summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2019-06-06 19:33:19 -0500
committerInstrumental <jonathan.gathman@att.com>2019-06-08 09:24:31 -0500
commit355b886d817295d2bca5af28f01576bf4a3ded18 (patch)
tree354ac6cb61ebc5f5eba23d2e1720c45771968caa
parentfbcac9be97567ca19b1018861d1ab37d2dea769f (diff)
Agent correctly sort Cert Chain/Truststore
GUI fix Issue-ID: AAF-852 Change-Id: Ie703b7aee0a77074fac5c1aab3bdf402862243ac Signed-off-by: Instrumental <jonathan.gathman@att.com>
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java10
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java11
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java2
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java2
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java3
-rw-r--r--auth/docker/dbash.sh2
-rw-r--r--auth/docker/dinstall.sh29
-rw-r--r--auth/docker/drun.sh1
-rw-r--r--auth/helm/aaf/Chart.yaml2
-rw-r--r--auth/helm/aaf/templates/aaf-gui.yaml2
-rw-r--r--auth/sample/bin/service.sh2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java101
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java15
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java31
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java98
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthn.java2
-rw-r--r--cadi/aaf/src/test/resources/cadi.properties2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java3
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java53
23 files changed, 255 insertions, 124 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
index ec5449df..99421097 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
@@ -49,7 +49,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> {
ldd.add(convert(me));
}
}
-
+
private LocateDAO.Data convert(MgmtEndpoint me) {
LocateDAO.Data out = new LocateDAO.Data();
out.name=me.getName();
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
index 6d993284..7daa51fb 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
@@ -62,14 +62,12 @@ public class List extends BaseCmd<User> {
if (!aafcli.isTest()) {
date = Chrono.dateOnlyStamp(user.getExpires());
}
- String tag=null;
- if(user.getType()<200) {
- tag = user.getTag();
- } else {
- tag = "\n\tfingerprint: " + user.getTag();
- }
+ String tag=user.getTag();
+ Integer type = user.getType();
if(tag==null) {
tag="";
+ } else if(type!=null && type>=200) {
+ tag = "\n\tfingerprint: " + tag;
}
pw().format(format,
count? (Integer.valueOf(++idx) + ") " + user.getId()): user.getId(),
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
index b534240b..4e539ac2 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
@@ -21,9 +21,6 @@
package org.onap.aaf.auth.cmd.user;
-import java.util.Collections;
-import java.util.Comparator;
-
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.Cmd;
import org.onap.aaf.auth.cmd.Param;
@@ -36,7 +33,6 @@ import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.misc.env.APIException;
import aaf.v2_0.Users;
-import aaf.v2_0.Users.User;
/**
* p
@@ -61,13 +57,6 @@ public class ListForRoles extends Cmd {
getDF(Users.class)
);
if (fp.get(AAFcli.timeout())) {
- if (aafcli.isTest())
- Collections.sort(fp.value.getUser(), new Comparator<User>() {
- @Override
- public int compare(User u1, User u2) {
- return u1.getId().compareTo(u2.getId());
- }
- });
((org.onap.aaf.auth.cmd.user.List)parent).report(fp.value,false, HEADER,role);
if (fp.code()==404)return 200;
} else {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java
index 02d93512..5fbb951b 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java
@@ -76,7 +76,7 @@ public abstract class AbsService<ENV extends BasicEnv, TRANS extends Trans> exte
str = Defaults.AAF_VERSION;
env.setProperty(Config.AAF_LOCATOR_VERSION, str);
}
- app_version = str;
+ app_version = access.getProperty(Config.AAF_DEPLOYED_VERSION, str);
// Print Cipher Suites Available
if (access.willLog(Level.DEBUG)) {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
index 0e8cb78d..56eea435 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
@@ -56,7 +56,6 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr
// do_register - this is used for specialty Debug Situations. Developer can create an Instance for a remote system
// for Debugging purposes without fear that real clients will start to call your debug instance
do_register = !"TRUE".equalsIgnoreCase(access().getProperty("aaf_locate_no_register",null));
- _propertyAdjustment();
hostname = access().getProperty(Config.HOSTNAME, null);
if (hostname==null) {
try {
@@ -65,6 +64,7 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr
hostname= "cannotBeDetermined";
}
}
+ _propertyAdjustment();
}
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
index f8aeb11b..c33f3d69 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
@@ -128,7 +128,7 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E
}
slot_httpServletRequest = env.slot(HTTP_SERVLET_REQUEST);
- deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
+ deployedVersion = app_version;
// Certificate Manager
String aaf_url_cm = env.getProperty(Config.AAF_URL_CM,Config.AAF_URL_CM_DEF);
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
index 6d96ded3..b6e4dfa8 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
@@ -128,6 +128,8 @@ public class LocateServiceImpl<IN,OUT,ERROR>
///// ADDED v1_1
/* (non-Javadoc)
* @see org.onap.aaf.auth.locate.service.LocateService#getConfig(org.onap.aaf.auth.env.AuthzTrans, java.lang.String, java.lang.String)
+ *
+ * Note: "id" is put in, in case we need to filter, or direct data change in the future by Permission
*/
@Override
public Result<Configuration> getConfig(AuthzTrans trans, String id, String type) {
@@ -145,7 +147,6 @@ public class LocateServiceImpl<IN,OUT,ERROR>
}
}
return Result.ok(c);
- //return Result.err(Result.ERR_NotImplemented,"not done yet");
}
diff --git a/auth/docker/dbash.sh b/auth/docker/dbash.sh
index a9c90f99..81e96b4d 100644
--- a/auth/docker/dbash.sh
+++ b/auth/docker/dbash.sh
@@ -20,4 +20,4 @@
#
. ./d.props
-${DOCKER:=docker} exec -it aaf-$1 bash -c "cd /opt/app/osaaf/logs && exec bash"
+${DOCKER:=docker} exec -it aaf-$1 bash -c "cd /opt/app && exec bash"
diff --git a/auth/docker/dinstall.sh b/auth/docker/dinstall.sh
new file mode 100644
index 00000000..22ea4c91
--- /dev/null
+++ b/auth/docker/dinstall.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
+# This is only called from HEAT, as it needs a single check and wait for Cassandra to be ready
+#
+cd ../auth-cass/docker
+. dinstall.sh $@
+cd -
+if [ "$1" = "publish" ]; then
+ shift
+fi
+. drun.sh
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 648c497a..1910f4a2 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -106,6 +106,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
--env aaf_locator_container_ns=${NAMESPACE} \
--env aaf_locator_fqdn=${HOSTNAME} \
--env aaf_locator_public_fqdn=${HOSTNAME} \
+ --env aaf_deployed_version=${VERSION} \
--env LATITUDE=${LATITUDE} \
--env LONGITUDE=${LONGITUDE} \
--env CASSANDRA_CLUSTER=${CASSANDRA_CLUSTER} \
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index 0f0f2761..d0a1d286 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@ apiVersion: v1
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.12-SNAPSHOT
+version: 2.1.14-SNAPSHOT
diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml
index c31496fc..4c540778 100644
--- a/auth/helm/aaf/templates/aaf-gui.yaml
+++ b/auth/helm/aaf/templates/aaf-gui.yaml
@@ -90,6 +90,8 @@ spec:
value: "{{.Values.services.aaf_locator_name}}"
- name: aaf_locator_name_helm
value: "{{.Values.services.aaf_locator_name_helm}}"
+ - name: aaf_deployed_version
+ value: "{{ .Values.image.version }}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 29d9f967..c14754ae 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -33,7 +33,7 @@ echo "# Properties passed in"
# Set from CAP Based PROPS, if necessary
aaf_env=${aaf_env:-"${AAF_ENV}"}
-aaf_release=${aaf_release:-"${VERSION}"}
+aaf_deployed_version=${aaf_deployed_version:-"${VERSION}"}
cadi_latitude=${cadi_latitude:-"${LATITUDE}"}
cadi_longitude=${cadi_longitude:-"${LONGITUDE}"}
cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
index 606638a4..ec0875c1 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFAuthn.java
@@ -117,7 +117,7 @@ public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {
return "AAF Inaccessible";
case UNVALIDATED:
addUser(new User<AAFPermission>(user,bytes,con.timeout));
- return "User/Pass combo invalid for " + user;
+ return "user/pass combo invalid for " + user;
case DENIED:
return "AAF denies API for " + user;
default:
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index ac8168b9..3941b155 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -234,7 +234,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
@Override
public Item best() throws LocatorException {
if (!hasItems()) {
- throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + "/locate/" + name + ':' + version + '\'');
+ throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + '/' + name + ':' + version + '\'');
}
List<EP> lep = new ArrayList<>();
EP first = null;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index e50b52d8..4dd86fe0 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -28,12 +28,14 @@ import java.io.IOException;
import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
+import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayDeque;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Deque;
import java.util.GregorianCalendar;
@@ -233,8 +235,7 @@ public class Agent {
aafsso.setLogDefault();
aafsso.setStdErrDefault();
- Map<String, String> aaf_urls = loadURLs(access);
- aafsso.addProp(Config.AAF_URL_CM, aaf_urls.get(Config.AAF_URL_CM));
+ /*urls=*/loadURLs(access);
aafsso.writeFiles();
}
@@ -311,28 +312,38 @@ public class Agent {
dot_le=dot_le==null?"":'.'+dot_le;
String version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION);
for(String u : new String[] {"aaf","locate","oauth","cm","gui","fs","hello","token","introspect"}) {
- String proto = "fs".equals(u)?"http://":"https://";
- String lhost;
- if("locate".equals(u)) {
- lhost=rph.default_fqdn;
- } else {
- lhost=Config.AAF_LOCATE_URL_TAG;
- }
- String value = rph.replacements("Agent:loadURLs",
- proto + lhost + "/%CNS.%AAF_NS." + ("aaf".equals(u)?"service":u) + ':' + version,
- null,dot_le);
+ String tag;
+ String append=null;
switch(u) {
- case "aaf": rv.put(Config.AAF_URL, value); break;
- case "locate": rv.put(Config.getAAFLocateUrl(access), value); break;
- case "token": rv.put(Config.AAF_OAUTH2_TOKEN_URL, value); break;
- case "introspect": rv.put(Config.AAF_OAUTH2_INTROSPECT_URL, value); break;
- case "cm": rv.put(Config.AAF_URL_CM, value); break;
- case "gui": rv.put(Config.AAF_URL_GUI, value); break;
- case "fs": rv.put(Config.AAF_URL_FS, value); break;
- case "hello": rv.put(Config.AAF_URL_HELLO, value); break;
+ case "aaf": tag = Config.AAF_URL; break;
+ case "locate":tag = Config.AAF_LOCATE_URL; break;
+ case "oauth": tag = Config.AAF_URL_OAUTH; break;
+ case "token": tag = Config.AAF_OAUTH2_TOKEN_URL; append="/token"; break;
+ case "introspect": tag = Config.AAF_OAUTH2_INTROSPECT_URL; append="/introspect"; break;
+ case "cm": tag = Config.AAF_URL_CM; break;
+ case "gui": tag = Config.AAF_URL_GUI; break;
+ case "fs": tag = Config.AAF_URL_FS; break;
+ case "hello": tag = Config.AAF_URL_HELLO; break;
default:
- rv.put("aaf_url_" + u, value);
+ tag = "aaf_url_" + u;
+ }
+ String value;
+ if((value=access.getProperty(tag,null))==null) {
+ String proto = "fs".equals(u)?"http://":"https://";
+ String lhost;
+ if("locate".equals(u)) {
+ lhost=rph.default_fqdn;
+ } else {
+ lhost=Config.AAF_LOCATE_URL_TAG;
+ }
+ value = rph.replacements("Agent:loadURLs",
+ proto + lhost + "/%CNS.%AAF_NS." + ("aaf".equals(u)?"service":u) + ':' + version,
+ null,dot_le);
+ if(append!=null) {
+ value+=append;
+ }
}
+ rv.put(tag, value);
};
aaf_urls = rv;
}
@@ -825,9 +836,12 @@ public class Agent {
app.add(Config.AAF_LOCATE_URL, Config.getAAFLocateUrl(propAccess));
app.add(Config.AAF_ENV,propAccess, "DEV");
- String release = propAccess.getProperty(Config.AAF_RELEASE);
+ String release = propAccess.getProperty(Config.AAF_DEPLOYED_VERSION);
+ if(release==null) {
+ release = System.getProperty(Config.AAF_DEPLOYED_VERSION,null);
+ }
if(release!=null) {
- app.add(Config.AAF_RELEASE, release);
+ app.add(Config.AAF_DEPLOYED_VERSION, release);
}
for(Entry<Object, Object> aaf_loc_prop : propAccess.getProperties().entrySet()) {
String key = aaf_loc_prop.getKey().toString();
@@ -910,26 +924,15 @@ public class Agent {
} else {
aafcon = aafcon(propAccess);
if (aafcon!=null) { // get Properties from Remote AAF
- final String locator = getProperty(propAccess,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: ");
-
- Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
- .read("/configure/"+fqi+"/aaf", configDF);
- if (acf.get(TIMEOUT)) {
- for (Props props : acf.value.getProps()) {
- PropHolder ph = CRED_TAGS.contains(props.getTag())?cred:app;
- if(props.getTag().endsWith("_password")) {
- ph.addEnc(props.getTag(), props.getValue());
- } else {
- ph.add(props.getTag(), props.getValue());
- }
- }
- } else if (acf.code()==401){
- trans.error().log("Bad Password sent to AAF");
- } else if (acf.code()==404){
- trans.error().log("This version of AAF does not support remote Properties");
- } else {
- trans.error().log(errMsg.toMsg(acf));
+ for (Props props : aafProps(trans,aafcon,getProperty(propAccess,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "),fqi)) {
+ PropHolder ph = CRED_TAGS.contains(props.getTag())?cred:app;
+ if(props.getTag().endsWith("_password")) {
+ ph.addEnc(props.getTag(), props.getValue());
+ } else {
+ ph.add(props.getTag(), props.getValue());
+ }
}
+
}
}
}
@@ -940,6 +943,20 @@ public class Agent {
}
}
+ public static List<Props> aafProps(Trans trans, AAFCon<?> aafcon, String locator, String fqi) throws CadiException, APIException, URISyntaxException {
+ Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
+ .read("/configure/"+fqi+"/aaf", configDF);
+ if (acf.get(TIMEOUT)) {
+ return acf.value.getProps();
+ } else if (acf.code()==401){
+ trans.error().log("Bad Password sent to AAF");
+ } else if (acf.code()==404){
+ trans.error().log("This version of AAF does not support remote Properties");
+ } else {
+ trans.error().log(errMsg.toMsg(acf));
+ }
+ return new ArrayList<>();
+ }
private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index 7256af40..67b3df09 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -66,17 +66,26 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
X509Certificate x509;
List<X509Certificate> chainList = new ArrayList<>();
Set<X509Certificate> caSet = new HashSet<>();
+ X509Certificate curr = null;
for (Certificate c : certColl) {
x509 = (X509Certificate)c;
// Is a Root (self-signed, anyway)
if (x509.getSubjectDN().equals(x509.getIssuerDN())) {
caSet.add(x509);
} else {
- chainList.add(x509);
+ // Expect Certs in Trust Chain Order.
+ if(curr==null) {
+ chainList.add(x509);
+ curr=x509;
+ } else {
+ // Only Add Cert next on the list
+ if(curr.getIssuerDN().equals(x509.getSubjectDN())) {
+ chainList.add(x509);
+ curr=x509;
+ }
+ }
}
}
-// chainList.addAll(caSet);
- //Collections.reverse(chainList);
// Properties, etc
// Add CADI Keyfile Entry to Properties
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index 772040c3..b3cf266e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -29,6 +29,8 @@ import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
@@ -55,6 +57,7 @@ import aafoauth.v2_0.Token;
public class TokenClientFactory extends Persist<Token,TimedToken> {
private static TokenClientFactory instance;
+ private final Set<String> alts;
private Map<String,AAFConHttp> aafcons = new ConcurrentHashMap<>();
private SecurityInfoC<HttpURLConnection> hsi;
// Package on purpose
@@ -62,14 +65,26 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
+
Map<String, String> aaf_urls = Agent.loadURLs(pa);
+ alts = new TreeSet<>();
+
if (access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL)); // Default to AAF
}
+
if (access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL)); // Default to AAF);
}
-
+
+ for(String tag : new String[] {Config.AAF_ALT_OAUTH2_TOKEN_URL, Config.AAF_ALT_OAUTH2_INTROSPECT_URL}) {
+ String value = access.getProperty(tag, null);
+ if(value!=null) {
+ alts.add(tag);
+ alts.add(value);
+ }
+ }
+
symm = Symm.encrypt.obtain();
hsi = SecurityInfoC.instance(access, HttpURLConnection.class);
}
@@ -105,15 +120,11 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
}
}
char okind;
- if ( Config.AAF_OAUTH2_TOKEN_URL.equals(tagOrURL) ||
- Config.AAF_OAUTH2_INTROSPECT_URL.equals(tagOrURL) ||
- tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL, null)) ||
- tagOrURL.equals(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL, null))
- ) {
- okind = Kind.AAF_OAUTH;
- } else {
- okind = Kind.OAUTH;
- }
+ if (alts.contains(tagOrURL)) {
+ okind = Kind.OAUTH;
+ } else {
+ okind = Kind.AAF_OAUTH;
+ }
TokenClient tci = new TokenClient(
okind,
this,
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 10acc887..de31e661 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -29,6 +29,7 @@ import java.io.InputStream;
import java.io.PrintStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map.Entry;
@@ -36,14 +37,24 @@ import java.util.Properties;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.aaf.Defaults;
+import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
+import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.configure.ArtifactDir;
+import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
import org.onap.aaf.cadi.util.TheConsole;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.rosetta.env.RosettaDF;
+import org.onap.aaf.misc.rosetta.env.RosettaEnv;
+
+import locate.v1_1.Configuration;
+import locate.v1_1.Configuration.Props;
public class AAFSSO {
public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
@@ -179,16 +190,20 @@ public class AAFSSO {
appID=null;
}
+ String aaf_container_ns = "";
if (appID!=null) {
- diskprops.setProperty(Config.AAF_APPID,appID);
if( access.getProperty(Config.AAF_APPPASS)==null) {
- char[] password = cons.readPassword("Password for %s: ", appID);
+ appID = user = cons.readLine("Deployer ID [%s]: ", user);
+ access.setProperty(Config.AAF_APPID,appID);
+ char[] password = cons.readPassword("Password for %s: ", user);
if(password.length>0) {
String app_pass = access.encrypt(new String(password));
access.setProperty(Config.AAF_APPPASS,app_pass);
diskprops.setProperty(Config.AAF_APPPASS,app_pass);
}
+ aaf_container_ns = cons.readLine("Container Namespace (blank if none)? [\"\"]: ", aaf_container_ns);
}
+ diskprops.setProperty(Config.AAF_APPID,appID);
}
String keystore=access.getProperty(Config.CADI_KEYSTORE);
@@ -298,36 +313,6 @@ public class AAFSSO {
err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
}
- String locateUrl = Config.getAAFLocateUrl(access);
- if (locateUrl==null) {
- locateUrl=AAFSSO.cons.readLine("AAF Locator URL=https://");
- if (locateUrl==null || locateUrl.length()==0) {
- err = new StringBuilder(Config.AAF_LOCATE_URL);
- err.append(" is required.");
- ok = false;
- return;
- } else {
- locateUrl="https://"+locateUrl;
- }
- access.setProperty(Config.AAF_LOCATE_URL, locateUrl);
- addProp(Config.AAF_LOCATE_URL, locateUrl);
- }
-
- final String apiVersion = access.getProperty(Config.AAF_API_VERSION, Config.AAF_DEFAULT_API_VERSION);
- final String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS);
- String locateRoot;
- if(aaf_root_ns==null) {
- locateRoot=Defaults.AAF_ROOT;
- } else {
- locateRoot = Defaults.AAF_LOCATE_CONST + "/%CNS." + aaf_root_ns;
- }
- if(access.getProperty(Config.AAF_URL)==null) {
-
- access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion);
- }
- if(access.getProperty(Config.AAF_URL_CM)==null) {
- access.setProperty(Config.AAF_URL_CM, locateRoot+".cm:"+apiVersion);
- }
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if (cadiLatitude==null) {
System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
@@ -381,6 +366,55 @@ public class AAFSSO {
}
ok = err==null;
}
+ String locateUrl = Config.getAAFLocateUrl(access);
+ if (locateUrl==null) {
+ locateUrl=AAFSSO.cons.readLine("AAF Locator URL=https://");
+ if (locateUrl==null || locateUrl.length()==0) {
+ err = new StringBuilder(Config.AAF_LOCATE_URL);
+ err.append(" is required.");
+ ok = false;
+ return;
+ } else {
+ locateUrl="https://"+locateUrl;
+ }
+ access.setProperty(Config.AAF_LOCATE_URL, locateUrl);
+ addProp(Config.AAF_LOCATE_URL, locateUrl);
+ try {
+ if(access.getProperty(Config.AAF_URL)==null) {
+ access.setProperty(Config.AAF_URL, "https://AAF_LOCATE/AAF_NS.service:2.1");
+ }
+ AAFCon<?> aafCon = AAFCon.newInstance(access);
+ Future<Configuration> acf;
+ RosettaDF<Configuration> configDF = new RosettaEnv().newDataFactory(Configuration.class);
+ acf = aafCon.client(new SingleEndpointLocator(locateUrl))
+ .read("/configure/"+user+"/aaf", configDF);
+ if (acf.get(aafCon.connTimeout)) {
+ for(Props p : acf.value.getProps()) {
+ addProp(p.getTag(),p.getValue());
+ if(access.getProperty(p.getTag())==null) {
+ access.setProperty(p.getTag(), p.getValue());
+ }
+ }
+ } else {
+ access.log(Level.INFO,acf.body());
+ }
+ } catch (LocatorException | APIException | URISyntaxException e) {
+ access.log(e);
+ }
+ }
+
+ final String apiVersion = access.getProperty(Config.AAF_API_VERSION, Config.AAF_DEFAULT_API_VERSION);
+ final String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS);
+ String locateRoot;
+ if(aaf_root_ns==null) {
+ locateRoot=Defaults.AAF_ROOT;
+ } else {
+ locateRoot = Defaults.AAF_LOCATE_CONST + "/%CNS." + aaf_root_ns;
+ }
+ if(access.getProperty(Config.AAF_URL)==null) {
+ access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion);
+ }
+
writeFiles();
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthn.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthn.java
index 41b519b1..962397cc 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthn.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthn.java
@@ -87,7 +87,7 @@ public class JU_AAFAuthn {
Future<String> futureObj = Mockito.mock(Future.class);
Mockito.doReturn(futureObj).when(rcliObj).read( "/authn/basicAuth","text/plain");
realm = authnObj.validate("test", "test","test");
- assertTrue(realm.contains("User/Pass combo invalid"));
+ assertTrue(realm.contains("user/pass combo invalid"));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
diff --git a/cadi/aaf/src/test/resources/cadi.properties b/cadi/aaf/src/test/resources/cadi.properties
index ee0b719f..d0862909 100644
--- a/cadi/aaf/src/test/resources/cadi.properