDao(VOMSUserDAO dao) { + this.dao = dao; + } + + public void setManager(EventManager manager) { + this.manager = manager; + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/AclEventsCleanPermissionCacheListener.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/AclEventsCleanPermissionCacheListener.java index 31ff280a..3b86c34d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/AclEventsCleanPermissionCacheListener.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/AclEventsCleanPermissionCacheListener.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.event.permission_cache; import java.util.EnumSet; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/MembershipEventsCleanPermissionCacheListener.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/MembershipEventsCleanPermissionCacheListener.java index 24ab61c0..84461740 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/MembershipEventsCleanPermissionCacheListener.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/MembershipEventsCleanPermissionCacheListener.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.event.permission_cache; import java.util.EnumSet; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/UserEventsCleanPermissionCacheListener.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/UserEventsCleanPermissionCacheListener.java index 58d947dd..6cde8059 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/UserEventsCleanPermissionCacheListener.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/permission_cache/UserEventsCleanPermissionCacheListener.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.event.permission_cache; import java.util.EnumSet; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/user/UserCleanedUpEvent.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/user/UserCleanedUpEvent.java new file mode 100644 index 00000000..676cb5e7 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/event/user/UserCleanedUpEvent.java @@ -0,0 +1,29 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.event.user; + +import org.glite.security.voms.admin.event.EventDescription; +import org.glite.security.voms.admin.persistence.model.VOMSUser; + +@EventDescription(message = "cleaned up user '%s %s' whose membership expired on '%s'", + params = {"userName", "userSurname", "userMembershipExpirationDate"}) +public class UserCleanedUpEvent extends UserLifecycleEvent { + + public UserCleanedUpEvent(VOMSUser payload) { + super(payload); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/AbstractPluginConfigurator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/AbstractPluginConfigurator.java index 133a4ab9..9355a5bf 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/AbstractPluginConfigurator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/AbstractPluginConfigurator.java @@ -21,6 +21,13 @@ public abstract class AbstractPluginConfigurator implements PluginConfigurator { private String pluginName = ""; + + private final VOMSConfiguration vomsConfig; + + public AbstractPluginConfigurator(VOMSConfiguration config) { + this.vomsConfig = config; + } + /** * @return the pluginName */ @@ -30,8 +37,7 @@ public String getPluginName() { } /** - * @param pluginName - * the pluginName to set + * @param pluginName the pluginName to set */ public void setPluginName(String pluginName) { @@ -40,20 +46,21 @@ public void setPluginName(String pluginName) { public String getPluginProperty(String propertyName, String defaultValue) { - return VOMSConfiguration.instance().getExternalValidatorProperty( - pluginName, propertyName, defaultValue); + return vomsConfig.getExternalValidatorProperty(pluginName, propertyName, defaultValue); } public String getPluginProperty(String propertyName) { - return VOMSConfiguration.instance().getExternalValidatorProperty( - pluginName, propertyName); + return vomsConfig.getExternalValidatorProperty(pluginName, propertyName); } public String getVomsConfigurationDirectoryPath() { - return VOMSConfiguration.instance().getConfigurationDirectoryPath(); + return vomsConfig.getConfigurationDirectoryPath(); } + public VOMSConfiguration getVomsConfig() { + return vomsConfig; + } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/PluginManager.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/PluginManager.java index f73fbb46..3598199b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/PluginManager.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/PluginManager.java @@ -80,12 +80,8 @@ public synchronized void configurePlugins() { Class confClazz = Class.forName(pluginConfClassName); - // I could have used a constructor method to pass down the pluginName - // to the actual plugin configurator, but the reflection constructor - // code - // is not somethin I really love... PluginConfigurator pluginConfigurator = (PluginConfigurator) confClazz - .newInstance(); + .getDeclaredConstructor(VOMSConfiguration.class).newInstance(conf); pluginConfigurator.setPluginName(pluginName); diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DateUtils.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DateUtils.java new file mode 100644 index 00000000..0e9e059a --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DateUtils.java @@ -0,0 +1,34 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import java.time.LocalDate; +import java.time.ZoneId; +import java.util.Date; + +public class DateUtils { + + private DateUtils() { + // empty on purpose + } + + public static final Date parseDate(String dateString) { + + LocalDate date = LocalDate.parse(dateString); + return Date.from(date.atStartOfDay(ZoneId.systemDefault()).toInstant()); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DefaultHrDbSyncTaskFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DefaultHrDbSyncTaskFactory.java new file mode 100644 index 00000000..5dd3d38f --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/DefaultHrDbSyncTaskFactory.java @@ -0,0 +1,53 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import java.time.Clock; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.core.tasks.DatabaseTransactionTaskWrapper; +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; + +public class DefaultHrDbSyncTaskFactory implements HrDbSyncTaskFactory { + + private final Clock clock; + private final ValidationManager validationManager; + + public DefaultHrDbSyncTaskFactory() { + clock = Clock.systemDefaultZone(); + validationManager = ValidationManager.instance(); + } + + public DefaultHrDbSyncTaskFactory(Clock c, ValidationManager vm) { + clock = c; + validationManager = vm; + } + + @Override + public Runnable buildSyncTask(HrDbProperties properties, HrDbApiService api, VOMSUserDAO dao, + VOMSConfiguration config) { + + HrDefaultHandler handler = new HrDefaultHandler(clock, properties, validationManager); + HrDbSyncTask syncTask = new HrDbSyncTask(properties, api, dao, config); + + syncTask.setMissingRecordHandler(handler); + syncTask.setSyncHandler(handler); + + return new DatabaseTransactionTaskWrapper(syncTask, true, true, + properties.getMembershipCheck().getPeriodInSeconds()); + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiService.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiService.java new file mode 100644 index 00000000..c6780d32 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiService.java @@ -0,0 +1,37 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import java.util.Optional; + +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; + +public interface HrDbApiService { + + boolean hasValidExperimentParticipation(long cernPersonId); + + boolean hasValidExperimentParticipationByEmail(String email); + + Optional getVoPersonRecordByEmail(String email); + + Optional getVoPersonRecord(long cernPersonId); + + Optional lookupVomsUser(VOMSUser user); + + boolean hasValidExperimentParticipation(VOMSUser user); + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/ExportCSVAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiServiceFactory.java similarity index 78% rename from voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/ExportCSVAction.java rename to voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiServiceFactory.java index 958ef89f..f3783a29 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/ExportCSVAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbApiServiceFactory.java @@ -13,13 +13,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.glite.security.voms.admin.view.actions.audit; +package org.glite.security.voms.admin.integration.cern; -import org.glite.security.voms.admin.view.actions.BaseAction; - - -public class ExportCSVAction extends BaseAction { +@FunctionalInterface +public interface HrDbApiServiceFactory { + HrDbApiService newHrDbApiService(HrDbProperties properties); - } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbConfigurator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbConfigurator.java new file mode 100644 index 00000000..c3022911 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbConfigurator.java @@ -0,0 +1,239 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import static java.util.Objects.isNull; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.PI_REQUIRED_FIELDS; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.VOMS_INTERNAL_RO_PERSONAL_INFORMATION; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.time.Clock; +import java.time.Duration; +import java.time.ZonedDateTime; +import java.util.Properties; +import java.util.concurrent.TimeUnit; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.core.tasks.DatabaseTransactionTaskWrapper; +import org.glite.security.voms.admin.core.tasks.VOMSExecutorService; +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.integration.AbstractPluginConfigurator; +import org.glite.security.voms.admin.integration.VOMSPluginConfigurationException; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class HrDbConfigurator extends AbstractPluginConfigurator + implements HrDbRequestValidatorFactory { + + public static final Logger LOG = LoggerFactory.getLogger(HrDbConfigurator.class); + + public static final String DEFAULT_CONFIG_FILE_NAME = "hr.properties"; + + public static final String HR_DB_REGISTRATION_TYPE = "hr"; + + private Clock clock; + private VOMSExecutorService executorService; + private VOMSUserDAO userDao; + private ValidationManager validationManager; + private HrDbApiServiceFactory apiServiceFactory; + private HrDbSyncTaskFactory syncTaskFactory; + private HrDbRequestValidatorFactory requestValidatorFactory; + private HrDbProperties hrConfig; + + private HrDbApiService apiService; + + public HrDbConfigurator(VOMSConfiguration config) { + super(config); + } + + private HrDbProperties loadHrDBProperties() throws VOMSPluginConfigurationException { + + String defaultConfigFilePath = + getVomsConfigurationDirectoryPath() + "/" + DEFAULT_CONFIG_FILE_NAME; + String configFilePath = getPluginProperty("configFile", defaultConfigFilePath); + + Properties hrDbProps = new Properties(); + + try { + hrDbProps.load(new FileInputStream(new File(configFilePath))); + + } catch (IOException e) { + + String errorMessage = String.format("Configuration file '%s' for plugin '%s' does not exist!", + configFilePath, getPluginName()); + throw new VOMSPluginConfigurationException(errorMessage, e); + + } + + return HrDbProperties.fromProperties(hrDbProps); + } + + Runnable wrapTask(Runnable task) { + return new DatabaseTransactionTaskWrapper(task, true, true); + } + + void initDependencies() throws VOMSPluginConfigurationException { + + if (isNull(clock)) { + clock = Clock.systemDefaultZone(); + } + + if (isNull(apiServiceFactory)) { + apiServiceFactory = new HttpClientHrDbApiServiceFactory(); + } + + if (isNull(executorService)) { + executorService = VOMSExecutorService.instance(); + } + + if (isNull(validationManager)) { + validationManager = ValidationManager.instance(); + } + + if (isNull(userDao)) { + userDao = VOMSUserDAO.instance(); + } + + if (isNull(hrConfig)) { + hrConfig = loadHrDBProperties(); + } + + if (isNull(requestValidatorFactory)) { + requestValidatorFactory = this; + } + + if (isNull(syncTaskFactory)) { + syncTaskFactory = new DefaultHrDbSyncTaskFactory(clock, validationManager); + } + } + + private void scheduleSyncTask(HrDbProperties config, Runnable syncTask) { + + final Runnable task = wrapTask(syncTask); + ZonedDateTime now = ZonedDateTime.now(clock); + ZonedDateTime nextRun = + now.withHour(config.getMembershipCheck().getStartHour()).withMinute(0).withSecond(0); + + if (now.compareTo(nextRun) > 0) { + nextRun = nextRun.plusDays(1); + } + + LOG.info("Scheduling HR DB sync task to start on {} and run every {} seconds", nextRun, + config.getMembershipCheck().getPeriodInSeconds()); + + Duration duration = Duration.between(now, nextRun); + + executorService.scheduleAtFixedRate(task, duration.getSeconds(), + config.getMembershipCheck().getPeriodInSeconds(), TimeUnit.SECONDS); + + if (config.getMembershipCheck().isRunAtStartup()) { + + ZonedDateTime startupRun = now.plusMinutes(5); + + if (Duration.between(startupRun, nextRun).compareTo(Duration.ofMinutes(30)) <= 0) { + LOG.info( + "Not scheduling the HR DB sync task startup run, as the periodic run is scheduled within 30 minutes"); + } else { + LOG.info( + "Scheduling a startup run of the HR DB sync task in 5 minutes as requested by configuration"); + executorService.schedule(task, 300, TimeUnit.SECONDS); + } + } + } + + @Override + public void configure() throws VOMSPluginConfigurationException { + LOG.debug("HR DB voms plugin configuration started"); + + initDependencies(); + + VOMSConfiguration config = getVomsConfig(); + config.setRegistrationType(HR_DB_REGISTRATION_TYPE); + config.setProperty(VOMS_INTERNAL_RO_PERSONAL_INFORMATION, Boolean.TRUE); + config.setProperty(VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE, Boolean.TRUE); + + config.setProperty(PI_REQUIRED_FIELDS, ""); + + apiService = apiServiceFactory.newHrDbApiService(hrConfig); + + validationManager.setRequestValidationContext( + requestValidatorFactory.newHrDbRequestValidator(hrConfig, apiService)); + + LOG.info("HR DB request validator registered succesfully. Syncing against HR db experiment {}", + hrConfig.getExperimentName()); + + if (hrConfig.getMembershipCheck().isEnabled()) { + scheduleSyncTask(hrConfig, + syncTaskFactory.buildSyncTask(hrConfig, apiService, userDao, config)); + } else { + LOG.info("HR DB sync task DISABLED as requested by configuration"); + } + + LOG.info("HR DB voms plugin started"); + + } + + public void setExecutorService(VOMSExecutorService executorService) { + this.executorService = executorService; + } + + public void setValidationManager(ValidationManager validationManager) { + this.validationManager = validationManager; + } + + public void setApiServiceFactory(HrDbApiServiceFactory apiServiceFactory) { + this.apiServiceFactory = apiServiceFactory; + } + + public void setUserDao(VOMSUserDAO userDao) { + this.userDao = userDao; + } + + public void setSyncTaskFactory(HrDbSyncTaskFactory syncTaskFactory) { + this.syncTaskFactory = syncTaskFactory; + } + + public void setRequestValidatorFactory(HrDbRequestValidatorFactory requestValidatorFactory) { + this.requestValidatorFactory = requestValidatorFactory; + } + + public void setClock(Clock clock) { + this.clock = clock; + } + + public void setHrConfig(HrDbProperties hrConfig) { + this.hrConfig = hrConfig; + } + + @Override + public HrDbRequestValidator newHrDbRequestValidator(HrDbProperties properties, + HrDbApiService api) { + + return new HrDbRequestValidator(clock, properties, api); + } + + public HrDbApiService getApiService() { + return apiService; + } + + public HrDbProperties getHrConfig() { + return hrConfig; + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbError.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbError.java new file mode 100644 index 00000000..28515689 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbError.java @@ -0,0 +1,36 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +public class HrDbError extends RuntimeException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public HrDbError(String message) { + super(message); + } + + public HrDbError(Throwable cause) { + super(cause); + } + + public HrDbError(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbExchangeError.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbExchangeError.java new file mode 100644 index 00000000..88848109 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbExchangeError.java @@ -0,0 +1,33 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +public class HrDbExchangeError extends HrDbError { + + private static final long serialVersionUID = 1L; + + private final int responseStatus; + + public HrDbExchangeError(int responseStatus, String responseMessage) { + super(responseMessage); + this.responseStatus = responseStatus; + } + + public int getResponseStatus() { + return responseStatus; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbProperties.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbProperties.java new file mode 100644 index 00000000..0ca06762 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbProperties.java @@ -0,0 +1,209 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import static java.lang.String.format; + +import java.util.Properties; +import java.util.concurrent.TimeUnit; +import java.util.stream.Stream; + +public class HrDbProperties { + + public static final String EXPERIMENT_KEY = "experiment"; + public static final String MEMBERSHIP_CHECK_PERIOD_KEY = "membership_check.period"; + public static final String MEMBERSHIP_CHECK_ENABLED_KEY = "membership_check.enabled"; + public static final String MEMBERSHIP_CHECK_START_HOUR_KEY = "membership_check.start_hour"; + public static final String MEMBERSHIP_CHECK_RUN_AT_STARTUP_KEY = + "membership_check.run_at_startup"; + + public static final String API_ENDPOINT_KEY = "api.endpoint"; + public static final String API_USERNAME_KEY = "api.username"; + public static final String API_PASSWORD_KEY = "api.password"; + public static final String API_TIMEOUT_KEY = "api.timeout_secs"; + + public static final String[] REQUIRED_KEYS = + {EXPERIMENT_KEY, API_ENDPOINT_KEY, API_USERNAME_KEY, API_PASSWORD_KEY}; + + public static class MembershipCheck { + + boolean enabled = true; + + boolean runAtStartup = true; + + int startHour = 23; + + long periodInSeconds = TimeUnit.HOURS.toSeconds(12); + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + public long getPeriodInSeconds() { + return periodInSeconds; + } + + public void setPeriodInSeconds(long periodInSeconds) { + this.periodInSeconds = periodInSeconds; + } + + public int getStartHour() { + return startHour; + } + + public void setStartHour(int startHour) { + this.startHour = startHour; + } + + public void setRunAtStartup(boolean runAtStartup) { + this.runAtStartup = runAtStartup; + } + + public boolean isRunAtStartup() { + return runAtStartup; + } + } + + public static class HrDbApiProperties { + + String endpoint = "http://localhost:8080"; + String username = "user"; + String password = "pwd"; + + long timeoutInSeconds = 5L; + + public String getEndpoint() { + return endpoint; + } + + public void setEndpoint(String endpoint) { + this.endpoint = endpoint; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public void setTimeoutInSeconds(long timeoutInSeconds) { + this.timeoutInSeconds = timeoutInSeconds; + } + + public long getTimeoutInSeconds() { + return timeoutInSeconds; + } + } + + HrDbApiProperties api = new HrDbApiProperties(); + MembershipCheck membershipCheck = new MembershipCheck(); + + String experimentName = "experiment"; + + public HrDbApiProperties getApi() { + return api; + } + + public void setApi(HrDbApiProperties api) { + this.api = api; + } + + public String getExperimentName() { + return experimentName; + } + + public void setExperimentName(String experimentName) { + this.experimentName = experimentName; + } + + public void setMembershipCheck(MembershipCheck membershipCheck) { + this.membershipCheck = membershipCheck; + } + + public MembershipCheck getMembershipCheck() { + return membershipCheck; + } + + private static void requireProperty(String key, Properties properties) { + if (!properties.containsKey(key)) { + throw new HrDbError(format("Configuration error: required property '%s' not found", key)); + } + } + + public static final HrDbProperties fromProperties(Properties properties) { + + Stream.of(REQUIRED_KEYS).forEach(p -> requireProperty(p, properties)); + + HrDbProperties config = new HrDbProperties(); + + config.setExperimentName(properties.getProperty(EXPERIMENT_KEY)); + + if (properties.containsKey(MEMBERSHIP_CHECK_START_HOUR_KEY)) { + int startHour = Integer.parseInt(properties.getProperty(MEMBERSHIP_CHECK_START_HOUR_KEY)); + + if (startHour >= 0 && startHour < 24) { + config.getMembershipCheck() + .setStartHour( + (Integer.parseInt(properties.getProperty(MEMBERSHIP_CHECK_START_HOUR_KEY)))); + } + } + + if (properties.containsKey(MEMBERSHIP_CHECK_RUN_AT_STARTUP_KEY)) { + config.getMembershipCheck() + .setRunAtStartup( + Boolean.parseBoolean(properties.getProperty(MEMBERSHIP_CHECK_RUN_AT_STARTUP_KEY))); + } + + if (properties.containsKey(MEMBERSHIP_CHECK_PERIOD_KEY)) { + config.getMembershipCheck() + .setPeriodInSeconds(Long.parseLong(properties.getProperty(MEMBERSHIP_CHECK_PERIOD_KEY))); + } + + if (properties.containsKey(MEMBERSHIP_CHECK_ENABLED_KEY)) { + config.getMembershipCheck() + .setEnabled(Boolean.parseBoolean(properties.getProperty(MEMBERSHIP_CHECK_ENABLED_KEY))); + } + + config.getApi().setEndpoint(properties.getProperty(API_ENDPOINT_KEY)); + config.getApi().setUsername(properties.getProperty(API_USERNAME_KEY)); + config.getApi().setPassword(properties.getProperty(API_PASSWORD_KEY)); + + if (properties.containsKey(API_TIMEOUT_KEY)) { + long apiTimeout = Long.parseLong(properties.getProperty(API_TIMEOUT_KEY)); + + if (apiTimeout > 0) { + config.getApi().setTimeoutInSeconds(apiTimeout); + } + } + + return config; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidator.java new file mode 100644 index 00000000..1b95706e --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidator.java @@ -0,0 +1,121 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import static org.glite.security.voms.admin.core.validation.RequestValidationResult.success; + +import java.time.Clock; +import java.util.List; +import java.util.Optional; + +import org.glite.security.voms.admin.core.validation.RequestValidationContext; +import org.glite.security.voms.admin.core.validation.RequestValidationResult; +import org.glite.security.voms.admin.core.validation.strategies.RequestValidationStrategy; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.request.NewVOMembershipRequest; + +import com.google.common.collect.Lists; + +public class HrDbRequestValidator + implements RequestValidationStrategy, RequestValidationContext { + + final Clock clock; + final HrDbProperties properties; + final HrDbApiService apiService; + + public HrDbRequestValidator(Clock clock, HrDbProperties properties, HrDbApiService apiService) { + this.clock = clock; + this.properties = properties; + this.apiService = apiService; + } + + @Override + public RequestValidationStrategy getVOMembershipRequestValidationStrategy() { + return this; + } + + RequestValidationResult dataMismatch(String email, List errors) { + RequestValidationResult result = RequestValidationResult + .failure("HR DB validation failed. The HR DB VOMS person record linked to email address '" + + email + "' did not match the data you entered."); + result.setErrorMessages(errors); + + return result; + } + + + RequestValidationResult noParticipationFound(String email) { + return RequestValidationResult.failure("No HR db participation found matching email '" + email + + "' for experiment '" + properties.getExperimentName() + "'."); + } + + protected void propertyEqualsIgnoreCase(String value1, String value2, String propertyName, + List errors) { + + if (!value1.equalsIgnoreCase(value2)) { + + String errorMessage = String.format("Property '" + propertyName + + "' does not match (ignoring case) the OrgDB VOMS person record. You entered '%s', while '%s' was expected.", + value1, value2); + errors.add(errorMessage); + } + + } + + RequestValidationResult validateRequestData(NewVOMembershipRequest request, VOPersonDTO person) { + Optional participation = person + .findValidParticipationForExperiment(clock.instant(), properties.getExperimentName()); + + if (participation.isPresent()) { + + List validationErrors = Lists.newArrayList(); + + propertyEqualsIgnoreCase(request.getRequesterInfo().getName(), person.getFirstName(), "name", + validationErrors); + propertyEqualsIgnoreCase(request.getRequesterInfo().getSurname(), person.getName(), "surname", + validationErrors); + + + if (!validationErrors.isEmpty()) { + return dataMismatch(request.getRequesterInfo().getEmailAddress(), validationErrors); + } + + return success(); + + } else { + return noParticipationFound(request.getRequesterInfo().getEmailAddress()); + } + } + + @Override + public RequestValidationResult validateRequest(NewVOMembershipRequest r) { + + String requestorEmail = r.getRequesterInfo().getEmailAddress(); + + Optional voPerson = apiService.getVoPersonRecordByEmail(requestorEmail); + + if (voPerson.isPresent()) { + + return validateRequestData(r, voPerson.get()); + + } else { + return noParticipationFound(requestorEmail); + } + + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidatorFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidatorFactory.java new file mode 100644 index 00000000..91434ca5 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbRequestValidatorFactory.java @@ -0,0 +1,20 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +public interface HrDbRequestValidatorFactory { + HrDbRequestValidator newHrDbRequestValidator(HrDbProperties properties, HrDbApiService api); +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTask.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTask.java new file mode 100644 index 00000000..f18c96e0 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTask.java @@ -0,0 +1,91 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import java.util.Optional; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.integration.cern.strategies.MembershipSynchronizationStrategy; +import org.glite.security.voms.admin.integration.cern.strategies.MissingMembershipRecordStrategy; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.hibernate.ScrollableResults; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class HrDbSyncTask implements Runnable { + + public static final Logger LOG = LoggerFactory.getLogger(HrDbSyncTask.class); + + final HrDbProperties hrConfig; + final HrDbApiService hrDbApi; + final VOMSConfiguration vomsConfig; + final VOMSUserDAO dao; + + private MembershipSynchronizationStrategy syncHandler = (u, p) -> { + }; + + private MissingMembershipRecordStrategy missingRecordHandler = u -> { + }; + + public HrDbSyncTask(HrDbProperties properties, HrDbApiService api, VOMSUserDAO dao, + VOMSConfiguration vomsConfiguration) { + this.hrConfig = properties; + this.vomsConfig = vomsConfiguration; + this.dao = dao; + this.hrDbApi = api; + } + + + @Override + public void run() { + ScrollableResults userCursor = dao.findAllWithCursor(); + + while (userCursor.next()) { + VOMSUser user = (VOMSUser) userCursor.get(0); + + try { + + Optional voPerson = hrDbApi.lookupVomsUser(user); + + if (voPerson.isPresent()) { + syncHandler.synchronizeMembershipInformation(user, voPerson.get()); + } else { + missingRecordHandler.handleMissingHrRecord(user); + } + + } catch (HrDbError apiError) { + LOG.error("Error querying HR Db API for user {}: {}", user.getShortName(), + apiError.getMessage()); + + if (LOG.isDebugEnabled()) { + LOG.error(apiError.getMessage(), apiError); + } + } + } + + } + + public void setMissingRecordHandler(MissingMembershipRecordStrategy missingRecordHandler) { + this.missingRecordHandler = missingRecordHandler; + } + + public void setSyncHandler(MembershipSynchronizationStrategy syncHandler) { + this.syncHandler = syncHandler; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTaskFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTaskFactory.java new file mode 100644 index 00000000..2166d2a7 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDbSyncTaskFactory.java @@ -0,0 +1,24 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; + +public interface HrDbSyncTaskFactory { + Runnable buildSyncTask(HrDbProperties properties, HrDbApiService api, VOMSUserDAO dao, + VOMSConfiguration config); +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDefaultHandler.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDefaultHandler.java new file mode 100644 index 00000000..93bbf414 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HrDefaultHandler.java @@ -0,0 +1,126 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import static java.util.Objects.isNull; + +import java.time.Clock; +import java.time.Instant; +import java.util.Date; +import java.util.Optional; + +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.integration.cern.strategies.ExpiredParticipationStrategy; +import org.glite.security.voms.admin.integration.cern.strategies.MembershipSynchronizationStrategy; +import org.glite.security.voms.admin.integration.cern.strategies.MissingMembershipRecordStrategy; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.glite.security.voms.admin.persistence.model.VOMSUser.SuspensionReason; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class HrDefaultHandler implements ExpiredParticipationStrategy, + MembershipSynchronizationStrategy, MissingMembershipRecordStrategy { + + public static final Logger LOG = LoggerFactory.getLogger(HrDefaultHandler.class); + + private final Clock clock; + private final ValidationManager manager; + private final HrDbProperties config; + + public HrDefaultHandler(Clock clock, HrDbProperties hrConfig, + ValidationManager validationManager) { + this.clock = clock; + this.manager = validationManager; + this.config = hrConfig; + } + + @Override + public void handleMissingHrRecord(VOMSUser user) { + LOG.info("No HR record found for user: {}", user.getShortName()); + + SuspensionReason reason = SuspensionReason.HR_DB_VALIDATION; + reason.setMessage("OrgDB: No record found"); + + manager.suspendUser(user, reason); + } + + protected void restoreUserIfNeeded(VOMSUser u) { + if (u.isSuspended()) { + + if (u.getSuspensionReasonCode() == SuspensionReason.MEMBERSHIP_EXPIRATION + || u.getSuspensionReason().startsWith("OrgDB: ")) { + LOG.info("Restoring user {} - {} which was previously suspended", u.getShortName(), + u.getOrgDbId()); + + manager.restoreUser(u); + } + } + } + + + @Override + public void synchronizeMembershipInformation(VOMSUser user, VOPersonDTO voPerson) { + + LOG.info("Syncing user {} against record {}", user.getShortName(), voPerson.getId()); + Instant now = clock.instant(); + + user.setOrgDbId(voPerson.getId()); + + user.setName(voPerson.getFirstName()); + user.setSurname(voPerson.getName()); + + String orgDbEmailAddress = + Optional.ofNullable(voPerson.getPhysicalEmail()).orElse(voPerson.getEmail()); + + if (!isNull(orgDbEmailAddress)) { + user.setEmailAddress(orgDbEmailAddress.toLowerCase()); + } else { + LOG.warn("Email address not found from record {}", voPerson.getId()); + } + + Optional participation = + voPerson.findValidParticipationForExperiment(now, config.getExperimentName()); + + if (participation.isPresent()) { + LOG.info("Setting user {} - {} end time from partecipation end time: {}", user.getShortName(), + voPerson.getId(), participation.get().getEndDate()); + user.setEndTime(participation.get().getEndDate()); + restoreUserIfNeeded(user); + } else { + handleExpiredParticipation(user, voPerson); + } + + LOG.info("Synced user {} against record {}", user.getShortName(), voPerson.getId()); + } + + @Override + public void handleExpiredParticipation(VOMSUser u, VOPersonDTO voPerson) { + + LOG.info("No valid experiment participation found for {} found in: {}", u.getShortName(), + voPerson.getParticipations()); + + Instant now = clock.instant(); + + u.setEndTime(Date.from(now)); + + LOG.info( + "User {} HR experiment participation is no longer valid, setting VOMS membership end date to current time, i.e.: {}", + u.getShortName(), now); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiService.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiService.java new file mode 100644 index 00000000..5dea988b --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiService.java @@ -0,0 +1,207 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import static java.util.Objects.isNull; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.time.Clock; +import java.time.Instant; +import java.util.Base64; +import java.util.Map; +import java.util.Optional; +import java.util.concurrent.TimeUnit; + +import org.eclipse.jetty.client.ContentExchange; +import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.client.HttpExchange; +import org.eclipse.jetty.util.ajax.JSON; +import org.glite.security.voms.admin.integration.cern.dto.ErrorDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class HttpClientHrDbApiService implements HrDbApiService { + + private static final Logger LOG = LoggerFactory.getLogger(HttpClientHrDbApiService.class); + + private final HttpClient client; + + final String experimentName; + final String voPersonRecordEndpoint; + final String voPersonRecordByEmailEndpoint; + final String validParticipationEndpoint; + final String basicAuthHeaderContent; + final Clock clock; + + public HttpClientHrDbApiService(Clock clock, HrDbProperties properties) { + client = new HttpClient(); + experimentName = properties.getExperimentName(); + this.clock = clock; + + basicAuthHeaderContent = Base64.getEncoder() + .encodeToString(String + .format("%s:%s", properties.getApi().getUsername(), properties.getApi().getPassword()) + .getBytes()); + + + voPersonRecordEndpoint = String.format("%s/api/VOPersons", properties.getApi().getEndpoint()); + voPersonRecordByEmailEndpoint = + String.format("%s/api/VOPersons/email", properties.getApi().getEndpoint()); + + validParticipationEndpoint = String.format("%s/api/VOPersons/participation/%s/valid", + properties.getApi().getEndpoint(), properties.getExperimentName()); + + + try { + client.setMaxRetries(3); + client.setTimeout(TimeUnit.SECONDS.toMillis(properties.getApi().getTimeoutInSeconds())); + client.start(); + } catch (Exception e) { + throw new HrDbError("Error initializing HTTP client", e); + } + } + + private String voPersonByEmailUrl(String email) { + return String.format("%s/%s", voPersonRecordByEmailEndpoint, email); + } + + private String voPersonRecordUrl(long cernPersonId) { + return String.format("%s/%d", voPersonRecordEndpoint, cernPersonId); + } + + private String validParticipationUrl(long cernPersonId) { + return String.format("%s/%d", validParticipationEndpoint, cernPersonId); + } + + private ContentExchange prepareHttpExchange(String url) { + ContentExchange ce = new ContentExchange(); + ce.setRetryStatus(true); + ce.setRequestHeader("Authorization", String.format("Basic %s", basicAuthHeaderContent)); + ce.setRequestHeader("Accept", "application/json"); + + ce.setURL(url); + + return ce; + } + + protected void handleExchange(ContentExchange ce) { + try { + + client.send(ce); + int exchangeStatus = ce.waitForDone(); + + if (HttpExchange.STATUS_COMPLETED == exchangeStatus) { + if (ce.getResponseStatus() != 200) { + + @SuppressWarnings("unchecked") + ErrorDTO error = + ErrorDTO.fromJsonMap((Map) JSON.parse(ce.getResponseContent())); + + if (ce.getResponseStatus() == 404) { + throw new VoPersonNotFoundError(ce.getResponseStatus(), error.getErrorMessage()); + } else { + throw new HrDbExchangeError(ce.getResponseStatus(), error.getErrorMessage()); + } + } + } else if (HttpExchange.STATUS_EXPIRED == exchangeStatus) { + throw new HrDbError("Error contacting the HR DB api: request timeout exceeded"); + } else { + throw new HrDbError("Error contacting the HR DB api"); + } + + } catch (IOException e) { + throw new HrDbError("Error contacting the HR DB api: " + e.getMessage(), e); + } catch (InterruptedException e) { + LOG.warn(e.getMessage(), e); + } + } + + protected Optional voPersonExchange(ContentExchange ce) { + handleExchange(ce); + + try { + + @SuppressWarnings("unchecked") + Map jsonMap = (Map) JSON.parse(ce.getResponseContent()); + + return Optional.of(VOPersonDTO.fromJsonMap(jsonMap)); + + } catch (UnsupportedEncodingException e) { + throw new HrDbError(e.getMessage(), e); + } + } + + @Override + public Optional getVoPersonRecord(long cernPersonId) { + return voPersonExchange(prepareHttpExchange(voPersonRecordUrl(cernPersonId))); + } + + @Override + public boolean hasValidExperimentParticipation(long cernPersonId) { + + ContentExchange ce = prepareHttpExchange(validParticipationUrl(cernPersonId)); + + handleExchange(ce); + + try { + return Boolean.parseBoolean(ce.getResponseContent()); + } catch (UnsupportedEncodingException e) { + throw new HrDbError(e.getMessage(), e); + } + + + } + + @Override + public Optional lookupVomsUser(VOMSUser user) { + + Long orgDbId = user.getOrgDbId(); + + try { + if (!isNull(orgDbId)) { + return getVoPersonRecord(orgDbId); + } + } catch (VoPersonNotFoundError e) { + LOG.warn("VO person not found for user {} ({}): {}", user.getShortName(), user.getId(), + e.getMessage()); + } + return Optional.empty(); + } + + @Override + public boolean hasValidExperimentParticipation(VOMSUser user) { + return lookupVomsUser(user).map(p -> hasValidExperimentParticipation(p.getId())).orElse(false); + } + + @Override + public Optional getVoPersonRecordByEmail(String email) { + return voPersonExchange(prepareHttpExchange(voPersonByEmailUrl(email))); + } + + @Override + public boolean hasValidExperimentParticipationByEmail(String email) { + + Instant now = clock.instant(); + + return getVoPersonRecordByEmail(email) + .filter(p -> p.findValidParticipationForExperiment(now, experimentName).isPresent()) + .isPresent(); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiServiceFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiServiceFactory.java new file mode 100644 index 00000000..4643dacc --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/HttpClientHrDbApiServiceFactory.java @@ -0,0 +1,28 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +import java.time.Clock; + +public class HttpClientHrDbApiServiceFactory implements HrDbApiServiceFactory { + + @Override + public HrDbApiService newHrDbApiService(HrDbProperties properties) { + + return new HttpClientHrDbApiService(Clock.systemDefaultZone(), properties); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/VoPersonNotFoundError.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/VoPersonNotFoundError.java new file mode 100644 index 00000000..772c0095 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/VoPersonNotFoundError.java @@ -0,0 +1,29 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern; + +public class VoPersonNotFoundError extends HrDbExchangeError { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public VoPersonNotFoundError(int responseStatus, String responseMessage) { + super(responseStatus, responseMessage); + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ErrorDTO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ErrorDTO.java new file mode 100644 index 00000000..aa6c8508 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ErrorDTO.java @@ -0,0 +1,53 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.dto; + +import java.util.Map; + +public class ErrorDTO { + + final String error; + final String errorMessage; + + private ErrorDTO(String error, String errorMessage) { + this.error = error; + this.errorMessage = errorMessage; + } + + private ErrorDTO(String error) { + this(error, null); + } + + public String getError() { + return error; + } + + public String getErrorMessage() { + return errorMessage; + } + + public static ErrorDTO newError(String error, String errorMessage) { + return new ErrorDTO(error, errorMessage); + } + + public static ErrorDTO newError(String error) { + return new ErrorDTO(error); + } + + public static ErrorDTO fromJsonMap(Map json) { + return newError((String) json.get("error"), (String) json.get("errorMessage")); + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/InstituteDTO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/InstituteDTO.java new file mode 100644 index 00000000..677ebe9b --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/InstituteDTO.java @@ -0,0 +1,82 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.dto; + +import java.util.Map; + +public class InstituteDTO { + + String id; + + String name; + + String town; + + String country; + + public InstituteDTO() { + // empty ctor + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getTown() { + return town; + } + + public void setTown(String town) { + this.town = town; + } + + public String getCountry() { + return country; + } + + public void setCountry(String country) { + this.country = country; + } + + @Override + public String toString() { + return "InstituteDTO [id=" + id + ", name=" + name + ", town=" + town + ", country=" + country + + "]"; + } + + public static InstituteDTO fromJson(Map map) { + + InstituteDTO institute = new InstituteDTO(); + institute.setId((String)map.get("id")); + institute.setCountry((String)map.get("country")); + institute.setName((String)map.get("name")); + institute.setTown((String)map.get("town")); + return institute; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ListResponseDTO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ListResponseDTO.java new file mode 100644 index 00000000..0db91a47 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ListResponseDTO.java @@ -0,0 +1,85 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.dto; + +import java.util.List; + +public class ListResponseDTO { + + private final long totalResults; + private final int itemsPerPage; + private final int startIndex; + + private final List resources; + + private ListResponseDTO(Builder builder) { + this.totalResults = builder.totalResults; + this.startIndex = builder.startIndex; + this.itemsPerPage = builder.itemsPerPage; + this.resources = builder.resources; + } + + public long getTotalResults() { + return totalResults; + } + + public int getItemsPerPage() { + return itemsPerPage; + } + + public int getStartIndex() { + return startIndex; + } + + public List getResources() { + return resources; + } + + public static class Builder { + private long totalResults; + private int itemsPerPage; + private int startIndex; + private List resources; + + public Builder totalResults(long totalResults) { + this.totalResults = totalResults; + return this; + } + + public Builder itemsPerPage(int itemsPerPage) { + this.itemsPerPage = itemsPerPage; + return this; + } + + public Builder startIndex(int startIndex) { + this.startIndex = startIndex; + return this; + } + + public Builder resources(List resources) { + this.resources = resources; + return this; + } + + public ListResponseDTO build() { + return new ListResponseDTO<>(this); + } + } + + public static Builder builder() { + return new Builder<>(); + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ParticipationDTO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ParticipationDTO.java new file mode 100644 index 00000000..dc5f22bb --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/ParticipationDTO.java @@ -0,0 +1,100 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.dto; + +import static java.util.Objects.isNull; + +import java.time.Instant; +import java.util.Date; +import java.util.Map; +import java.util.Objects; + +import org.glite.security.voms.admin.integration.cern.DateUtils; + + +public class ParticipationDTO { + + InstituteDTO institute; + String experiment; + + Date startDate; + Date endDate; + + public ParticipationDTO() { + // empty ctor + } + + public InstituteDTO getInstitute() { + return institute; + } + + public void setInstitute(InstituteDTO institute) { + this.institute = institute; + } + + public Date getStartDate() { + return startDate; + } + + public void setStartDate(Date startDate) { + this.startDate = startDate; + } + + public Date getEndDate() { + return endDate; + } + + public void setEndDate(Date endDate) { + this.endDate = endDate; + } + + public String getExperiment() { + return experiment; + } + + public void setExperiment(String experiment) { + this.experiment = experiment; + } + + public boolean isValidAtInstant(Instant instant) { + + Date now = Date.from(instant); + + return getStartDate().before(Date.from(instant)) + && (isNull(getEndDate()) || getEndDate().after(now)); + } + + @Override + public String toString() { + return "ParticipationDTO [institute=" + institute + ", experiment=" + experiment + + ", startDate=" + startDate + ", endDate=" + endDate + "]"; + } + + + @SuppressWarnings("unchecked") + public static ParticipationDTO fromJsonMap(Map json) { + ParticipationDTO participation = new ParticipationDTO(); + participation.setExperiment((String) json.get("experiment")); + participation.setStartDate(DateUtils.parseDate((String) json.get("startDate"))); + String endDate = (String) json.get("endDate"); + if (!Objects.isNull(endDate)) { + participation.setEndDate(DateUtils.parseDate(endDate)); + } + + participation.setInstitute(InstituteDTO.fromJson((Map) json.get("institute"))); + return participation; + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/VOPersonDTO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/VOPersonDTO.java new file mode 100644 index 00000000..cb7128ad --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/dto/VOPersonDTO.java @@ -0,0 +1,219 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.dto; + + +import java.time.Instant; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; + + + +public class VOPersonDTO { + + private Long id; + private String name; + private String firstName; + private String department; + private String group; + private String sector; + private String building; + private String floor; + private String room; + private String tel1; + private String tel2; + private String tel3; + private String portablePhone; + private String beeper; + private String email; + private String physicalEmail; + private Set participations; + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getDepartment() { + return department; + } + + public void setDepartment(String department) { + this.department = department; + } + + public String getGroup() { + return group; + } + + public void setGroup(String group) { + this.group = group; + } + + public String getSector() { + return sector; + } + + public void setSector(String sector) { + this.sector = sector; + } + + public String getBuilding() { + return building; + } + + public void setBuilding(String building) { + this.building = building; + } + + public String getFloor() { + return floor; + } + + public void setFloor(String floor) { + this.floor = floor; + } + + public String getRoom() { + return room; + } + + public void setRoom(String room) { + this.room = room; + } + + public String getTel1() { + return tel1; + } + + public void setTel1(String tel1) { + this.tel1 = tel1; + } + + public String getTel2() { + return tel2; + } + + public void setTel2(String tel2) { + this.tel2 = tel2; + } + + public String getTel3() { + return tel3; + } + + public void setTel3(String tel3) { + this.tel3 = tel3; + } + + public String getPortablePhone() { + return portablePhone; + } + + public void setPortablePhone(String portablePhone) { + this.portablePhone = portablePhone; + } + + public String getBeeper() { + return beeper; + } + + public void setBeeper(String beeper) { + this.beeper = beeper; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public String getPhysicalEmail() { + return physicalEmail; + } + + public void setPhysicalEmail(String physicalEmail) { + this.physicalEmail = physicalEmail; + } + + public Set getParticipations() { + return participations; + } + + public void setParticipations(Set participations) { + this.participations = participations; + } + + public Optional findValidParticipationForExperiment(Instant now, + String experimentName) { + + return getParticipations().stream() + .filter(p -> p.getExperiment().equalsIgnoreCase(experimentName) && p.isValidAtInstant(now)) + .findFirst(); + } + + @Override + public String toString() { + return "VOPersonDTO [id=" + id + ", name=" + name + ", firstName=" + firstName + ", department=" + + department + ", group=" + group + ", sector=" + sector + ", building=" + building + + ", floor=" + floor + ", room=" + room + ", tel1=" + tel1 + ", tel2=" + tel2 + ", tel3=" + + tel3 + ", portablePhone=" + portablePhone + ", beeper=" + beeper + ", email=" + email + + ", physicalEmail=" + physicalEmail + ", participations=" + participations + "]"; + } + + @SuppressWarnings("unchecked") + public static VOPersonDTO fromJsonMap(Map json) { + VOPersonDTO person = new VOPersonDTO(); + person.setId((Long) json.get("id")); + person.setName((String) json.get("name")); + person.setFirstName((String) json.get("firstName")); + person.setEmail((String) json.get("email")); + person.setPhysicalEmail((String) json.get("physicalEmail")); + + + Object[] participations = (Object[]) json.get("participations"); + + person.setParticipations(Stream.of(participations) + .map(m -> ParticipationDTO.fromJsonMap((Map) m)) + .collect(Collectors.toSet())); + return person; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/ExpiredParticipationStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/ExpiredParticipationStrategy.java new file mode 100644 index 00000000..c4e6ca33 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/ExpiredParticipationStrategy.java @@ -0,0 +1,24 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.strategies; + +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; + +@FunctionalInterface +public interface ExpiredParticipationStrategy { + public void handleExpiredParticipation(VOMSUser u, VOPersonDTO voPerson); +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MembershipSynchronizationStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MembershipSynchronizationStrategy.java new file mode 100644 index 00000000..d9c12ab9 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MembershipSynchronizationStrategy.java @@ -0,0 +1,26 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.strategies; + +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; + +@FunctionalInterface +public interface MembershipSynchronizationStrategy { + + public void synchronizeMembershipInformation(VOMSUser user, VOPersonDTO voPerson); + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MissingMembershipRecordStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MissingMembershipRecordStrategy.java new file mode 100644 index 00000000..ff1db3f0 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/cern/strategies/MissingMembershipRecordStrategy.java @@ -0,0 +1,22 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.integration.cern.strategies; + +import org.glite.security.voms.admin.persistence.model.VOMSUser; + +public interface MissingMembershipRecordStrategy { + public void handleMissingHrRecord(VOMSUser user); +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/DefaultSyncStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/DefaultSyncStrategy.java index 5337d8c3..316b8895 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/DefaultSyncStrategy.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/DefaultSyncStrategy.java @@ -183,7 +183,7 @@ private void synchronizePersonalInformation(VOMSUser u, public void synchronizeMemberInformation(VOMSUser u, VOMSOrgDBPerson orgDbPerson, String experimentName, Participation validParticipation) { - log.debug( + log.info( "Synchronizing pariticipation data for user {} against orgdb record {} for experiment {}", new Object[] { u, orgDbPerson, experimentName }); @@ -191,7 +191,7 @@ public void synchronizeMemberInformation(VOMSUser u, log.warn("No valid participation found for user {}, orgdb record {} in experiment {}", new Object[] { u, orgDbPerson, experimentName}); } else { - log.debug("Participation found for user {}, orgdb record {} in experiment {}: {}", + log.info("Participation found for user {}, orgdb record {} in experiment {}: {}", new Object[] { u, orgDbPerson, experimentName, validParticipation}); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/LogOnlyExpiredParticipationStrategy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/LogOnlyExpiredParticipationStrategy.java index 2665d753..a8928092 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/LogOnlyExpiredParticipationStrategy.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/LogOnlyExpiredParticipationStrategy.java @@ -30,7 +30,7 @@ public class LogOnlyExpiredParticipationStrategy implements public void handleOrgDbExpiredParticipation(VOMSUser u, VOMSOrgDBPerson orgDBPerson, String experimentName) { - log.debug("User {} participation for experiment {} has expired.", u, + log.info("User {} participation for experiment {} has expired.", u, experimentName); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/OrgDBConfigurator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/OrgDBConfigurator.java index 39e85fa6..c0a9592d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/OrgDBConfigurator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/integration/orgdb/OrgDBConfigurator.java @@ -15,6 +15,8 @@ */ package org.glite.security.voms.admin.integration.orgdb; +import static org.glite.security.voms.admin.configuration.VOMSConfigurationConstants.PI_REQUIRED_FIELDS; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -38,6 +40,10 @@ public class OrgDBConfigurator extends AbstractPluginConfigurator { + public OrgDBConfigurator(VOMSConfiguration config) { + super(config); + } + public static final Logger log = LoggerFactory .getLogger(OrgDBConfigurator.class); @@ -148,6 +154,8 @@ public synchronized void configure() throws VOMSPluginConfigurationException { VOMSConfigurationConstants.VOMS_INTERNAL_RO_MEMBERSHIP_EXPIRATION_DATE, Boolean.TRUE); + VOMSConfiguration.instance().setProperty(PI_REQUIRED_FIELDS, ""); + log.info("OrgDB request validator registered SUCCESSFULLY."); Long checkPeriod; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/CurrentAdmin.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/CurrentAdmin.java index 3220a192..4c2cbbcb 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/CurrentAdmin.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/CurrentAdmin.java @@ -1,15 +1,17 @@ /** * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.glite.security.voms.admin.operations; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/groups/SearchMembersOperation.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/groups/SearchMembersOperation.java index c0d48152..fd85d684 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/groups/SearchMembersOperation.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/groups/SearchMembersOperation.java @@ -16,7 +16,9 @@ package org.glite.security.voms.admin.operations.groups; import org.glite.security.voms.admin.operations.BaseMemberhipReadOperation; +import org.glite.security.voms.admin.operations.CurrentAdmin; import org.glite.security.voms.admin.operations.VOMSContext; +import org.glite.security.voms.admin.operations.VOMSPermission; import org.glite.security.voms.admin.persistence.dao.VOMSGroupDAO; import org.glite.security.voms.admin.persistence.dao.VOMSRoleDAO; import org.glite.security.voms.admin.persistence.model.VOMSGroup; @@ -25,11 +27,14 @@ public class SearchMembersOperation extends BaseMemberhipReadOperation { + public static final VOMSPermission PERSONAL_INFO_READ = + VOMSPermission.getEmptyPermissions().setPersonalInfoReadPermission(); + int firstResult = 0, maxResults = 0; String searchString; - private SearchMembersOperation(VOMSContext c, String searchString, - int firstResult, int maxResults) { + private SearchMembersOperation(VOMSContext c, String searchString, int firstResult, + int maxResults) { super(c); @@ -38,8 +43,8 @@ private SearchMembersOperation(VOMSContext c, String searchString, this.searchString = searchString; } - private SearchMembersOperation(VOMSGroup g, VOMSRole r, String searchString, - int firstResult, int maxResults) { + private SearchMembersOperation(VOMSGroup g, VOMSRole r, String searchString, int firstResult, + int maxResults) { super(VOMSContext.instance(g, r)); @@ -52,34 +57,45 @@ private SearchMembersOperation(VOMSGroup g, VOMSRole r, String searchString, protected Object doExecute() { - if (!__context.isGroupContext()) - return VOMSRoleDAO.instance().searchMembers(__context.getGroup(), - __context.getRole(), searchString, firstResult, maxResults); - - return VOMSGroupDAO.instance().searchMembers(__context.getGroup(), - searchString, firstResult, maxResults); - + if (CurrentAdmin.instance().hasPermissions(VOMSContext.getVoContext(), PERSONAL_INFO_READ)) { + if (!__context.isGroupContext()) { + return VOMSRoleDAO.instance() + .searchMembers(__context.getGroup(), __context.getRole(), searchString, firstResult, + maxResults); + } else { + return VOMSGroupDAO.instance() + .searchMembers(__context.getGroup(), searchString, firstResult, maxResults); + } + } else { + + if (!__context.isGroupContext()) { + return VOMSRoleDAO.instance() + .searchMemberBySubject(__context.getGroup(), __context.getRole(), searchString, + firstResult, maxResults); + + } else { + return VOMSGroupDAO.instance() + .searchMembersBySubject(__context.getGroup(), searchString, firstResult, maxResults); + } + } } - public static SearchMembersOperation instance(VOMSGroup g, VOMSRole r, - String searchString, int firstResult, int maxResults) { + public static SearchMembersOperation instance(VOMSGroup g, VOMSRole r, String searchString, + int firstResult, int maxResults) { - return new SearchMembersOperation(g, r, searchString, firstResult, - maxResults); + return new SearchMembersOperation(g, r, searchString, firstResult, maxResults); } - public static SearchMembersOperation instance(VOMSGroup g, - String searchString, int firstResult, int maxResults) { + public static SearchMembersOperation instance(VOMSGroup g, String searchString, int firstResult, + int maxResults) { - return new SearchMembersOperation(g, null, searchString, firstResult, - maxResults); + return new SearchMembersOperation(g, null, searchString, firstResult, maxResults); } public static SearchMembersOperation instance(SearchData sd) { VOMSContext ctxt = VOMSContext.instance(sd.getGroupId(), sd.getRoleId()); - return new SearchMembersOperation(ctxt, sd.getText(), sd.getFirstResult(), - sd.getMaxResults()); + return new SearchMembersOperation(ctxt, sd.getText(), sd.getFirstResult(), sd.getMaxResults()); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/RemoveUserCertificateOperation.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/RemoveUserCertificateOperation.java index 3c795130..785fef1a 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/RemoveUserCertificateOperation.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/RemoveUserCertificateOperation.java @@ -103,8 +103,8 @@ protected Object doExecute() { } VOMSUser u = cert.getUser(); - VOMSUserDAO.instance() - .deleteCertificate(cert); + + VOMSUserDAO.instance().deleteCertificate(u, cert); EventManager.instance() .dispatch(new UserCertificateRemoved(u, cert)); diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/SearchUsersOperation.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/SearchUsersOperation.java index 18366017..8223984b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/SearchUsersOperation.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/operations/users/SearchUsersOperation.java @@ -16,8 +16,10 @@ package org.glite.security.voms.admin.operations.users; import org.glite.security.voms.admin.operations.BaseVoReadOperation; +import org.glite.security.voms.admin.operations.CurrentAdmin; import org.glite.security.voms.admin.operations.VOMSContext; import org.glite.security.voms.admin.operations.VOMSPermission; +import org.glite.security.voms.admin.operations.groups.SearchMembersOperation; import org.glite.security.voms.admin.persistence.dao.SearchResults; import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; @@ -29,8 +31,7 @@ public class SearchUsersOperation extends BaseVoReadOperation { private int maxResults; - private SearchUsersOperation(String searchString, int firstResult, - int maxResults) { + private SearchUsersOperation(String searchString, int firstResult, int maxResults) { this.searchString = searchString; this.firstResult = firstResult; @@ -40,19 +41,25 @@ private SearchUsersOperation(String searchString, int firstResult, public SearchResults doExecute() { - return VOMSUserDAO.instance().search(searchString, firstResult, maxResults); + if (CurrentAdmin.instance() + .hasPermissions(VOMSContext.getVoContext(), SearchMembersOperation.PERSONAL_INFO_READ)) { + return VOMSUserDAO.instance().search(searchString, firstResult, maxResults); + } else { + + return VOMSUserDAO.instance().searchBySubject(searchString, firstResult, maxResults); + } } - public static SearchUsersOperation instance(String searchString, - int firstResult, int maxResults) { + public static SearchUsersOperation instance(String searchString, int firstResult, + int maxResults) { return new SearchUsersOperation(searchString, firstResult, maxResults); } protected void setupPermissions() { - addRequiredPermission(VOMSContext.getVoContext(), VOMSPermission - .getContainerReadPermission().setMembershipReadPermission()); + addRequiredPermission(VOMSContext.getVoContext(), + VOMSPermission.getContainerReadPermission().setMembershipReadPermission()); } - + } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/ImplicitNamingStrategy32Legacy.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/ImplicitNamingStrategy32Legacy.java index c678f5a4..03bd6924 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/ImplicitNamingStrategy32Legacy.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/ImplicitNamingStrategy32Legacy.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.persistence; import java.util.List; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/SearchUtils.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/SearchUtils.java new file mode 100644 index 00000000..25419e3f --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/SearchUtils.java @@ -0,0 +1,49 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.persistence.dao; + +import org.hibernate.Query; + +@SuppressWarnings("deprecation") +public class SearchUtils { + + private SearchUtils() {} + + + @SuppressWarnings({"rawtypes"}) + public static SearchResults paginatedFind(Query q, Query countQuery, String searchString, + int firstResults, int maxResults) { + + SearchResults res = SearchResults.instance(); + + res.setSearchString(searchString); + + q.setFirstResult(firstResults); + q.setMaxResults(maxResults); + + res.setResults(q.list()); + + Long count = (Long) countQuery.uniqueResult(); + + res.setCount(count.intValue()); + + res.setFirstResult(firstResults); + res.setResultsPerPage(maxResults); + + return res; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSGroupDAO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSGroupDAO.java index 0b4736a1..0ea4279c 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSGroupDAO.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSGroupDAO.java @@ -15,9 +15,10 @@ */ package org.glite.security.voms.admin.persistence.dao; +import static org.glite.security.voms.admin.persistence.dao.SearchUtils.paginatedFind; + import java.util.Iterator; import java.util.List; -import java.util.Set; import org.glite.security.voms.admin.configuration.VOMSConfiguration; import org.glite.security.voms.admin.configuration.VOMSConfigurationConstants; @@ -55,8 +56,7 @@ public List getAll() { String query = "from VOMSGroup order by name asc"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); @SuppressWarnings("unchecked") List res = q.list(); @@ -68,7 +68,8 @@ public int countMatches(String searchString) { String sString = "%" + searchString + "%"; - String cQueryString = "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSGroup where name like :searchString"; + String cQueryString = + "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSGroup where name like :searchString"; Long totalMatches = (Long) HibernateFactory.getSession() .createQuery(cQueryString) @@ -82,8 +83,7 @@ public int countMatches(String searchString) { public int countGroups() { Long count = (Long) HibernateFactory.getSession() - .createQuery( - "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSGroup") + .createQuery("select count(*) from org.glite.security.voms.admin.persistence.model.VOMSGroup") .uniqueResult(); return count.intValue(); @@ -93,8 +93,7 @@ public int countGroups() { public List findAllWithoutRootGroup() { String query = "from VOMSGroup g where g != g.parent"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); return q.list(); } @@ -103,8 +102,7 @@ public List findAll() { String query = "from org.glite.security.voms.admin.persistence.model.VOMSGroup"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); return q.list(); @@ -114,10 +112,10 @@ public SearchResults getAll(int firstResult, int maxResults) { SearchResults results = SearchResults.instance(); - String query = "from org.glite.security.voms.admin.persistence.model.VOMSGroup order by name asc"; + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSGroup order by name asc"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); q.setFirstResult(firstResult); q.setMaxResults(maxResults); @@ -132,21 +130,19 @@ public SearchResults getAll(int firstResult, int maxResults) { return results; } - public SearchResults search(String searchString, int firstResult, - int maxResults) { + public SearchResults search(String searchString, int firstResult, int maxResults) { - if (searchString == null || searchString.equals("") - || searchString.length() == 0) + if (searchString == null || searchString.equals("") || searchString.length() == 0) return getAll(firstResult, maxResults); SearchResults results = SearchResults.instance(); String sString = "%" + searchString + "%"; - String queryString = "from org.glite.security.voms.admin.persistence.model.VOMSGroup where name like :searchString order by name asc"; + String queryString = + "from org.glite.security.voms.admin.persistence.model.VOMSGroup where name like :searchString order by name asc"; - Query q = HibernateFactory.getSession() - .createQuery(queryString) - .setString("searchString", sString); + Query q = + HibernateFactory.getSession().createQuery(queryString).setString("searchString", sString); q.setFirstResult(firstResult); q.setMaxResults(maxResults); @@ -163,35 +159,22 @@ public SearchResults search(String searchString, int firstResult, } - public SearchResults getMembers(VOMSGroup g, int firstResult, - int maxResults) { - - Set groupMembers = g.getMembers(); - // int count = g.getMembers().size(); // Maybe the HQL query is more - // efficient - - int count = groupMembers.size(); - - SearchResults results = SearchResults.instance(); - - String queryString = "select m.user as user from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role is null"; + public SearchResults getMembers(VOMSGroup g, int firstResult, int maxResults) { + + String commonQuery = + "from VOMSMapping m where m.group = :group and m.role is null"; Query q = HibernateFactory.getSession() - .createQuery(queryString) + .createQuery(String.format("select distinct m.user as user %s", commonQuery)) .setFirstResult(firstResult) .setMaxResults(maxResults); + + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct m.user) %s", commonQuery)); q.setEntity("group", g); - - List res = q.list(); - - results.setSearchString(null); - results.setResults(res); - results.setCount(count); - results.setFirstResult(firstResult); - results.setResultsPerPage(maxResults); - - return results; + count.setEntity("group", g); + return paginatedFind(q, count, null, firstResult, maxResults); } @@ -202,79 +185,85 @@ public int countMatchingMembers(VOMSGroup g, String searchString) { String sString = "%" + searchString + "%"; - String queryString = "select count(m.user) as u from VOMSMapping m join m.user.certificates as cert where " - + "m.group = :group and m.role is null and " - + "(cert.subjectString like :searchString " - + "or cert.ca.subjectString like :searchString " - + "or m.user.name like :searchString " - + "or m.user.surname like :searchString " - + "or m.user.emailAddress like :searchString " - + "or m.user.institution like :searchString)"; - - // String queryString = - // "select count(m.user) from - // org.glite.security.voms.admin.persistence.model.VOMSMapping m where - // m.group = :group and m.role is null "+ - // "and m.user.dn like :searchString"; + String queryString = + "select count(m.user) as u from VOMSMapping m join m.user.certificates as cert where " + + "m.group = :group and m.role is null and " + "(cert.subjectString like :searchString " + + "or cert.ca.subjectString like :searchString " + "or m.user.name like :searchString " + + "or m.user.surname like :searchString " + "or m.user.emailAddress like :searchString " + + "or m.user.institution like :searchString)"; - Query q = HibernateFactory.getSession() - .createQuery(queryString) - .setString("searchString", sString); + Query q = + HibernateFactory.getSession().createQuery(queryString).setString("searchString", sString); q.setEntity("group", g); return ((Long) q.uniqueResult()).intValue(); } - - public SearchResults searchMembers(VOMSGroup g, String searchString, - int firstResult, int maxResults) { + + public SearchResults searchMembersBySubject(VOMSGroup g, String searchString, int firstResult, + int maxResults) { if (g == null) throw new NullArgumentException("Cannot search members in a null group!"); - if (searchString == null || searchString.equals("") - || searchString.length() == 0) + if (searchString == null || searchString.equals("") || searchString.length() == 0) { return getMembers(g, firstResult, maxResults); - - SearchResults results = SearchResults.instance(); + } String sString = "%" + searchString + "%"; - String queryString = "select m.user as u from VOMSMapping m join m.user.certificates as cert where " - + "m.group = :group and m.role is null and " - + "(cert.subjectString like :searchString " - + "or cert.ca.subjectString like :searchString " - + "or m.user.name like :searchString " - + "or m.user.surname like :searchString " - + "or m.user.emailAddress like :searchString " - + "or m.user.institution like :searchString)"; - - // String queryString = - // "select m.user as user from - // org.glite.security.voms.admin.persistence.model.VOMSMapping m where - // m.group = :group and m.role is null "+ - // "and (m.user.dn like :searchString or m.user.ca.subjectString like - // :searchString) order by m.user.dn asc"; - - Query q = HibernateFactory.getSession() - .createQuery(queryString) - .setString("searchString", sString); - + String commonQuery = "from VOMSMapping m join m.user.certificates as cert where " + + "m.group = :group and m.role is null and " + "(cert.subjectString like :searchString " + + "or cert.ca.subjectString like :searchString )"; + + String query = String.format("select distinct m.user as u %s", commonQuery); + String countQuery = String.format("select count(distinct m.user ) %s", commonQuery); + + Query q = + HibernateFactory.getSession().createQuery(query).setString("searchString", sString); + + Query count = + HibernateFactory.getSession().createQuery(countQuery).setString("searchString", sString); + q.setEntity("group", g); + count.setEntity("group", g); + + return paginatedFind(q, count, searchString, firstResult, maxResults); - q.setFirstResult(firstResult); - q.setMaxResults(maxResults); + } - List res = q.list(); + public SearchResults searchMembers(VOMSGroup g, String searchString, int firstResult, + int maxResults) { - results.setSearchString(searchString); - results.setResults(res); - results.setCount(countMatchingMembers(g, searchString)); - results.setFirstResult(firstResult); - results.setResultsPerPage(maxResults); + if (g == null) + throw new NullArgumentException("Cannot search members in a null group!"); - return results; + if (searchString == null || searchString.equals("") || searchString.length() == 0) { + return getMembers(g, firstResult, maxResults); + } + + String sString = "%" + searchString + "%"; + + String commonString = "from VOMSMapping m join m.user.certificates as cert" + + " where m.group = :group and m.role is null and" + + " (cert.subjectString like :searchString " + + "or cert.ca.subjectString like :searchString " + "or m.user.name like :searchString " + + "or m.user.surname like :searchString " + "or m.user.emailAddress like :searchString " + + "or m.user.institution like :searchString)"; + + Query q = HibernateFactory.getSession() + .createQuery(String.format("select distinct m.user as user %s", commonString)) + .setString("searchString", sString); + + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct m.user) %s", commonString)) + .setString("searchString", sString); + q.setEntity("group", g); + + count.setEntity("group", g); + + return paginatedFind(q, count, searchString, firstResult, maxResults); } public VOMSGroup findByName(String name) { @@ -282,10 +271,10 @@ public VOMSGroup findByName(String name) { if (!PathNamingScheme.isGroup(name)) throw new VOMSSyntaxException("Syntax error in group name: " + name); - String query = "from org.glite.security.voms.admin.persistence.model.VOMSGroup as g where g.name =:groupName"; + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSGroup as g where g.name =:groupName"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); q.setString("groupName", name); @@ -296,8 +285,7 @@ public VOMSGroup findByName(String name) { public VOMSGroup findById(Long id) { - VOMSGroup g = (VOMSGroup) HibernateFactory.getSession() - .get(VOMSGroup.class, id); + VOMSGroup g = (VOMSGroup) HibernateFactory.getSession().get(VOMSGroup.class, id); return g; @@ -311,7 +299,7 @@ public VOMSGroup getVOGroup() { if (voName == null) throw new VOMSConfigurationException( - VOMSConfigurationConstants.VO_NAME + "undefined in configuration!"); + VOMSConfigurationConstants.VO_NAME + "undefined in configuration!"); VOMSGroup g = findByName("/" + voName); @@ -322,9 +310,9 @@ public VOMSGroup getVOGroup() { @SuppressWarnings("unchecked") public List getChildren(VOMSGroup parentGroup) { - String query = "from org.glite.security.voms.admin.persistence.model.VOMSGroup g where g.parent = :parentGroup and g != :parentGroup order by g.name"; - Query q = HibernateFactory.getSession() - .createQuery(query); + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSGroup g where g.parent = :parentGroup and g != :parentGroup order by g.name"; + Query q = HibernateFactory.getSession().createQuery(query); q.setEntity("parentGroup", parentGroup); @@ -337,15 +325,13 @@ public VOMSGroup create(String groupName) { return create(groupName, null, null); } - public VOMSGroup create(String groupName, String description, - Boolean isRestricted) { + public VOMSGroup create(String groupName, String description, Boolean isRestricted) { if (!PathNamingScheme.isGroup(groupName)) throw new VOMSSyntaxException("Syntax error in group name: " + groupName); if (findByName(groupName) != null) - throw new AlreadyExistsException( - "Group \"" + groupName + "\" already defined!"); + throw new AlreadyExistsException("Group \"" + groupName + "\" already defined!"); String[] parentGroupChain = PathNamingScheme.getParentGroupChain(groupName); String rootGroupName = getVOGroup().getName(); @@ -353,8 +339,7 @@ public VOMSGroup create(String groupName, String description, // the VO if (!parentGroupChain[0].equals(rootGroupName)) throw new IllegalArgumentException("The root group for \"" + groupName - + "\" must match the root group of the VO (i.e., " + rootGroupName - + ")"); + + "\" must match the root group of the VO (i.e., " + rootGroupName + ")"); String parentGroupName = PathNamingScheme.getParentGroupName(groupName); @@ -362,7 +347,7 @@ public VOMSGroup create(String groupName, String description, if (parentGroup == null) throw new NoSuchGroupException( - "Parent group \"" + parentGroupName + "\" not defined in database!"); + "Parent group \"" + parentGroupName + "\" not defined in database!"); VOMSGroup newGroup = new VOMSGroup(); newGroup.setName(groupName); @@ -376,8 +361,7 @@ public VOMSGroup create(String groupName, String description, log.debug("Creating group \"" + newGroup + "\"."); - HibernateFactory.getSession() - .save(newGroup); + HibernateFactory.getSession().save(newGroup); return newGroup; } @@ -386,15 +370,13 @@ public void delete(Long id) { VOMSGroup g = (VOMSGroup) findById(id); if (g == null) - throw new NoSuchGroupException( - "Group with id \"" + id + "\" not defined!"); + throw new NoSuchGroupException("Group with id \"" + id + "\" not defined!"); try { delete(g); } catch (ObjectNotFoundException e) { - throw new NoSuchGroupException( - "Group with id \"" + id + "\" not defined!"); + throw new NoSuchGroupException("Group with id \"" + id + "\" not defined!"); } } @@ -402,12 +384,9 @@ public void delete(Long id) { private void uncheckedDelete(VOMSGroup g) { if (!g.isRootGroup()) { - g.getMappings() - .clear(); - g.getAttributes() - .clear(); - HibernateFactory.getSession() - .delete(g); + g.getMappings().clear(); + g.getAttributes().clear(); + HibernateFactory.getSession().delete(g); } } @@ -423,12 +402,11 @@ public void deleteAll() { public void delete(VOMSGroup g) { if (!PathNamingScheme.isGroup(g.getName())) - throw new VOMSSyntaxException( - "Syntax error in group name for group: " + g); + throw new VOMSSyntaxException("Syntax error in group name for group: " + g); if (g.isRootGroup() && g.equals(getVOGroup())) throw new IllegalOperationException( - "VO root group \"" + g.getName() + "\" cannot be deleted!"); + "VO root group \"" + g.getName() + "\" cannot be deleted!"); if (findByName(g.getName()) == null) throw new NoSuchGroupException("Group \"" + g + "\" not defined!"); @@ -437,18 +415,15 @@ public void delete(VOMSGroup g) { if (!children.isEmpty()) throw new IllegalOperationException("The group \"" + g - + "\" cannot be deleted since it contains subgroups. Delete subgroups first."); + + "\" cannot be deleted since it contains subgroups. Delete subgroups first."); log.debug("Deleting group " + g + "\"."); - VOMSRoleDAO.instance() - .removeRoleAttributesForGroup(g); + VOMSRoleDAO.instance().removeRoleAttributesForGroup(g); - g.getMappings() - .clear(); + g.getMappings().clear(); - g.getAcls() - .clear(); + g.getAcls().clear(); // Delete admins and ACL permissions that are related to this group VOMSAdminDAO adminDAO = VOMSAdminDAO.instance(); @@ -456,15 +431,12 @@ public void delete(VOMSGroup g) { if (groupAdmin != null) { - ACLDAO.instance() - .deletePermissionsForAdmin(groupAdmin); + ACLDAO.instance().deletePermissionsForAdmin(groupAdmin); adminDAO.delete(groupAdmin); } - HibernateFactory.getSession() - .delete(g); - HibernateFactory.getSession() - .flush(); + HibernateFactory.getSession().delete(g); + HibernateFactory.getSession().flush(); } @@ -476,13 +448,12 @@ public VOMSGroup createVOGroup() { if (voName == null) throw new VOMSConfigurationException( - VOMSConfigurationConstants.VO_NAME + " undefined in configuration!"); + VOMSConfigurationConstants.VO_NAME + " undefined in configuration!"); VOMSGroup g = findByName("/" + voName); if (g != null) - throw new VOMSDatabaseException( - "Root group already defined for vo " + voName); + throw new VOMSDatabaseException("Root group already defined for vo " + voName); g = new VOMSGroup(); g.setName("/" + voName); @@ -493,14 +464,12 @@ public VOMSGroup createVOGroup() { // The ugly transaction management code here is acceptable since // the creation of the VO GROUP is performed only once during the // lifetime of a VO. - HibernateFactory.getSession() - .save(g); + HibernateFactory.getSession().save(g); HibernateFactory.commitTransaction(); HibernateFactory.beginTransaction(); g.setParent(g); - HibernateFactory.getSession() - .update(g); + HibernateFactory.getSession().update(g); HibernateFactory.commitTransaction(); } catch (HibernateException e) { @@ -515,15 +484,13 @@ public VOMSGroup createVOGroup() { } - public VOMSGroupAttribute setAttribute(VOMSGroup g, String attrName, - String attrValue) { + public VOMSGroupAttribute setAttribute(VOMSGroup g, String attrName, String attrValue) { - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); if (desc == null) - throw new NoSuchAttributeException( - "Attribute '" + attrName + "' is not defined in this vo."); + throw new NoSuchAttributeException("Attribute '" + attrName + "' is not defined in this vo."); VOMSGroupAttribute val = g.getAttributeByName(attrName); @@ -535,28 +502,26 @@ public VOMSGroupAttribute setAttribute(VOMSGroup g, String attrName, g.addAttribute(val); } - HibernateFactory.getSession() - .update(g); + HibernateFactory.getSession().update(g); return val; } - public VOMSGroupAttribute createAttribute(VOMSGroup g, String attrName, - String attrDesc, String attrValue) { + public VOMSGroupAttribute createAttribute(VOMSGroup g, String attrName, String attrDesc, + String attrValue) { if (g.getAttributeByName(attrName) != null) - throw new AlreadyExistsException("Attribute \"" + attrName - + "\" already defined for group \"" + g + "\"."); + throw new AlreadyExistsException( + "Attribute \"" + attrName + "\" already defined for group \"" + g + "\"."); - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); if (desc == null) - desc = VOMSAttributeDAO.instance() - .createAttributeDescription(attrName, attrDesc); - log.debug("Creating attribute \"(" + attrName + "," + attrValue - + ")\" for group \"" + g + "\""); + desc = VOMSAttributeDAO.instance().createAttributeDescription(attrName, attrDesc); + log + .debug("Creating attribute \"(" + attrName + "," + attrValue + ")\" for group \"" + g + "\""); VOMSGroupAttribute val = VOMSGroupAttribute.instance(desc, attrValue, g); g.addAttribute(val); @@ -569,8 +534,8 @@ public VOMSGroupAttribute deleteAttribute(VOMSGroup g, String attrName) { VOMSGroupAttribute ga = g.getAttributeByName(attrName); if (ga == null) - throw new NoSuchAttributeException("Attribute named '" + attrName - + "' not defined for group '" + g.getName() + "'!"); + throw new NoSuchAttributeException( + "Attribute named '" + attrName + "' not defined for group '" + g.getName() + "'!"); deleteAttribute(g, ga); @@ -580,8 +545,7 @@ public VOMSGroupAttribute deleteAttribute(VOMSGroup g, String attrName) { public void deleteAttribute(VOMSGroup g, VOMSGroupAttribute val) { - log.debug( - "Deleting attribute \"" + val.getName() + "\" from group \"" + g + "\""); + log.debug("Deleting attribute \"" + val.getName() + "\" from group \"" + g + "\""); g.deleteAttribute(val); @@ -604,10 +568,7 @@ public List getMembers(VOMSGroup g) { throw new NullArgumentException("Cannot get members of a null group!"); String query = "select m.user from VOMSMapping m where m.group = :group and m.role is null"; - return HibernateFactory.getSession() - .createQuery(query) - .setEntity("group", g) - .list(); + return HibernateFactory.getSession().createQuery(query).setEntity("group", g).list(); } @@ -617,11 +578,9 @@ public List getMemberSubjectStrings(VOMSGroup g) { if (g == null) throw new NullArgumentException("Cannot get members of a null group!"); - String query = "select distinct c.subjectString from VOMSUser u join u.certificates c join u.mappings m where u.suspended is false and c.suspended is false and m.group = :group and m.role is null"; + String query = + "select distinct c.subjectString from VOMSUser u join u.certificates c join u.mappings m where u.suspended is false and c.suspended is false and m.group = :group and m.role is null"; - return HibernateFactory.getSession() - .createQuery(query) - .setEntity("group", g) - .list(); + return HibernateFactory.getSession().createQuery(query).setEntity("group", g).list(); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSRoleDAO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSRoleDAO.java index 2d49c069..8dff1cd3 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSRoleDAO.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSRoleDAO.java @@ -15,6 +15,8 @@ */ package org.glite.security.voms.admin.persistence.dao; +import static org.glite.security.voms.admin.persistence.dao.SearchUtils.paginatedFind; + import java.util.Iterator; import java.util.List; @@ -55,8 +57,7 @@ public int countRoles() { String query = "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSRole"; - Long count = (Long) HibernateFactory.getSession().createQuery(query) - .uniqueResult(); + Long count = (Long) HibernateFactory.getSession().createQuery(query).uniqueResult(); return count.intValue(); } @@ -64,10 +65,13 @@ public int countRoles() { public int countMatches(String searchString) { String sString = "%" + searchString + "%"; - String query = "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSRole where name like :searchString"; + String query = + "select count(*) from org.glite.security.voms.admin.persistence.model.VOMSRole where name like :searchString"; - Long count = (Long) HibernateFactory.getSession().createQuery(query) - .setString("searchString", sString).uniqueResult(); + Long count = (Long) HibernateFactory.getSession() + .createQuery(query) + .setString("searchString", sString) + .uniqueResult(); return count.intValue(); } @@ -92,20 +96,18 @@ public SearchResults getAll(int firstResult, int maxResults) { } - public SearchResults search(String searchString, int firstResult, - int maxResults) { + public SearchResults search(String searchString, int firstResult, int maxResults) { - if (searchString == null || searchString.equals("") - || searchString.length() == 0) + if (searchString == null || searchString.equals("") || searchString.length() == 0) return getAll(firstResult, maxResults); SearchResults results = SearchResults.instance(); String sString = "%" + searchString + "%"; - String query = "from org.glite.security.voms.admin.persistence.model.VOMSRole where name like :searchString"; + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSRole where name like :searchString"; - Query q = HibernateFactory.getSession().createQuery(query) - .setString("searchString", sString); + Query q = HibernateFactory.getSession().createQuery(query).setString("searchString", sString); q.setFirstResult(firstResult); q.setMaxResults(maxResults); @@ -121,8 +123,8 @@ public SearchResults search(String searchString, int firstResult, return results; } - public SearchResults searchMembers(VOMSGroup g, VOMSRole r, - String searchString, int firstResult, int maxResults) { + public SearchResults searchMemberBySubject(VOMSGroup g, VOMSRole r, String searchString, + int firstResult, int maxResults) { if (g == null) throw new NullArgumentException("Cannot search members in a null group!"); @@ -130,38 +132,35 @@ public SearchResults searchMembers(VOMSGroup g, VOMSRole r, if (r == null) throw new NullArgumentException("Cannot search members in a null role!"); - if (searchString == null || searchString.equals("") - || searchString.length() == 0) + if (searchString == null || searchString.equals("") || searchString.length() == 0) return getMembers(g, r, firstResult, maxResults); - SearchResults results = SearchResults.instance(); String sString = "%" + searchString + "%"; - String queryString = "select m.user as user from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role is :role " - + "and m.user.dn like :searchString order by m.user.dn asc"; + String commonString = + "from VOMSUser u join u.certificates c join u.mappings m where m.group = :group and m.role = :role and" + + "(c.subjectString like :searchString or c.ca.subjectString like :searchString)"; - Query q = HibernateFactory.getSession().createQuery(queryString) + Query q = HibernateFactory.getSession() + .createQuery(String.format("select distinct u %s", commonString)) + .setString("searchString", sString); + + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct u) %s", commonString)) .setString("searchString", sString); q.setEntity("group", g); q.setEntity("role", r); - q.setFirstResult(firstResult); - q.setMaxResults(maxResults); - - List res = q.list(); - - results.setSearchString(searchString); - results.setResults(res); - results.setCount(countMatchingMembers(g, r, searchString)); - results.setFirstResult(firstResult); - results.setResultsPerPage(maxResults); - return results; + count.setEntity("group", g); + count.setEntity("role", r); + return paginatedFind(q, count, searchString, firstResult, maxResults); } - private int countMatchingMembers(VOMSGroup g, VOMSRole r, String searchString) { + public SearchResults searchMembers(VOMSGroup g, VOMSRole r, String searchString, int firstResult, + int maxResults) { if (g == null) throw new NullArgumentException("Cannot search members in a null group!"); @@ -169,27 +168,37 @@ private int countMatchingMembers(VOMSGroup g, VOMSRole r, String searchString) { if (r == null) throw new NullArgumentException("Cannot search members in a null role!"); - String sString; + if (searchString == null || searchString.equals("") || searchString.length() == 0) + return getMembers(g, r, firstResult, maxResults); - if (searchString == null) - sString = "%"; - else - sString = "%" + searchString + "%"; + String sString = "%" + searchString + "%"; - String queryString = "select count(m.user) from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role is :role " - + "and m.user.dn like :searchString order by m.user.dn asc"; + String commonString = "from VOMSMapping m join m.user.certificates as cert" + + " where m.group = :group and m.role is :role and" + + " (cert.subjectString like :searchString " + + "or cert.ca.subjectString like :searchString " + "or m.user.name like :searchString " + + "or m.user.surname like :searchString " + "or m.user.emailAddress like :searchString " + + "or m.user.institution like :searchString)"; + + Query q = HibernateFactory.getSession() + .createQuery(String.format("select distinct m.user as user %s", commonString)) + .setString("searchString", sString); - Query q = HibernateFactory.getSession().createQuery(queryString); + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct m.user) %s", commonString)) + .setString("searchString", sString); - q.setString("searchString", sString); q.setEntity("group", g); q.setEntity("role", r); - return ((Long) q.uniqueResult()).intValue(); + count.setEntity("group", g); + count.setEntity("role", r); + + return paginatedFind(q, count, searchString, firstResult, maxResults); + } - private SearchResults getMembers(VOMSGroup g, VOMSRole r, int firstResult, - int maxResults) { + private SearchResults getMembers(VOMSGroup g, VOMSRole r, int firstResult, int maxResults) { if (g == null) throw new NullArgumentException("Cannot search members in a null group!"); @@ -197,30 +206,19 @@ private SearchResults getMembers(VOMSGroup g, VOMSRole r, int firstResult, if (r == null) throw new NullArgumentException("Cannot search members in a null role!"); - int membersCount = r.getUsers(g).size(); - - SearchResults results = SearchResults.instance(); - - String queryString = "select m.user as user from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role is :role " - + "order by m.user.dn asc"; + String commonQuery = "from VOMSMapping m where m.group = :group and m.role is :role "; - Query q = HibernateFactory.getSession().createQuery(queryString); + Query q = HibernateFactory.getSession() + .createQuery(String.format("select m.user as user %s", commonQuery)); + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct m.user ) %s", commonQuery)); q.setEntity("group", g); q.setEntity("role", r); + count.setEntity("group", g); + count.setEntity("role", r); - q.setFirstResult(firstResult); - q.setMaxResults(maxResults); - - List res = q.list(); - - results.setSearchString(null); - results.setResults(res); - results.setCount(membersCount); - results.setFirstResult(firstResult); - results.setResultsPerPage(maxResults); - - return results; + return SearchUtils.paginatedFind(q, count, null, firstResult, maxResults); } @@ -233,10 +231,13 @@ public List getAllNames() { public VOMSRole findByName(String roleName) { - String query = "from org.glite.security.voms.admin.persistence.model.VOMSRole where name = :name"; + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSRole where name = :name"; - return (VOMSRole) HibernateFactory.getSession().createQuery(query) - .setString("name", roleName).uniqueResult(); + return (VOMSRole) HibernateFactory.getSession() + .createQuery(query) + .setString("name", roleName) + .uniqueResult(); } public VOMSRole findById(Long id) { @@ -247,8 +248,7 @@ public VOMSRole findById(Long id) { public VOMSRole create(String roleName) { if (findByName(roleName) != null) - throw new AlreadyExistsException("Role \"" + roleName - + "\" already defined in database!"); + throw new AlreadyExistsException("Role \"" + roleName + "\" already defined in database!"); VOMSRole r = new VOMSRole(roleName); @@ -260,10 +260,8 @@ public VOMSRole create(String roleName) { public void deleteAll() { - HibernateFactory - .getSession() - .createQuery( - "delete from org.glite.security.voms.admin.persistence.model.VOMSRole") + HibernateFactory.getSession() + .createQuery("delete from org.glite.security.voms.admin.persistence.model.VOMSRole") .executeUpdate(); } @@ -273,8 +271,7 @@ public VOMSRole delete(Long id) { VOMSRole r = findById(id); if (r == null) - throw new NoSuchRoleException("Role with id \"" + id - + "\" is not defined in database!"); + throw new NoSuchRoleException("Role with id \"" + id + "\" is not defined in database!"); delete(r); return r; @@ -284,8 +281,7 @@ public VOMSRole delete(String roleName) { VOMSRole r = findByName(roleName); if (r == null) - throw new NoSuchRoleException("Role '" + roleName - + "' is not defined in database!"); + throw new NoSuchRoleException("Role '" + roleName + "' is not defined in database!"); delete(r); @@ -296,8 +292,7 @@ public VOMSRole delete(String roleName) { public VOMSRole delete(VOMSRole r) { if (findByName(r.getName()) == null) - throw new NoSuchRoleException("Role \"" + r - + "\" is not defined in database!"); + throw new NoSuchRoleException("Role \"" + r + "\" is not defined in database!"); r.getMappings().clear(); @@ -327,20 +322,18 @@ public void removeRoleAttributesForGroup(VOMSGroup g) { String deleteString = "delete from VOMSRoleAttribute where group = :group"; - HibernateFactory.getSession().createQuery(deleteString) - .setEntity("group", g).executeUpdate(); + HibernateFactory.getSession().createQuery(deleteString).setEntity("group", g).executeUpdate(); } - public VOMSRoleAttribute setAttribute(VOMSRole r, VOMSGroup g, - String attrName, String attrValue) { + public VOMSRoleAttribute setAttribute(VOMSRole r, VOMSGroup g, String attrName, + String attrValue) { - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); if (desc == null) - throw new NoSuchAttributeException("Attribute '" + attrName - + "' is not defined in this vo."); + throw new NoSuchAttributeException("Attribute '" + attrName + "' is not defined in this vo."); VOMSRoleAttribute val = r.getAttributeByName(g, attrName); @@ -356,19 +349,18 @@ public VOMSRoleAttribute setAttribute(VOMSRole r, VOMSGroup g, } - public VOMSRoleAttribute createAttribute(VOMSRole r, VOMSGroup g, - String attrName, String attrDesc, String attrValue) { + public VOMSRoleAttribute createAttribute(VOMSRole r, VOMSGroup g, String attrName, + String attrDesc, String attrValue) { if (r.getAttributeByName(g, attrName) != null) - throw new AlreadyExistsException("Attribute \"" + attrName - + "\" already defined for role \"" + r + "\" in group \"" + g + "\"."); + throw new AlreadyExistsException("Attribute \"" + attrName + "\" already defined for role \"" + + r + "\" in group \"" + g + "\"."); - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); if (desc == null) - desc = VOMSAttributeDAO.instance().createAttributeDescription(attrName, - attrDesc); + desc = VOMSAttributeDAO.instance().createAttributeDescription(attrName, attrDesc); VOMSRoleAttribute val = VOMSRoleAttribute.instance(desc, attrValue, g, r); @@ -383,11 +375,11 @@ public VOMSRoleAttribute deleteAttributeByName(VOMSRole r, VOMSGroup g, String a VOMSRoleAttribute attr = r.getAttributeByName(g, attrName); if (attr == null) - throw new NoSuchAttributeException("Attribute '" + attrName - + "' not defined for role '" + r.getName() + "' in group '" + g + "'."); + throw new NoSuchAttributeException("Attribute '" + attrName + "' not defined for role '" + + r.getName() + "' in group '" + g + "'."); deleteAttribute(r, attr); - + return attr; } @@ -407,9 +399,13 @@ public List getMembers(VOMSGroup g, VOMSRole r) { if (r == null) throw new IllegalArgumentException("role parameter must be non-null!"); - String query = "select m.user from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role = :role"; - return HibernateFactory.getSession().createQuery(query) - .setEntity("group", g).setEntity("role", r).list(); + String query = + "select m.user from org.glite.security.voms.admin.persistence.model.VOMSMapping m where m.group = :group and m.role = :role"; + return HibernateFactory.getSession() + .createQuery(query) + .setEntity("group", g) + .setEntity("role", r) + .list(); } @@ -426,9 +422,13 @@ public Object getMemberSubjectStrings(VOMSGroup g, VOMSRole r) { if (r == null) throw new IllegalArgumentException("role parameter must be non-null!"); - String query = "select distinct c.subjectString from VOMSUser u join u.certificates c join u.mappings m where u.suspended is false and c.suspended is false and m.group = :group and m.role = :role"; + String query = + "select distinct c.subjectString from VOMSUser u join u.certificates c join u.mappings m where u.suspended is false and c.suspended is false and m.group = :group and m.role = :role"; - return HibernateFactory.getSession().createQuery(query) - .setEntity("group", g).setEntity("role", r).list(); + return HibernateFactory.getSession() + .createQuery(query) + .setEntity("group", g) + .setEntity("role", r) + .list(); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSUserDAO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSUserDAO.java index eaf1c6e7..afcdd769 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSUserDAO.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/VOMSUserDAO.java @@ -15,13 +15,18 @@ */ package org.glite.security.voms.admin.persistence.dao; +import static java.lang.Integer.max; +import static org.glite.security.voms.admin.persistence.dao.SearchUtils.paginatedFind; + import java.security.cert.X509Certificate; +import java.time.Instant; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.ListIterator; +import java.util.concurrent.TimeUnit; import javax.persistence.criteria.CriteriaBuilder; import javax.persistence.criteria.CriteriaQuery; @@ -63,14 +68,10 @@ import org.glite.security.voms.admin.persistence.model.task.SignAUPTask; import org.glite.security.voms.admin.util.DNUtil; import org.hibernate.CacheMode; -import org.hibernate.Criteria; import org.hibernate.ObjectNotFoundException; import org.hibernate.Query; import org.hibernate.ScrollMode; import org.hibernate.ScrollableResults; -import org.hibernate.criterion.Order; -import org.hibernate.criterion.Projections; -import org.hibernate.criterion.Restrictions; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -88,6 +89,31 @@ private VOMSUserDAO() { } + + public void deleteTasks(VOMSUser user) { + + String deleteTLRs = "delete from task_log_record where task_id in ( select t.task_id from " + + "task t, usr u where t.usr_id = u.userid and u.userid = :userId )"; + HibernateFactory.getSession() + .createSQLQuery(deleteTLRs) + .setLong("userId", user.getId()) + .executeUpdate(); + + String deleteSATs = "delete from sign_aup_task where task_id in (select t.task_id from " + + "task t, usr u where t.usr_id = u.userid and u.userid = :userId )"; + HibernateFactory.getSession() + .createSQLQuery(deleteSATs) + .setLong("userId", user.getId()) + .executeUpdate(); + + String deleteTasks = "delete from task where usr_id = :userId"; + HibernateFactory.getSession() + .createSQLQuery(deleteTasks) + .setLong("userId", user.getId()) + .executeUpdate(); + + } + public void requestAUPReacceptance(VOMSUser user, AUP aup) { if (user == null) @@ -99,11 +125,9 @@ public void requestAUPReacceptance(VOMSUser user, AUP aup) { AUPVersion aupVersion = aup.getActiveVersion(); if (aupVersion == null) - throw new NotFoundException( - "No registered version found for AUP '" + aup.getName() + "'."); + throw new NotFoundException("No registered version found for AUP '" + aup.getName() + "'."); - log.debug("User '" + user + "' is request to reaccept aup version '" - + aupVersion + "'"); + log.debug("User '" + user + "' is request to reaccept aup version '" + aupVersion + "'"); AUPAcceptanceRecord r = user.getAUPAccceptanceRecord(aupVersion); @@ -119,9 +143,7 @@ public void requestAUPReacceptance(VOMSUser user, AUP aup) { public void signAUP(VOMSUser user) { - signAUP(user, DAOFactory.instance() - .getAUPDAO() - .getVOAUP()); + signAUP(user, DAOFactory.instance().getAUPDAO().getVOAUP()); } public void signAUP(VOMSUser user, AUP aup) { @@ -135,8 +157,7 @@ public void signAUP(VOMSUser user, AUP aup) { AUPVersion aupVersion = aup.getActiveVersion(); if (aupVersion == null) - throw new NotFoundException( - "No registered version found for AUP '" + aup.getName() + "'."); + throw new NotFoundException("No registered version found for AUP '" + aup.getName() + "'."); log.debug("User '" + user + "' signing aup version '" + aupVersion + "'"); @@ -148,8 +169,7 @@ public void signAUP(VOMSUser user, AUP aup) { AUPAcceptanceRecord aupRecord = new AUPAcceptanceRecord(user, aupVersion); aupRecord.setLastAcceptanceDate(new Date()); - user.getAupAcceptanceRecords() - .add(aupRecord); + user.getAupAcceptanceRecords().add(aupRecord); } else { @@ -174,25 +194,24 @@ public void signAUP(VOMSUser user, AUP aup) { } while (pendingTask != null); - if (user.isSuspended() && user.getSuspensionReasonCode() - .equals(SuspensionReason.FAILED_TO_SIGN_AUP)) { + if (user.isSuspended() + && user.getSuspensionReasonCode().equals(SuspensionReason.FAILED_TO_SIGN_AUP)) { log.debug("Restoring user '" + user + "'"); user.restore(SuspensionReason.FAILED_TO_SIGN_AUP); } - HibernateFactory.getSession() - .saveOrUpdate(user); + HibernateFactory.getSession().saveOrUpdate(user); } @SuppressWarnings("unchecked") public List findUsersWithPendingSignAUPTask(AUP aup) { - String queryString = "from VOMSUser u join u.tasks t where t.class = SignAUPTask and t.status != 'COMPLETED' and t.aup = :aup"; + String queryString = + "from VOMSUser u join u.tasks t where t.class = SignAUPTask and t.status != 'COMPLETED' and t.aup = :aup"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); q.setEntity("aup", aup); return q.list(); @@ -205,8 +224,7 @@ public Long countExpiredUsers() { String queryString = "select count(*) from VOMSUser u where u.endTime < :now"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); q.setDate("now", now); @@ -214,14 +232,29 @@ public Long countExpiredUsers() { } + public ScrollableResults findUsersExpiredSinceDays(int numberOfDays) { + + Instant now = Instant.now(); + + Instant then = now.minusSeconds(TimeUnit.DAYS.toSeconds(max(0, numberOfDays))); + String queryString = + "select distinct u from VOMSUser u where u.endTime is not null and u.endTime < :then and u.suspended = true"; + Query q = HibernateFactory.getSession().createQuery(queryString); + + q.setDate("then", Date.from(then)); + + q.setCacheMode(CacheMode.IGNORE).scroll(ScrollMode.FORWARD_ONLY); + + return q.scroll(); + } + @SuppressWarnings("unchecked") public List findExpiredUsers() { Date now = new Date(); String queryString = "from VOMSUser u where u.endTime is not null and u.endTime < :now"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); q.setDate("now", now); @@ -237,24 +270,23 @@ public List findAUPFailingUsers(AUP aup) { // Get users First that do not have any acceptance records for the // active aupVersion - String noAcceptanceRecordForActiveAUPVersionQuery = "select u from VOMSUser u where u not in (select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true)"; + String noAcceptanceRecordForActiveAUPVersionQuery = + "select u from VOMSUser u where u not in (select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true)"; - Query q = HibernateFactory.getSession() - .createQuery(noAcceptanceRecordForActiveAUPVersionQuery); + Query q = HibernateFactory.getSession().createQuery(noAcceptanceRecordForActiveAUPVersionQuery); List noRecordUsers = q.list(); result.addAll(noRecordUsers); - log.debug("Users without acceptance records for currently active aup: {}", - result); + log.debug("Users without acceptance records for currently active aup: {}", result); // Add users that have an expired aup acceptance record due to aup // update or acceptance retriggering. - String qString = "select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true and r.lastAcceptanceDate < :lastUpdateTime"; + String qString = + "select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true and r.lastAcceptanceDate < :lastUpdateTime"; - Query q2 = HibernateFactory.getSession() - .createQuery(qString); + Query q2 = HibernateFactory.getSession().createQuery(qString); Date aupLastUpdateTime = activeVersion.getLastUpdateTime(); @@ -264,25 +296,22 @@ public List findAUPFailingUsers(AUP aup) { List expiredDueToAUPUpdateUsers = q2.list(); result.addAll(expiredDueToAUPUpdateUsers); - log.debug("Users that signed the AUP before it was last updated:" - + expiredDueToAUPUpdateUsers); + log.debug("Users that signed the AUP before it was last updated:" + expiredDueToAUPUpdateUsers); // Add users that have a valid aup acceptance record that needs to be // checked against // the reacceptance period Query q3 = HibernateFactory.getSession() .createQuery( - "select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true" - + " and r.lastAcceptanceDate > :lastUpdateTime "); + "select u from VOMSUser u join u.aupAcceptanceRecords r where r.aupVersion.active = true" + + " and r.lastAcceptanceDate > :lastUpdateTime "); q3.setTimestamp("lastUpdateTime", aupLastUpdateTime); List potentiallyExpiredUsers = q3.list(); - HibernateFactory.getSession() - .flush(); + HibernateFactory.getSession().flush(); - log.debug( - "Users that needs checking since their aup acceptance record could be expired:" + log.debug("Users that needs checking since their aup acceptance record could be expired:" + potentiallyExpiredUsers); for (VOMSUser u : potentiallyExpiredUsers) { @@ -290,8 +319,9 @@ public List findAUPFailingUsers(AUP aup) { AUPAcceptanceRecord r = u.getAUPAccceptanceRecord(aup.getActiveVersion()); if (r.hasExpired()) { - log.debug("Adding user{} to results due to expired aup acceptance report (aup validity expiration)", - u); + log.debug( + "Adding user{} to results due to expired aup acceptance report (aup validity expiration)", + u); result.add(u); } @@ -300,15 +330,14 @@ public List findAUPFailingUsers(AUP aup) { // Filter out expired users ListIterator iter = result.listIterator(); - while (iter.hasNext()){ + while (iter.hasNext()) { VOMSUser u = iter.next(); - if (u.hasExpired() && u.isSuspended()){ - log.debug("Removing supended user {} from results since " - + "membership expired", u); + if (u.hasExpired() && u.isSuspended()) { + log.debug("Removing supended user {} from results since " + "membership expired", u); iter.remove(); } } - + return result; } @@ -319,13 +348,11 @@ public Certificate addCertificate(VOMSUser u, String dn, String caDn) { Validate.notEmpty(dn, "DN must be non-null & not empty!"); Validate.notEmpty(caDn, "CA must be non-null & not empty!"); - VOMSCA ca = VOMSCADAO.instance() - .getByName(caDn); + VOMSCA ca = VOMSCADAO.instance().getByName(caDn); if (ca == null) throw new NoSuchCAException("CA '" + caDn + "' not found in database."); - Certificate cert = CertificateDAO.instance() - .lookup(dn, caDn); + Certificate cert = CertificateDAO.instance().lookup(dn, caDn); if (cert != null) throw new AlreadyExistsException("Certificate already bound!"); @@ -344,10 +371,8 @@ public Certificate addCertificate(VOMSUser u, String dn, String caDn) { cert.setSuspensionReason(u.getSuspensionReason()); } - HibernateFactory.getSession() - .saveOrUpdate(cert); - HibernateFactory.getSession() - .saveOrUpdate(u); + HibernateFactory.getSession().saveOrUpdate(cert); + HibernateFactory.getSession().saveOrUpdate(u); return cert; @@ -362,22 +387,19 @@ public Certificate addCertificate(VOMSUser u, X509Certificate x509Cert) { // at this stage. String caDN = DNUtil.getOpenSSLSubject(x509Cert.getIssuerX500Principal()); - VOMSCA ca = VOMSCADAO.instance() - .getByName(caDN); + VOMSCA ca = VOMSCADAO.instance().getByName(caDN); if (ca == null) throw new NoSuchCAException("CA '" + caDN + "' not recognized!"); - Certificate cert = CertificateDAO.instance() - .find(x509Cert); + Certificate cert = CertificateDAO.instance().find(x509Cert); if (cert != null) throw new AlreadyExistsException("Certificate already bound!"); cert = new Certificate(); - String subjectString = DNUtil - .getOpenSSLSubject(x509Cert.getSubjectX500Principal()); + String subjectString = DNUtil.getOpenSSLSubject(x509Cert.getSubjectX500Principal()); cert.setSubjectString(subjectString); cert.setCreationTime(new Date()); cert.setSuspended(false); @@ -392,10 +414,8 @@ public Certificate addCertificate(VOMSUser u, X509Certificate x509Cert) { u.addCertificate(cert); - HibernateFactory.getSession() - .saveOrUpdate(cert); - HibernateFactory.getSession() - .saveOrUpdate(u); + HibernateFactory.getSession().saveOrUpdate(cert); + HibernateFactory.getSession().saveOrUpdate(u); return cert; @@ -405,72 +425,58 @@ public void addToGroup(VOMSUser u, VOMSGroup g) { log.debug("Adding user \"" + u + "\" to group \"" + g + "\"."); - if (!HibernateFactory.getSession() - .contains(u)) { + if (!HibernateFactory.getSession().contains(u)) { VOMSUser checkUser = findById(u.getId()); if (checkUser == null) - throw new NoSuchUserException( - "User \"" + u + "\" not found in database."); + throw new NoSuchUserException("User \"" + u + "\" not found in database."); } // Check that the group exists - if (VOMSGroupDAO.instance() - .findByName(g.getName()) == null) - throw new NoSuchGroupException( - "Group \"" + g + "\" is not defined in database."); + if (VOMSGroupDAO.instance().findByName(g.getName()) == null) + throw new NoSuchGroupException("Group \"" + g + "\" is not defined in database."); VOMSMapping m = new VOMSMapping(u, g, null); - if (u.getMappings() - .contains(m)) + if (u.getMappings().contains(m)) throw new AlreadyMemberException( - "User \"" + u + "\" is already a member of group \"" + g + "\"."); + "User \"" + u + "\" is already a member of group \"" + g + "\"."); - u.getMappings() - .add(m); + u.getMappings().add(m); - HibernateFactory.getSession() - .save(u); + HibernateFactory.getSession().save(u); } public void assignRole(VOMSUser u, VOMSGroup g, VOMSRole r) { u.assignRole(g, r); - HibernateFactory.getSession() - .update(u); + HibernateFactory.getSession().update(u); } @SuppressWarnings("deprecation") private void checkNullFields(VOMSUser usr) { - if (!VOMSConfiguration.instance() - .getBoolean("voms.admin.compatibility-mode", true)) { + if (!VOMSConfiguration.instance().getBoolean("voms.admin.compatibility-mode", true)) { if (usr.getName() == null) throw new NullArgumentException("Please specify a name for the user!"); if (usr.getSurname() == null) - throw new NullArgumentException( - "Please specify a surname for the user!"); + throw new NullArgumentException("Please specify a surname for the user!"); if (usr.getInstitution() == null) - throw new NullArgumentException( - "Please specify an instituion for the user!"); + throw new NullArgumentException("Please specify an instituion for the user!"); if (usr.getAddress() == null) - throw new NullArgumentException( - "Please specify an address for the user!"); + throw new NullArgumentException("Please specify an address for the user!"); if (usr.getPhoneNumber() == null) - throw new NullArgumentException( - "Please specify a phone number for the user!"); + throw new NullArgumentException("Please specify a phone number for the user!"); if (usr.getEmailAddress() == null) - throw new NullArgumentException( - "Please specify an email address for the user!"); + throw new NullArgumentException("Please specify an email address for the user!"); } else { @@ -478,8 +484,7 @@ private void checkNullFields(VOMSUser usr) { throw new NullArgumentException("Please specify a dn for the user!"); if (usr.getEmailAddress() == null) - throw new NullArgumentException( - "Please specify an email address for the user!"); + throw new NullArgumentException("Please specify an email address for the user!"); } } @@ -488,14 +493,14 @@ public int countMatches(String searchString) { String sString = "%" + searchString + "%"; - String countString = "select count(distinct u) from VOMSUser u join u.certificates as cert where lower(u.surname) like lower(:searchString) " - + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " - + " or lower(u.institution) like lower(:searchString) " - + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString) " - + " order by u.surname asc"; + String countString = + "select count(distinct u) from VOMSUser u join u.certificates as cert where lower(u.surname) like lower(:searchString) " + + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " + + " or lower(u.institution) like lower(:searchString) " + + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString) " + + " order by u.surname asc"; - Query q = HibernateFactory.getSession() - .createQuery(countString); + Query q = HibernateFactory.getSession().createQuery(countString); q.setString("searchString", sString); Long count = (Long) q.uniqueResult(); @@ -506,16 +511,14 @@ public int countMatches(String searchString) { public Long countUsers() { - Query q = HibernateFactory.getSession() - .createQuery("select count(*) from VOMSUser"); + Query q = HibernateFactory.getSession().createQuery("select count(*) from VOMSUser"); Long count = (Long) q.uniqueResult(); return count; } - public VOMSUser create(String dn, String caDN, String cn, String certURI, - String emailAddress) { + public VOMSUser create(String dn, String caDN, String cn, String certURI, String emailAddress) { if (dn == null) throw new NullArgumentException("dn must be non-null!"); @@ -535,12 +538,10 @@ public VOMSUser create(String dn, String caDN, String cn, String certURI, throw new UserAlreadyExistsException("User " + u + " already exists!"); } - VOMSCA ca = VOMSCADAO.instance() - .getByName(caDN); + VOMSCA ca = VOMSCADAO.instance().getByName(caDN); if (ca == null) { - throw new NoSuchCAException( - "Unknown ca " + caDN + ". Will not create user " + dn); + throw new NoSuchCAException("Unknown ca " + caDN + ". Will not create user " + dn); } u = new VOMSUser(); @@ -550,18 +551,15 @@ public VOMSUser create(String dn, String caDN, String cn, String certURI, // Add user to default VO group - VOMSGroup voGroup = VOMSGroupDAO.instance() - .getVOGroup(); - HibernateFactory.getSession() - .save(u); + VOMSGroup voGroup = VOMSGroupDAO.instance().getVOGroup(); + HibernateFactory.getSession().save(u); addToGroup(u, voGroup); return u; } - public VOMSUser create(VOMSUserJSON usr, String certificateSubject, - String caSubject) { + public VOMSUser create(VOMSUserJSON usr, String certificateSubject, String caSubject) { VOMSUser u = VOMSUser.fromVOMSUserJSON(usr); @@ -570,8 +568,7 @@ public VOMSUser create(VOMSUserJSON usr, String certificateSubject, } - protected Certificate createCertificate(String certificateSubject, - String caSubject) { + protected Certificate createCertificate(String certificateSubject, String caSubject) { CertificateDAO certDAO = CertificateDAO.instance(); @@ -579,8 +576,7 @@ protected Certificate createCertificate(String certificateSubject, } - protected Certificate lookupCertificate(String certificateSubject, - String certificateIssuer) { + protected Certificate lookupCertificate(String certificateSubject, String certificateIssuer) { CertificateDAO certDAO = CertificateDAO.instance(); Certificate cert = certDAO.lookup(certificateSubject, certificateIssuer); @@ -588,15 +584,14 @@ protected Certificate lookupCertificate(String certificateSubject, return cert; } - protected Certificate assertCertificateIsNotBound(String certificateSubject, - String caSubject) { + protected Certificate assertCertificateIsNotBound(String certificateSubject, String caSubject) { Certificate cert = lookupCertificate(certificateSubject, caSubject); if (cert != null) throw new UserAlreadyExistsException( - "A user holding a certificate with the following subject '" - + certificateSubject + "' already exists in this VO."); + "A user holding a certificate with the following subject '" + certificateSubject + + "' already exists in this VO."); return cert; } @@ -634,12 +629,10 @@ public VOMSUser create(VOMSUser usr, String caDN) { usr.addCertificate(cert); - HibernateFactory.getSession() - .save(usr); + HibernateFactory.getSession().save(usr); // Add user to VO root group - VOMSGroup voGroup = VOMSGroupDAO.instance() - .getVOGroup(); + VOMSGroup voGroup = VOMSGroupDAO.instance().getVOGroup(); usr.addToGroup(voGroup); return usr; @@ -652,22 +645,20 @@ public VOMSUser create(VOMSUser usr) { } - public VOMSUserAttribute createAttribute(VOMSUser u, String attrName, - String attrDesc, String value) { + public VOMSUserAttribute createAttribute(VOMSUser u, String attrName, String attrDesc, + String value) { if (u.getAttributeByName(attrName) != null) - throw new AttributeAlreadyExistsException("Attribute \"" + attrName - + "\" already defined for user \"" + u + "\"."); + throw new AttributeAlreadyExistsException( + "Attribute \"" + attrName + "\" already defined for user \"" + u + "\"."); - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); if (desc == null) - desc = VOMSAttributeDAO.instance() - .createAttributeDescription(attrName, attrDesc); + desc = VOMSAttributeDAO.instance().createAttributeDescription(attrName, attrDesc); - log.debug("Creating attribute \"(" + attrName + "," + value - + ")\" for user \"" + u + "\"."); + log.debug("Creating attribute \"(" + attrName + "," + value + ")\" for user \"" + u + "\"."); VOMSUserAttribute val = VOMSUserAttribute.instance(desc, value, u); u.addAttribute(val); return val; @@ -679,8 +670,7 @@ public VOMSUser delete(Long userId) { VOMSUser u = findById(userId); if (u == null) - throw new NoSuchUserException( - "User identified by \"" + userId + "\" not found in database!"); + throw new NoSuchUserException("User identified by \"" + userId + "\" not found in database!"); try { @@ -690,8 +680,7 @@ public VOMSUser delete(Long userId) { } catch (ObjectNotFoundException e) { // Still don't understand why sometimes findById fails in returnin // null... - throw new NoSuchUserException( - "User identified by \"" + userId + "\" not found in database!"); + throw new NoSuchUserException("User identified by \"" + userId + "\" not found in database!"); } } @@ -699,24 +688,17 @@ public VOMSUser delete(VOMSUser u) { log.debug("Deleting user \"{}\"", u); - DAOFactory.instance() - .getRequestDAO() - .deleteRequestFromUser(u); + DAOFactory.instance().getRequestDAO().deleteRequestFromUser(u); - u.getCertificates() - .clear(); + u.getCertificates().clear(); u.cleanMappings(); - u.getAttributes() - .clear(); - u.getAupAcceptanceRecords() - .clear(); - u.getPersonalInformations() - .clear(); - u.getTasks() - .clear(); + u.getAttributes().clear(); + u.getAupAcceptanceRecords().clear(); + u.getPersonalInformations().clear(); - HibernateFactory.getSession() - .delete(u); + u.getTasks().clear(); + + HibernateFactory.getSession().delete(u); return u; @@ -738,14 +720,13 @@ public VOMSUserAttribute deleteAttribute(VOMSUser u, String attrName) { if (attribute == null) { throw new NoSuchAttributeException( - "Attribute \"" + attrName + "\" not defined for user \"" + u + "\"."); + "Attribute \"" + attrName + "\" not defined for user \"" + u + "\"."); } log.debug("Deleting attribute \"{}\" for user \"{}\".", attrName, u); u.deleteAttribute(attribute); - HibernateFactory.getSession() - .update(u); + HibernateFactory.getSession().update(u); return attribute; } @@ -763,18 +744,17 @@ public void deleteCertificate(VOMSUser u, Certificate cert) { Validate.notNull(u, "Please provide a non-null user."); Validate.notNull(cert, "Cannot delete a null certificate."); - if (u.getCertificates() - .size() == 1 && u.hasCertificate(cert)) - throw new VOMSException( - "User has only one certificate registered, so it cannot be removed!"); + if (u.getCertificates().size() == 1 && u.hasCertificate(cert)) + throw new VOMSException("User has only one certificate registered, so it cannot be removed!"); - if (!u.getCertificates() - .remove(cert)) { + boolean removed = u.removeCertificate(cert); + + if (!removed) { // This should never happen throw new VOMSDatabaseException( - "Inconsistent database! It was not possible to remove certificate '" - + cert + "' from user '" + u - + "', even if it seemed user actually possessed such certificate."); + "Inconsistent database! It was not possible to remove certificate '" + cert + + "' from user '" + u + + "', even if it seemed user actually possessed such certificate."); } } @@ -782,8 +762,7 @@ public void deleteCertificate(VOMSUser u, Certificate cert) { public void dismissRole(VOMSUser u, VOMSGroup g, VOMSRole r) { u.dismissRole(g, r); - HibernateFactory.getSession() - .update(u); + HibernateFactory.getSession().update(u); } @@ -791,13 +770,13 @@ public VOMSUser findBySubject(String subject) { if (subject == null) throw new NullArgumentException("subject cannot be null!"); - + String normalizedSubject = DNUtil.normalizeDN(subject); - String query = "select u from org.glite.security.voms.admin.persistence.model.VOMSUser u join u.certificates c where c.subjectString = :subjectString"; + String query = + "select u from org.glite.security.voms.admin.persistence.model.VOMSUser u join u.certificates c where c.subjectString = :subjectString"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); q.setString("subjectString", normalizedSubject); @@ -820,10 +799,10 @@ public VOMSUser findBySubjectAndIssuer(String subject, String issuer) { String normalizedSubject = DNUtil.normalizeDN(subject); String normalizedIssuer = DNUtil.normalizeDN(issuer); - String query = "select u from VOMSUser u join u.certificates c where c.subjectString = :subjectString and c.ca.subjectString = :issuerSubjectString"; + String query = + "select u from VOMSUser u join u.certificates c where c.subjectString = :subjectString and c.ca.subjectString = :issuerSubjectString"; - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); q.setString("subjectString", normalizedSubject); q.setString("issuerSubjectString", normalizedIssuer); @@ -838,9 +817,9 @@ public VOMSUser findByEmail(String emailAddress) { if (emailAddress == null) throw new NullArgumentException("emailAddress must be non-null!"); - String query = "from org.glite.security.voms.admin.persistence.model.VOMSUser as u where u.emailAddress = :emailAddress"; - Query q = HibernateFactory.getSession() - .createQuery(query); + String query = + "from org.glite.security.voms.admin.persistence.model.VOMSUser as u where u.emailAddress = :emailAddress"; + Query q = HibernateFactory.getSession().createQuery(query); q.setString("emailAddress", emailAddress); @@ -850,28 +829,25 @@ public VOMSUser findByEmail(String emailAddress) { public VOMSUser findById(Long userId) { - return (VOMSUser) HibernateFactory.getSession() - .get(VOMSUser.class, userId); + return (VOMSUser) HibernateFactory.getSession().get(VOMSUser.class, userId); } public List findByOrgdbId(Long orgdbId) { - CriteriaBuilder builder = HibernateFactory - .getSession().getCriteriaBuilder(); - + CriteriaBuilder builder = HibernateFactory.getSession().getCriteriaBuilder(); + CriteriaQuery query = builder.createQuery(VOMSUser.class); Root userRoot = query.from(VOMSUser.class); query.where(builder.equal(userRoot.get("orgDbId"), orgdbId)); - + return HibernateFactory.getSession().createQuery(query).getResultList(); } - + public ScrollableResults findAllWithCursor() { Query q = HibernateFactory.getSession() .createQuery("select u from VOMSUser u order by u.surname asc"); - q.setCacheMode(CacheMode.IGNORE) - .scroll(ScrollMode.FORWARD_ONLY); + q.setCacheMode(CacheMode.IGNORE).scroll(ScrollMode.FORWARD_ONLY); return q.scroll(); @@ -888,40 +864,16 @@ public List findAll() { return result; } - private SearchResults paginatedFind(Query q, Query countQuery, - String searchString, int firstResults, int maxResults) { - - SearchResults res = SearchResults.instance(); - - res.setSearchString(searchString); - - q.setFirstResult(firstResults); - q.setMaxResults(maxResults); - - res.setResults(q.list()); - - Long count = (Long) countQuery.uniqueResult(); - - res.setCount(count.intValue()); - - res.setFirstResult(firstResults); - res.setResultsPerPage(maxResults); - - return res; - } - private String getUserOrderClause() { // If endTime is ignored by configuration, we should not consider // it for sorting the search results boolean endTimeDisabled = VOMSConfiguration.instance() - .getBoolean(VOMSConfigurationConstants.DISABLE_MEMBERSHIP_END_TIME, - false); + .getBoolean(VOMSConfigurationConstants.DISABLE_MEMBERSHIP_END_TIME, false); - if (endTimeDisabled){ + if (endTimeDisabled) { return "order by u.surname asc"; - } - else { + } else { return "order by u.endTime asc, u.surname asc"; } } @@ -930,11 +882,9 @@ public SearchResults findAll(int firstResults, int maxResults) { String query = "from VOMSUser as u " + getUserOrderClause(); - Query q = HibernateFactory.getSession() - .createQuery(query); + Query q = HibernateFactory.getSession().createQuery(query); - Query countQ = HibernateFactory.getSession() - .createQuery("select count(*) from VOMSUser"); + Query countQ = HibernateFactory.getSession().createQuery("select count(*) from VOMSUser"); return paginatedFind(q, countQ, null, firstResults, maxResults); } @@ -943,33 +893,29 @@ public List getUnAssignedRoles(Long userId, Long groupId) { VOMSUser u = findById(userId); - VOMSGroup g = VOMSGroupDAO.instance() - .findById(groupId); + VOMSGroup g = VOMSGroupDAO.instance().findById(groupId); String query = "from VOMSRole r where r not in " - + "(select m.role from VOMSMapping m where m.user = :user " - + "and m.group = :group and m.role is not null)"; - - Query hq = - HibernateFactory.getSession().createQuery(query, VOMSRole.class); - hq.setParameter("user", u); - hq.setParameter("group", g); - + + "(select m.role from VOMSMapping m where m.user = :user " + + "and m.group = :group and m.role is not null)"; + + Query hq = HibernateFactory.getSession().createQuery(query, VOMSRole.class); + hq.setParameter("user", u); + hq.setParameter("group", g); + List result = hq.getResultList(); return result; } public List getUnsubscribedGroups(Long userId) { - + VOMSUser u = findById(userId); - + String query = "from VOMSGroup g where g not in " - + "(select m.group from VOMSMapping m where m.user = :user " - + "and m.role is null)"; - - Query hq = - HibernateFactory.getSession().createQuery(query, VOMSGroup.class); + + "(select m.group from VOMSMapping m where m.user = :user " + "and m.role is null)"; + + Query hq = HibernateFactory.getSession().createQuery(query, VOMSGroup.class); hq.setParameter("user", u); List result = hq.getResultList(); return result; @@ -979,10 +925,8 @@ public void removeFromGroup(VOMSUser u, VOMSGroup g) { log.debug("Removing user \"" + u + "\" from group \"" + g + "\"."); - if (VOMSGroupDAO.instance() - .findByName(g.getName()) == null) - throw new NoSuchGroupException( - "Group \"" + g + "\" is not defined in database."); + if (VOMSGroupDAO.instance().findByName(g.getName()) == null) + throw new NoSuchGroupException("Group \"" + g + "\" is not defined in database."); u.removeFromGroup(g); @@ -992,8 +936,7 @@ public void removeFromGroup(VOMSUser u, VOMSGroup g) { public List findSuspendedUsers() { String queryString = "from VOMSUser u where u.suspended = true"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); return q.list(); } @@ -1002,8 +945,7 @@ public List findSuspendedUsers() { public List findSuspendedUsers(int firstResult, int maxResults) { String queryString = "from VOMSUser u where u.suspended = true"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); return q.list(); } @@ -1011,35 +953,58 @@ public List findSuspendedUsers(int firstResult, int maxResults) { public Long countSuspendedUsers() { String queryString = "select count(*) from VOMSUser u where u.suspended = true"; - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); return (Long) q.uniqueResult(); } - public SearchResults searchExpired(String searchString, int firstResults, - int maxResults) { - log.debug("searchString:" + searchString + ",firstResults: " + firstResults - + ",maxResults: " + maxResults); + @SuppressWarnings({"rawtypes", "deprecation"}) + public SearchResults searchBySubject(String searchString, int firstResults, int maxResults) { - if (searchString == null || searchString.trim() - .equals("") || searchString.length() == 0) + if (searchString == null || searchString.trim().equals("") || searchString.length() == 0) { + return findAll(firstResults, maxResults); + } + + String sString = "%" + searchString + "%"; + + String queryString = "from VOMSUser u join u.certificates as cert where" + + " cert.subjectString like:searchString or cert.ca.subjectString like :searchString " + + getUserOrderClause(); + + Query q = HibernateFactory.getSession() + .createQuery(String.format("select distinct u %s", queryString)); + + Query count = HibernateFactory.getSession() + .createQuery(String.format("select count(distinct u) %s", queryString)); + + q.setString("searchString", sString); + count.setString("searchString", sString); + + return paginatedFind(q, count, searchString, firstResults, maxResults); + } + + public SearchResults searchExpired(String searchString, int firstResults, int maxResults) { + + log.debug("searchString:" + searchString + ",firstResults: " + firstResults + ",maxResults: " + + maxResults); + + if (searchString == null || searchString.trim().equals("") || searchString.length() == 0) return findAll(firstResults, maxResults); SearchResults res = SearchResults.instance(); String sString = "%" + searchString + "%"; - String queryString = "select distinct u from VOMSUser u join u.certificates as cert where u.expired = true and (lower(u.surname) like lower(:searchString) " - + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " - + " or lower(u.institution) like lower(:searchString) " - + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString))" - + getUserOrderClause(); + String queryString = + "select distinct u from VOMSUser u join u.certificates as cert where u.expired = true and (lower(u.surname) like lower(:searchString) " + + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " + + " or lower(u.institution) like lower(:searchString) " + + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString))" + + getUserOrderClause(); - Query q = HibernateFactory.getSession() - .createQuery(queryString); + Query q = HibernateFactory.getSession().createQuery(queryString); q.setString("searchString", sString); q.setFirstResult(firstResults); @@ -1054,23 +1019,19 @@ public SearchResults searchExpired(String searchString, int firstResults, return res; } - public SearchResults searchWithPendingAUPRequest(String searchString, - int firstResults, int maxResults) { + public SearchResults searchWithPendingAUPRequest(String searchString, int firstResults, + int maxResults) { - AUP aup = DAOFactory.instance() - .getAUPDAO() - .getVOAUP(); + AUP aup = DAOFactory.instance().getAUPDAO().getVOAUP(); String queryString = "from VOMSUser u join u.tasks as t join u.certificates as cert " - + "where t.class = SignAUPTask and t.status != 'COMPLETED' " - + "and t.aup = :aup"; + + "where t.class = SignAUPTask and t.status != 'COMPLETED' " + "and t.aup = :aup"; String commonSearchString = "and (lower(u.surname) like lower(:searchString) " - + "or lower(u.name) like lower(:searchString) " - + "or u.emailAddress like :searchString " - + "or lower(u.institution) like lower(:searchString) " - + "or cert.subjectString like(:searchString) " - + "or cert.ca.subjectString like(:searchString))"; + + "or lower(u.name) like lower(:searchString) " + "or u.emailAddress like :searchString " + + "or lower(u.institution) like lower(:searchString) " + + "or cert.subjectString like(:searchString) " + + "or cert.ca.subjectString like(:searchString))"; if (searchStringEmpty(searchString)) { @@ -1078,25 +1039,20 @@ public SearchResults searchWithPendingAUPRequest(String searchString, .createQuery("select distinct u " + queryString) .setEntity("aup", aup); - String countQuery = String.format("select count(distinct u) %s", - queryString); - Query countQ = HibernateFactory.getSession() - .createQuery(countQuery) - .setEntity("aup", aup); + String countQuery = String.format("select count(distinct u) %s", queryString); + Query countQ = HibernateFactory.getSession().createQuery(countQuery).setEntity("aup", aup); return paginatedFind(q, countQ, null, firstResults, maxResults); } else { String sString = "%" + searchString + "%"; - String commonQueryPart = String.format("%s %s", queryString, - commonSearchString); + String commonQueryPart = String.format("%s %s", queryString, commonSearchString); Query q = HibernateFactory.getSession() .createQuery(String.format("select distinct u %s", commonQueryPart)) .setEntity("aup", aup); Query count = HibernateFactory.getSession() - .createQuery( - String.format("select count(distinct u) %s", commonQueryPart)) + .createQuery(String.format("select count(distinct u) %s", commonQueryPart)) .setEntity("aup", aup); q.setString("searchString", sString); @@ -1107,16 +1063,14 @@ public SearchResults searchWithPendingAUPRequest(String searchString, } - public SearchResults searchSuspended(String searchString, int firstResults, - int maxResults) { + public SearchResults searchSuspended(String searchString, int firstResults, int maxResults) { if (searchStringEmpty(searchString)) { - Query q = HibernateFactory.getSession() - .createQuery("from VOMSUser u where u.suspended = true"); + Query q = + HibernateFactory.getSession().createQuery("from VOMSUser u where u.suspended = true"); Query countQ = HibernateFactory.getSession() - .createQuery( - "select count(*) from VOMSUser u where u.suspended = true"); + .createQuery("select count(*) from VOMSUser u where u.suspended = true"); return paginatedFind(q, countQ, null, firstResults, maxResults); @@ -1124,11 +1078,12 @@ public SearchResults searchSuspended(String searchString, int firstResults, String sString = "%" + searchString + "%"; - String commonQueryPart = "from VOMSUser u join u.certificates as cert where u.suspended = true and (lower(u.surname) like lower(:searchString) " - + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " - + " or lower(u.institution) like lower(:searchString) " - + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString))" - + getUserOrderClause(); + String commonQueryPart = + "from VOMSUser u join u.certificates as cert where u.suspended = true and (lower(u.surname) like lower(:searchString) " + + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " + + " or lower(u.institution) like lower(:searchString) " + + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString))" + + getUserOrderClause(); // FIXME: this is *UGLY*, use Criteria API instead Query q = HibernateFactory.getSession() @@ -1147,32 +1102,32 @@ public SearchResults searchSuspended(String searchString, int firstResults, private boolean searchStringEmpty(String searchString) { - return (searchString == null || searchString.trim() - .equals("") || searchString.length() == 0); + return (searchString == null || searchString.trim().equals("") || searchString.length() == 0); } - public SearchResults search(String searchString, int firstResults, - int maxResults) { + public SearchResults search(String searchString, int firstResults, int maxResults) { - log.debug("searchString:" + searchString + ",firstResults: " + firstResults - + ",maxResults: " + maxResults); + log.debug("searchString:" + searchString + ",firstResults: " + firstResults + ",maxResults: " + + maxResults); if (searchStringEmpty(searchString)) return findAll(firstResults, maxResults); String sString = "%" + searchString + "%"; - String commonPart = "from VOMSUser u join u.certificates as cert where lower(u.surname) like lower(:searchString) " - + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " - + " or lower(u.institution) like lower(:searchString) " - + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString) " - + getUserOrderClause(); + String commonPart = + "from VOMSUser u join u.certificates as cert where lower(u.surname) like lower(:searchString) " + + "or lower(u.name) like lower(:searchString) or u.emailAddress like :searchString " + + " or lower(u.institution) like lower(:searchString) " + + " or cert.subjectString like(:searchString) or cert.ca.subjectString like(:searchString) " + + getUserOrderClause(); Query q = HibernateFactory.getSession() .createQuery(String.format("select distinct u %s", commonPart)); + Query count = HibernateFactory.getSession() - .createQuery(String.format("select count(*) %s", commonPart)); + .createQuery(String.format("select count(distinct u) %s", commonPart)); q.setString("searchString", sString); count.setString("searchString", sString); @@ -1181,20 +1136,17 @@ public SearchResults search(String searchString, int firstResults, } - public VOMSUserAttribute setAttribute(VOMSUser u, String attrName, - String attrValue) { + public VOMSUserAttribute setAttribute(VOMSUser u, String attrName, String attrValue) { - VOMSAttributeDescription desc = VOMSAttributeDAO.instance() - .getAttributeDescriptionByName(attrName); + VOMSAttributeDescription desc = + VOMSAttributeDAO.instance().getAttributeDescriptionByName(attrName); log.debug("AttributeDescription:" + desc); if (desc == null) - throw new NoSuchAttributeException( - "Attribute '" + attrName + "' is not defined in this vo."); + throw new NoSuchAttributeException("Attribute '" + attrName + "' is not defined in this vo."); - if (!VOMSAttributeDAO.instance() - .isAttributeValueAlreadyAssigned(u, desc, attrValue)) { + if (!VOMSAttributeDAO.instance().isAttributeValueAlreadyAssigned(u, desc, attrValue)) { VOMSUserAttribute val = u.getAttributeByName(desc.getName()); if (val == null) { @@ -1206,24 +1158,24 @@ public VOMSUserAttribute setAttribute(VOMSUser u, String attrName, return val; } - throw new AttributeValueAlreadyAssignedException("Value '" + attrValue - + "' for attribute '" + attrName - + "' has been already assigned to another user in this vo! Choose a different value."); + throw new AttributeValueAlreadyAssignedException( + "Value '" + attrValue + "' for attribute '" + attrName + + "' has been already assigned to another user in this vo! Choose a different value."); } public VOMSUser update(VOMSUser u) { - HibernateFactory.getSession() - .update(u); + HibernateFactory.getSession().update(u); return u; } public Long countExpiringUsers(Integer intervalInDays) { - Criteria crit = HibernateFactory.getSession() - .createCriteria(VOMSUser.class); + String query = + "select count(distinct u) from VOMSUser u where u.endTime between :startDate AND :endDate " + + "and suspended is false order by u.endTime asc"; Calendar cal = Calendar.getInstance(); @@ -1232,22 +1184,16 @@ public Long countExpiringUsers(Integer intervalInDays) { Date intervalDate = cal.getTime(); - crit.add(Restrictions.between("endTime", now, intervalDate)); - crit.add(Restrictions.eq("suspended", false)); - - crit.setProjection(Projections.rowCount()); - - return (Long) crit.list() - .get(0); + Query q = HibernateFactory.getSession().createQuery(query); + q.setDate("startDate", now); + q.setDate("endDate", intervalDate); + return (Long) q.getSingleResult(); } @SuppressWarnings("unchecked") public List findExpiringUsers(Integer intervalInDays) { - Criteria crit = HibernateFactory.getSession() - .createCriteria(VOMSUser.class); - Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); @@ -1255,12 +1201,16 @@ public List findExpiringUsers(Integer intervalInDays) { Date intervalDate = cal.getTime(); - crit.add(Restrictions.between("endTime", now, intervalDate)); - crit.add(Restrictions.eq("suspended", false)); - crit.addOrder(Order.asc("endTime")); + String query = + "select distinct u from VOMSUser u where u.endTime between :startDate AND :endDate " + + "and suspended is false order by u.endTime asc"; + + Query q = HibernateFactory.getSession().createQuery(query); - return crit.list(); + q.setDate("startDate", now); + q.setDate("endDate", intervalDate); + return q.list(); } public VOMSUser lookup(String certificateSubject, String certificateIssuer) { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/AuditSearchDAO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/AuditSearchDAO.java index 301bced8..67865ecf 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/AuditSearchDAO.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/AuditSearchDAO.java @@ -27,13 +27,13 @@ public interface AuditSearchDAO extends GenericDAO { List findLatestEvents(int numEvents); - Integer countEvents(); + Long countEvents(); AuditLogSearchResults findEventsMatchingParams(AuditLogSearchParams sp); ScrollableAuditLogSearchResults scrollEventsMatchingParams( AuditLogSearchParams sp, ScrollMode scrollMode); - Integer countEventsMatchingParams(AuditLogSearchParams sp); + Long countEventsMatchingParams(AuditLogSearchParams sp); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/TaskDAO.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/TaskDAO.java index 49b069da..71ba1c96 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/TaskDAO.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/generic/TaskDAO.java @@ -19,6 +19,7 @@ import java.util.List; import org.glite.security.voms.admin.persistence.model.AUP; +import org.glite.security.voms.admin.persistence.model.VOMSUser; import org.glite.security.voms.admin.persistence.model.request.Request; import org.glite.security.voms.admin.persistence.model.task.ApproveUserRequestTask; import org.glite.security.voms.admin.persistence.model.task.SignAUPTask; @@ -41,5 +42,7 @@ public interface TaskDAO extends GenericDAO { void removeAllTasks(); List getActiveTasks(); + + void removeAllUserTasks(VOMSUser user); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/AuditSearchDAOHibernate.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/AuditSearchDAOHibernate.java index 81c44715..81c4285d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/AuditSearchDAOHibernate.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/AuditSearchDAOHibernate.java @@ -53,11 +53,11 @@ public List findLatestEvents(int numEvents) { } @Override - public Integer countEvents() { + public Long countEvents() { Criteria crit = createCriteria(); crit.setProjection(Projections.rowCount()); - return (Integer) crit.uniqueResult(); + return (Long) crit.uniqueResult(); } protected Criteria buildCriteriaFromParams(AuditLogSearchParams sp) { @@ -158,7 +158,7 @@ public ScrollableAuditLogSearchResults scrollEventsMatchingParams( } @Override - public Integer countEventsMatchingParams(AuditLogSearchParams sp) { + public Long countEventsMatchingParams(AuditLogSearchParams sp) { Criteria crit = buildCriteriaFromParams(sp); crit.setProjection(Projections.rowCount()); @@ -175,7 +175,7 @@ public Integer countEventsMatchingParams(AuditLogSearchParams sp) { crit.setFirstResult(0); crit.setMaxResults(100); - return (Integer) crit.uniqueResult(); + return (Long) crit.uniqueResult(); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/TaskDAOHibernate.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/TaskDAOHibernate.java index 6fd16f96..380f9c9d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/TaskDAOHibernate.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/dao/hibernate/TaskDAOHibernate.java @@ -27,6 +27,7 @@ import org.glite.security.voms.admin.persistence.dao.generic.TaskTypeDAO; import org.glite.security.voms.admin.persistence.error.VOMSDatabaseException; import org.glite.security.voms.admin.persistence.model.AUP; +import org.glite.security.voms.admin.persistence.model.VOMSUser; import org.glite.security.voms.admin.persistence.model.request.Request; import org.glite.security.voms.admin.persistence.model.task.ApproveUserRequestTask; import org.glite.security.voms.admin.persistence.model.task.SignAUPTask; @@ -136,5 +137,11 @@ public List findActiveSignAUPTasks() { return crit.list(); } + @Override + public void removeAllUserTasks(VOMSUser user) { + + + } + } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/deployer/SchemaDeployer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/deployer/SchemaDeployer.java index 42db3efd..03b35ea2 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/deployer/SchemaDeployer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/deployer/SchemaDeployer.java @@ -84,8 +84,7 @@ public class SchemaDeployer { public static final String ORACLE_PRODUCT_NAME = "Oracle"; public static final String MYSQL_PRODUCT_NAME = "MySQL"; - private static final Logger log = LoggerFactory - .getLogger(SchemaDeployer.class); + private static final Logger log = LoggerFactory.getLogger(SchemaDeployer.class); protected CommandLineParser parser = new PosixParser(); @@ -111,8 +110,7 @@ public class SchemaDeployer { Dialect dialect; - AuditLogHelper auditLogHelper = new AuditLogHelper( - CurrentAdminPrincipal.LOCAL_DB_PRINCIPAL); + AuditLogHelper auditLogHelper = new AuditLogHelper(CurrentAdminPrincipal.LOCAL_DB_PRINCIPAL); public SchemaDeployer(String[] args) { @@ -141,19 +139,18 @@ private void checkDatabaseConnectivity() { try { - s = HibernateFactory.getFactory() - .openSession(); + s = HibernateFactory.getFactory().openSession(); s.beginTransaction(); } catch (GenericJDBCException e) { log.error(""); log.error( - "==========================================================================================================================="); + "==========================================================================================================================="); log.error( - "Error connecting to the voms database! Check your database settings and ensure that the database backend is up and running."); + "Error connecting to the voms database! Check your database settings and ensure that the database backend is up and running."); log.error( - "============================================================================================================================"); + "============================================================================================================================"); if (log.isDebugEnabled()) log.error(e.getMessage(), e); @@ -177,8 +174,7 @@ private void checkDatabaseWritable() { try { - s = HibernateFactory.getFactory() - .openSession(); + s = HibernateFactory.getFactory().openSession(); Transaction t = s.beginTransaction(); s.createSQLQuery("create table writetest(integer a)"); @@ -191,17 +187,17 @@ private void checkDatabaseWritable() { } catch (Throwable t) { log.error( - "Error writing to the voms database. Check your database settings and that the database backend is up and running."); + "Error writing to the voms database. Check your database settings and that the database backend is up and running."); if (log.isDebugEnabled()) log.error( - "Error opening connection to the voms database. Check your database settings, or ensure that the local is up & running\nCause:" - + t.getMessage(), - t); + "Error opening connection to the voms database. Check your database settings, or ensure that the local is up & running\nCause:" + + t.getMessage(), + t); throw new VOMSDatabaseException( - "Error opening connection to the voms database. Check your database settings, or ensure that the local is up & running", - t); + "Error opening connection to the voms database. Check your database settings, or ensure that the local is up & running", + t); } finally { @@ -218,11 +214,11 @@ private void execute() { System.setProperty(VOMSConfigurationConstants.VO_NAME, vo); VOMSConfiguration.load(null); - boolean skipCaCheck = VOMSConfiguration.instance() - .getBoolean(VOMSConfigurationConstants.SKIP_CA_CHECK, false); + boolean skipCaCheck = + VOMSConfiguration.instance().getBoolean(VOMSConfigurationConstants.SKIP_CA_CHECK, false); LookupPolicyProvider.initialize(skipCaCheck); - + HibernateFactory.initialize(getHibernateMetadataSources()); if (command.equals("deploy")) @@ -274,23 +270,18 @@ private boolean isOracleBackend() { } catch (HibernateException e) { - log.error( - "Hibernate error accessing database metadata from Hibernate connection!", - e); + log.error("Hibernate error accessing database metadata from Hibernate connection!", e); System.exit(-1); } catch (SQLException e) { - log.error( - "SQL error while accessing database metadata from Hibernate connection!", - e); + log.error("SQL error while accessing database metadata from Hibernate connection!", e); System.exit(-1); } log.debug("Detected database: " + dbProductName); - return dbProductName.trim() - .equals(ORACLE_PRODUCT_NAME); + return dbProductName.trim().equals(ORACLE_PRODUCT_NAME); } @@ -355,10 +346,59 @@ private String getTimestampType() { } - private ResultSet getTableNamesMatchingPattern(DatabaseMetaData md, - String pattern) { + private void printSchemaNames(DatabaseMetaData md) { + + try { + + ResultSet schemas = md.getSchemas(); + boolean schemasFound = false; + + while (schemas.next()) { + schemasFound = true; + String schemaName = schemas.getString("TABLE_SCHEM"); + String schemaCatalog = schemas.getString("TABLE_CATALOG"); + + log.info("Schema: {}, Catalog: {}", schemaName, schemaCatalog); + } + + if (!schemasFound) { + log.info("No schemas found"); + } + + } catch (SQLException e) { + log.error("Error reading schema names from database metadata object!", e); + System.exit(-1); + } + + } + + private ResultSet getAllTableNames(DatabaseMetaData md) { + String[] names = {"TABLE"}; + + + ResultSet tableNames = null; + + try { + + String dbUrl = md.getURL(); + String dbName = dbUrl.substring(dbUrl.lastIndexOf('/') + 1); + + log.info("DB URL: {}. DB name: {}", dbUrl, dbName); + + tableNames = md.getTables(dbName, null, null, names); + + } catch (SQLException e) { + log.error("Error reading table names from database metadata object!", e); + System.exit(-1); + } + + return tableNames; + } + + + private ResultSet getTableNamesMatchingPattern(DatabaseMetaData md, String pattern) { - String[] names = { "TABLE" }; + String[] names = {"TABLE"}; ResultSet tableNames = null; @@ -389,14 +429,14 @@ private int checkDatabaseExistence() { } catch (Throwable e) { - log.error( - "Hibernate error accessing database metadata from Hibernate connection!", - e); + log.error("Hibernate error accessing database metadata from Hibernate connection!", e); System.exit(-1); } - ResultSet tableNames = getTableNamesMatchingPattern(dbMetadata, "%"); + printSchemaNames(dbMetadata); + + ResultSet tableNames = getAllTableNames(dbMetadata); boolean foundACL2 = false; boolean foundACL = false; @@ -450,9 +490,8 @@ private int checkDatabaseExistence() { private List parseUpgradeScript(String filename) throws IOException { - BufferedReader reader = new BufferedReader( - new InputStreamReader(this.getClass() - .getResourceAsStream(filename))); + BufferedReader reader = + new BufferedReader(new InputStreamReader(this.getClass().getResourceAsStream(filename))); ArrayList commands = new ArrayList(); @@ -489,14 +528,14 @@ private List loadUpgradeScriptToV6() throws IOException { private void fixMissingIndexesOnAuditTable() { - FixMissingIndexesOnAuditTable fixIndexes = new FixMissingIndexesOnAuditTable( - HibernateFactory.getSession()); + FixMissingIndexesOnAuditTable fixIndexes = + new FixMissingIndexesOnAuditTable(HibernateFactory.getSession()); fixIndexes.run(); } - - + + private boolean doUpgrateToV6() { final int existingDB = checkDatabaseExistence(); @@ -507,17 +546,13 @@ private boolean doUpgrateToV6() { } if (existingDB < 3) { - log.error("Upgrade not supported from this database version: {}", - existingDB); + log.error("Upgrade not supported from this database version: {}", existingDB); System.exit(-1); } if (existingDB == 3) { String versionToBeUpgraded = "5"; - String adminVersion = VOMSVersionDAO.instance() - .getVersion() - .getAdminVersion() - .trim(); + String adminVersion = VOMSVersionDAO.instance().getVersion().getAdminVersion().trim(); if (adminVersion.equals(SchemaVersion.VOMS_ADMIN_DB_VERSION)) { log.warn("No upgrade needed, found schema version {}", adminVersion); @@ -530,20 +565,17 @@ private boolean doUpgrateToV6() { } try { - - log.info("Upgrading database schema from version {} to version {}", - adminVersion, 6); + + log.info("Upgrading database schema from version {} to version {}", adminVersion, 6); List upgradeScript = loadUpgradeScriptToV6(); HibernateFactory.beginTransaction(); - UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork( - upgradeScript); + UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork(upgradeScript); try { - HibernateFactory.getSession() - .doWork(upgradeWork); + HibernateFactory.getSession().doWork(upgradeWork); } catch (Throwable t) { log.error("Error upgrading voms database!", t); HibernateFactory.rollbackTransaction(); @@ -551,14 +583,12 @@ private boolean doUpgrateToV6() { } // Update database version - VOMSVersionDAO.instance() - .setupVersion("6"); + VOMSVersionDAO.instance().setupVersion("6"); HibernateFactory.commitTransaction(); return true; } catch (Exception e) { - log.error("Error upgrading VOMS database to schema version 6: {}", - e.getMessage(), e); + log.error("Error upgrading VOMS database to schema version 6: {}", e.getMessage(), e); HibernateFactory.rollbackTransaction(); } } @@ -576,17 +606,13 @@ private boolean doUpgrateToV5() { } if (existingDB < 3) { - log.error("Upgrade not supported from this database version: {}", - existingDB); + log.error("Upgrade not supported from this database version: {}", existingDB); System.exit(-1); } if (existingDB == 3) { String versionToBeUpgraded = "4"; - String adminVersion = VOMSVersionDAO.instance() - .getVersion() - .getAdminVersion() - .trim(); + String adminVersion = VOMSVersionDAO.instance().getVersion().getAdminVersion().trim(); if (adminVersion.equals(SchemaVersion.VOMS_ADMIN_DB_VERSION)) { log.warn("No upgrade needed, found schema version {}", adminVersion); @@ -594,44 +620,38 @@ private boolean doUpgrateToV5() { } if (!adminVersion.equals(versionToBeUpgraded)) { - log.error("Upgrade to v5 not supported from schema version {}", - adminVersion); + log.error("Upgrade to v5 not supported from schema version {}", adminVersion); return false; } - - log.info("Upgrading database schema from version {} to version {}", - adminVersion, 5); + + log.info("Upgrading database schema from version {} to version {}", adminVersion, 5); try { List upgradeScript = loadUpgradeScriptToV5(); HibernateFactory.beginTransaction(); - - UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork( - upgradeScript); - + + UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork(upgradeScript); + try { - HibernateFactory.getSession() - .doWork(upgradeWork); + HibernateFactory.getSession().doWork(upgradeWork); } catch (Throwable t) { log.error("Error upgrading voms database!", t); HibernateFactory.rollbackTransaction(); System.exit(2); } - + fixMissingIndexesOnAuditTable(); // Update database version - VOMSVersionDAO.instance() - .setupVersion("5"); + VOMSVersionDAO.instance().setupVersion("5"); HibernateFactory.commitTransaction(); return true; } catch (Exception e) { - log.error("Error upgrading VOMS database to schema version 5: {}", - e.getMessage(), e); + log.error("Error upgrading VOMS database to schema version 5: {}", e.getMessage(), e); HibernateFactory.rollbackTransaction(); } } @@ -641,12 +661,8 @@ private boolean doUpgrateToV5() { private boolean doUpgradeToV4() { - String[] versionsToBeUpgraded = { "3.2.0", "3.3.0", "3.3.1", "3.3.2", - "3.3.3" }; - String adminVersion = VOMSVersionDAO.instance() - .getVersion() - .getAdminVersion() - .trim(); + String[] versionsToBeUpgraded = {"3.2.0", "3.3.0", "3.3.1", "3.3.2", "3.3.3"}; + String adminVersion = VOMSVersionDAO.instance().getVersion().getAdminVersion().trim(); if (adminVersion.equals(SchemaVersion.VOMS_ADMIN_DB_VERSION)) { log.warn("No upgrade needed, found schema version {}", adminVersion); @@ -657,9 +673,8 @@ private boolean doUpgradeToV4() { for (String v : versionsToBeUpgraded) { if (adminVersion.equals(v)) { - log.debug( - "Found VOMS Admin database version {} that requires a schema upgrade.", - adminVersion); + log.debug("Found VOMS Admin database version {} that requires a schema upgrade.", + adminVersion); upgradeSupported = true; break; } @@ -667,40 +682,34 @@ private boolean doUpgradeToV4() { if (!upgradeSupported) { - log.error("Upgrade to v4 not supported from schema version {}", - adminVersion); + log.error("Upgrade to v4 not supported from schema version {}", adminVersion); return false; } - log.info("Upgrading database schema from version {} to version {}", - adminVersion, "4"); + log.info("Upgrading database schema from version {} to version {}", adminVersion, "4"); try { List upgradeScript = loadUpgradeScriptToV4(); - - UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork( - upgradeScript); + + UpgradeDatabaseWork upgradeWork = new UpgradeDatabaseWork(upgradeScript); HibernateFactory.beginTransaction(); try { - HibernateFactory.getSession() - .doWork(upgradeWork); + HibernateFactory.getSession().doWork(upgradeWork); } catch (Throwable t) { log.error("Error upgrading voms database!", t); HibernateFactory.rollbackTransaction(); System.exit(2); } - + // Update database version - VOMSVersionDAO.instance() - .setupVersion("4"); + VOMSVersionDAO.instance().setupVersion("4"); HibernateFactory.commitTransaction(); return true; } catch (Exception e) { - log.error("Error upgrading VOMS database to schema version 4: {}", - e.getMessage(), e); + log.error("Error upgrading VOMS database to schema version 4: {}", e.getMessage(), e); HibernateFactory.rollbackTransaction(); } @@ -752,21 +761,17 @@ private void doRemoveAdmin() { try { - VOMSAdmin a = VOMSAdminDAO.instance() - .lookup(adminDN, adminCA); + VOMSAdmin a = VOMSAdminDAO.instance().lookup(adminDN, adminCA); if (a == null) { - log.info("Admin '" + adminDN + "," + adminCA - + "' does not exists in database..."); + log.info("Admin '" + adminDN + "," + adminCA + "' does not exists in database..."); return; } - List affectedACLs = ACLDAO.instance() - .deletePermissionsForAdmin(a); + List affectedACLs = ACLDAO.instance().deletePermissionsForAdmin(a); - VOMSAdminDAO.instance() - .delete(a); + VOMSAdminDAO.instance().delete(a); for (ACL acl : affectedACLs) { auditLogHelper.saveAuditEvent(ACLUpdatedEvent.class, acl); @@ -777,8 +782,7 @@ private void doRemoveAdmin() { HibernateFactory.commitTransaction(); log.info("Administrator '{},{}' removed", - new String[] { a.getDn(), a.getCa() - .getSubjectString() }); + new String[] {a.getDn(), a.getCa().getSubjectString()}); } catch (Throwable t) { @@ -799,59 +803,45 @@ private void doAddAdmin() { try { - VOMSAdmin a = VOMSAdminDAO.instance() - .lookup(adminDN, adminCA); + VOMSAdmin a = VOMSAdminDAO.instance().lookup(adminDN, adminCA); if (a != null) { - log.info("Admin '" + a.getDn() + "," + a.getCa() - .getDn() + "' already exists in database..."); - log.warn( - "This admin will be granted full privileges on the VOMS database."); + log.info( + "Admin '" + a.getDn() + "," + a.getCa().getDn() + "' already exists in database..."); + log.warn("This admin will be granted full privileges on the VOMS database."); } else { - log.info("Admin '" + adminDN + "," + adminCA - + "' not found. It will be created..."); + log.info("Admin '" + adminDN + "," + adminCA + "' not found. It will be created..."); // Admin does not exist, create it! - a = VOMSAdminDAO.instance() - .create(adminDN, adminCA, adminEmailAddress); + a = VOMSAdminDAO.instance().create(adminDN, adminCA, adminEmailAddress); auditLogHelper.saveAuditEvent(AdminCreatedEvent.class, a); } - Iterator i = VOMSGroupDAO.instance() - .findAll() - .iterator(); + Iterator i = VOMSGroupDAO.instance().findAll().iterator(); while (i.hasNext()) { VOMSGroup g = i.next(); - g.getACL() - .setPermissions(a, VOMSPermission.getAllPermissions()); + g.getACL().setPermissions(a, VOMSPermission.getAllPermissions()); log.info("Adding ALL permissions on '{}' for admin '{},{}'", - new String[] { g.toString(), a.getDn(), a.getCa() - .getSubjectString() }); + new String[] {g.toString(), a.getDn(), a.getCa().getSubjectString()}); - Iterator rolesIter = VOMSRoleDAO.instance() - .findAll() - .iterator(); + Iterator rolesIter = VOMSRoleDAO.instance().findAll().iterator(); while (rolesIter.hasNext()) { VOMSRole r = rolesIter.next(); - r.getACL(g) - .setPermissions(a, VOMSPermission.getAllPermissions()); + r.getACL(g).setPermissions(a, VOMSPermission.getAllPermissions()); log.info("Adding ALL permissions on role '{}/{}' for admin '{},{}'", - new String[] { g.toString(), r.toString(), a.getDn(), a.getCa() - .getSubjectString() }); + new String[] {g.toString(), r.toString(), a.getDn(), a.getCa().getSubjectString()}); - HibernateFactory.getSession() - .save(r); + HibernateFactory.getSession().save(r); auditLogHelper.saveAuditEvent(ACLUpdatedEvent.class, r.getACL(g)); } - HibernateFactory.getSession() - .save(g); + HibernateFactory.getSession().save(g); auditLogHelper.saveAuditEvent(ACLUpdatedEvent.class, g.getACL()); } @@ -869,11 +859,11 @@ private void doAddAdmin() { } private String getHibernateConfigurationFile(String vo) { - - return String.format("%s/%s/%s", getVOConfigurationDir(), vo, - "database.properties"); - + + return String.format("%s/%s/%s", getVOConfigurationDir(), vo, "database.properties"); + } + private String getVOConfigurationDir() { Properties sysconfProps = SysconfigUtil.loadSysconfig(); @@ -899,13 +889,12 @@ private boolean isVoConfigured(String voName) { return false; } - + private MetadataSources getHibernateMetadataSources() { - - StandardServiceRegistryBuilder registryBuilder = - new StandardServiceRegistryBuilder(); - - if (hibernatePropertiesFile == null){ + + StandardServiceRegistryBuilder registryBuilder = new StandardServiceRegistryBuilder(); + + if (hibernatePropertiesFile == null) { registryBuilder.loadProperties(new File(getHibernateConfigurationFile(vo))); } else { registryBuilder.loadProperties(new File(hibernatePropertiesFile)); @@ -945,15 +934,15 @@ private void doUndeploy() { if (existingDB == 1) { log.error( - "This tool cannot undeploy voms-admin 1.2.x database! Please upgrade to voms-admin 2 or use voms-admin-configure 1.2.x tools to undeploy this database."); + "This tool cannot undeploy voms-admin 1.2.x database! Please upgrade to voms-admin 2 or use voms-admin-configure 1.2.x tools to undeploy this database."); System.exit(-1); } if (existingDB == 2) { log.error( - "This tool cannot undeploy voms-admin 2.0.x databases! Please either upgrade the database to voms-admin 2.5 (using this tool) or use voms-admin-configure 2.0.x" - + " tools to undeploy this database"); + "This tool cannot undeploy voms-admin 2.0.x databases! Please either upgrade the database to voms-admin 2.5 (using this tool) or use voms-admin-configure 2.0.x" + + " tools to undeploy this database"); System.exit(-1); } @@ -967,13 +956,13 @@ private void doUndeploy() { SchemaExport export = new SchemaExport(); export.setHaltOnError(true); - - + + EnumSet targetTypes = EnumSet.of(TargetType.DATABASE); Metadata md = getHibernateMetadataSources().getMetadataBuilder().build(); export.drop(targetTypes, md); - + @SuppressWarnings("rawtypes") List l = export.getExceptions(); @@ -1007,44 +996,34 @@ private void doGrantROAccess() { HibernateFactory.beginTransaction(); - VOMSAdmin anyUserAdmin = VOMSAdminDAO.instance() - .getAnyAuthenticatedUserAdmin(); + VOMSAdmin anyUserAdmin = VOMSAdminDAO.instance().getAnyAuthenticatedUserAdmin(); VOMSPermission readOnlyPerms = VOMSPermission.getEmptyPermissions() .setContainerReadPermission() .setMembershipReadPermission(); - List groups = VOMSGroupDAO.instance() - .findAll(); + List groups = VOMSGroupDAO.instance().findAll(); for (VOMSGroup g : groups) { - g.getACL() - .setPermissions(anyUserAdmin, readOnlyPerms); + g.getACL().setPermissions(anyUserAdmin, readOnlyPerms); - log.info( - "Granting read-only access to any authenticated user on group '{}'", - g.getName()); + log.info("Granting read-only access to any authenticated user on group '{}'", g.getName()); - List roles = VOMSRoleDAO.instance() - .findAll(); + List roles = VOMSRoleDAO.instance().findAll(); for (VOMSRole r : roles) { - r.getACL(g) - .setPermissions(anyUserAdmin, readOnlyPerms); - log.info( - "Granting read-only access to any authenticated user on role '{}/{}'", - new String[] { g.toString(), r.toString() }); + r.getACL(g).setPermissions(anyUserAdmin, readOnlyPerms); + log.info("Granting read-only access to any authenticated user on role '{}/{}'", + new String[] {g.toString(), r.toString()}); - HibernateFactory.getSession() - .save(r); + HibernateFactory.getSession().save(r); auditLogHelper.saveAuditEvent(ACLUpdatedEvent.class, r.getACL(g)); } - HibernateFactory.getSession() - .save(g); + HibernateFactory.getSession().save(g); auditLogHelper.saveAuditEvent(ACLUpdatedEvent.class, g.getACL()); } @@ -1067,11 +1046,9 @@ private void doDeploy() { int existingDb = checkDatabaseExistence(); if (existingDb > 0) { - final String adminDbVersion = VOMSVersionDAO - .instance().getVersion().getAdminVersion().trim(); - - log - .warn("Existing voms database found. Will not overwrite " + final String adminDbVersion = VOMSVersionDAO.instance().getVersion().getAdminVersion().trim(); + + log.warn("Existing voms database found. Will not overwrite " + "the database! (admin db version: {})", adminDbVersion); System.exit(0); } @@ -1079,7 +1056,7 @@ private void doDeploy() { checkDatabaseWritable(); SchemaExport exporter = new SchemaExport(); - + EnumSet targetTypes = EnumSet.of(TargetType.DATABASE); exporter.createOnly(targetTypes, HibernateFactory.getMetadata()); @@ -1094,19 +1071,19 @@ private void doDeploy() { System.exit(2); } - + // This is needed as the version of hibernate we are using // does not support defining indexes on join table columns // See: https://hibernate.atlassian.net/browse/HHH-4263 - CreateAuditEventDataIndexes createIndexTask = new CreateAuditEventDataIndexes( - HibernateFactory.getSession()); + CreateAuditEventDataIndexes createIndexTask = + new CreateAuditEventDataIndexes(HibernateFactory.getSession()); HibernateFactory.beginTransaction(); - + createIndexTask.run(); - CreateAttributeValueIndex avIndexTask = new CreateAttributeValueIndex( - HibernateFactory.getSession()); + CreateAttributeValueIndex avIndexTask = + new CreateAttributeValueIndex(HibernateFactory.getSession()); avIndexTask.run(); @@ -1125,13 +1102,11 @@ protected void setupCLParser() { options = new Options(); - options.addOption(OptionBuilder.withLongOpt("help") - .withDescription("Displays helps and exits.") - .create("h")); + options.addOption( + OptionBuilder.withLongOpt("help").withDescription("Displays helps and exits.").create("h")); options.addOption(OptionBuilder.withLongOpt("command") - .withDescription( - "Specifies the command to be executed: deploy,undeploy,upgrade,add-admin") + .withDescription("Specifies the command to be executed: deploy,undeploy,upgrade,add-admin") .hasArg() .create("command")); @@ -1152,19 +1127,19 @@ protected void setupCLParser() { options.addOption(OptionBuilder.withLongOpt("dn") .withDescription( - "Specifies the dn for the admin to add (valid only if add-admin command is given).") + "Specifies the dn for the admin to add (valid only if add-admin command is given).") .hasArg() .create("dn")); options.addOption(OptionBuilder.withLongOpt("ca") .withDescription( - "Specifies the ca for the admin to add (valid only if add-admin command is given).") + "Specifies the ca for the admin to add (valid only if add-admin command is given).") .hasArg() .create("ca")); options.addOption(OptionBuilder.withLongOpt("email") .withDescription( - "Specifies the email address for the admin to add (valid only if add-admin command is given).") + "Specifies the email address for the admin to add (valid only if add-admin command is given).") .hasArg() .create("email")); @@ -1195,11 +1170,10 @@ protected void checkArguments(String[] args) { command = line.getOptionValue("command"); // FIXME: use an Enumeration for the commands!! - if (!command.equals("deploy") && !command.equals("upgrade") - && !command.equals("add-admin") && !command.equals("remove-admin") - && !command.equals("undeploy") && !command.equals("upgrade-script") - && !command.equals("check-connectivity") - && !command.equals("grant-read-only-access")) { + if (!command.equals("deploy") && !command.equals("upgrade") && !command.equals("add-admin") + && !command.equals("remove-admin") && !command.equals("undeploy") + && !command.equals("upgrade-script") && !command.equals("check-connectivity") + && !command.equals("grant-read-only-access")) { System.err.println("Unknown command specified: " + command); printHelpMessageAndExit(2); @@ -1224,8 +1198,7 @@ protected void checkArguments(String[] args) { } catch (ParseException e) { - throw new VOMSException( - "Error parsing command-line arguments: " + e.getMessage(), e); + throw new VOMSException("Error parsing command-line arguments: " + e.getMessage(), e); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/Certificate.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/Certificate.java index ac711ce8..c0101fe2 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/Certificate.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/Certificate.java @@ -33,8 +33,6 @@ import javax.persistence.Transient; import org.apache.commons.lang.builder.CompareToBuilder; -import org.apache.commons.lang.builder.EqualsBuilder; -import org.apache.commons.lang.builder.HashCodeBuilder; import org.glite.security.voms.admin.persistence.model.VOMSUser.SuspensionReason; import org.hibernate.annotations.NaturalId; @@ -147,33 +145,65 @@ public void setSuspended(boolean suspended) { this.suspended = suspended; } - public boolean equals(Object other) { - if (this == other) - return true; - - if (other == null) - return false; - - if (!(other instanceof Certificate)) - return false; - - Certificate that = (Certificate) other; - - EqualsBuilder builder = new EqualsBuilder(); - builder.append(getSubjectString(), that.getSubjectString()).append(getCa(), - that.getCa()); - - return builder.isEquals(); - - } + // public boolean equals(Object other) { + // + // if (this == other) + // return true; + // + // if (other == null) + // return false; + // + // if (!(other instanceof Certificate)) + // return false; + // + // Certificate that = (Certificate) other; + // + // EqualsBuilder builder = new EqualsBuilder(); + // builder.append(getSubjectString(), that.getSubjectString()).append(getCa(), + // that.getCa()); + // + // return builder.isEquals(); + // + // } + // + // public int hashCode() { + // + // HashCodeBuilder builder = new HashCodeBuilder(7, 37); + // builder.append(getSubjectString()).append(getCa()); + // + // return builder.toHashCode(); + // } + @Override public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((ca == null) ? 0 : ca.hashCode()); + result = prime * result + ((subjectString == null) ? 0 : subjectString.hashCode()); + return result; + } - HashCodeBuilder builder = new HashCodeBuilder(7, 37); - builder.append(getSubjectString()).append(getCa()); - - return builder.toHashCode(); + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + Certificate other = (Certificate) obj; + if (ca == null) { + if (other.ca != null) + return false; + } else if (!ca.equals(other.ca)) + return false; + if (subjectString == null) { + if (other.subjectString != null) + return false; + } else if (!subjectString.equals(other.subjectString)) + return false; + return true; } public VOMSUser getUser() { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSCA.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSCA.java index 5ddb7089..bd57c850 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSCA.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSCA.java @@ -134,36 +134,29 @@ public String toString() { return subjectString; } - /* - * (non-Javadoc) - * - * @see java.lang.Object#equals(java.lang.Object) - */ - public boolean equals(Object other) { + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((subjectString == null) ? 0 : subjectString.hashCode()); + return result; + } - if (this == other) + @Override + public boolean equals(Object obj) { + if (this == obj) return true; - - if (!(other instanceof VOMSCA)) + if (obj == null) return false; - - if (other == null) + if (getClass() != obj.getClass()) return false; - - final VOMSCA that = (VOMSCA) other; - return (getSubjectString().equals(that.getSubjectString())); - - } - - /* - * (non-Javadoc) - * - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - - return subjectString.hashCode(); - + VOMSCA other = (VOMSCA) obj; + if (subjectString == null) { + if (other.subjectString != null) + return false; + } else if (!subjectString.equals(other.subjectString)) + return false; + return true; } public String getShortName() { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSUser.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSUser.java index 3995b0f2..e518829d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSUser.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/VOMSUser.java @@ -37,7 +37,6 @@ import javax.persistence.Entity; import javax.persistence.EnumType; import javax.persistence.Enumerated; -import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @@ -50,7 +49,6 @@ import org.apache.commons.lang.builder.ToStringBuilder; import org.glite.security.voms.User; import org.glite.security.voms.admin.apiv2.VOMSUserJSON; -import org.glite.security.voms.admin.error.NotFoundException; import org.glite.security.voms.admin.error.NullArgumentException; import org.glite.security.voms.admin.error.VOMSSyntaxException; import org.glite.security.voms.admin.persistence.HibernateFactory; @@ -89,9 +87,9 @@ public enum SuspensionReason { FAILED_TO_SIGN_AUP("User failed to sign the AUP in time."), MEMBERSHIP_EXPIRATION("User membership has expired."), - SECURITY_INCIDENT( - "User membership has been suspended after a security incident."), - OTHER("User membership has been suspended for another unknown reason."); + SECURITY_INCIDENT("User membership has been suspended after a security incident."), + OTHER("User membership has been suspended for another unknown reason."), + HR_DB_VALIDATION("OrgDB: CERN HR db validation failed"); String message; @@ -118,7 +116,7 @@ public VOMSUser() { @Id @Column(name = "userid") - @GeneratedValue(strategy=GenerationType.IDENTITY) + @GeneratedValue(strategy = GenerationType.IDENTITY) Long id; // Base membership information (JSPG requirements) @@ -163,38 +161,30 @@ public VOMSUser() { String suspensionReason; /** Generic attributes mapping **/ - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "user", orphanRemoval=true) - Set attributes = new HashSet(); + @OneToMany(cascade = {CascadeType.ALL}, mappedBy = "user", orphanRemoval = true) + Set attributes = new HashSet<>(); /** Membership mappings **/ - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "user", orphanRemoval=true) + @OneToMany(cascade = {CascadeType.ALL}, mappedBy = "user", orphanRemoval = true) @SortNatural - Set mappings = new TreeSet(); + Set mappings = new TreeSet<>(); /** User certificates **/ - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "user", - fetch=FetchType.EAGER) - @org.hibernate.annotations.Cascade( - value = { org.hibernate.annotations.CascadeType.DELETE_ORPHAN }) - Set certificates = new HashSet(); + @OneToMany(cascade = {CascadeType.ALL}, mappedBy = "user", orphanRemoval = true) + Set certificates = new HashSet<>(); /** AUP acceptance records **/ - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "user") - @org.hibernate.annotations.Cascade( - value = { org.hibernate.annotations.CascadeType.DELETE_ORPHAN }) - Set aupAcceptanceRecords = new HashSet(); + @OneToMany(cascade = {CascadeType.ALL}, mappedBy = "user", orphanRemoval = true) + Set aupAcceptanceRecords = new HashSet<>(); /** Assigned tasks **/ - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "user", - fetch = FetchType.EAGER) - @org.hibernate.annotations.Cascade( - value = { org.hibernate.annotations.CascadeType.DELETE_ORPHAN }) - Set tasks = new HashSet(); + @OneToMany(cascade = {CascadeType.ALL}, mappedBy = "user", orphanRemoval = true) + Set tasks = new HashSet<>(); /** Personal information set **/ // FIXME: currently ignored by configuration @Transient - Set personalInformations = new HashSet(); + Set personalInformations = new HashSet<>(); @Column(name = "orgdb_id", nullable = true) Long orgDbId; @@ -252,8 +242,7 @@ public VOMSUserAttribute getAttributeByName(String name) { while (i.hasNext()) { VOMSUserAttribute tmp = (VOMSUserAttribute) i.next(); - if (tmp.getName() - .equals(name)) + if (tmp.getName().equals(name)) return tmp; } @@ -271,7 +260,7 @@ public void deleteAttribute(VOMSUserAttribute val) { if (!attributes.contains(val)) throw new NoSuchAttributeException( - "Attribute \"" + val.getName() + "\" undefined for user " + this); + "Attribute \"" + val.getName() + "\" undefined for user " + this); attributes.remove(val); @@ -283,30 +272,30 @@ public void setAttribute(String name, String value) { if (val == null) throw new NoSuchAttributeException( - "Attribute \"" + name + "\" undefined for user \"" + this + "\"."); + "Attribute \"" + name + "\" undefined for user \"" + this + "\"."); val.setValue(value); } - - public void cleanMappings(){ - + + public void cleanMappings() { + Iterator mappingsIter = getMappings().iterator(); - - while (mappingsIter.hasNext()){ + + while (mappingsIter.hasNext()) { VOMSMapping m = mappingsIter.next(); mappingsIter.remove(); - + m.getGroup().removeMapping(m); - + isTrue(!m.getGroup().getMappings().contains(m)); - - if (m.getRole()!= null){ + + if (m.getRole() != null) { m.getRole().removeMapping(m); - + isTrue(!m.getRole().getMappings().contains(m)); } - + HibernateFactory.getSession().delete(m); } } @@ -326,21 +315,19 @@ public boolean isMember(String groupName) { if (groupName == null) throw new NullArgumentException( - "Cannot org.glite.security.voms.admin.test membership in a null group!"); + "Cannot org.glite.security.voms.admin.test membership in a null group!"); if (!PathNamingScheme.isGroup(groupName)) throw new VOMSSyntaxException( - "Group name passed as argument does not respect the VOMS FQAN syntax. [" - + groupName + "]"); + "Group name passed as argument does not respect the VOMS FQAN syntax. [" + groupName + + "]"); Iterator i = getMappings().iterator(); while (i.hasNext()) { VOMSMapping m = (VOMSMapping) i.next(); - if (m.getGroup() - .getName() - .equals(groupName) && m.isGroupMapping()) + if (m.getGroup().getName().equals(groupName) && m.isGroupMapping()) return true; } @@ -352,15 +339,14 @@ public boolean isMember(VOMSGroup g) { if (g == null) throw new NullArgumentException( - "Cannot org.glite.security.voms.admin.test membership in a null group!"); + "Cannot org.glite.security.voms.admin.test membership in a null group!"); Iterator i = getMappings().iterator(); while (i.hasNext()) { VOMSMapping m = (VOMSMapping) i.next(); - if (m.getGroup() - .equals(g) && m.isGroupMapping()) + if (m.getGroup().equals(g) && m.isGroupMapping()) return true; } @@ -373,16 +359,16 @@ public void addToGroup(VOMSGroup g) { log.debug("Adding user \"" + this + "\" to group \"" + g + "\"."); VOMSMapping m = new VOMSMapping(this, g, null); - + if (!getMappings().add(m)) throw new AlreadyExistsException( - "User \"" + this + "\" is already a member of group \"" + g + "\"."); - + "User \"" + this + "\" is already a member of group \"" + g + "\"."); + m.getGroup().addMapping(m); - + // Add this user to parent groups if (!g.isRootGroup()) { - if (!isMember(g.parent)){ + if (!isMember(g.parent)) { addToGroup(g.parent); } } @@ -403,7 +389,7 @@ public void removeFromGroup(VOMSGroup g) { } else throw new NoSuchMappingException( - "User \"" + this + "\" is not a member of group \"" + g + "\"."); + "User \"" + this + "\" is not a member of group \"" + g + "\"."); } @@ -411,19 +397,17 @@ public VOMSMapping assignRole(VOMSGroup g, VOMSRole r) { if (!isMember(g)) throw new NoSuchMappingException( - "User \"" + this + "\" is not a member of group \"" + g + "\"."); + "User \"" + this + "\" is not a member of group \"" + g + "\"."); VOMSMapping m = new VOMSMapping(this, g, r); if (getMappings().contains(m)) - throw new AlreadyExistsException("User \"" + this - + "\" already has role \"" + r + "\" in group \"" + g + "\"."); + throw new AlreadyExistsException( + "User \"" + this + "\" already has role \"" + r + "\" in group \"" + g + "\"."); - log.debug("Assigning role \"" + r + "\" to user \"" + this - + "\" in group \"" + g + "\"."); + log.debug("Assigning role \"" + r + "\" to user \"" + this + "\" in group \"" + g + "\"."); getMappings().add(m); - r.getMappings() - .add(m); + r.getMappings().add(m); return m; @@ -433,14 +417,13 @@ public VOMSMapping dismissRole(VOMSGroup g, VOMSRole r) { if (!isMember(g)) throw new NoSuchMappingException( - "User \"" + this + "\" is not a member of group \"" + g + "\"."); + "User \"" + this + "\" is not a member of group \"" + g + "\"."); if (!hasRole(g, r)) - throw new NoSuchMappingException("User \"" + this - + "\" does not have role \"" + r + "\" in group \"" + g + "\"."); + throw new NoSuchMappingException( + "User \"" + this + "\" does not have role \"" + r + "\" in group \"" + g + "\"."); - log.debug("Dismissing role \"" + r + "\" from user \"" + this - + "\" in group \"" + g + "\"."); + log.debug("Dismissing role \"" + r + "\" from user \"" + this + "\" in group \"" + g + "\"."); Iterator i = getMappings().iterator(); boolean removed = false; @@ -449,10 +432,7 @@ public VOMSMapping dismissRole(VOMSGroup g, VOMSRole r) { while (i.hasNext()) { m = (VOMSMapping) i.next(); if (m.isRoleMapping()) { - if (m.getGroup() - .equals(g) - && m.getRole() - .equals(r)) { + if (m.getGroup().equals(g) && m.getRole().equals(r)) { i.remove(); boolean removedFromRole = r.removeMapping(m); boolean removedFromGroup = g.removeMapping(m); @@ -462,8 +442,7 @@ public VOMSMapping dismissRole(VOMSGroup g, VOMSRole r) { } if (!removed) - throw new VOMSInconsistentDatabaseException( - "Error removing existing role mapping!"); + throw new VOMSInconsistentDatabaseException("Error removing existing role mapping!"); return m; } @@ -472,7 +451,7 @@ public void dismissRolesInGroup(VOMSGroup g) { if (!isMember(g)) throw new NoSuchMappingException( - "User \"" + this + "\" is not a member of group \"" + g + "\"."); + "User \"" + this + "\" is not a member of group \"" + g + "\"."); Iterator i = getMappings().iterator(); @@ -480,8 +459,7 @@ public void dismissRolesInGroup(VOMSGroup g) { VOMSMapping m = (VOMSMapping) i.next(); - if (m.getGroup() - .equals(g) && m.isRoleMapping()) { + if (m.getGroup().equals(g) && m.isRoleMapping()) { i.remove(); m.getRole().removeMapping(m); m.getGroup().removeMapping(m); @@ -495,7 +473,7 @@ public boolean hasRole(VOMSGroup g, VOMSRole r) { if (!isMember(g)) throw new NoSuchMappingException( - "User \"" + this + "\" is not a member of group \"" + g + "\"."); + "User \"" + this + "\" is not a member of group \"" + g + "\"."); Iterator i = getMappings().iterator(); @@ -503,10 +481,7 @@ public boolean hasRole(VOMSGroup g, VOMSRole r) { VOMSMapping m = (VOMSMapping) i.next(); if (m.isRoleMapping()) { - if (m.getGroup() - .equals(g) - && m.getRole() - .equals(r)) + if (m.getGroup().equals(g) && m.getRole().equals(r)) return true; } } @@ -518,7 +493,7 @@ public boolean hasRole(String fqan) { if (!PathNamingScheme.isQualifiedRole(fqan)) throw new IllegalArgumentException( - "Role name passed as argument is not a qualified role! [" + fqan + "]"); + "Role name passed as argument is not a qualified role! [" + fqan + "]"); String groupName = PathNamingScheme.getGroupName(fqan); String roleName = PathNamingScheme.getRoleName(fqan); @@ -529,12 +504,7 @@ public boolean hasRole(String fqan) { VOMSMapping m = (VOMSMapping) i.next(); if (m.isRoleMapping()) { - if (m.getGroup() - .getName() - .equals(groupName) - && m.getRole() - .getName() - .equals(roleName)) + if (m.getGroup().getName().equals(groupName) && m.getRole().getName().equals(roleName)) return true; } } @@ -566,8 +536,7 @@ public Set getRoles(VOMSGroup g) { while (mIter.hasNext()) { VOMSMapping m = (VOMSMapping) mIter.next(); - if (m.isRoleMapping() && m.getGroup() - .equals(g)) + if (m.isRoleMapping() && m.getGroup().equals(g)) res.add(m.getRole()); } @@ -648,8 +617,7 @@ public User asUser() { User u = new User(); u.setDN(getDefaultCertificate().getSubjectString()); - u.setCA(getDefaultCertificate().getCa() - .getSubjectString()); + u.setCA(getDefaultCertificate().getCa().getSubjectString()); u.setCN(null); u.setMail(getEmailAddress()); u.setCertUri(null); @@ -668,8 +636,7 @@ public static User[] collectionAsUsers(Collection c) { for (Certificate cert : u.getCertificates()) { User uu = new User(); uu.setDN(cert.getSubjectString()); - uu.setCA(cert.getCa() - .getSubjectString()); + uu.setCA(cert.getCa().getSubjectString()); uu.setMail(u.getEmailAddress()); userList.add(uu); } @@ -699,8 +666,8 @@ public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((id == null) ? 0 : id.hashCode()); - result = prime * result + ((getDefaultCertificate() == null) ? 0 : - getDefaultCertificate().hashCode()); + result = prime * result + + ((getDefaultCertificate() == null) ? 0 : getDefaultCertificate().hashCode()); return result; } @@ -751,7 +718,7 @@ public void addCertificate(Certificate cert) { if (hasCertificate(cert)) throw new AlreadyExistsException( - "Certificate '" + cert + "' is already bound to user '" + this + "'."); + "Certificate '" + cert + "' is already bound to user '" + this + "'."); getCertificates().add(cert); cert.setUser(this); @@ -772,11 +739,7 @@ public boolean hasCertificate(Certificate cert) { public Certificate getCertificate(String subject, String issuer) { for (Certificate c : certificates) { - if (c.getSubjectString() - .equals(subject) - && c.getCa() - .getSubjectString() - .equals(issuer)) + if (c.getSubjectString().equals(subject) && c.getCa().getSubjectString().equals(issuer)) return c; } @@ -789,22 +752,25 @@ public List getCertificatesBySubject(String subject) { for (Certificate c : certificates) { - if (c.getSubjectString() - .equals(subject)) + if (c.getSubjectString().equals(subject)) result.add(c); } return result; } - public void removeCertificate(Certificate cert) { + public boolean removeCertificate(Certificate cert) { - if (!hasCertificate(cert)) - throw new NotFoundException( - "Certificate '" + cert + "' is not bound to user '" + this + "'."); + if (!hasCertificate(cert)) { + return false; + } - getCertificates().remove(cert); + boolean removed = getCertificates().remove(cert); + if (removed) { + cert.setUser(null); + } + return removed; } public String getAddress() { @@ -917,8 +883,7 @@ public String getEscapedDn() { if (cert == null) return null; - return cert.getSubjectString() - .replaceAll("'", "\\\\'"); + return cert.getSubjectString().replaceAll("'", "\\\\'"); } @@ -933,8 +898,7 @@ public Set getAupAcceptanceRecords() { /** * @param aupAcceptanceRecords the aupAcceptanceRecords to set */ - public void setAupAcceptanceRecords( - Set aupAcceptanceRecords) { + public void setAupAcceptanceRecords(Set aupAcceptanceRecords) { this.aupAcceptanceRecords = aupAcceptanceRecords; } @@ -943,8 +907,7 @@ public boolean hasSignedAUP(AUPVersion aupVersion) { for (AUPAcceptanceRecord r : aupAcceptanceRecords) { - if (r.getAupVersion() - .equals(aupVersion)) + if (r.getAupVersion().equals(aupVersion)) return true; } @@ -956,8 +919,7 @@ public AUPAcceptanceRecord getAUPAccceptanceRecord(AUPVersion aupVersion) { for (AUPAcceptanceRecord r : aupAcceptanceRecords) { - if (r.getAupVersion() - .equals(aupVersion)) + if (r.getAupVersion().equals(aupVersion)) return r; } @@ -1014,8 +976,7 @@ public Set getPersonalInformations() { /** * @param personalInformations the personalInformations to set */ - public void setPersonalInformations( - Set personalInformations) { + public void setPersonalInformations(Set personalInformations) { this.personalInformations = personalInformations; } @@ -1059,8 +1020,7 @@ public boolean hasInvalidAUPAcceptanceRecordForAUP(AUP aup) { return false; for (AUPAcceptanceRecord r : getAupAcceptanceRecords()) { - if (r.getAupVersion() - .equals(aup.getActiveVersion()) && !r.getValid()) + if (r.getAupVersion().equals(aup.getActiveVersion()) && !r.getValid()) return true; } @@ -1088,8 +1048,7 @@ public boolean hasPendingSignAUPTasks() { if (t instanceof SignAUPTask) { SignAUPTask aupTask = (SignAUPTask) t; - if (!aupTask.getStatus() - .equals(TaskStatus.COMPLETED)) + if (!aupTask.getStatus().equals(TaskStatus.COMPLETED)) return true; } @@ -1101,8 +1060,7 @@ public SignAUPTask getPendingSignAUPTask() { for (Task t : getTasks()) { if (t instanceof SignAUPTask) { SignAUPTask aupTask = (SignAUPTask) t; - if (!aupTask.getStatus() - .equals(TaskStatus.COMPLETED)) { + if (!aupTask.getStatus().equals(TaskStatus.COMPLETED)) { return aupTask; } } @@ -1120,8 +1078,7 @@ public boolean hasPendingSignAUPTask() { for (Task t : getTasks()) { if (t instanceof SignAUPTask) { SignAUPTask aupTask = (SignAUPTask) t; - if (!aupTask.getStatus() - .equals(TaskStatus.COMPLETED)) { + if (!aupTask.getStatus().equals(TaskStatus.COMPLETED)) { return true; } } @@ -1139,10 +1096,7 @@ public boolean hasPendingSignAUPTask(AUP aup) { if (t instanceof SignAUPTask) { SignAUPTask aupTask = (SignAUPTask) t; log.debug("aupTask: " + aupTask); - if (aupTask.getAup() - .equals(aup) - && (!aupTask.getStatus() - .equals(TaskStatus.COMPLETED))) { + if (aupTask.getAup().equals(aup) && (!aupTask.getStatus().equals(TaskStatus.COMPLETED))) { log.debug("Found pending aup task: " + aupTask); return true; } @@ -1161,10 +1115,7 @@ public SignAUPTask getPendingSignAUPTask(AUP aup) { if (t instanceof SignAUPTask) { SignAUPTask aupTask = (SignAUPTask) t; - if (aupTask.getAup() - .equals(aup) - && !aupTask.getStatus() - .equals(TaskStatus.COMPLETED)) + if (aupTask.getAup().equals(aup) && !aupTask.getStatus().equals(TaskStatus.COMPLETED)) return aupTask; } } @@ -1190,8 +1141,7 @@ public void suspend(SuspensionReason reason) { } /** - * Restores membership and certificates that where suspended for the reason - * passed as argument + * Restores membership and certificates that where suspended for the reason passed as argument * * @param reason */ @@ -1334,16 +1284,16 @@ public int compareTo(VOMSUser that) { } } - if (getDefaultCertificate() != null){ + if (getDefaultCertificate() != null) { // Both users have name and surname undefined, compare certificates return getDefaultCertificate().compareTo(that.getDefaultCertificate()); } - + // Compare by id as last resort - if (getId() != null){ + if (getId() != null) { return getId().compareTo(that.getId()); } - + return -1; } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/SignAUPTask.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/SignAUPTask.java index d76091ec..341de6d7 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/SignAUPTask.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/SignAUPTask.java @@ -55,9 +55,6 @@ public SignAUPTask(TaskType tt, AUP a, Date expiryDate) { this.expiryDate = expiryDate; creationDate = new Date(); status = TaskStatus.CREATED; - - addLogRecord(getCreationDate()); - } /** diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/Task.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/Task.java index d39aa282..7bdce5dc 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/Task.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/model/task/Task.java @@ -68,7 +68,7 @@ public enum TaskStatus { @Column(nullable = false) TaskStatus status; - @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "task") + @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "task", orphanRemoval = true) @Sort(type = SortType.NATURAL) @org.hibernate.annotations.Cascade( value = { org.hibernate.annotations.CascadeType.DELETE_ORPHAN }) @@ -188,14 +188,10 @@ public void setCompleted() { setCompletionDate(new Date()); setStatus(TaskStatus.COMPLETED); - - addLogRecord(getCompletionDate()); } public void setExpired() { - setStatus(TaskStatus.EXPIRED); - addLogRecord(new Date()); } public boolean isExpired(){ @@ -289,23 +285,6 @@ public void setAdmin(VOMSAdmin admin) { this.admin = admin; } - protected void addLogRecord(Date d) { - - LogRecord r = new LogRecord(); - - r.setDate(d); - r.setEvent(getStatus()); - r.setTask(this); - - if (getUser() != null) - r.setUserDn(getUser().getDefaultCertificate().getSubjectString()); - if (getAdmin() != null) - r.setAdminDn(getAdmin().getDn()); - - getLogRecords().add(r); - - } - public long getDaysBeforeExpiration() { long now = new Date().getTime(); diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/tools/CleanupTaskLogRecords.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/tools/CleanupTaskLogRecords.java new file mode 100644 index 00000000..22802c50 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/persistence/tools/CleanupTaskLogRecords.java @@ -0,0 +1,125 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.persistence.tools; + +import static java.lang.Long.parseLong; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.configuration.VOMSConfigurationConstants; +import org.glite.security.voms.admin.persistence.DBUtil; +import org.glite.security.voms.admin.persistence.HibernateFactory; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.glite.security.voms.admin.persistence.dao.lookup.LookupPolicyProvider; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.glite.security.voms.admin.servlets.InitSecurityContext; +import org.hibernate.ScrollableResults; +import org.hibernate.cfg.Configuration; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class CleanupTaskLogRecords implements Runnable { + + public static final Logger LOG = LoggerFactory.getLogger(CleanupTaskLogRecords.class); + + final String vo; + final long batchSize; + + public CleanupTaskLogRecords(String vo, long batchSize) { + this.vo = vo; + this.batchSize = batchSize; + } + + + + public static void usage() { + System.out.println("usage: cmd "); + System.exit(1); + } + + private void loadVomsAdminConfiguration() { + System.setProperty(VOMSConfigurationConstants.VO_NAME, vo); + VOMSConfiguration.load(null); + } + + public static void main(String[] args) { + if (args.length != 2) { + usage(); + } + + new CleanupTaskLogRecords(args[0], parseLong(args[1])).run(); + } + + private void initializeLookupPolicyProvider() { + + boolean skipCaCheck = + VOMSConfiguration.instance().getBoolean(VOMSConfigurationConstants.SKIP_CA_CHECK, false); + + LookupPolicyProvider.initialize(skipCaCheck); + + } + + @Override + public void run() { + loadVomsAdminConfiguration(); + initializeLookupPolicyProvider(); + Configuration hibernateConfig = DBUtil.loadHibernateConfiguration("/etc/voms-admin", vo); + + hibernateConfig.configure(); + HibernateFactory.initialize(hibernateConfig); + HibernateFactory.beginTransaction(); + try { + InitSecurityContext.setInternalAdminContext(); + VOMSUserDAO dao = VOMSUserDAO.instance(); + ScrollableResults expiredUsers = dao.findUsersExpiredSinceDays(100); + + long processedRecords = 0; + + while (expiredUsers.next() && processedRecords < batchSize) { + VOMSUser user = (VOMSUser) expiredUsers.get(0); + + LOG.info("Deleting user '{} ({})' tasks who expired on '{}'", user.getShortName(), + user.getId(), user.getEndTime()); + + String deleteTLRs = "delete from task_log_record where task_id in ( select t.task_id from " + + "task t, usr u where t.usr_id = u.userid and u.userid = :userId )"; + HibernateFactory.getSession() + .createSQLQuery(deleteTLRs) + .setLong("userId", user.getId()) + .executeUpdate(); + + String deleteSATs = "delete from sign_aup_task where task_id in (select t.task_id from " + + "task t, usr u where t.usr_id = u.userid and u.userid = :userId )"; + HibernateFactory.getSession() + .createSQLQuery(deleteSATs) + .setLong("userId", user.getId()) + .executeUpdate(); + + String deleteTasks = "delete from task where usr_id = :userId"; + HibernateFactory.getSession() + .createSQLQuery(deleteTasks) + .setLong("userId", user.getId()) + .executeUpdate(); + processedRecords++; + } + + HibernateFactory.commitTransaction(); + } catch (Exception e) { + LOG.error(e.getMessage(), e); + HibernateFactory.rollbackTransaction(); + } + + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/service/VomsAttributesService.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/service/VomsAttributesService.java index 474f40d1..8e46a823 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/service/VomsAttributesService.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/service/VomsAttributesService.java @@ -20,8 +20,6 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.glite.security.voms.User; import org.glite.security.voms.VOMSException; import org.glite.security.voms.admin.error.UnimplementedFeatureException; @@ -52,6 +50,8 @@ import org.glite.security.voms.service.attributes.AttributeClass; import org.glite.security.voms.service.attributes.AttributeValue; import org.glite.security.voms.service.attributes.VOMSAttributes; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class VomsAttributesService implements VOMSAttributes { @@ -145,24 +145,6 @@ public void deleteAttributeClass(String name) throws RemoteException, } - public void deleteAttributeClass(AttributeClass attributeClass) - throws RemoteException, VOMSException { - - log.info("deleteAttributeClass(" - + StringUtils.join(new Object[] { attributeClass }, ',') + ");"); - - try { - - DeleteAttributeDescriptionOperation.instance(attributeClass.getName()) - .execute(); - - } catch (RuntimeException e) { - - ServiceExceptionHelper.handleServiceException(log, e); - throw e; - } - } - public void deleteGroupAttribute(String groupName, String attributeName) throws RemoteException, VOMSException { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/taglib/FormatDNTag.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/taglib/FormatDNTag.java index bfb331c8..888c49a0 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/taglib/FormatDNTag.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/taglib/FormatDNTag.java @@ -41,7 +41,8 @@ public class FormatDNTag extends TagSupport { * FIXME: Should allow for more characters inside the fields, to be standard * compliant **/ - private static final String regexTemplate = "=((?:(?:\\/(?!DN|DC|STREET|O|OU|CN|C|L|E|Email|emailAddress|UID|uid))?\\w?:?;?'?\"?`?\\s?\\.?@?-?\\p{L}?\\(?\\)?,?)*)"; + private static final String regexTemplate = + "=((?:(?:\\/(?!DN|DC|street|postalCode|STREET|O|OU|CN|C|L|E|Email|emailAddress|UID|uid))?\\w?:?;?'?\"?`?\\s?\\.?@?-?\\p{L}?\\(?\\)?,?)*)"; private void write(String s) throws JspTagException { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/AbstractSocketFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/AbstractSocketFactory.java index 17890346..345fe21b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/AbstractSocketFactory.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/AbstractSocketFactory.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.util.migration; import java.io.FileInputStream; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CANLAxisSocketFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CANLAxisSocketFactory.java index b5a81496..c7aa5430 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CANLAxisSocketFactory.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CANLAxisSocketFactory.java @@ -1,15 +1,17 @@ /** * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.glite.security.voms.admin.util.migration; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSACLServiceLocator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSACLServiceLocator.java index bd5e9213..1c691797 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSACLServiceLocator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSACLServiceLocator.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.util.migration; import javax.xml.rpc.Call; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAdminServiceLocator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAdminServiceLocator.java index 8be4ce49..29f91d85 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAdminServiceLocator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAdminServiceLocator.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.util.migration; import javax.xml.rpc.Call; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAttributesServiceLocator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAttributesServiceLocator.java index 1b4c2346..e063d6d9 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAttributesServiceLocator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/CSRFVOMSAttributesServiceLocator.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.util.migration; import javax.xml.rpc.Call; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/HttpClientSocketFactory.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/HttpClientSocketFactory.java index 45c4cbce..f529d893 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/HttpClientSocketFactory.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/HttpClientSocketFactory.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.glite.security.voms.admin.util.migration; import java.io.IOException; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/MigrateVo.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/MigrateVo.java index 1fcf4c3f..9125d15b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/MigrateVo.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/migration/MigrateVo.java @@ -1,15 +1,17 @@ /** * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.glite.security.voms.admin.util.migration; @@ -42,6 +44,7 @@ import org.apache.commons.httpclient.protocol.Protocol; import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; import org.apache.commons.lang3.StringUtils; +import org.apache.struts2.json.DefaultJSONWriter; import org.apache.struts2.json.JSONException; import org.apache.struts2.json.JSONPopulator; import org.apache.struts2.json.JSONReader; @@ -90,7 +93,7 @@ public class MigrateVo implements MigrateVoConstants, Runnable { Protocol vomsHttps; JSONReader jsonReader = new JSONReader(); - JSONWriter jsonWriter = new JSONWriter(); + JSONWriter jsonWriter = new DefaultJSONWriter(); JSONPopulator jsonPopulator = new JSONPopulator(); diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/validation/x509/CanlDNValidator.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/validation/x509/CanlDNValidator.java index 2f1e0bc5..8a099be4 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/validation/x509/CanlDNValidator.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/util/validation/x509/CanlDNValidator.java @@ -15,9 +15,13 @@ */ package org.glite.security.voms.admin.util.validation.x509; +import static java.util.Objects.isNull; + import java.io.IOException; +import java.security.cert.TrustAnchor; import java.util.Collections; import java.util.List; +import java.util.Objects; import java.util.Timer; import java.util.concurrent.TimeUnit; @@ -28,6 +32,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.common.collect.Lists; + import eu.emi.security.authn.x509.NamespaceCheckingMode; import eu.emi.security.authn.x509.StoreUpdateListener; import eu.emi.security.authn.x509.helpers.ObserversHandler; @@ -39,31 +45,63 @@ public class CanlDNValidator implements DnValidator, StoreUpdateListener { - public static final Logger LOG = LoggerFactory - .getLogger(CanlDNValidator.class); + public static final Logger LOG = LoggerFactory.getLogger(CanlDNValidator.class); final OpensslTrustAnchorStore trustAnchorStore; final Timer trustStoreTimer = new Timer("CanlDNValidator timer", true); final NamespaceCheckingMode nsMode = NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS_REQUIRE; public CanlDNValidator(String trustAnchorsDir, boolean openssl1Mode) { - trustAnchorStore = new OpensslTrustAnchorStoreImpl(trustAnchorsDir, - trustStoreTimer, TimeUnit.HOURS.toMillis(4), nsMode.globusEnabled(), - nsMode.euGridPmaEnabled(), - new ObserversHandler(Collections.singletonList(this)), openssl1Mode); + trustAnchorStore = new OpensslTrustAnchorStoreImpl(trustAnchorsDir, trustStoreTimer, + TimeUnit.HOURS.toMillis(4), nsMode.globusEnabled(), nsMode.euGridPmaEnabled(), + new ObserversHandler(Collections.singletonList(this)), openssl1Mode); + } + + X500Principal resolveParentPrincipal(X500Principal principal) { + for (TrustAnchor anchor : trustAnchorStore.getTrustAnchors()) { + if (anchor.getTrustedCert().getSubjectX500Principal().equals(principal)) { + X500Principal parentCaPrincipal = anchor.getTrustedCert().getIssuerX500Principal(); + if (parentCaPrincipal.equals(principal)) { + return null; + } else { + return parentCaPrincipal; + } + } + } + return null; + } + + X500Principal[] resolveX500PrincipalChain(X500Principal principal) { + List caSubjects = Lists.newArrayList(); + caSubjects.add(principal); + X500Principal p = principal; + + while (true) { + X500Principal parentPrincipal = resolveParentPrincipal(p); + if (isNull(parentPrincipal)) { + break; + } + caSubjects.add(parentPrincipal); + p = parentPrincipal; + } + + return caSubjects.toArray(new X500Principal[caSubjects.size()]); + } + + List resolveNamespacePolicies(X500Principal principal) { + X500Principal[] chainOfPrincipals = resolveX500PrincipalChain(principal); + return trustAnchorStore.getPmaNsStore().getPolicies(chainOfPrincipals, 0); } @SuppressWarnings("deprecation") @Override - public DnValidationResult validate(String issuerSubject, - String certificateSubject) { + public DnValidationResult validate(String issuerSubject, String certificateSubject) { Validate.notNull(issuerSubject, "issuerSubject must be non-null"); Validate.notNull(certificateSubject, "certificateSubject must be non-null"); String issuerSubjectRfc = OpensslNameUtils.opensslToRfc2253(issuerSubject); - String certificateSubjectRfc = OpensslNameUtils - .opensslToRfc2253(certificateSubject); + String certificateSubjectRfc = OpensslNameUtils.opensslToRfc2253(certificateSubject); LOG.debug("issuer rfc2253 string: {}", issuerSubjectRfc); LOG.debug("subject rfc2253 string: {}", certificateSubjectRfc); @@ -76,44 +114,41 @@ public DnValidationResult validate(String issuerSubject, subjectPrincipal = X500NameUtils.getX500Principal(certificateSubjectRfc); } catch (IOException e) { - LOG.error("Error converting subject to X500Principal: {}", e.getMessage(), - e); + LOG.error("Error converting subject to X500Principal: {}", e.getMessage(), e); throw new DnValidationError(e.getMessage(), e); } - List policies = trustAnchorStore.getPmaNsStore() - .getPolicies(new X500Principal[] { subjectPrincipal, issuerPrincipal }, - 1); + List policies = resolveNamespacePolicies(issuerPrincipal); - DnValidationResult.Builder resultBuilder = DnValidationResult.build() - .dn(subjectPrincipal) - .ca(issuerPrincipal); + DnValidationResult.Builder resultBuilder = + DnValidationResult.build().dn(subjectPrincipal).ca(issuerPrincipal); if (policies == null || policies.isEmpty()) { resultBuilder.error(ValidationError.NAMESPACE_NOT_FOUND); return resultBuilder.build(); } + DnValidationResult result = null; + for (NamespacePolicy p : policies) { if (p.isSubjectMatching(subjectPrincipal)) { LOG.debug("Found matching policy {} for subject {}. Permit: {}", - new Object[] { p.getIdentification(), subjectPrincipal, - new Boolean(p.isPermit()) }); - - return resultBuilder.policy(p) - .build(); + new Object[] {p.getIdentification(), subjectPrincipal, new Boolean(p.isPermit())}); + result = resultBuilder.policy(p).build(); } } + if (!Objects.isNull(result)) { + return result; + } + LOG.debug("No policy found for subject {}", subjectPrincipal); - return resultBuilder.error(ValidationError.NO_MATCHING_POLICY) - .build(); + return resultBuilder.error(ValidationError.NO_MATCHING_POLICY).build(); } @Override - public void loadingNotification(String location, String type, Severity level, - Exception cause) { + public void loadingNotification(String location, String type, Severity level, Exception cause) { } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/BaseAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/BaseAction.java index 4ed71e14..26036e1a 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/BaseAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/BaseAction.java @@ -40,9 +40,10 @@ import org.hibernate.Hibernate; import com.opensymphony.xwork2.ActionSupport; -import com.opensymphony.xwork2.ValidationAware; +import com.opensymphony.xwork2.interceptor.ValidationAware; -public class BaseAction extends ActionSupport implements ValidationAware, RequestAware { +public class BaseAction extends ActionSupport + implements ValidationAware, RequestAware { /** * */ diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/CreateUserAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/CreateUserAction.java index f569e1cd..256ac3f2 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/CreateUserAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/CreateUserAction.java @@ -26,7 +26,7 @@ import org.glite.security.voms.admin.persistence.model.VOMSUser; import org.glite.security.voms.admin.view.actions.BaseAction; -import com.opensymphony.xwork2.ValidationAware; +import com.opensymphony.xwork2.interceptor.ValidationAware; import com.opensymphony.xwork2.validator.annotations.RegexFieldValidator; import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator; import com.opensymphony.xwork2.validator.annotations.ValidatorType; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/ImportAupVersionsAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/ImportAupVersionsAction.java index d295ad27..4861376c 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/ImportAupVersionsAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/ImportAupVersionsAction.java @@ -1,15 +1,17 @@ /** * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.glite.security.voms.admin.view.actions.apiv2; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/SuspendUserAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/SuspendUserAction.java index 3963c8ee..f4890e78 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/SuspendUserAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/SuspendUserAction.java @@ -16,7 +16,9 @@ package org.glite.security.voms.admin.view.actions.apiv2; import java.util.Collection; +import java.util.regex.Pattern; +import org.apache.logging.log4j.util.Strings; import org.apache.struts2.convention.annotation.ParentPackage; import org.apache.struts2.convention.annotation.Result; import org.apache.struts2.convention.annotation.Results; @@ -25,14 +27,28 @@ import org.glite.security.voms.admin.persistence.model.VOMSUser.SuspensionReason; import org.glite.security.voms.admin.view.actions.BaseAction; -import com.opensymphony.xwork2.validator.annotations.RegexFieldValidator; -import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator; -import com.opensymphony.xwork2.validator.annotations.ValidatorType; - @ParentPackage("json") @Results({ @Result(name = BaseAction.SUCCESS, type = "json") }) public class SuspendUserAction extends RestUserAction { + private static final Pattern REGEX = Pattern.compile("^[^<>&;]*$"); + + @Override + public void validate() { + + // Workaround for annotation validation not working anymore + // due to OGNL not finding the right value in the OGNL stack + + if (Strings.isBlank(suspensionReason)) { + addFieldError("suspensionReason", "Please provide a reason for the suspension."); + } else { + + if (!REGEX.matcher(suspensionReason).matches()) { + addFieldError("suspensionReason", "The reason contains illegal characters."); + } + + } + } /** * */ @@ -53,13 +69,8 @@ public String execute() throws Exception { return SUCCESS; } - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please provide a reason for the suspension.") - @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The reason contains illegal characters!", - regex = "^[^<>&;]*$") - public String getSuspensionReason() { + public String getSuspensionReason() { return suspensionReason; } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UserInfoAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UserInfoAction.java index d5ed6b29..94af5419 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UserInfoAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UserInfoAction.java @@ -29,7 +29,7 @@ import com.opensymphony.xwork2.Preparable; @ParentPackage("json") -@Results({@Result(name = BaseAction.SUCCESS, type = "json", params={"root", "userInfo"}), +@Results({@Result(name = BaseAction.SUCCESS, type = "json", params={"root", "userInfo","excludeNullProperties", "true"}), @Result(name=UserInfoAction.NOT_FOUND, type="httpheader", params={"error", "404", "errorMessage", "User not found"}) }) public class UserInfoAction extends BaseAction implements Preparable { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UsersAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UsersAction.java index 34ac2e86..f66362c8 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UsersAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/apiv2/UsersAction.java @@ -31,7 +31,7 @@ import com.opensymphony.xwork2.Preparable; @ParentPackage("json") -@Results({@Result(name = BaseAction.SUCCESS, type = "json", params={"root", "result"})}) +@Results({@Result(name = BaseAction.SUCCESS, type = "json", params={"root", "result", "excludeNullProperties", "true"})}) public class UsersAction extends BaseAction implements Preparable{ /** diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/IndexAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/IndexAction.java index 2043baaf..a07a343f 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/IndexAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/audit/IndexAction.java @@ -32,7 +32,9 @@ import com.opensymphony.xwork2.ModelDriven; import com.opensymphony.xwork2.Preparable; -@Results({ @Result(name = BaseAction.SUCCESS, location = "auditLog") }) +@Results({ @Result(name = BaseAction.SUCCESS, location = "auditLog"), + @Result(name = BaseAction.INPUT, location = "auditLog") +}) public class IndexAction extends BaseAction implements ModelDriven, Preparable { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/StartAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/StartAction.java index 9fdc7f27..229ba0b3 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/StartAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/StartAction.java @@ -15,6 +15,8 @@ */ package org.glite.security.voms.admin.view.actions.register; +import java.util.Set; + import org.apache.struts2.convention.annotation.Result; import org.apache.struts2.convention.annotation.Results; import org.glite.security.voms.admin.configuration.VOMSConfiguration; @@ -40,6 +42,17 @@ public class StartAction extends RegisterActionSupport { */ private static final long serialVersionUID = 1L; + private Set requiredFields; + + public Set getRequiredFields() { + return requiredFields; + } + + @Override + public void prepare() throws Exception { + super.prepare(); + requiredFields = VOMSConfiguration.instance().getRequiredPersonalInfoFields(); + } @Override public String execute() throws Exception { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/SubmitRequestAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/SubmitRequestAction.java index 35f9daf9..b547ee6b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/SubmitRequestAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/SubmitRequestAction.java @@ -17,6 +17,7 @@ import java.util.Calendar; import java.util.Date; +import java.util.Set; import org.apache.struts2.convention.annotation.InterceptorRef; import org.apache.struts2.convention.annotation.Result; @@ -31,6 +32,7 @@ import org.glite.security.voms.admin.util.URLBuilder; import org.glite.security.voms.admin.view.actions.BaseAction; +import com.google.common.base.Strings; import com.opensymphony.xwork2.validator.annotations.EmailValidator; import com.opensymphony.xwork2.validator.annotations.RegexFieldValidator; import com.opensymphony.xwork2.validator.annotations.RequiredFieldValidator; @@ -71,6 +73,18 @@ public class SubmitRequestAction extends RegisterActionSupport { String userMessage; RequestValidationResult validationResult; + + Set requiredFields; + + public Set getRequiredFields() { + return requiredFields; + } + + @Override + public void prepare() throws Exception { + super.prepare(); + requiredFields = VOMSConfiguration.instance().getRequiredPersonalInfoFields(); + } protected void populateRequestModel() { @@ -153,8 +167,6 @@ public void setSurname(String surname) { this.surname = surname; } - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter your institution.") @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>=;]*$", message = "You entered invalid characters.") public String getInstitution() { @@ -167,8 +179,6 @@ public void setInstitution(String institution) { this.institution = institution; } - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter your address.") @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", message = "You entered invalid characters.") public String getAddress() { @@ -181,8 +191,6 @@ public void setAddress(String address) { this.address = address; } - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter your phone number.") @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", message = "You entered invalid characters.") public String getPhoneNumber() { @@ -243,4 +251,19 @@ public RequestValidationResult getValidationResult() { return validationResult; } + @Override + public void validate() { + + if (requiredFields.contains("institution") && Strings.isNullOrEmpty(institution)) { + addFieldError("institution", "Please provide a value for the institution"); + } + + if (requiredFields.contains("address") && Strings.isNullOrEmpty(address)) { + addFieldError("address", "Please provide a value for the address"); + } + + if (requiredFields.contains("phoneNumber") && Strings.isNullOrEmpty(phoneNumber)) { + addFieldError("phoneNumber", "Please provide a value for the phoneNumber"); + } + } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/HrRegisterActionSupport.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/HrRegisterActionSupport.java new file mode 100644 index 00000000..c31d09c4 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/HrRegisterActionSupport.java @@ -0,0 +1,49 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.view.actions.register.hr; + +import static java.util.Objects.isNull; + +import java.util.Map; + +import org.apache.struts2.interceptor.SessionAware; +import org.glite.security.voms.admin.persistence.model.request.RequesterInfo; +import org.glite.security.voms.admin.view.actions.register.RegisterActionSupport; + +public class HrRegisterActionSupport extends RegisterActionSupport implements SessionAware { + + private static final long serialVersionUID = 1L; + + private Map session; + + @Override + public void prepare() throws Exception { + super.prepare(); + requester = (RequesterInfo) session.get(ResolveHrIdAction.REQUESTER_INFO_KEY); + } + + @Override + public void validate() { + if (isNull(requester)) { + addActionError("Application information not found in session!"); + } + } + @Override + public void setSession(Map session) { + this.session = session; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/ResolveHrIdAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/ResolveHrIdAction.java new file mode 100644 index 00000000..43033c49 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/ResolveHrIdAction.java @@ -0,0 +1,173 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.view.actions.register.hr; + +import java.time.Instant; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import org.apache.struts2.convention.annotation.Result; +import org.apache.struts2.convention.annotation.Results; +import org.apache.struts2.interceptor.SessionAware; +import org.glite.security.voms.admin.core.VOMSServiceConstants; +import org.glite.security.voms.admin.integration.PluginManager; +import org.glite.security.voms.admin.integration.cern.HrDbApiService; +import org.glite.security.voms.admin.integration.cern.HrDbConfigurator; +import org.glite.security.voms.admin.integration.cern.HrDbError; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.operations.CurrentAdmin; +import org.glite.security.voms.admin.persistence.model.request.RequesterInfo; +import org.glite.security.voms.admin.view.actions.BaseAction; + +import com.google.common.collect.Lists; +import com.opensymphony.xwork2.ModelDriven; +import com.opensymphony.xwork2.Preparable; + +@Results({ + + @Result(name = BaseAction.SUCCESS, location = "searchResults.jsp"), + @Result(name = BaseAction.INPUT, location = "searchResults.jsp") + +}) +public class ResolveHrIdAction extends BaseAction + implements ModelDriven>, Preparable, SessionAware { + + public static final String VO_PERSON_KEY = "__voms.voPerson"; + public static final String REQUESTER_INFO_KEY = "__voms.requesterInfo"; + + + /** + * + */ + private static final long serialVersionUID = 1L; + + RequesterInfo requester; + + String emailAddress; + + List searchResults; + + String experimentName; + + Instant now; + + Map session; + + protected RequesterInfo requesterInfoFromCurrentAdmin() { + + RequesterInfo i = new RequesterInfo(); + CurrentAdmin admin = CurrentAdmin.instance(); + + i.setCertificateSubject(admin.getRealSubject()); + i.setCertificateIssuer(admin.getRealIssuer()); + i.setEmailAddress(admin.getRealEmailAddress()); + + return i; + + } + + public void prepare() throws Exception { + requester = requesterInfoFromCurrentAdmin(); + } + + public RequesterInfo getRequester() { + return requester; + } + + public void setRequester(RequesterInfo requester) { + this.requester = requester; + } + + public String getEmailAddress() { + return emailAddress; + } + + public void setEmailAddress(String emailAddress) { + this.emailAddress = emailAddress; + } + + public List getSearchResults() { + return searchResults; + } + + @Override + public String execute() throws Exception { + + searchResults = Lists.newArrayList(); + HrDbConfigurator hrPlugin = (HrDbConfigurator) PluginManager.instance() + .getConfiguredPlugin(HrDbConfigurator.class.getName()); + + experimentName = hrPlugin.getHrConfig().getExperimentName(); + now = Instant.now(); + + HrDbApiService apiService = hrPlugin.getApiService(); + try { + if (apiService.hasValidExperimentParticipationByEmail(emailAddress)) { + Optional voPerson = apiService.getVoPersonRecordByEmail(emailAddress); + + // Can't use functional approach otherwise old struts bytecode gets confused?? + if (voPerson.isPresent()) { + + VOPersonDTO p = voPerson.get(); + session.put(VO_PERSON_KEY, p); + searchResults.add(p); + requester.setName(p.getFirstName()); + requester.setSurname(p.getName()); + requester.setEmailAddress(emailAddress); + Optional pp = + p.findValidParticipationForExperiment(now, experimentName); + if (pp.isPresent()) { + requester.setInstitution(pp.get().getInstitute().getName()); + } else { + requester.setInstitution("N/A"); + } + + requester.addInfo(VOMSServiceConstants.ORGDB_ID_KEY, p.getId().toString()); + + session.put(REQUESTER_INFO_KEY, requester); + } + } else { + + addActionError( + String.format("No valid participation found for email '%s' in experiment '%s'", + emailAddress, hrPlugin.getHrConfig().getExperimentName())); + } + } catch (HrDbError e) { + addActionError(e.getMessage()); + } + return SUCCESS; + } + + @Override + public List getModel() { + return searchResults; + } + + public String getExperimentName() { + return experimentName; + } + + public Instant getNow() { + return now; + } + + @Override + public void setSession(Map session) { + this.session = session; + } +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/StartAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/StartAction.java new file mode 100644 index 00000000..677eeb56 --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/StartAction.java @@ -0,0 +1,35 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.view.actions.register.hr; + +import org.apache.struts2.convention.annotation.Result; +import org.apache.struts2.convention.annotation.Results; +import org.glite.security.voms.admin.view.actions.BaseAction; + +@Results({ @Result(name = BaseAction.SUCCESS, location = "hrRegister") }) +public class StartAction extends HrRegisterActionSupport{ + + /** + * + */ + private static final long serialVersionUID = 1L; + + @Override + public String execute() throws Exception { + return SUCCESS; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/SubmitRequestAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/SubmitRequestAction.java new file mode 100644 index 00000000..f1c3c31e --- /dev/null +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/hr/SubmitRequestAction.java @@ -0,0 +1,281 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glite.security.voms.admin.view.actions.register.hr; + +import java.util.Calendar; +import java.util.Date; + +import org.apache.struts2.convention.annotation.InterceptorRef; +import org.apache.struts2.convention.annotation.Result; +import org.apache.struts2.convention.annotation.Results; +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.core.validation.RequestValidationResult; +import org.glite.security.voms.admin.core.validation.RequestValidationResult.Outcome; +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.event.EventManager; +import org.glite.security.voms.admin.event.request.VOMembershipRequestSubmittedEvent; +import org.glite.security.voms.admin.persistence.dao.generic.DAOFactory; +import org.glite.security.voms.admin.util.URLBuilder; +import org.glite.security.voms.admin.view.actions.BaseAction; +import org.glite.security.voms.admin.view.actions.register.RegisterActionSupport; + +import com.opensymphony.xwork2.validator.annotations.EmailValidator; +import com.opensymphony.xwork2.validator.annotations.RegexFieldValidator; +import com.opensymphony.xwork2.validator.annotations.RequiredFieldValidator; +import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator; +import com.opensymphony.xwork2.validator.annotations.ValidatorType; + +@Results({ + @Result(name = BaseAction.INPUT, location = "hrRegister"), + @Result(name = BaseAction.SUCCESS, location = "registerConfirmation"), + @Result(name = RegisterActionSupport.CONFIRMATION_NEEDED, + location = "registerConfirmation"), + @Result(name = RegisterActionSupport.REGISTRATION_DISABLED, + location = "registrationDisabled"), + @Result(name = RegisterActionSupport.PLUGIN_VALIDATION_ERROR, + location = "pluginValidationError") }) +@InterceptorRef(value = "authenticatedStack", params = { + "token.includeMethods", "execute" }) +public class SubmitRequestAction extends HrRegisterActionSupport { + + /** + * + */ + private static final long serialVersionUID = 1L; + + String name; + String surname; + + String institution; + String address; + + String phoneNumber; + + String emailAddress; + + String aupAccepted; + + String userMessage; + + RequestValidationResult validationResult; + + protected void populateRequestModel() { + + long requestLifetime = VOMSConfiguration.instance().getLong( + "voms.request.vo_membership.lifetime", 300); + + Date expirationDate = getFutureDate(new Date(), Calendar.SECOND, + (int) requestLifetime); + + requester.setName(name); + requester.setSurname(surname); + requester.setInstitution(institution); + requester.setAddress(address); + requester.setPhoneNumber(phoneNumber); + requester.setEmailAddress(emailAddress); + + request = DAOFactory.instance().getRequestDAO() + .createVOMembershipRequest(requester, expirationDate); + + request.setUserMessage(userMessage); + + } + + @Override + public String execute() throws Exception { + + if (!registrationEnabled()) + return REGISTRATION_DISABLED; + + String result = checkExistingPendingRequests(); + + if (result != null) { + return result; + } + + populateRequestModel(); + + // External plugin validation + validationResult = ValidationManager.instance().validateRequest(request); + if (!validationResult.getOutcome().equals(Outcome.SUCCESS)) { + + DAOFactory.instance().getRequestDAO().makeTransient(request); + addActionError(validationResult.getMessage()); + return PLUGIN_VALIDATION_ERROR; + } + + EventManager.instance().dispatch( + new VOMembershipRequestSubmittedEvent(request, URLBuilder + .buildRequestConfirmURL(getModel()), URLBuilder + .buildRequestCancelURL(getModel()))); + + return SUCCESS; + } + + /** + * @return the name + */ + public String getName() { + + return name; + } + + /** + * @param name + * the name to set + */ + public void setName(String name) { + + this.name = name; + } + + /** + * @return the surname + */ + public String getSurname() { + + return surname; + } + + /** + * @param surname + * the surname to set + */ + public void setSurname(String surname) { + + this.surname = surname; + } + + /** + * @return the institution + */ + @RequiredStringValidator(type = ValidatorType.FIELD, + message = "Please enter your institution.") + public String getInstitution() { + + return institution; + } + + /** + * @param institution + * the institution to set + */ + public void setInstitution(String institution) { + + this.institution = institution; + } + + /** + * @return the address + */ + @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", + message = "You entered invalid characters.") + public String getAddress() { + + return address; + } + + /** + * @param address + * the address to set + */ + public void setAddress(String address) { + + this.address = address; + } + + /** + * @return the phoneNumber + */ + @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", + message = "You entered invalid characters.") + public String getPhoneNumber() { + + return phoneNumber; + } + + /** + * @param phoneNumber + * the phoneNumber to set + */ + public void setPhoneNumber(String phoneNumber) { + + this.phoneNumber = phoneNumber; + } + + /** + * @return the emailAddress + */ + @RequiredStringValidator(type = ValidatorType.FIELD, + message = "Please enter your email address.") + @EmailValidator(type = ValidatorType.FIELD, + message = "Please enter a valid email address.") + public String getEmailAddress() { + + return emailAddress; + } + + /** + * @param emailAddress + * the emailAddress to set + */ + public void setEmailAddress(String emailAddress) { + + this.emailAddress = emailAddress; + } + + /** + * @return the aupAccepted + */ + @RequiredFieldValidator(type = ValidatorType.FIELD, + message = "You must sign the AUP.") + @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^true$", + message = "You must accept the terms of the AUP to proceed") + public String getAupAccepted() { + + return aupAccepted; + } + + /** + * @param aupAccepted + * the aupAccepted to set + */ + public void setAupAccepted(String aupAccepted) { + + this.aupAccepted = aupAccepted; + } + + @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", + message = "You entered invalid characters.") + public String getUserMessage() { + + return userMessage; + } + + public void setUserMessage(String userMessage) { + + this.userMessage = userMessage; + } + + /** + * @return the validationResult + */ + public RequestValidationResult getValidationResult() { + + return validationResult; + } + +} diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/orgdb/SubmitRequestAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/orgdb/SubmitRequestAction.java index bbd12939..e0c39d9d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/orgdb/SubmitRequestAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/register/orgdb/SubmitRequestAction.java @@ -180,8 +180,6 @@ public void setInstitution(String institution) { /** * @return the address */ - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter your address.") @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", message = "You entered invalid characters.") public String getAddress() { @@ -201,8 +199,6 @@ public void setAddress(String address) { /** * @return the phoneNumber */ - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter your phoneNumber.") @RegexFieldValidator(type = ValidatorType.FIELD, regex = "^[^<>&=;]*$", message = "You entered invalid characters.") public String getPhoneNumber() { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/HomeAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/HomeAction.java index 0b7869eb..d3c45f84 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/HomeAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/HomeAction.java @@ -33,6 +33,8 @@ public class HomeAction extends UserActionSupport { @Override public void prepare() throws Exception { + super.prepare(); + if (CurrentAdmin.instance() .getVoUser() == null) { addActionError( diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/SavePersonalInformationAction.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/SavePersonalInformationAction.java index 960f301d..5cee5169 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/SavePersonalInformationAction.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/SavePersonalInformationAction.java @@ -26,27 +26,26 @@ import org.glite.security.voms.admin.configuration.VOMSConfiguration; import org.glite.security.voms.admin.error.IllegalStateException; import org.glite.security.voms.admin.integration.PluginManager; +import org.glite.security.voms.admin.integration.cern.HrDbConfigurator; import org.glite.security.voms.admin.integration.orgdb.OrgDBConfigurator; import org.glite.security.voms.admin.integration.orgdb.strategies.OrgDBEmailValidationResult; import org.glite.security.voms.admin.operations.users.SaveUserPersonalInfoOperation; +import com.google.common.base.Strings; import com.opensymphony.xwork2.validator.annotations.EmailValidator; import com.opensymphony.xwork2.validator.annotations.RegexFieldValidator; import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator; import com.opensymphony.xwork2.validator.annotations.ValidatorType; -@Results({ - @Result(name = UserActionSupport.SUCCESS, location = "personalInfo.jsp"), - @Result(name = UserActionSupport.INPUT, location = "personalInfo.jsp"), - @Result(name = TokenInterceptor.INVALID_TOKEN_CODE, - location = "personalInfo.jsp") }) -@InterceptorRef(value = "authenticatedStack", params = { - "token.includeMethods", "execute" }) +@Results({@Result(name = UserActionSupport.SUCCESS, location = "personalInfo.jsp"), + @Result(name = UserActionSupport.INPUT, location = "personalInfo.jsp"), + @Result(name = TokenInterceptor.INVALID_TOKEN_CODE, location = "personalInfo.jsp")}) +@InterceptorRef(value = "authenticatedStack", params = {"token.includeMethods", "execute"}) public class SavePersonalInformationAction extends UserActionSupport { /** - * - */ + * + */ private static final long serialVersionUID = 1L; String theName; @@ -56,45 +55,65 @@ public class SavePersonalInformationAction extends UserActionSupport { String thePhoneNumber; String theEmailAddress; - private static final String[] ORGDB_VALIDATED_FIELDS = { - "theAddress", - "thePhoneNumber" - }; + private static final String[] ORGDB_VALIDATED_FIELDS = {"theAddress", "thePhoneNumber"}; + + private boolean isHrPluginEnabled() { + return VOMSConfiguration.instance() + .getRegistrationType() + .equals(HrDbConfigurator.HR_DB_REGISTRATION_TYPE); + } private boolean isOrgDBPluginEnabled() { - return VOMSConfiguration.instance().getRegistrationType() + return VOMSConfiguration.instance() + .getRegistrationType() .equals(OrgDBConfigurator.ORGDB_REGISTRATION_TYPE); } - + + protected void validateRequiredFields() { + + if (requiredFields.contains("institution") && Strings.isNullOrEmpty(theInstitution)) { + addFieldError("theInstitution", "Please provide a value for the institution"); + } + + if (requiredFields.contains("address") && Strings.isNullOrEmpty(theAddress)) { + addFieldError("theAddress", "Please provide a value for the address"); + } + + if (requiredFields.contains("phoneNumber") && Strings.isNullOrEmpty(thePhoneNumber)) { + addFieldError("thePhoneNumber", "Please provide a value for the phoneNumber"); + } + } @Override public void validate() { // Run default checks before orgdb checks super.validate(); - - if (hasFieldErrors()){ - - if (!isOrgDBPluginEnabled()){ + + validateRequiredFields(); + + if (hasFieldErrors()) { + + if (!isOrgDBPluginEnabled()) { return; } - + Map> fieldErrors = getFieldErrors(); - + clearFieldErrors(); - + // Retain only errors in the given fields fieldErrors.keySet().retainAll(Arrays.asList(ORGDB_VALIDATED_FIELDS)); - + // Add those errors back to the set of field errors - for (Map.Entry> e: fieldErrors.entrySet()){ - for (String msg: e.getValue()){ + for (Map.Entry> e : fieldErrors.entrySet()) { + for (String msg : e.getValue()) { addFieldError(e.getKey(), msg); } } - - if (hasFieldErrors()){ + + if (hasFieldErrors()) { return; } } @@ -104,12 +123,12 @@ public void validate() { OrgDBConfigurator conf = (OrgDBConfigurator) PluginManager.instance() .getConfiguredPlugin(OrgDBConfigurator.class.getName()); - if (conf == null) - throw new IllegalStateException( - "OrgDB plugin configured but configurator is null!"); + if (conf == null) { + throw new IllegalStateException("OrgDB plugin configured but configurator is null!"); + } - OrgDBEmailValidationResult validationResult = conf.getEmailValidator() - .validateEmailAddress(getModel(), getTheEmailAddress()); + OrgDBEmailValidationResult validationResult = + conf.getEmailValidator().validateEmailAddress(getModel(), getTheEmailAddress()); if (!validationResult.isValid()) { addActionError(validationResult.getValidationError()); @@ -120,9 +139,8 @@ public void validate() { @Override public String execute() throws Exception { - SaveUserPersonalInfoOperation op = new SaveUserPersonalInfoOperation( - getModel(), theName, theSurname, theInstitution, theAddress, - thePhoneNumber, theEmailAddress); + SaveUserPersonalInfoOperation op = new SaveUserPersonalInfoOperation(getModel(), theName, + theSurname, theInstitution, theAddress, thePhoneNumber, theEmailAddress); op.setAuthorizedUser(getModel()); @@ -132,9 +150,9 @@ public String execute() throws Exception { return SUCCESS; } + @RequiredStringValidator(type = ValidatorType.FIELD, message = "Please provide a value.") @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The name field contains illegal characters!", - regex = "^[^<>&=;]*$") + message = "The name field contains illegal characters!", regex = "^[^<>&=;]*$") public String getTheName() { return theName; @@ -145,9 +163,9 @@ public void setTheName(String theName) { this.theName = theName; } + @RequiredStringValidator(type = ValidatorType.FIELD, message = "Please provide a value.") @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The surname field contains illegal characters!", - regex = "^[^<>&=;]*$") + message = "The surname field contains illegal characters!", regex = "^[^<>&=;]*$") public String getTheSurname() { return theSurname; @@ -159,8 +177,7 @@ public void setTheSurname(String theSurname) { } @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The institution field contains illegal characters!", - regex = "^[^<>=;]*$") + message = "The institution field contains illegal characters!", regex = "^[^<>=;]*$") public String getTheInstitution() { return theInstitution; @@ -172,8 +189,7 @@ public void setTheInstitution(String theInstitution) { } @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The address field contains illegal characters!", - regex = "^[^<>&=;]*$") + message = "The address field contains illegal characters!", regex = "^[^<>&=;]*$") public String getTheAddress() { return theAddress; @@ -185,8 +201,7 @@ public void setTheAddress(String theAddress) { } @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The phoneNumber field contains illegal characters!", - regex = "^[^<>&=;]*$") + message = "The phoneNumber field contains illegal characters!", regex = "^[^<>&=;]*$") public String getThePhoneNumber() { return thePhoneNumber; @@ -197,13 +212,10 @@ public void setThePhoneNumber(String thePhoneNumber) { this.thePhoneNumber = thePhoneNumber; } - @RequiredStringValidator(type = ValidatorType.FIELD, - message = "Please enter an email address.") - @EmailValidator(type = ValidatorType.FIELD, - message = "Please enter a valid email address.") + @RequiredStringValidator(type = ValidatorType.FIELD, message = "Please enter an email address.") + @EmailValidator(type = ValidatorType.FIELD, message = "Please enter a valid email address.") @RegexFieldValidator(type = ValidatorType.FIELD, - message = "The email field name contains illegal characters!", - regex = "^[^<>&=;]*$") + message = "The email field name contains illegal characters!", regex = "^[^<>&=;]*$") public String getTheEmailAddress() { return theEmailAddress; diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/UserActionSupport.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/UserActionSupport.java index d5105e00..e8a5349b 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/UserActionSupport.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/actions/user/UserActionSupport.java @@ -17,8 +17,10 @@ import java.util.List; import java.util.Map; +import java.util.Set; import org.apache.struts2.interceptor.SessionAware; +import org.glite.security.voms.admin.configuration.VOMSConfiguration; import org.glite.security.voms.admin.persistence.dao.generic.DAOFactory; import org.glite.security.voms.admin.persistence.dao.generic.RequestDAO; import org.glite.security.voms.admin.persistence.model.AUP; @@ -62,6 +64,8 @@ public class UserActionSupport extends BaseAction implements protected List pendingMembershipRemovalRequests; protected Map theSession; + + protected Set requiredFields; public VOMSUser getModel() { @@ -88,7 +92,8 @@ public void prepare() throws Exception { if (getModel() != null){ refreshPendingRequests(); } - + + requiredFields = VOMSConfiguration.instance().getRequiredPersonalInfoFields(); } public Long getUserId() { @@ -165,4 +170,8 @@ public boolean hasValidAUPAcceptanceRecord() { .getValid() == true); } + + public Set getRequiredFields() { + return requiredFields; + } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/AuthzExceptionInterceptor.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/AuthzExceptionInterceptor.java index 6c5089e1..5d2e48ad 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/AuthzExceptionInterceptor.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/AuthzExceptionInterceptor.java @@ -15,15 +15,15 @@ */ package org.glite.security.voms.admin.view.interceptors; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.glite.security.voms.admin.error.VOMSAuthorizationException; import org.glite.security.voms.admin.view.actions.AuthorizationErrorAware; import org.glite.security.voms.admin.view.actions.BaseAction; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import com.opensymphony.xwork2.ActionInvocation; -import com.opensymphony.xwork2.ValidationAware; import com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor; +import com.opensymphony.xwork2.interceptor.ValidationAware; public class AuthzExceptionInterceptor extends ExceptionMappingInterceptor { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONExceptionReportInterceptor.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONExceptionReportInterceptor.java index c7722721..543c4696 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONExceptionReportInterceptor.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONExceptionReportInterceptor.java @@ -18,7 +18,8 @@ import org.glite.security.voms.admin.error.VOMSAuthorizationException; import com.opensymphony.xwork2.ActionInvocation; -import com.opensymphony.xwork2.ValidationAware; +import com.opensymphony.xwork2.interceptor.ValidationAware; + public class JSONExceptionReportInterceptor extends JSONValidationReportInterceptor { diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONValidationReportInterceptor.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONValidationReportInterceptor.java index 11ec4f41..65b38209 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONValidationReportInterceptor.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/interceptors/JSONValidationReportInterceptor.java @@ -22,28 +22,30 @@ import javax.servlet.http.HttpServletResponse; import org.apache.struts2.ServletActionContext; +import org.apache.struts2.json.DefaultJSONWriter; import org.apache.struts2.json.JSONException; -import org.apache.struts2.json.JSONUtil; +import org.apache.struts2.json.JSONWriter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionInvocation; -import com.opensymphony.xwork2.ValidationAware; import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor; +import com.opensymphony.xwork2.interceptor.ValidationAware; public class JSONValidationReportInterceptor extends MethodFilterInterceptor { - public static final Logger log = LoggerFactory - .getLogger(JSONValidationReportInterceptor.class); + public static final Logger log = LoggerFactory.getLogger(JSONValidationReportInterceptor.class); /** - * - */ + * + */ private static final long serialVersionUID = 1L; private int validationFailedStatus = -1; + private final JSONWriter jsonWriter = new DefaultJSONWriter(); + /** * HTTP status that will be set in the response if validation fails * @@ -73,7 +75,7 @@ protected String doIntercept(ActionInvocation invocation) throws Exception { } protected boolean hasValidationErrors(ActionInvocation invocation) - throws IOException, JSONException { + throws IOException, JSONException { Object action = invocation.getAction(); if (action instanceof ValidationAware) { @@ -86,35 +88,35 @@ protected boolean hasValidationErrors(ActionInvocation invocation) } protected String generateJSON(ValidationAware validationAware, Throwable t) - throws IOException, JSONException { + throws IOException, JSONException { return generateJSON(validationAware, t, -1); } - + protected String generateJSON(ValidationAware validationAware, Throwable t, int statusCode) - throws IOException, JSONException { + throws IOException, JSONException { HttpServletResponse response = ServletActionContext.getResponse(); - + response.setContentType("application/json"); - - if (statusCode > 0){ - - response.sendError(statusCode, t.getMessage()); - + + if (statusCode > 0) { + + response.sendError(statusCode, t.getMessage()); + } else { if (validationFailedStatus >= 0) { response.setStatus(validationFailedStatus); } String responseContent = buildResponse(validationAware, t); - + response.getWriter().print(responseContent); - } - + } + return Action.NONE; } protected String buildResponse(ValidationAware validationAware, Throwable t) - throws JSONException { + throws JSONException { Map errors = new HashMap(); @@ -132,7 +134,8 @@ protected String buildResponse(ValidationAware validationAware, Throwable t) if (validationAware.hasActionMessages()) errors.put("messages", validationAware.getActionMessages()); - return JSONUtil.serialize(errors); + + return jsonWriter.write(errors); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/AddEntryPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/AddEntryPreparer.java index 3485a935..85d42c2e 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/AddEntryPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/AddEntryPreparer.java @@ -16,11 +16,11 @@ package org.glite.security.voms.admin.view.preparers.acl; import java.util.List; +import java.util.Map; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.operations.groups.ListGroupsOperation; import org.glite.security.voms.admin.operations.roles.ListRolesOperation; import org.glite.security.voms.admin.operations.users.ListUsersOperation; @@ -31,26 +31,23 @@ import org.glite.security.voms.admin.persistence.model.VOMSRole; import org.glite.security.voms.admin.persistence.model.VOMSUser; -public class AddEntryPreparer extends ViewPreparerSupport { +public class AddEntryPreparer implements ViewPreparer { + @SuppressWarnings("unchecked") @Override - public void execute(TilesRequestContext tilesContext, - AttributeContext attributeContext) throws PreparerException { + public void execute(Request request, AttributeContext attributeContext) { - List groups = (List) ListGroupsOperation.instance() - .execute(); - List roles = (List) ListRolesOperation.instance() - .execute(); - List users = (List) ListUsersOperation.instance() - .execute(); + List groups = (List) ListGroupsOperation.instance().execute(); + List roles = (List) ListRolesOperation.instance().execute(); + List users = (List) ListUsersOperation.instance().execute(); List cas = (List) VOMSCADAO.instance().getValid(); - tilesContext.getRequestScope().put("voCertificates", - CertificateDAO.instance().getAll()); - tilesContext.getRequestScope().put("voUsers", users); - tilesContext.getRequestScope().put("voGroups", groups); - tilesContext.getRequestScope().put("voRoles", roles); - tilesContext.getRequestScope().put("voCAs", cas); + Map context = request.getContext(Request.REQUEST_SCOPE); + context.put("voCertificates", CertificateDAO.instance().getAll()); + context.put("voUsers", users); + context.put("voGroups", groups); + context.put("voRoles", roles); + context.put("voCAs", cas); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/ManagePreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/ManagePreparer.java index 61337035..42ae0639 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/ManagePreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/acl/ManagePreparer.java @@ -15,24 +15,25 @@ */ package org.glite.security.voms.admin.view.preparers.acl; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.Collections; import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.error.VOMSAuthorizationException; import org.glite.security.voms.admin.operations.groups.ListGroupsOperation; import org.glite.security.voms.admin.operations.roles.ListRolesOperation; import org.glite.security.voms.admin.persistence.model.VOMSGroup; import org.glite.security.voms.admin.persistence.model.VOMSRole; -public class ManagePreparer extends ViewPreparerSupport { +public class ManagePreparer implements ViewPreparer { + @SuppressWarnings("unchecked") @Override - public void execute(TilesRequestContext tilesContext, - AttributeContext attributeContext) throws PreparerException { + public void execute(Request tilesContext, AttributeContext attributeContext) { List groups = Collections.EMPTY_LIST; List roles = Collections.EMPTY_LIST; @@ -47,8 +48,7 @@ public void execute(TilesRequestContext tilesContext, // swallow authorization exception } - tilesContext.getRequestScope().put("voGroups", groups); - tilesContext.getRequestScope().put("voRoles", roles); - + tilesContext.getContext(REQUEST_SCOPE).put("voGroups", groups); + tilesContext.getContext(REQUEST_SCOPE).put("voRoles", roles); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/attribute/ListAttributeClassesPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/attribute/ListAttributeClassesPreparer.java index 2751a3ac..e7f08180 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/attribute/ListAttributeClassesPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/attribute/ListAttributeClassesPreparer.java @@ -15,25 +15,26 @@ */ package org.glite.security.voms.admin.view.preparers.attribute; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.operations.attributes.ListAttributeDescriptionsOperation; import org.glite.security.voms.admin.persistence.model.attribute.VOMSAttributeDescription; -public class ListAttributeClassesPreparer extends ViewPreparerSupport { +public class ListAttributeClassesPreparer implements ViewPreparer { @Override - public void execute(TilesRequestContext tilesContext, - AttributeContext attributeContext) throws PreparerException { + public void execute(Request request, AttributeContext attributeContext) { - List attributeClasses = (List) ListAttributeDescriptionsOperation - .instance().execute(); + @SuppressWarnings("unchecked") + List attributeClasses = + (List) ListAttributeDescriptionsOperation.instance().execute(); - tilesContext.getRequestScope().put("attributeClasses", attributeClasses); + request.getContext(REQUEST_SCOPE).put("attributeClasses", attributeClasses); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/group/ListGroupPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/group/ListGroupPreparer.java index b28d2d8f..e3565dcb 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/group/ListGroupPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/group/ListGroupPreparer.java @@ -15,25 +15,24 @@ */ package org.glite.security.voms.admin.view.preparers.group; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.operations.groups.ListGroupsOperation; import org.glite.security.voms.admin.persistence.model.VOMSGroup; -public class ListGroupPreparer extends ViewPreparerSupport { - - public void execute(TilesRequestContext requestContext, - AttributeContext attributeContext) throws PreparerException { +public class ListGroupPreparer implements ViewPreparer { + @Override + public void execute(Request tilesContext, AttributeContext attributeContext) { @SuppressWarnings("unchecked") - List groups = (List) ListGroupsOperation.instance() - .execute(); + List groups = (List) ListGroupsOperation.instance().execute(); - requestContext.getRequestScope().put("voGroups", groups); + tilesContext.getContext(REQUEST_SCOPE).put("voGroups", groups); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/register/SelectManagerViewPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/register/SelectManagerViewPreparer.java index 020deca3..f2999a9a 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/register/SelectManagerViewPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/register/SelectManagerViewPreparer.java @@ -18,23 +18,17 @@ import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.persistence.dao.generic.DAOFactory; import org.glite.security.voms.admin.persistence.model.GroupManager; -public class SelectManagerViewPreparer extends ViewPreparerSupport { +public class SelectManagerViewPreparer implements ViewPreparer { @Override - public void execute(TilesRequestContext tilesContext, - AttributeContext attributeContext) throws PreparerException { - - List managers = DAOFactory.instance().getGroupManagerDAO() - .findAll(); - - tilesContext.getRequestScope().put("groupManagers", managers); - + public void execute(Request tilesContext, AttributeContext attributeContext) { + List managers = DAOFactory.instance().getGroupManagerDAO().findAll(); + tilesContext.getContext(Request.REQUEST_SCOPE).put("groupManagers", managers); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/role/RoleDetailPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/role/RoleDetailPreparer.java index c4561405..b55e8fd4 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/role/RoleDetailPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/role/RoleDetailPreparer.java @@ -15,24 +15,28 @@ */ package org.glite.security.voms.admin.view.preparers.role; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.operations.groups.ListGroupsOperation; import org.glite.security.voms.admin.persistence.model.VOMSGroup; -public class RoleDetailPreparer extends ViewPreparerSupport { +public class RoleDetailPreparer implements ViewPreparer { @Override - public void execute(TilesRequestContext tilesContext, + public void execute(Request tilesContext, AttributeContext attributeContext) throws PreparerException { + @SuppressWarnings("unchecked") List groups = (List) ListGroupsOperation.instance() .execute(); - tilesContext.getRequestScope().put("voGroups", groups); + + tilesContext.getContext(REQUEST_SCOPE).put("voGroups", groups); } } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/AddCertificatePreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/AddCertificatePreparer.java index f7964e32..8cea8fbc 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/AddCertificatePreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/AddCertificatePreparer.java @@ -15,23 +15,23 @@ */ package org.glite.security.voms.admin.view.preparers.user; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; -import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.persistence.dao.VOMSCADAO; import org.glite.security.voms.admin.persistence.model.VOMSCA; -public class AddCertificatePreparer extends ViewPreparerSupport { +public class AddCertificatePreparer implements ViewPreparer { @Override - public void execute(TilesRequestContext tilesContext, - AttributeContext attributeContext) throws PreparerException { + public void execute(Request request, AttributeContext attributeContext) { List trustedCas = VOMSCADAO.instance().getValid(); - tilesContext.getRequestScope().put("trustedCas", trustedCas); + request.getContext(REQUEST_SCOPE).put("trustedCas", trustedCas); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/ListUsersPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/ListUsersPreparer.java index 538aac64..deb78a0d 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/ListUsersPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/ListUsersPreparer.java @@ -18,24 +18,23 @@ import java.util.Collections; import java.util.List; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; import org.apache.tiles.preparer.PreparerException; import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.error.VOMSAuthorizationException; import org.glite.security.voms.admin.operations.groups.ListGroupsOperation; import org.glite.security.voms.admin.operations.roles.ListRolesOperation; import org.glite.security.voms.admin.persistence.model.VOMSGroup; import org.glite.security.voms.admin.persistence.model.VOMSRole; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class ListUsersPreparer implements ViewPreparer { private static Logger log = LoggerFactory.getLogger(ListUsersPreparer.class); - public void execute(TilesRequestContext context, - AttributeContext attributeContext) throws PreparerException { + public void execute(Request request, AttributeContext attributeContext) throws PreparerException { List groups; List roles; @@ -55,8 +54,8 @@ public void execute(TilesRequestContext context, roles = Collections.EMPTY_LIST; } - context.getRequestScope().put("voGroups", groups); - context.getRequestScope().put("voRoles", roles); + request.getContext(Request.REQUEST_SCOPE).put("voGroups", groups); + request.getContext(Request.REQUEST_SCOPE).put("voRoles", roles); } diff --git a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/UserDetailPreparer.java b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/UserDetailPreparer.java index a07a1b4c..2ed4d94a 100644 --- a/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/UserDetailPreparer.java +++ b/voms-admin-server/src/main/java/org/glite/security/voms/admin/view/preparers/user/UserDetailPreparer.java @@ -15,24 +15,27 @@ */ package org.glite.security.voms.admin.view.preparers.user; +import static org.apache.tiles.request.Request.REQUEST_SCOPE; + import java.util.List; import org.apache.tiles.AttributeContext; -import org.apache.tiles.context.TilesRequestContext; import org.apache.tiles.preparer.PreparerException; -import org.apache.tiles.preparer.ViewPreparerSupport; +import org.apache.tiles.preparer.ViewPreparer; +import org.apache.tiles.request.Request; import org.glite.security.voms.admin.persistence.dao.VOMSAttributeDAO; import org.glite.security.voms.admin.persistence.model.attribute.VOMSAttributeDescription; -public class UserDetailPreparer extends ViewPreparerSupport { +public class UserDetailPreparer implements ViewPreparer { - public void execute(TilesRequestContext context, + public void execute(Request context, AttributeContext attributeContext) throws PreparerException { + @SuppressWarnings("unchecked") List attributeClasses = VOMSAttributeDAO .instance().getAllAttributeDescriptions(); - context.getRequestScope().put("attributeClasses", attributeClasses); + context.getContext(REQUEST_SCOPE).put("attributeClasses", attributeClasses); } diff --git a/voms-admin-server/src/main/resources/org/glite/security/voms/admin/view/actions/audit/AuditLogSearchParams-conversion.properties b/voms-admin-server/src/main/resources/org/glite/security/voms/admin/view/actions/audit/AuditLogSearchParams-conversion.properties new file mode 100644 index 00000000..860207df --- /dev/null +++ b/voms-admin-server/src/main/resources/org/glite/security/voms/admin/view/actions/audit/AuditLogSearchParams-conversion.properties @@ -0,0 +1,18 @@ +# +# Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +fromTime=org.glite.security.voms.admin.view.util.FixedLocaleDateTypeConverter +toTime=org.glite.security.voms.admin.view.util.FixedLocaleDateTypeConverter diff --git a/voms-admin-server/src/main/resources/rebel.xml b/voms-admin-server/src/main/resources/rebel.xml deleted file mode 100644 index 3b65d812..00000000 --- a/voms-admin-server/src/main/resources/rebel.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/voms-admin-server/src/main/resources/templates/ExpiredMembersWarning.vm b/voms-admin-server/src/main/resources/templates/ExpiredMembersWarning.vm index eeab0443..5df31802 100644 --- a/voms-admin-server/src/main/resources/templates/ExpiredMembersWarning.vm +++ b/voms-admin-server/src/main/resources/templates/ExpiredMembersWarning.vm @@ -19,9 +19,11 @@ this mail is to inform you that membership in VO $voName for the following users #foreach ( $member in $expiredMembers) -$member.shortName membership has expired since $member.daysSinceExpiration days.#if ($member.suspended) The user membership is currently suspended.#else -The user is still active can get VOMS attributes as usual. - +$member.shortName membership has expired since $member.daysSinceExpiration days. +#if ($member.suspended) +$member.shortName membership is currently suspended. +#else +$member.shortName is still active and can get VOMS attributes as usual. #end #end diff --git a/voms-admin-server/src/main/resources/templates/MembershipExpirationWarning.vm b/voms-admin-server/src/main/resources/templates/MembershipExpirationWarning.vm index 8270b342..81ad539e 100644 --- a/voms-admin-server/src/main/resources/templates/MembershipExpirationWarning.vm +++ b/voms-admin-server/src/main/resources/templates/MembershipExpirationWarning.vm @@ -19,7 +19,9 @@ this mail is to inform you that membership in VO $voName for the following users TO EXPIRE: #foreach ( $user in $expiringUsers) -#if ($user.daysBeforeEndTime > 0) +#if ($user.daysBeforeEndTime == 0) +$user.shortName membership will expire in the next 24 hours +#elseif ($user.daysBeforeEndTime > 0) $user.shortName membership will expire in $user.daysBeforeEndTime days. #end #end diff --git a/voms-admin-server/src/main/webapp/WEB-INF/classes/struts.xml b/voms-admin-server/src/main/webapp/WEB-INF/classes/struts.xml index 8b1b8d5e..171e96fe 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/classes/struts.xml +++ b/voms-admin-server/src/main/webapp/WEB-INF/classes/struts.xml @@ -17,8 +17,8 @@ --> + "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN" + "http://struts.apache.org/dtds/struts-2.5.dtd"> - -
- Certificates listed below are suspended due to membership suspension: -
-
-
    - - -
  1. - - -
    suspended-cert"> - - -
    -
    suspended-cert"> - - -
    -
  2. -
    -
- - - - - - - - - more info - - - - - - + + + + + + + + + + more info + + + +
@@ -152,8 +83,7 @@ - + linkStyleClass="navBarLink" id="searchResults" searchPanelId="mmResults"/>
diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/register/default/registration.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/register/default/registration.jsp index a65cb3af..de2d8d1f 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/register/default/registration.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/register/default/registration.jsp @@ -24,7 +24,7 @@ Welcome to the registration page for the ${voName} V

To access the VO resources, you must agree to the VO's Acceptable Usage Policy (AUP) rules.
-Please fill out all fields in the form below and click on the submit +Please fill out all the fields in the form below and click on the submit button at the bottom of the page.

@@ -62,15 +62,23 @@ button at the bottom of the page.
  • -
  • - -
  • -
  • - -
  • -
  • - -
  • + +
  • + +
  • +
    + +
  • + +
  • +
    + + +
  • + +
  • +
    +
  • diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration.jsp new file mode 100644 index 00000000..dad36592 --- /dev/null +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration.jsp @@ -0,0 +1,43 @@ +<%-- + + Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--%> +<%@include file="/WEB-INF/p/shared/taglibs.jsp"%> + +

    +Welcome to the registration page for the ${voName} +Virtual Organization! +

    + +

    +To apply for membership in this Virtual Organization, you must +be registered in the CERN Human Resource database and have your membership +there linked to the ${voName} experiment. +

    + +

    +The VO registration process requires that you know the email address linked +to your CERN Human Resource record. To find out your CERN Human Resource +record, use the +CERN Phonebook service before proceeding with the registration. +

    + +

    +Please enter the following information: +

    + + + diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration2.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration2.jsp new file mode 100644 index 00000000..528bae00 --- /dev/null +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/registration2.jsp @@ -0,0 +1,90 @@ +<%-- + + Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--%> +<%@include file="/WEB-INF/p/shared/taglibs.jsp"%> + +

    +Welcome to the registration page for the ${voName} VO. +

    + +

    +To access the VO resources, you must agree to the VO's Acceptable Usage Policy (AUP) rules. +
    +Please fill out all the fields in the form below and click on the submit +button at the bottom of the page. +

    +

    +After you submit this request, you will receive an email with instructions on how to proceed. +
    + +Your request will not be forwarded to the VO managers until you confirm that you have a valid email +address by following those instructions. +

    + +

    IMPORTANT:

    +

    +By submitting this information you agree that it may be distributed to and stored by +VO and site administrators. You also agree that action may be taken to confirm the information you provide +is correct, that it may be used for the purpose of controlling access to VO resources and that it may be +used to contact you in relation to this activity. +

    + + + + +

    Your certificate subject (DN):

    +
    + +
    +

    The CA that issued your certificate:

    +
    + +
    +
      +
    • + +
    • +
    • + +
    • +
    • + +
    • +
    • + +
    • +
    • +

      The VO Acceptable Usage Policy (AUP):

      + +
    • +
    • + +
    • +
    • + +
    • +
    • + +
    • +
    +
    \ No newline at end of file diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/searchResults.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/searchResults.jsp new file mode 100644 index 00000000..ccd6c06f --- /dev/null +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/register/hr/searchResults.jsp @@ -0,0 +1,77 @@ +<%-- + + Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--%> +<%@include file="/WEB-INF/p/shared/taglibs.jsp"%> +
    + +
      +
    • + +
    • + +
    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + +
    CERN Person IDNameSurnameInstituteEmail addresses +
    + + + + + + + + +
    + +
    +
    + +
    +
    + + + +
    +
    +
    +
    \ No newline at end of file diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/register/orgdb/registration2.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/register/orgdb/registration2.jsp index 77ac539f..294490a4 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/register/orgdb/registration2.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/register/orgdb/registration2.jsp @@ -24,7 +24,7 @@ Welcome to the registration page for the ${voName} V

    To access the VO resources, you must agree to the VO's Acceptable Usage Policy (AUP) rules.
    -Please fill out all fields in the form below and click on the submit +Please fill out all the fields in the form below and click on the submit button at the bottom of the page.

    @@ -64,12 +64,6 @@ used to contact you in relation to this activity.

  • -
  • - -
  • -
  • - -
  • diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/role/searchMember.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/role/searchMember.jsp index b7141493..0efa023c 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/role/searchMember.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/role/searchMember.jsp @@ -15,150 +15,63 @@ limitations under the License. --%> -<%@include - file="/WEB-INF/p/shared/taglibs.jsp"%> - -
    - +<%@include file="/WEB-INF/p/shared/taglibs.jsp"%> +
    - - No members found having role ' in group ''. + + No members found having role ' in group ''. - - No matches found for ''. + + No matches found for ''. -
    - matches found for '': -
    +
    + + match + es + found for ' + + ': +
    - - - - - - - - - - - -
    - - - - - -
    User informationCertificates + + + + + + + + + + + + + - - - - - - - - - - - - - -
    + + + + + + + more info + +
    -
    - - -
    - -
    -
    - -
    - No name specified for this user. -
    -
    - -
    - -
    -
    - -
    - No institution specified for this user. -
    -
    - - - - -
    - This user is suspended. -
    Reason: - -
    - -
    -
    -
    - -
    - Certificates listed below are suspended due to membership suspension: -
    -
    -
      - - -
    1. - - -
      suspended-cert"> - - -
      -
      suspended-cert"> - - -
      -
    2. -
      -
    -
    - - - - - - more info - - -
    -
    - - - - - - - - - - -
    + +
    +
    + + + + + + + +
    -
    +
    \ No newline at end of file diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/shared/dialog-template.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/shared/dialog-template.jsp index 324cc822..122a254e 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/shared/dialog-template.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/shared/dialog-template.jsp @@ -17,8 +17,12 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> - + +<%-- + +--%> +
    + +
    <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> + +
    @@ -53,15 +55,17 @@ var="thisCertCA" />${thisCertCA}
    -
    Added on: - - -
    - -
    - -
    + +
    Added on: + + +
    +
    + +
    +
    +
    diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/personalInfo.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/personalInfo.jsp index 792b4a69..28915562 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/personalInfo.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/personalInfo.jsp @@ -16,49 +16,38 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + You do not have the rights to see the personal information for this user.
    \ No newline at end of file diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/requestHistory.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/requestHistory.jsp index 20c10ec2..df98e430 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/requestHistory.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/requestHistory.jsp @@ -17,7 +17,9 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> - + + + diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/suspensionDetail.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/suspensionDetail.jsp index 3f3ac15e..9e766a12 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/suspensionDetail.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/suspensionDetail.jsp @@ -24,9 +24,8 @@
    - Suspended - + Suspended
    diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/userDetail.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/userDetail.jsp index 6f483c79..e89ced2b 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/userDetail.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/userDetail.jsp @@ -16,175 +16,103 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> - - - - + + +
    - -
    - - ( ${id} ) - - - + + +
    + + ( ${id} ) + + + + + +
    +
    + + - -
    -
    - -
    - +
    +
    + + User + - - User - - + User - -
    -
    - - - - - - - + + + + + + - - - - - + + + + - - - + - + - + - - + - - - + - - + - - + - + - - - + - +
    - - - + - + - - + - - - + - - + - - diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/userInfo.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/userInfo.jsp index e2e2599c..3ea0023c 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/userInfo.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/userInfo.jsp @@ -16,54 +16,53 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> - -
    - -
    - -
    -
    - -
    No name specified for this user.
    -
    - -
    - + + +
    + +
    + +
    + +
    + you +
    +
    +
    + +
    + User + +
    +
    + +
    + +
    +
    + - - -
    No institution specified for this user.
    -
    - - - - - -
    - -
    Certificates:
    +
    Certificates:
    +
    + +
    + User +
    +
      - - +
    1. suspended-cert"> - + ${thisCertDN}
      suspended-cert"> - + ${thisCertCA}
    2. diff --git a/voms-admin-server/src/main/webapp/WEB-INF/p/user/users.jsp b/voms-admin-server/src/main/webapp/WEB-INF/p/user/users.jsp index 618c233d..de050aab 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/p/user/users.jsp +++ b/voms-admin-server/src/main/webapp/WEB-INF/p/user/users.jsp @@ -16,184 +16,104 @@ --%> <%@include file="/WEB-INF/p/shared/taglibs.jsp"%> - - - - - - - + + +

      Users:

      -
      - - - - - Limit to: - - Suspended - - - + + + + + Limit to: + + Suspended + + - Pending sign AUP - request + Pending sign AUP request - - + + - Show: -
      - -
      - + No users found. - No users found matching search string ''. + No users found matching search string ''. -
    - - + + + - +
    - - + + + + + - - + + - - +
    -
    - User information
    - - + -
    - - - +
    + + - + more info
    @@ -202,11 +122,7 @@
    - - - +
    diff --git a/voms-admin-server/src/main/webapp/WEB-INF/tiles.xml b/voms-admin-server/src/main/webapp/WEB-INF/tiles.xml index 17f92988..1747a711 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/tiles.xml +++ b/voms-admin-server/src/main/webapp/WEB-INF/tiles.xml @@ -180,6 +180,10 @@ + + + + diff --git a/voms-admin-server/src/main/webapp/WEB-INF/web.xml b/voms-admin-server/src/main/webapp/WEB-INF/web.xml index 88f57b8d..f76cb04b 100644 --- a/voms-admin-server/src/main/webapp/WEB-INF/web.xml +++ b/voms-admin-server/src/main/webapp/WEB-INF/web.xml @@ -35,7 +35,7 @@ struts2 - org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter + org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter diff --git a/voms-admin-server/src/main/webapp/style/badge.css b/voms-admin-server/src/main/webapp/style/badge.css index b6a76d6b..59610430 100644 --- a/voms-admin-server/src/main/webapp/style/badge.css +++ b/voms-admin-server/src/main/webapp/style/badge.css @@ -97,14 +97,15 @@ color: #B94A48; font-weight: normal; text-shadow: none; + padding: 0; } .blabel-invert { - background-color: inherit; color: inherit; font-weight: normal; text-shadow: none; + padding: 0; } .blabel-invert:hover { diff --git a/voms-admin-server/src/main/webapp/style/style.css b/voms-admin-server/src/main/webapp/style/style.css index 74c6c312..2ec603d9 100644 --- a/voms-admin-server/src/main/webapp/style/style.css +++ b/voms-admin-server/src/main/webapp/style/style.css @@ -69,14 +69,14 @@ font-size: xx-small; display: block; float: right; - margin-bottom: .5ex; + margin-bottom: 1ex; } .resultsFooter { font-size: xx-small; display: block; float: right; - margin-top: .5ex; + margin-top: 1ex; } .resultsCount { diff --git a/voms-admin-server/src/test/java/integration/hr/HrDbConfiguratorTests.java b/voms-admin-server/src/test/java/integration/hr/HrDbConfiguratorTests.java new file mode 100644 index 00000000..59543dc5 --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDbConfiguratorTests.java @@ -0,0 +1,218 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static java.time.Clock.fixed; +import static org.hamcrest.CoreMatchers.containsString; +import static org.junit.Assert.assertThat; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyLong; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.eq; +import static org.mockito.Matchers.isA; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyZeroInteractions; +import static org.mockito.Mockito.when; + +import java.time.Instant; +import java.time.ZoneId; +import java.util.concurrent.TimeUnit; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.core.tasks.DatabaseTransactionTaskWrapper; +import org.glite.security.voms.admin.core.tasks.VOMSExecutorService; +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.integration.VOMSPluginConfigurationException; +import org.glite.security.voms.admin.integration.cern.HrDbApiService; +import org.glite.security.voms.admin.integration.cern.HrDbApiServiceFactory; +import org.glite.security.voms.admin.integration.cern.HrDbConfigurator; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.glite.security.voms.admin.integration.cern.HrDbRequestValidator; +import org.glite.security.voms.admin.integration.cern.HrDbRequestValidatorFactory; +import org.glite.security.voms.admin.integration.cern.HrDbSyncTask; +import org.glite.security.voms.admin.integration.cern.HrDbSyncTaskFactory; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; + +public class HrDbConfiguratorTests extends HrDbTestSupport { + + @Mock + VOMSConfiguration vomsConfig; + + @Mock + ValidationManager manager; + + @Mock + VOMSExecutorService executorService; + + @Mock + VOMSUserDAO dao; + + @Mock + HrDbApiServiceFactory apiFactory; + + @Mock + HrDbApiService api; + + @Mock + HrDbSyncTaskFactory syncTaskFactory; + + @Mock + HrDbSyncTask syncTask; + + @Mock + HrDbRequestValidatorFactory validatorFactory; + + @Mock + HrDbRequestValidator validator; + + HrDbConfigurator configurator; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + configurator = new HrDbConfigurator(vomsConfig); + configurator.setPluginName("orgdb"); + configurator.setApiServiceFactory(apiFactory); + configurator.setExecutorService(executorService); + configurator.setRequestValidatorFactory(validatorFactory); + configurator.setValidationManager(manager); + configurator.setSyncTaskFactory(syncTaskFactory); + configurator.setUserDao(dao); + configurator.setClock(CLOCK); + + when(vomsConfig.getConfigurationDirectoryPath()) + .thenReturn("src/test/resources/cern/disabled-task"); + when(vomsConfig.getExternalValidatorProperty(eq("orgdb"), eq("configFile"), anyString())) + .thenReturn("src/test/resources/cern/disabled-task/hr.properties"); + when(apiFactory.newHrDbApiService(any())).thenReturn(api); + when(validatorFactory.newHrDbRequestValidator(any(), any())).thenReturn(validator); + when(syncTaskFactory.buildSyncTask(any(), any(), any(), any())).thenReturn(syncTask); + } + + @Test + public void testDisabledConfigurationFileIsFoundAndParsed() + throws VOMSPluginConfigurationException { + configurator.configure(); + verifyZeroInteractions(executorService);// no interactions as periodic sync is disabled + verifyZeroInteractions(syncTaskFactory);// no interactions as periodic sync is disabled + verify(manager).setRequestValidationContext(Mockito.eq(validator)); + } + + @Test + public void testEnabledConfigurationFileIsFoundAndParsed() + throws VOMSPluginConfigurationException { + when(vomsConfig.getConfigurationDirectoryPath()) + .thenReturn("src/test/resources/cern/enabled-task"); + when(vomsConfig.getExternalValidatorProperty(eq("orgdb"), eq("configFile"), anyString())) + .thenReturn("src/test/resources/cern/enabled-task/hr.properties"); + configurator.configure(); + + verify(executorService).scheduleAtFixedRate(isA(DatabaseTransactionTaskWrapper.class), + Mockito.anyLong(), Mockito.eq(TimeUnit.HOURS.toSeconds(12)), + Mockito.eq(TimeUnit.SECONDS)); + + verify(manager).setRequestValidationContext(Mockito.eq(validator)); + } + + @Test(expected = VOMSPluginConfigurationException.class) + public void testConfigurationNotFoundPrintsAppropriateErrorMessage() + throws VOMSPluginConfigurationException { + when(vomsConfig.getExternalValidatorProperty(eq("orgdb"), anyString(), anyString())) + .thenReturn("does/not/exist/orgdb.properties"); + try { + configurator.configure(); + } catch (VOMSPluginConfigurationException e) { + assertThat(e.getMessage(), + containsString("'does/not/exist/orgdb.properties' for plugin 'orgdb' does not exist!")); + throw e; + } + } + + @Test + public void testMembershipCheckTaskScheduling() throws VOMSPluginConfigurationException { + HrDbProperties props = new HrDbProperties(); + + configurator.setHrConfig(props); + configurator.configure(); + + verify(executorService).scheduleAtFixedRate(isA(DatabaseTransactionTaskWrapper.class), + Mockito.anyLong(), Mockito.eq(props.getMembershipCheck().getPeriodInSeconds()), + Mockito.eq(TimeUnit.SECONDS)); + + verify(executorService).schedule(Mockito.isA(DatabaseTransactionTaskWrapper.class), + Mockito.eq(300L), Mockito.eq(TimeUnit.SECONDS)); + } + + @Test + public void testNoStartupTaskScheduling() throws VOMSPluginConfigurationException { + HrDbProperties props = new HrDbProperties(); + + props.getMembershipCheck().setRunAtStartup(false); + + configurator.setHrConfig(props); + configurator.configure(); + + verify(executorService).scheduleAtFixedRate(isA(DatabaseTransactionTaskWrapper.class), anyLong(), + Mockito.eq(props.getMembershipCheck().getPeriodInSeconds()), eq(TimeUnit.SECONDS)); + + verify(executorService, never()).schedule(isA(DatabaseTransactionTaskWrapper.class), anyLong(), any()); + } + + @Test + public void testStartupTaskSchedulingCanceled() throws VOMSPluginConfigurationException { + HrDbProperties props = new HrDbProperties(); + + props.getMembershipCheck().setRunAtStartup(true); + + configurator.setHrConfig(props); + configurator.setClock(fixed(Instant.parse("2019-01-01T21:45:00.00Z"), ZoneId.systemDefault())); + configurator.configure(); + + + verify(executorService).scheduleAtFixedRate(isA(DatabaseTransactionTaskWrapper.class), anyLong(), + eq(props.getMembershipCheck().getPeriodInSeconds()), eq(TimeUnit.SECONDS)); + + verify(executorService, never()).schedule(isA(DatabaseTransactionTaskWrapper.class), anyLong(), any()); + } + + @Test + public void testStartupTaskScheduledTheNextDay() throws VOMSPluginConfigurationException { + HrDbProperties props = new HrDbProperties(); + + props.getMembershipCheck().setRunAtStartup(false); + props.getMembershipCheck().setStartHour(22); + + configurator.setHrConfig(props); + configurator.setClock(fixed(Instant.parse("2019-01-01T21:01:00.00Z"), ZoneId.systemDefault())); + configurator.configure(); + + + verify(executorService).scheduleAtFixedRate(isA(DatabaseTransactionTaskWrapper.class), anyLong(), + eq(props.getMembershipCheck().getPeriodInSeconds()), eq(TimeUnit.SECONDS)); + + verify(executorService, never()).schedule(isA(DatabaseTransactionTaskWrapper.class), anyLong(), any()); + } + + + + +} diff --git a/voms-admin-server/src/test/java/integration/hr/HrDbPropertiesTest.java b/voms-admin-server/src/test/java/integration/hr/HrDbPropertiesTest.java new file mode 100644 index 00000000..c8facff9 --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDbPropertiesTest.java @@ -0,0 +1,119 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.Assert.fail; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.Properties; + +import org.glite.security.voms.admin.integration.cern.HrDbError; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.junit.Test; + +public class HrDbPropertiesTest { + + + @Test + public void testRequiredProperties() { + + Properties props = new Properties(); + + for (String k: HrDbProperties.REQUIRED_KEYS) { + try { + + HrDbProperties.fromProperties(props); + fail("Expected error not thrown"); + + } catch (HrDbError e) { + assertThat(e.getMessage(), containsString(String.format("required property '%s' not found", k))); + props.setProperty(k, ""); + + } + } + + HrDbProperties.fromProperties(props); + } + + @Test + public void testValueParsing() { + Properties props = new Properties(); + + props.setProperty(HrDbProperties.EXPERIMENT_KEY, "atlas"); + props.setProperty(HrDbProperties.API_ENDPOINT_KEY, "http://example"); + props.setProperty(HrDbProperties.API_USERNAME_KEY, "test"); + props.setProperty(HrDbProperties.API_PASSWORD_KEY, "password"); + props.setProperty(HrDbProperties.MEMBERSHIP_CHECK_ENABLED_KEY, "false"); + props.setProperty(HrDbProperties.MEMBERSHIP_CHECK_PERIOD_KEY, "86400"); + + HrDbProperties hrConfig = HrDbProperties.fromProperties(props); + + assertThat(hrConfig.getExperimentName(), is("atlas")); + assertThat(hrConfig.getApi().getEndpoint(), is("http://example")); + assertThat(hrConfig.getApi().getUsername(), is("test")); + assertThat(hrConfig.getApi().getPassword(), is("password")); + assertThat(hrConfig.getMembershipCheck().isEnabled(), is(false)); + assertThat(hrConfig.getMembershipCheck().getPeriodInSeconds(), is(86400L)); + } + + + @Test + public void testFileParsing() throws FileNotFoundException, IOException { + + Properties props = new Properties(); + props + .load(new FileInputStream(new File("src/test/resources/cern/enabled-task/hr.properties"))); + + HrDbProperties hrDbProps = HrDbProperties.fromProperties(props); + + assertThat(hrDbProps.getExperimentName(), is("cms")); + assertThat(hrDbProps.getMembershipCheck().isEnabled(), is(true)); + assertThat(hrDbProps.getMembershipCheck().getStartHour(), is(4)); + assertThat(hrDbProps.getMembershipCheck().isRunAtStartup(), is(false)); + assertThat(hrDbProps.getApi().getEndpoint(), is("http://localhost:8080")); + assertThat(hrDbProps.getApi().getUsername(), is("user")); + assertThat(hrDbProps.getApi().getPassword(), is("password")); + assertThat(hrDbProps.getApi().getTimeoutInSeconds(), is(2L)); + + + + } + + @Test + public void testApiTimeoutChecks() { + Properties props = new Properties(); + + props.setProperty(HrDbProperties.EXPERIMENT_KEY, "atlas"); + props.setProperty(HrDbProperties.API_ENDPOINT_KEY, "http://example"); + props.setProperty(HrDbProperties.API_USERNAME_KEY, "test"); + props.setProperty(HrDbProperties.API_PASSWORD_KEY, "password"); + props.setProperty(HrDbProperties.API_TIMEOUT_KEY, "-1"); + + HrDbProperties hrConfig = HrDbProperties.fromProperties(props); + assertThat(hrConfig.getApi().getTimeoutInSeconds(), is(5L)); + + props.setProperty(HrDbProperties.API_TIMEOUT_KEY, "1"); + hrConfig = HrDbProperties.fromProperties(props); + assertThat(hrConfig.getApi().getTimeoutInSeconds(), is(1L)); + } + +} diff --git a/voms-admin-server/src/test/java/integration/hr/HrDbRequestValidatorTest.java b/voms-admin-server/src/test/java/integration/hr/HrDbRequestValidatorTest.java new file mode 100644 index 00000000..df681eb0 --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDbRequestValidatorTest.java @@ -0,0 +1,144 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static java.util.Optional.empty; +import static org.glite.security.voms.admin.core.validation.RequestValidationResult.Outcome.FAILURE; +import static org.glite.security.voms.admin.core.validation.RequestValidationResult.Outcome.SUCCESS; +import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyString; +import static org.mockito.Mockito.when; + +import java.util.Optional; + +import org.glite.security.voms.admin.core.validation.RequestValidationResult; +import org.glite.security.voms.admin.integration.cern.HrDbApiService; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.glite.security.voms.admin.integration.cern.HrDbRequestValidator; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.request.NewVOMembershipRequest; +import org.glite.security.voms.admin.persistence.model.request.RequesterInfo; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +public class HrDbRequestValidatorTest extends HrDbTestSupport { + + @Mock + HrDbApiService apiService; + + @Mock + NewVOMembershipRequest request; + + @Mock + RequesterInfo requestor; + + @Mock + VOPersonDTO person; + + @Mock + ParticipationDTO participation; + + HrDbProperties hrConfig; + HrDbRequestValidator validator; + + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + when(request.getRequesterInfo()).thenReturn(requestor); + + hrConfig = new HrDbProperties(); + validator = new HrDbRequestValidator(CLOCK, hrConfig, apiService); + } + + @Test + public void testNoRecordFound() { + when(requestor.getEmailAddress()).thenReturn("test@example"); + when(apiService.getVoPersonRecordByEmail(anyString())).thenReturn(Optional.empty()); + + RequestValidationResult result = validator.validateRequest(request); + assertThat(result.getOutcome(), is(FAILURE)); + assertThat(result.getMessage(), containsString("No HR db participation found")); + } + + @Test + public void testNoValidParticipation() { + + when(requestor.getEmailAddress()).thenReturn("test@example"); + when(requestor.getName()).thenReturn("Adrienne"); + when(requestor.getSurname()).thenReturn("Lenker"); + + when(apiService.getVoPersonRecordByEmail(anyString())).thenReturn(Optional.of(person)); + when(person.getEmail()).thenReturn("test@example"); + when(person.getPhysicalEmail()).thenReturn("test@cern.ch"); + when(person.getFirstName()).thenReturn("TEST"); + when(person.getName()).thenReturn("USER"); + when(person.findValidParticipationForExperiment(any(), anyString())) + .thenReturn(empty()); + + + RequestValidationResult result = validator.validateRequest(request); + + assertThat(result.getOutcome(), is(FAILURE)); + assertThat(result.getMessage(), containsString("No HR db participation found")); + } + + @Test + public void testDataMismatch() { + when(requestor.getEmailAddress()).thenReturn("test@example"); + when(requestor.getName()).thenReturn("Adrienne"); + when(requestor.getSurname()).thenReturn("Lenker"); + + when(apiService.getVoPersonRecordByEmail(anyString())).thenReturn(Optional.of(person)); + when(person.getEmail()).thenReturn("test@example"); + when(person.getPhysicalEmail()).thenReturn("test@cern.ch"); + when(person.getFirstName()).thenReturn("TEST"); + when(person.getName()).thenReturn("USER"); + when(person.findValidParticipationForExperiment(any(), anyString())) + .thenReturn(Optional.of(participation)); + + RequestValidationResult result = validator.validateRequest(request); + assertThat(result.getOutcome(), is(FAILURE)); + assertThat(result.getMessage(), containsString("did not match the data you entered")); + + } + + @Test + public void testValidationSuccess() { + when(requestor.getEmailAddress()).thenReturn("test@example"); + when(requestor.getName()).thenReturn("Adrienne"); + when(requestor.getSurname()).thenReturn("Lenker"); + + when(apiService.getVoPersonRecordByEmail(anyString())).thenReturn(Optional.of(person)); + when(person.getEmail()).thenReturn("test@example"); + when(person.getPhysicalEmail()).thenReturn("test@cern.ch"); + when(person.getFirstName()).thenReturn("ADRIENNE"); + when(person.getName()).thenReturn("LENKER"); + when(person.findValidParticipationForExperiment(any(), anyString())) + .thenReturn(Optional.of(participation)); + + RequestValidationResult result = validator.validateRequest(request); + assertThat(result.getOutcome(), is(SUCCESS)); + + } + +} diff --git a/voms-admin-server/src/test/java/integration/hr/HrDbSyncTaskTest.java b/voms-admin-server/src/test/java/integration/hr/HrDbSyncTaskTest.java new file mode 100644 index 00000000..0d63a52d --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDbSyncTaskTest.java @@ -0,0 +1,143 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static org.junit.Assert.fail; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import java.util.Optional; + +import org.glite.security.voms.admin.configuration.VOMSConfiguration; +import org.glite.security.voms.admin.integration.cern.HrDbApiService; +import org.glite.security.voms.admin.integration.cern.HrDbError; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.glite.security.voms.admin.integration.cern.HrDbSyncTask; +import org.glite.security.voms.admin.integration.cern.HrDefaultHandler; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.dao.VOMSUserDAO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.hibernate.ScrollableResults; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.mockito.Spy; + + + +public class HrDbSyncTaskTest { + + @Spy + HrDbProperties config; + + @Mock + HrDbApiService hrDbApi; + + @Mock + VOMSConfiguration vomsConfig; + + @Mock + VOMSUserDAO dao; + + @Mock + ScrollableResults results; + + @Spy + VOMSUser user1; + + @Spy + VOMSUser user2; + + @Spy + VOPersonDTO person1; + + @Mock + HrDefaultHandler handler; + + HrDbSyncTask task; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + + task = new HrDbSyncTask(config, hrDbApi, dao, vomsConfig); + + task.setMissingRecordHandler(handler); + task.setSyncHandler(handler); + + config.setExperimentName("experiment"); + + when(dao.findAllWithCursor()).thenReturn(results); + when(results.next()).thenReturn(true, true, false); + when(results.get(0)).thenReturn(user1, user2); + + user1.setId(1L); + user1.setName("test"); + user1.setSurname("user"); + user1.setEmailAddress("test.user@example"); + + user2.setId(2L); + user2.setName("tost"); + user2.setSurname("aser"); + user2.setEmailAddress("tost.aser@example"); + + when(hrDbApi.lookupVomsUser(user1)).thenReturn(Optional.of(person1)); + when(hrDbApi.lookupVomsUser(user2)).thenReturn(Optional.empty()); + } + + + @Test + public void testSync() { + + task.run(); + + verify(handler).synchronizeMembershipInformation(user1, person1); + verify(handler).handleMissingHrRecord(user2); + + + } + + @Test + public void testApiError() { + + when(hrDbApi.lookupVomsUser(user1)).thenThrow(new HrDbError("Sync error")); + + task.run(); + + verify(handler).handleMissingHrRecord(user2); + + } + + @Test + public void testOtherError() { + + when(hrDbApi.lookupVomsUser(user1)).thenThrow(new NullPointerException()); + + try { + task.run(); + fail("Expected exception caught!"); + } catch (NullPointerException e) { + + } + + verify(handler, Mockito.times(0)).synchronizeMembershipInformation(user1, person1); + verify(handler, Mockito.times(0)).handleMissingHrRecord(user2); + + } + +} diff --git a/voms-admin-server/src/test/java/integration/hr/HrDbTestSupport.java b/voms-admin-server/src/test/java/integration/hr/HrDbTestSupport.java new file mode 100644 index 00000000..5e526e4f --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDbTestSupport.java @@ -0,0 +1,45 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static utils.TestFileUtils.readFile; + +import java.time.Clock; +import java.time.Instant; +import java.time.ZoneId; +import java.time.temporal.ChronoUnit; + +public class HrDbTestSupport { + + public static final Instant NOW = Instant.parse("2019-01-01T00:00:00.00Z"); + + public static final Instant TWO_YEARS_AGO = NOW.minus(730, ChronoUnit.DAYS); + public static final Instant ONE_YEAR_AGO = NOW.minus(365, ChronoUnit.DAYS); + public static final Instant ONE_WEEK_AGO = NOW.minus(7, ChronoUnit.DAYS); + + public static final Instant A_DAY_AGO = NOW.minus(1, ChronoUnit.DAYS); + + public static final Instant ONE_WEEK_FROM_NOW = NOW.plus(7, ChronoUnit.DAYS); + public static final Instant ONE_YEAR_FROM_NOW = NOW.plus(365, ChronoUnit.DAYS); + + public static final Clock CLOCK = Clock.fixed(NOW, ZoneId.systemDefault()); + + public static final String VO_PERSON_1_JSON_PATH = "src/test/resources/cern/json/voPerson1.json"; + public static final String VO_PERSON_1_JSON = readFile(VO_PERSON_1_JSON_PATH); + + public static final String ERROR_404_JSON = "{\"error\":\"NOT_FOUND\", \"errorMessage\":\"404 - Not found\"}"; + public static final String ERROR_403_JSON = "{\"error\":\"FORBIDDEN\", \"errorMessage\":\"403 - Forbidden\"}"; +} diff --git a/voms-admin-server/src/test/java/integration/hr/HrDefaultHandlerTest.java b/voms-admin-server/src/test/java/integration/hr/HrDefaultHandlerTest.java new file mode 100644 index 00000000..7b67547e --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HrDefaultHandlerTest.java @@ -0,0 +1,267 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.mockito.Mockito.verify; + +import java.util.Date; + +import org.glite.security.voms.admin.core.validation.ValidationManager; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.glite.security.voms.admin.integration.cern.HrDefaultHandler; +import org.glite.security.voms.admin.integration.cern.dto.InstituteDTO; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.glite.security.voms.admin.persistence.model.VOMSUser.SuspensionReason; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.mockito.Spy; + +import com.google.common.collect.Sets; + +public class HrDefaultHandlerTest extends HrDbTestSupport { + + @Spy + HrDbProperties properties = new HrDbProperties(); + + @Mock + ValidationManager manager; + + @Spy + VOMSUser user = new VOMSUser(); + + @Spy + VOPersonDTO voPerson = new VOPersonDTO(); + + @Spy + ParticipationDTO oneParticipation = new ParticipationDTO(); + + @Spy + ParticipationDTO anotherParticipation = new ParticipationDTO(); + + @Spy + ParticipationDTO aThirdParticipation = new ParticipationDTO(); + + @Spy + InstituteDTO institute = new InstituteDTO(); + + HrDefaultHandler handler; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + handler = new HrDefaultHandler(CLOCK, properties, manager); + + properties.setExperimentName("experiment"); + + institute.setId("institute-id"); + institute.setName("Institute"); + + user.setId(1L); + user.setName("test"); + user.setSurname("user"); + user.setOrgDbId(-1L); + + voPerson.setId(1L); + + voPerson.setFirstName("TEST"); + voPerson.setName("USER"); + voPerson.setEmail("TEST.USER@CNAF.INFN.IT"); + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_WEEK_AGO)); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + } + + + @Test + public void testMissingHrRecordLeadsToUserSuspension() { + + handler.handleMissingHrRecord(user); + + SuspensionReason reason = SuspensionReason.HR_DB_VALIDATION; + reason.setMessage("OrgDB: No record found"); + + verify(manager).suspendUser(Mockito.eq(user), Mockito.eq(reason)); + + } + + @Test + public void testSynchStrategyMultipleParticipations() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(TWO_YEARS_AGO)); + oneParticipation.setEndDate(Date.from(ONE_YEAR_AGO)); + + anotherParticipation.setExperiment("experiment"); + anotherParticipation.setStartDate(Date.from(ONE_WEEK_AGO)); + + aThirdParticipation.setExperiment("another"); + oneParticipation.setStartDate(Date.from(TWO_YEARS_AGO)); + + + voPerson.setParticipations( + Sets.newHashSet(oneParticipation, anotherParticipation, aThirdParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + assertThat(user.getEndTime(), nullValue()); + + } + + + @Test + public void testSynchStrategy() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_WEEK_AGO)); + + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + assertThat(user.getEndTime(), nullValue()); + + + } + + @Test + public void testSynchInvalidParticipation() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_YEAR_AGO)); + oneParticipation.setEndDate(Date.from(ONE_WEEK_AGO)); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + assertThat(user.getEndTime(), is(Date.from(NOW))); + } + + @Test + public void testDoNotRestoreSuspendedUserForOtherReason() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_YEAR_AGO)); + + user.setSuspended(true); + user.setSuspensionReason(SuspensionReason.FAILED_TO_SIGN_AUP.getMessage()); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + + assertThat(user.isSuspended(), is(true)); + } + + @Test + public void testRestoreSuspendedUserDueToValidationError() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_YEAR_AGO)); + + user.setSuspended(true); + user.setSuspensionReasonCode(SuspensionReason.HR_DB_VALIDATION); + user.setSuspensionReason(SuspensionReason.HR_DB_VALIDATION.getMessage()); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + + verify(manager).restoreUser(Mockito.eq(user)); + } + + @Test + public void testRestoreSuspendedUserDueToMembershipExpiration() { + + oneParticipation.setExperiment("experiment"); + oneParticipation.setStartDate(Date.from(ONE_YEAR_AGO)); + + user.setSuspended(true); + user.setSuspensionReasonCode(SuspensionReason.MEMBERSHIP_EXPIRATION); + + user.setSuspensionReason(SuspensionReason.MEMBERSHIP_EXPIRATION.getMessage()); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation)); + + handler.synchronizeMembershipInformation(user, voPerson); + + assertThat(user.getName(), is("TEST")); + assertThat(user.getSurname(), is("USER")); + assertThat(user.getEmailAddress(), is("TEST.USER@CNAF.INFN.IT".toLowerCase())); + + verify(manager).restoreUser(Mockito.eq(user)); + } + + @Test + public void testInstituteChangeHandling() { + + InstituteDTO firstInstitute = new InstituteDTO(); + institute.setName("First institute"); + + InstituteDTO secondInstitute = new InstituteDTO(); + institute.setName("Second institute"); + + oneParticipation.setExperiment("experiment"); + oneParticipation.setInstitute(firstInstitute); + oneParticipation.setStartDate(Date.from(ONE_YEAR_AGO)); + oneParticipation.setEndDate(Date.from(ONE_WEEK_AGO)); + + anotherParticipation.setExperiment("experiment"); + anotherParticipation.setInstitute(secondInstitute); + anotherParticipation.setStartDate(Date.from(A_DAY_AGO)); + + voPerson.setParticipations(Sets.newHashSet(oneParticipation, anotherParticipation)); + + user.setSuspended(true); + user.setSuspensionReasonCode(SuspensionReason.MEMBERSHIP_EXPIRATION); + user.setSuspensionReason(SuspensionReason.MEMBERSHIP_EXPIRATION.getMessage()); + + handler.synchronizeMembershipInformation(user, voPerson); + verify(manager).restoreUser(Mockito.eq(user)); + } + + +} diff --git a/voms-admin-server/src/test/java/integration/hr/HttpClientIntegrationTest.java b/voms-admin-server/src/test/java/integration/hr/HttpClientIntegrationTest.java new file mode 100644 index 00000000..3f947094 --- /dev/null +++ b/voms-admin-server/src/test/java/integration/hr/HttpClientIntegrationTest.java @@ -0,0 +1,319 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package integration.hr; + +import static java.util.stream.Collectors.toList; +import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.Assert.assertThat; +import static org.mockserver.integration.ClientAndServer.startClientAndServer; +import static org.mockserver.matchers.Times.exactly; +import static org.mockserver.matchers.Times.once; +import static org.mockserver.model.HttpRequest.request; +import static org.mockserver.model.HttpResponse.response; +import static utils.TestSocketUtils.findAvailableTcpPort; + +import java.util.List; +import java.util.Optional; +import java.util.Random; +import java.util.concurrent.TimeUnit; + +import org.glite.security.voms.admin.integration.cern.HrDbError; +import org.glite.security.voms.admin.integration.cern.HrDbExchangeError; +import org.glite.security.voms.admin.integration.cern.HrDbProperties; +import org.glite.security.voms.admin.integration.cern.HttpClientHrDbApiService; +import org.glite.security.voms.admin.integration.cern.dto.ParticipationDTO; +import org.glite.security.voms.admin.integration.cern.dto.VOPersonDTO; +import org.glite.security.voms.admin.persistence.model.VOMSUser; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.mockserver.integration.ClientAndServer; +import org.mockserver.model.HttpError; +import org.mockserver.model.HttpResponse; + +public class HttpClientIntegrationTest extends HrDbTestSupport { + + private static int port; + private static ClientAndServer mockServer; + + HrDbProperties properties; + HttpClientHrDbApiService apiService; + + @BeforeClass + public static void startMockServer() { + port = findAvailableTcpPort(); + mockServer = startClientAndServer(port); + } + + @AfterClass + public static void stopMockServer() { + mockServer.stop(); + } + + @Before + public void setup() { + properties = new HrDbProperties(); + properties.setExperimentName("atlas"); + properties.getApi().setEndpoint("http://localhost:" + port); + properties.getApi().setUsername("user"); + properties.getApi().setPassword("password"); + properties.getApi().setTimeoutInSeconds(1L); + + apiService = new HttpClientHrDbApiService(CLOCK, properties); + mockServer.reset(); + } + + @After + public void teardown() { + mockServer.reset(); + } + + + @Test(expected = HrDbError.class) + public void testVoPersonAuthNErrorHandling() { + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), once()) + .respond(HttpResponse.response().withStatusCode(403).withBody(ERROR_403_JSON)); + + try { + apiService.getVoPersonRecord(1); + + } catch (HrDbExchangeError e) { + + assertThat(e.getMessage(), containsString("403")); + mockServer.verify(request("/api/VOPersons/1").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + throw e; + } + } + + @Test(expected = HrDbError.class) + public void testTimeoutEnforced() { + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), once()) + .respond(HttpResponse.response().withStatusCode(404).withDelay(TimeUnit.SECONDS, 2)); + + try { + apiService.getVoPersonRecord(1); + + } catch (HrDbError e) { + + assertThat(e.getMessage(), containsString("request timeout exceeded")); + throw e; + } + } + + @Test(expected = HrDbError.class) + public void testDropConnectionError() { + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), once()) + .error(HttpError.error().withDropConnection(true));; + + try { + apiService.getVoPersonRecord(1); + + } catch (HrDbError e) { + + assertThat(e.getMessage(), is("Error contacting the HR DB api")); + throw e; + } + } + + + @Test(expected = HrDbError.class) + public void testRandomBytesResponse() { + + byte[] randomByteArray = new byte[25]; + new Random().nextBytes(randomByteArray); + + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), once()) + .error(HttpError.error().withResponseBytes(randomByteArray));; + + try { + apiService.getVoPersonRecord(1); + + } catch (HrDbError e) { + + assertThat(e.getMessage(), is("Error contacting the HR DB api")); + throw e; + } + } + + @Test + public void testGetPersonSuccess() { + + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), once()) + .respond(response(VO_PERSON_1_JSON)); + + Optional voPerson = apiService.getVoPersonRecord(1); + + mockServer.verify(request("/api/VOPersons/1").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + + assertThat(voPerson.isPresent(), is(true)); + assertThat(voPerson.get().getId(), is(1L)); + assertThat(voPerson.get().getName(), is("MARPLE")); + assertThat(voPerson.get().getFirstName(), is("IRWIN")); + assertThat(voPerson.get().getEmail(), is("IRWIN.MARPLE.1@mail.example")); + assertThat(voPerson.get().getPhysicalEmail(), is("MARPLE.1@cern.ch")); + assertThat(voPerson.get().getParticipations(), hasSize(2)); + + List sortedParticipations = voPerson.get() + .getParticipations() + .stream() + .sorted((p1, p2) -> p1.getExperiment().compareTo(p2.getExperiment())) + .collect(toList()); + + ParticipationDTO participation = sortedParticipations.get(0); + + assertThat(participation.getExperiment(), is("ATLAS")); + assertThat(participation.getStartDate(), notNullValue()); + assertThat(participation.getEndDate(), notNullValue()); + assertThat(participation.isValidAtInstant(NOW), is(true)); + + assertThat(participation.getInstitute(), notNullValue()); + assertThat(participation.getInstitute().getName(), is("Institute 35")); + assertThat(participation.getInstitute().getId(), is("000035")); + assertThat(participation.getInstitute().getTown(), is("Some place 35")); + assertThat(participation.getInstitute().getCountry(), is("IT")); + } + + @Test + public void testGetPersonByEmailSuccess() { + + mockServer + .when(request("/api/VOPersons/email/IRWIN.MARPLE.1@mail.example").withMethod("GET"), once()) + .respond(response(VO_PERSON_1_JSON)); + + Optional voPerson = + apiService.getVoPersonRecordByEmail("IRWIN.MARPLE.1@mail.example"); + + mockServer.verify(request("/api/VOPersons/email/IRWIN.MARPLE.1@mail.example").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + + assertThat(voPerson.isPresent(), is(true)); + assertThat(voPerson.get().getId(), is(1L)); + assertThat(voPerson.get().getName(), is("MARPLE")); + assertThat(voPerson.get().getFirstName(), is("IRWIN")); + assertThat(voPerson.get().getEmail(), is("IRWIN.MARPLE.1@mail.example")); + assertThat(voPerson.get().getPhysicalEmail(), is("MARPLE.1@cern.ch")); + assertThat(voPerson.get().getParticipations(), hasSize(2)); + + List sortedParticipations = voPerson.get() + .getParticipations() + .stream() + .sorted((p1, p2) -> p1.getExperiment().compareTo(p2.getExperiment())) + .collect(toList()); + + ParticipationDTO participation = sortedParticipations.get(0); + + assertThat(participation.getExperiment(), is("ATLAS")); + assertThat(participation.getStartDate(), notNullValue()); + assertThat(participation.getEndDate(), notNullValue()); + assertThat(participation.isValidAtInstant(NOW), is(true)); + + assertThat(participation.getInstitute(), notNullValue()); + assertThat(participation.getInstitute().getName(), is("Institute 35")); + assertThat(participation.getInstitute().getId(), is("000035")); + assertThat(participation.getInstitute().getTown(), is("Some place 35")); + assertThat(participation.getInstitute().getCountry(), is("IT")); + + participation = sortedParticipations.get(1); + + assertThat(participation.getExperiment(), is("CMS")); + assertThat(participation.getStartDate(), notNullValue()); + assertThat(participation.getEndDate(), notNullValue()); + assertThat(participation.isValidAtInstant(NOW), is(false)); + + assertThat(participation.getInstitute(), notNullValue()); + assertThat(participation.getInstitute().getName(), is("Institute 35")); + assertThat(participation.getInstitute().getId(), is("000035")); + assertThat(participation.getInstitute().getTown(), is("Some place 35")); + assertThat(participation.getInstitute().getCountry(), is("IT")); + } + + @Test + public void testHasValidExperimentParticipationSuccess() { + mockServer.when(request("/api/VOPersons/participation/atlas/valid/1").withMethod("GET"), once()) + .respond(response("true")); + + assertThat(apiService.hasValidExperimentParticipation(1), is(true)); + mockServer.verify(request("/api/VOPersons/participation/atlas/valid/1").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + + + } + + @Test + public void testHasValidExperimentParticipationByEmailSuccess() { + + mockServer + .when(request("/api/VOPersons/email/IRWIN.MARPLE.1@mail.example").withMethod("GET"), once()) + .respond(response(VO_PERSON_1_JSON)); + + assertThat(apiService.hasValidExperimentParticipationByEmail("IRWIN.MARPLE.1@mail.example"), + is(true)); + + mockServer.verify(request("/api/VOPersons/email/IRWIN.MARPLE.1@mail.example").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + } + + @Test + public void testGetPersonByVomsUser() { + + mockServer.when(request("/api/VOPersons/1").withMethod("GET"), exactly(2)) + .respond(response(VO_PERSON_1_JSON)); + + mockServer.when(request("/api/VOPersons/participation/atlas/valid/1").withMethod("GET"), once()) + .respond(response("true")); + + VOMSUser user = new VOMSUser(); + user.setId(1L); + user.setOrgDbId(1L); + + Optional voPerson = apiService.lookupVomsUser(user); + + assertThat(voPerson.isPresent(), is(true)); + assertThat(voPerson.get().getId(), is(1L)); + assertThat(voPerson.get().getName(), is("MARPLE")); + assertThat(voPerson.get().getFirstName(), is("IRWIN")); + assertThat(voPerson.get().getEmail(), is("IRWIN.MARPLE.1@mail.example")); + assertThat(voPerson.get().getPhysicalEmail(), is("MARPLE.1@cern.ch")); + assertThat(voPerson.get().getParticipations(), hasSize(2)); + + mockServer.verify(request("/api/VOPersons/1").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + + assertThat(apiService.hasValidExperimentParticipation(user), is(true)); + + mockServer.verify(request("/api/VOPersons/participation/atlas/valid/1").withMethod("GET") + .withHeader("Authorization", "basic dXNlcjpwYXNzd29yZA==")); + + } + + @Test + public void testGetPersonByVomsUserNoOrgId() { + + VOMSUser user = new VOMSUser(); + user.setId(1L); + + assertThat(apiService.lookupVomsUser(user).isPresent(), is(false)); + mockServer.verifyZeroInteractions(); + } + +} diff --git a/voms-admin-server/src/test/java/utils/TestFileUtils.java b/voms-admin-server/src/test/java/utils/TestFileUtils.java new file mode 100644 index 00000000..ac5f28a5 --- /dev/null +++ b/voms-admin-server/src/test/java/utils/TestFileUtils.java @@ -0,0 +1,36 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package utils; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; + +public class TestFileUtils { + + private TestFileUtils() {} + + + public static String readFile(String path) { + try { + return new String(Files.readAllBytes(Paths.get(path))); + } catch (IOException e) { + throw new IllegalStateException(e); + } + + } + +} diff --git a/voms-admin-server/src/test/java/utils/TestSocketUtils.java b/voms-admin-server/src/test/java/utils/TestSocketUtils.java new file mode 100644 index 00000000..0e262649 --- /dev/null +++ b/voms-admin-server/src/test/java/utils/TestSocketUtils.java @@ -0,0 +1,36 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package utils; + +import java.io.IOException; +import java.net.ServerSocket; + +public class TestSocketUtils { + + private TestSocketUtils() { + // TODO Auto-generated constructor stub + } + + public static int findAvailableTcpPort() { + try (ServerSocket socket = new ServerSocket(0)) { + socket.setReuseAddress(true); + return socket.getLocalPort(); + } catch (IOException e) { + throw new AssertionError(e.getMessage()); + } + } + +} diff --git a/voms-admin-server/src/test/java/validation/DnValidationTest.java b/voms-admin-server/src/test/java/validation/DnValidationTest.java index 3567b4cd..e0d3a7ad 100644 --- a/voms-admin-server/src/test/java/validation/DnValidationTest.java +++ b/voms-admin-server/src/test/java/validation/DnValidationTest.java @@ -15,6 +15,11 @@ */ package validation; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + import org.glite.security.voms.admin.util.validation.x509.CanlDNValidator; import org.glite.security.voms.admin.util.validation.x509.DnValidationResult; import org.glite.security.voms.admin.util.validation.x509.DnValidationResult.ValidationError; @@ -68,8 +73,20 @@ public void testUnkownCaValidationError() { DnValidationResult result = validator.validate(UNKNOWN_CA_SUBJECT, "/CN=Ciccio"); - Assert.assertEquals(ValidationError.NAMESPACE_NOT_FOUND, result.getError()); + assertEquals(ValidationError.NAMESPACE_NOT_FOUND, result.getError()); } + + @Test + public void testFrenchCaValidationError() { + + DnValidationResult result = + validator.validate( + "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels", + "/O=GRID-FR/C=FR/O=CNRS/OU=LLR/CN=Whatever"); + + assertThat(result.getError(), nullValue()); + assertThat(result.isValid(), is(true)); + } } diff --git a/voms-admin-server/src/test/resources/cern/disabled-task/hr.properties b/voms-admin-server/src/test/resources/cern/disabled-task/hr.properties new file mode 100644 index 00000000..6acd3505 --- /dev/null +++ b/voms-admin-server/src/test/resources/cern/disabled-task/hr.properties @@ -0,0 +1,7 @@ + experiment=cms + membership_check.period=600 + membership_check.enabled=false + api.endpoint=http://localhost:8080 + api.username=user + api.password=password + api.timeout_secs=2 \ No newline at end of file diff --git a/voms-admin-server/src/test/resources/cern/enabled-task/hr.properties b/voms-admin-server/src/test/resources/cern/enabled-task/hr.properties new file mode 100644 index 00000000..6556749f --- /dev/null +++ b/voms-admin-server/src/test/resources/cern/enabled-task/hr.properties @@ -0,0 +1,8 @@ + experiment=cms + membership_check.enabled=true + membership_check.start_hour=4 + membership_check.run_at_startup=false + api.endpoint=http://localhost:8080 + api.username=user + api.password=password + api.timeout_secs=2 \ No newline at end of file diff --git a/voms-admin-server/src/test/resources/cern/json/voPerson1.json b/voms-admin-server/src/test/resources/cern/json/voPerson1.json new file mode 100644 index 00000000..0b5b4fe1 --- /dev/null +++ b/voms-admin-server/src/test/resources/cern/json/voPerson1.json @@ -0,0 +1,31 @@ +{ + "id": 1, + "name": "MARPLE", + "firstName": "IRWIN", + "email": "IRWIN.MARPLE.1@mail.example", + "physicalEmail": "MARPLE.1@cern.ch", + "participations": [ + { + "institute": { + "id": "000035", + "name": "Institute 35", + "town": "Some place 35", + "country": "IT" + }, + "experiment": "ATLAS", + "startDate": "2012-02-05", + "endDate": "2022-01-01" + }, + { + "institute": { + "id": "000035", + "name": "Institute 35", + "town": "Some place 35", + "country": "IT" + }, + "experiment": "CMS", + "startDate": "2008-02-05", + "endDate": "2012-01-01" + } + ] +} \ No newline at end of file diff --git a/voms-admin-server/src/test/resources/trust-anchors/16054abd.0 b/voms-admin-server/src/test/resources/trust-anchors/16054abd.0 new file mode 100644 index 00000000..87639813 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/16054abd.0 @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzjCCAzagAwIBAgISESHcZGpjVbhv3LcwHBxmFWKhMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBFMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMRMwEQYDVQQDDApBQyBHUklELUZSMIIBojANBgkqhkiG9w0BAQEF +AAOCAY8AMIIBigKCAYEAywcrhCkF87S7e/Sfc0S+QGS4ED9EuYvoQj8KiWlyz9UF +nccNtjaxnlJbaGU6myNreeEEbt+QdydQ/vkPQd2gEhoxirz6VDJgRg2i56Zw/JL9 +FVcmDgKG6t7Ap9/NB3MobXWPd7yQu7SIfnd3BnLW87tOdILpiODZNOWeh6Qg1Fgn +aFHRjVPN6ugU1qbW44sPDv0yFhNRfnsDomVOewRg46fxv8tah+lIYsVulGYVhmkI +AgNs9YMTclukxPL5YOFgeY+3A+G/1NwKmteFqBIQRcaF1UbHrSsn6H5cIdsEJ1NT +IBPYuDGD/SkH5dFpOeyZ+RLxCaoI4W+dVyYhVealdrtmI2XQL7lLWLTHJzZqRBcA +gc60J2bjZl3HwxFE/QKW5f67zLkupFPO61OWeAl+pwIIE4Xo6z0ubNrLg5MqiO7G +7YOPocSlkBMIv+OzhrzMxsZpjSaLm32/nGyj0T+XQwUN4gK87VkHa0lz+qU6TTG0 +bggGOK72rcXdGZWlzGfzAgMBAAGjgbcwgbQwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wUQYDVR0gBEowSDBGBgRVHSAAMD4wPAYIKwYBBQUHAgEWMGh0 +dHA6Ly9ncmlkLWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvcGMtZ3JpZC1mcjAd +BgNVHQ4EFgQUqgzWvPnZZT1wilEwII9M/s1gueMwHwYDVR0jBBgwFoAUqgzWvPnZ +ZT1wilEwII9M/s1gueMwDQYJKoZIhvcNAQELBQADggGBAIGprfsrGbphQnPMyshh +SOB+Q/hLV3vSyT52kSuifHMHkoLA61cJT/Lrp5Vb2yKi7SWzbWrCD4dNsbTAt838 +7WZUVeSkvvqJmDeMI/Jj4LVMVSnLsxFHwrphw1KiEen2kZL8BmbTRW1x3UnuF7Dx +Evr/Um7O+gZFg0SHCVCeCpYYROLZOFre98lvvYRn2vixKPSXxDkfaeW4B91SD3is +qMW8ATtq3Wp5ZOGRlMzCEEt2OmLnSYldkjb/I1Noi3A9Uzwuxxm9vDfG291uI6ks +wMpYrwVXjoUZWZ1FSf766SBtAzLPYjcpmJwRvTIxNyMWedZCMbkKhRL9z1ZhEMbR +chLvh3mnrDdFbUoCCQ4ZqmcgYIgw3+JzIf3vRszPpJirJ0ZoZKrBs4QRDdlFZtON +kBA7U1h+lAzYSExpZPoF8m7meKtL9oanlJ66XLGv0yg6N7oL1mvPkR/QiLSrOeRI ++yS8kr+zh4fpr9gRJUQkxA+xGSiGUk9DZwK0TA/3WICj7w== +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/16054abd.namespaces b/voms-admin-server/src/test/resources/trust-anchors/16054abd.namespaces new file mode 100644 index 00000000..7f3211f7 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/16054abd.namespaces @@ -0,0 +1,28 @@ +############################################################################## +#NAMESPACES-VERSION: 1.0 +# +# @(#)AC-GRID-FR.signing_policy.namespaces +# CA alias : AC-GRID-FR +# subord_of: +# subjectDN: /C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR +# hash : AC-GRID-FR.signing_policy +# (generated automatically from AC-GRID-FR.signing_policy) +# +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" \ + PERMIT Subject "/O=GRID-FR/.*" + diff --git a/voms-admin-server/src/test/resources/trust-anchors/16054abd.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/16054abd.signing_policy new file mode 100644 index 00000000..1ae6cbd1 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/16054abd.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services"' diff --git a/voms-admin-server/src/test/resources/trust-anchors/72aa436d.0 b/voms-admin-server/src/test/resources/trust-anchors/72aa436d.0 new file mode 100644 index 00000000..3bae8f59 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/72aa436d.0 @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwjCCBCqgAwIBAgISESEbWlKSHT/Bwe1tXK8w0TWHMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBQMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMR4wHAYDVQQDDBVBQyBHUklELUZSIFBlcnNvbm5lbHMwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDWvrNF8vQ5jpSvmXPzEhBp958C43rp +DMTcQWWd0A78t1aKizc+gNAso2KQivjt1Yu/KiMSjpi85LEOKOB3OESUY6c+slfV +L5psH5bwif6zu5guiLFtd/XmRGC4wFHh1Zo8NTply0NlzaN9/bY+BQnlstexbiGe +Mm3W7AfzNmmszykgIegoOmAlk1P2Snxbk5kCO/uQlezQzNLUFB5OYE/DL4gOpONE +Xa470fCCToSUrJ2HlteU0il/8tSgBws2xENUzA/r/ZmwG6IeVHYxukK4SzOn8fFU +sLoNE0srlDz8Xgdr9XZyEFdQXJ4IsWGgGLyKsnN/jwPsZ7qkhvaDbKdml7i1S5F9 +PZf1hSgwRgx2C4NP4JZacWiG+UNTk1XM0ZiIUTjhMN+isqOHiUKRBXyg9gLw01RP +mOrA8xjzt2VjkobSdgA/9R7p+sdYTWCMsgAaPd2P5ZO1XrvRCkfUk5jKSw5zPcdz +OAj84VwO4p1cGAguc5vvH3+0b62NpUlbNCECAwEAAaOCAZ8wggGbMA4GA1UdDwEB +/wQEAwIBBjBRBgNVHSAESjBIMEYGBFUdIAAwPjA8BggrBgEFBQcCARYwaHR0cDov +L2dyaWQtZnIucG5jbi5lZHVjYXRpb24uZ291di5mci9wYy1ncmlkLWZyMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5ncmlk +LWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvYWMtZ3JpZC1mci5jcmwwgZYGCCsG +AQUFBwEBBIGJMIGGMEQGCCsGAQUFBzAChjhodHRwOi8vY2VyLmdyaWQtZnIucG5j +bi5lZHVjYXRpb24uZ291di5mci9hYy1ncmlkLWZyLmNlcjA+BggrBgEFBQcwAYYy +aHR0cDovL29jc3AuZ3JpZC1mci5wbmNuLmVkdWNhdGlvbi5nb3V2LmZyL2dyaWQt +ZnIwHQYDVR0OBBYEFN49xvEGIjeZn88iCJUA5wHioLwQMB8GA1UdIwQYMBaAFKoM +1rz52WU9cIpRMCCPTP7NYLnjMA0GCSqGSIb3DQEBCwUAA4IBgQBxa53DK6bHVXcv +5Uo+QIgpi43ybbXlSY/7a2fFiMZLRiJ/gpm9qicZUAfNbXIG8eY7i6SCIIFa/on4 +0CnZjPeFy7Hi4HZwFpT4Mdu6G5yAV94k70sWqi5Vfdcv0PO37GI0QyxqtzTCB07n +JhhE/uyYuwLryXXOUq/r4z2O1N4OZyeALiA/ojO0oQxzuULoveFyasd05tmmPD+r +TEePaoly889oH61GbOvYx7syO2AoViVGa2kZX5qUqfVhiYa3vd1uhU8UGqs8iHWW +f8BaCawV7GpJ8yx4+rlLHT5nzLcrg8+c8tGHuoFLgPdS3WuJXNrQjtwfd95u/Rx0 +mQUm5QDZgIdYSJmYYt6fVyqxRrszSOcS/6qsVeethyqP0ni5jsQjxiWz1jb2cfiT +Er1nrK8Z3F4wm+pLovR5em7ck1BayNUmcXonsfHcUZVb/skfLxxVu7znPI8epMz+ +5EgHvw2trURiay3DlgXy6uj5tp/PbG6V+UtgH5Iso9WzByLXcuk= +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/72aa436d.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/72aa436d.signing_policy new file mode 100644 index 00000000..a0d33932 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/72aa436d.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR-Personnels.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/O=GRID-FR/*"' diff --git a/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.0 b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.0 new file mode 100644 index 00000000..87639813 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.0 @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzjCCAzagAwIBAgISESHcZGpjVbhv3LcwHBxmFWKhMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBFMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMRMwEQYDVQQDDApBQyBHUklELUZSMIIBojANBgkqhkiG9w0BAQEF +AAOCAY8AMIIBigKCAYEAywcrhCkF87S7e/Sfc0S+QGS4ED9EuYvoQj8KiWlyz9UF +nccNtjaxnlJbaGU6myNreeEEbt+QdydQ/vkPQd2gEhoxirz6VDJgRg2i56Zw/JL9 +FVcmDgKG6t7Ap9/NB3MobXWPd7yQu7SIfnd3BnLW87tOdILpiODZNOWeh6Qg1Fgn +aFHRjVPN6ugU1qbW44sPDv0yFhNRfnsDomVOewRg46fxv8tah+lIYsVulGYVhmkI +AgNs9YMTclukxPL5YOFgeY+3A+G/1NwKmteFqBIQRcaF1UbHrSsn6H5cIdsEJ1NT +IBPYuDGD/SkH5dFpOeyZ+RLxCaoI4W+dVyYhVealdrtmI2XQL7lLWLTHJzZqRBcA +gc60J2bjZl3HwxFE/QKW5f67zLkupFPO61OWeAl+pwIIE4Xo6z0ubNrLg5MqiO7G +7YOPocSlkBMIv+OzhrzMxsZpjSaLm32/nGyj0T+XQwUN4gK87VkHa0lz+qU6TTG0 +bggGOK72rcXdGZWlzGfzAgMBAAGjgbcwgbQwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wUQYDVR0gBEowSDBGBgRVHSAAMD4wPAYIKwYBBQUHAgEWMGh0 +dHA6Ly9ncmlkLWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvcGMtZ3JpZC1mcjAd +BgNVHQ4EFgQUqgzWvPnZZT1wilEwII9M/s1gueMwHwYDVR0jBBgwFoAUqgzWvPnZ +ZT1wilEwII9M/s1gueMwDQYJKoZIhvcNAQELBQADggGBAIGprfsrGbphQnPMyshh +SOB+Q/hLV3vSyT52kSuifHMHkoLA61cJT/Lrp5Vb2yKi7SWzbWrCD4dNsbTAt838 +7WZUVeSkvvqJmDeMI/Jj4LVMVSnLsxFHwrphw1KiEen2kZL8BmbTRW1x3UnuF7Dx +Evr/Um7O+gZFg0SHCVCeCpYYROLZOFre98lvvYRn2vixKPSXxDkfaeW4B91SD3is +qMW8ATtq3Wp5ZOGRlMzCEEt2OmLnSYldkjb/I1Noi3A9Uzwuxxm9vDfG291uI6ks +wMpYrwVXjoUZWZ1FSf766SBtAzLPYjcpmJwRvTIxNyMWedZCMbkKhRL9z1ZhEMbR +chLvh3mnrDdFbUoCCQ4ZqmcgYIgw3+JzIf3vRszPpJirJ0ZoZKrBs4QRDdlFZtON +kBA7U1h+lAzYSExpZPoF8m7meKtL9oanlJ66XLGv0yg6N7oL1mvPkR/QiLSrOeRI ++yS8kr+zh4fpr9gRJUQkxA+xGSiGUk9DZwK0TA/3WICj7w== +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.namespaces b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.namespaces new file mode 100644 index 00000000..7f3211f7 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.namespaces @@ -0,0 +1,28 @@ +############################################################################## +#NAMESPACES-VERSION: 1.0 +# +# @(#)AC-GRID-FR.signing_policy.namespaces +# CA alias : AC-GRID-FR +# subord_of: +# subjectDN: /C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR +# hash : AC-GRID-FR.signing_policy +# (generated automatically from AC-GRID-FR.signing_policy) +# +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" \ + PERMIT Subject "/O=GRID-FR/.*" + diff --git a/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.signing_policy new file mode 100644 index 00000000..1ae6cbd1 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/7ca9677b.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services"' diff --git a/voms-admin-server/src/test/resources/trust-anchors/80df9b28.0 b/voms-admin-server/src/test/resources/trust-anchors/80df9b28.0 new file mode 100644 index 00000000..3bae8f59 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/80df9b28.0 @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwjCCBCqgAwIBAgISESEbWlKSHT/Bwe1tXK8w0TWHMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBQMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMR4wHAYDVQQDDBVBQyBHUklELUZSIFBlcnNvbm5lbHMwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDWvrNF8vQ5jpSvmXPzEhBp958C43rp +DMTcQWWd0A78t1aKizc+gNAso2KQivjt1Yu/KiMSjpi85LEOKOB3OESUY6c+slfV +L5psH5bwif6zu5guiLFtd/XmRGC4wFHh1Zo8NTply0NlzaN9/bY+BQnlstexbiGe +Mm3W7AfzNmmszykgIegoOmAlk1P2Snxbk5kCO/uQlezQzNLUFB5OYE/DL4gOpONE +Xa470fCCToSUrJ2HlteU0il/8tSgBws2xENUzA/r/ZmwG6IeVHYxukK4SzOn8fFU +sLoNE0srlDz8Xgdr9XZyEFdQXJ4IsWGgGLyKsnN/jwPsZ7qkhvaDbKdml7i1S5F9 +PZf1hSgwRgx2C4NP4JZacWiG+UNTk1XM0ZiIUTjhMN+isqOHiUKRBXyg9gLw01RP +mOrA8xjzt2VjkobSdgA/9R7p+sdYTWCMsgAaPd2P5ZO1XrvRCkfUk5jKSw5zPcdz +OAj84VwO4p1cGAguc5vvH3+0b62NpUlbNCECAwEAAaOCAZ8wggGbMA4GA1UdDwEB +/wQEAwIBBjBRBgNVHSAESjBIMEYGBFUdIAAwPjA8BggrBgEFBQcCARYwaHR0cDov +L2dyaWQtZnIucG5jbi5lZHVjYXRpb24uZ291di5mci9wYy1ncmlkLWZyMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5ncmlk +LWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvYWMtZ3JpZC1mci5jcmwwgZYGCCsG +AQUFBwEBBIGJMIGGMEQGCCsGAQUFBzAChjhodHRwOi8vY2VyLmdyaWQtZnIucG5j +bi5lZHVjYXRpb24uZ291di5mci9hYy1ncmlkLWZyLmNlcjA+BggrBgEFBQcwAYYy +aHR0cDovL29jc3AuZ3JpZC1mci5wbmNuLmVkdWNhdGlvbi5nb3V2LmZyL2dyaWQt +ZnIwHQYDVR0OBBYEFN49xvEGIjeZn88iCJUA5wHioLwQMB8GA1UdIwQYMBaAFKoM +1rz52WU9cIpRMCCPTP7NYLnjMA0GCSqGSIb3DQEBCwUAA4IBgQBxa53DK6bHVXcv +5Uo+QIgpi43ybbXlSY/7a2fFiMZLRiJ/gpm9qicZUAfNbXIG8eY7i6SCIIFa/on4 +0CnZjPeFy7Hi4HZwFpT4Mdu6G5yAV94k70sWqi5Vfdcv0PO37GI0QyxqtzTCB07n +JhhE/uyYuwLryXXOUq/r4z2O1N4OZyeALiA/ojO0oQxzuULoveFyasd05tmmPD+r +TEePaoly889oH61GbOvYx7syO2AoViVGa2kZX5qUqfVhiYa3vd1uhU8UGqs8iHWW +f8BaCawV7GpJ8yx4+rlLHT5nzLcrg8+c8tGHuoFLgPdS3WuJXNrQjtwfd95u/Rx0 +mQUm5QDZgIdYSJmYYt6fVyqxRrszSOcS/6qsVeethyqP0ni5jsQjxiWz1jb2cfiT +Er1nrK8Z3F4wm+pLovR5em7ck1BayNUmcXonsfHcUZVb/skfLxxVu7znPI8epMz+ +5EgHvw2trURiay3DlgXy6uj5tp/PbG6V+UtgH5Iso9WzByLXcuk= +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/80df9b28.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/80df9b28.signing_policy new file mode 100644 index 00000000..a0d33932 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/80df9b28.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR-Personnels.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/O=GRID-FR/*"' diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.crl_url b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.crl_url new file mode 100644 index 00000000..4341e725 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.crl_url @@ -0,0 +1 @@ +http://crl.grid-fr.pncn.education.gouv.fr/ac-grid-fr-personnels.crl diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.info b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.info new file mode 100644 index 00000000..8cc715de --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.info @@ -0,0 +1,11 @@ +# +# @(#)$Id: AC-GRID-FR-Personnels.info,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +alias = AC-GRID-FR-Personnels +url = http://grid-fr.renater.fr/ +email = grid-fr@renater.fr +ca_url = http://cer.grid-fr.pncn.education.gouv.fr/ac-grid-fr-personnels.cer +crl_url = http://crl.grid-fr.pncn.education.gouv.fr/ac-grid-fr-personnels.crl +status = accredited:classic +version = 1.90 +sha1fp.0 = CA:F3:29:BD:77:67:9E:06:05:DB:1D:41:DF:7A:77:76:F1:78:2A:A9 +subjectdn = "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.pem b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.pem new file mode 100644 index 00000000..3bae8f59 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwjCCBCqgAwIBAgISESEbWlKSHT/Bwe1tXK8w0TWHMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBQMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMR4wHAYDVQQDDBVBQyBHUklELUZSIFBlcnNvbm5lbHMwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDWvrNF8vQ5jpSvmXPzEhBp958C43rp +DMTcQWWd0A78t1aKizc+gNAso2KQivjt1Yu/KiMSjpi85LEOKOB3OESUY6c+slfV +L5psH5bwif6zu5guiLFtd/XmRGC4wFHh1Zo8NTply0NlzaN9/bY+BQnlstexbiGe +Mm3W7AfzNmmszykgIegoOmAlk1P2Snxbk5kCO/uQlezQzNLUFB5OYE/DL4gOpONE +Xa470fCCToSUrJ2HlteU0il/8tSgBws2xENUzA/r/ZmwG6IeVHYxukK4SzOn8fFU +sLoNE0srlDz8Xgdr9XZyEFdQXJ4IsWGgGLyKsnN/jwPsZ7qkhvaDbKdml7i1S5F9 +PZf1hSgwRgx2C4NP4JZacWiG+UNTk1XM0ZiIUTjhMN+isqOHiUKRBXyg9gLw01RP +mOrA8xjzt2VjkobSdgA/9R7p+sdYTWCMsgAaPd2P5ZO1XrvRCkfUk5jKSw5zPcdz +OAj84VwO4p1cGAguc5vvH3+0b62NpUlbNCECAwEAAaOCAZ8wggGbMA4GA1UdDwEB +/wQEAwIBBjBRBgNVHSAESjBIMEYGBFUdIAAwPjA8BggrBgEFBQcCARYwaHR0cDov +L2dyaWQtZnIucG5jbi5lZHVjYXRpb24uZ291di5mci9wYy1ncmlkLWZyMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5ncmlk +LWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvYWMtZ3JpZC1mci5jcmwwgZYGCCsG +AQUFBwEBBIGJMIGGMEQGCCsGAQUFBzAChjhodHRwOi8vY2VyLmdyaWQtZnIucG5j +bi5lZHVjYXRpb24uZ291di5mci9hYy1ncmlkLWZyLmNlcjA+BggrBgEFBQcwAYYy +aHR0cDovL29jc3AuZ3JpZC1mci5wbmNuLmVkdWNhdGlvbi5nb3V2LmZyL2dyaWQt +ZnIwHQYDVR0OBBYEFN49xvEGIjeZn88iCJUA5wHioLwQMB8GA1UdIwQYMBaAFKoM +1rz52WU9cIpRMCCPTP7NYLnjMA0GCSqGSIb3DQEBCwUAA4IBgQBxa53DK6bHVXcv +5Uo+QIgpi43ybbXlSY/7a2fFiMZLRiJ/gpm9qicZUAfNbXIG8eY7i6SCIIFa/on4 +0CnZjPeFy7Hi4HZwFpT4Mdu6G5yAV94k70sWqi5Vfdcv0PO37GI0QyxqtzTCB07n +JhhE/uyYuwLryXXOUq/r4z2O1N4OZyeALiA/ojO0oQxzuULoveFyasd05tmmPD+r +TEePaoly889oH61GbOvYx7syO2AoViVGa2kZX5qUqfVhiYa3vd1uhU8UGqs8iHWW +f8BaCawV7GpJ8yx4+rlLHT5nzLcrg8+c8tGHuoFLgPdS3WuJXNrQjtwfd95u/Rx0 +mQUm5QDZgIdYSJmYYt6fVyqxRrszSOcS/6qsVeethyqP0ni5jsQjxiWz1jb2cfiT +Er1nrK8Z3F4wm+pLovR5em7ck1BayNUmcXonsfHcUZVb/skfLxxVu7znPI8epMz+ +5EgHvw2trURiay3DlgXy6uj5tp/PbG6V+UtgH5Iso9WzByLXcuk= +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.signing_policy new file mode 100644 index 00000000..a0d33932 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR-Personnels.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR-Personnels.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/O=GRID-FR/*"' diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.crl_url b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.crl_url new file mode 100644 index 00000000..d83742aa --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.crl_url @@ -0,0 +1 @@ +http://crl.grid-fr.pncn.education.gouv.fr/ac-grid-fr.crl diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.info b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.info new file mode 100644 index 00000000..27f78ad2 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.info @@ -0,0 +1,11 @@ +# +# @(#)$Id: AC-GRID-FR.info,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +alias = AC-GRID-FR +url = http://grid-fr.renater.fr/ +email = grid-fr@renater.fr +ca_url = http://cer.grid-fr.pncn.education.gouv.fr/ac-grid-fr.cer +crl_url = http://crl.grid-fr.pncn.education.gouv.fr/ac-grid-fr.crl +status = accredited:classic +version = 1.90 +sha1fp.0 = 38:9D:99:0D:6A:6E:6C:68:AC:B5:9F:F6:03:5D:38:1C:A7:40:29:60 +subjectdn = "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.namespaces b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.namespaces new file mode 100644 index 00000000..7f3211f7 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.namespaces @@ -0,0 +1,28 @@ +############################################################################## +#NAMESPACES-VERSION: 1.0 +# +# @(#)AC-GRID-FR.signing_policy.namespaces +# CA alias : AC-GRID-FR +# subord_of: +# subjectDN: /C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR +# hash : AC-GRID-FR.signing_policy +# (generated automatically from AC-GRID-FR.signing_policy) +# +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" \ + PERMIT Subject "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" \ + PERMIT Subject "/O=GRID-FR/.*" + +TO Issuer "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services" \ + PERMIT Subject "/O=GRID-FR/.*" + diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.pem b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.pem new file mode 100644 index 00000000..87639813 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzjCCAzagAwIBAgISESHcZGpjVbhv3LcwHBxmFWKhMA0GCSqGSIb3DQEBCwUA +MEUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQKDAZNRU5FU1IxEDAOBgNVBAsMB0dSSUQt +RlIxEzARBgNVBAMMCkFDIEdSSUQtRlIwHhcNMTYwOTMwMDgwMDAwWhcNNDAwOTMw +MDgwMDAwWjBFMQswCQYDVQQGEwJGUjEPMA0GA1UECgwGTUVORVNSMRAwDgYDVQQL +DAdHUklELUZSMRMwEQYDVQQDDApBQyBHUklELUZSMIIBojANBgkqhkiG9w0BAQEF +AAOCAY8AMIIBigKCAYEAywcrhCkF87S7e/Sfc0S+QGS4ED9EuYvoQj8KiWlyz9UF +nccNtjaxnlJbaGU6myNreeEEbt+QdydQ/vkPQd2gEhoxirz6VDJgRg2i56Zw/JL9 +FVcmDgKG6t7Ap9/NB3MobXWPd7yQu7SIfnd3BnLW87tOdILpiODZNOWeh6Qg1Fgn +aFHRjVPN6ugU1qbW44sPDv0yFhNRfnsDomVOewRg46fxv8tah+lIYsVulGYVhmkI +AgNs9YMTclukxPL5YOFgeY+3A+G/1NwKmteFqBIQRcaF1UbHrSsn6H5cIdsEJ1NT +IBPYuDGD/SkH5dFpOeyZ+RLxCaoI4W+dVyYhVealdrtmI2XQL7lLWLTHJzZqRBcA +gc60J2bjZl3HwxFE/QKW5f67zLkupFPO61OWeAl+pwIIE4Xo6z0ubNrLg5MqiO7G +7YOPocSlkBMIv+OzhrzMxsZpjSaLm32/nGyj0T+XQwUN4gK87VkHa0lz+qU6TTG0 +bggGOK72rcXdGZWlzGfzAgMBAAGjgbcwgbQwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wUQYDVR0gBEowSDBGBgRVHSAAMD4wPAYIKwYBBQUHAgEWMGh0 +dHA6Ly9ncmlkLWZyLnBuY24uZWR1Y2F0aW9uLmdvdXYuZnIvcGMtZ3JpZC1mcjAd +BgNVHQ4EFgQUqgzWvPnZZT1wilEwII9M/s1gueMwHwYDVR0jBBgwFoAUqgzWvPnZ +ZT1wilEwII9M/s1gueMwDQYJKoZIhvcNAQELBQADggGBAIGprfsrGbphQnPMyshh +SOB+Q/hLV3vSyT52kSuifHMHkoLA61cJT/Lrp5Vb2yKi7SWzbWrCD4dNsbTAt838 +7WZUVeSkvvqJmDeMI/Jj4LVMVSnLsxFHwrphw1KiEen2kZL8BmbTRW1x3UnuF7Dx +Evr/Um7O+gZFg0SHCVCeCpYYROLZOFre98lvvYRn2vixKPSXxDkfaeW4B91SD3is +qMW8ATtq3Wp5ZOGRlMzCEEt2OmLnSYldkjb/I1Noi3A9Uzwuxxm9vDfG291uI6ks +wMpYrwVXjoUZWZ1FSf766SBtAzLPYjcpmJwRvTIxNyMWedZCMbkKhRL9z1ZhEMbR +chLvh3mnrDdFbUoCCQ4ZqmcgYIgw3+JzIf3vRszPpJirJ0ZoZKrBs4QRDdlFZtON +kBA7U1h+lAzYSExpZPoF8m7meKtL9oanlJ66XLGv0yg6N7oL1mvPkR/QiLSrOeRI ++yS8kr+zh4fpr9gRJUQkxA+xGSiGUk9DZwK0TA/3WICj7w== +-----END CERTIFICATE----- diff --git a/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.signing_policy b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.signing_policy new file mode 100644 index 00000000..1ae6cbd1 --- /dev/null +++ b/voms-admin-server/src/test/resources/trust-anchors/AC-GRID-FR.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: AC-GRID-FR.signing_policy,v 1.1 2018/03/06 07:56:31 pmacvsdg Exp $ +# Root +access_id_CA X509 '/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR' +pos_rights globus CA:sign +cond_subjects globus '"/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Personnels" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Robots" "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services"' diff --git a/voms-container/pom.xml b/voms-container/pom.xml index 4d35c4f8..39b6ecaa 100644 --- a/voms-container/pom.xml +++ b/voms-container/pom.xml @@ -23,7 +23,7 @@ org.italiangrid voms-admin-parent - 3.7.0 + 3.8.1 voms-container @@ -31,6 +31,10 @@ VOMS Jetty Container + + 1.3.2 + + @@ -112,6 +116,7 @@ commons-io commons-io + ${commons-io.version} @@ -143,11 +148,25 @@ com.google.guava guava - + commons-cli commons-cli + + + + jakarta.xml.bind + jakarta.xml.bind-api + 2.3.2 + + + + org.glassfish.jaxb + jaxb-runtime + 2.3.2 + + diff --git a/voms-container/src/main/resources/rebel.xml b/voms-container/src/main/resources/rebel.xml deleted file mode 100644 index e3748d21..00000000 --- a/voms-container/src/main/resources/rebel.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - -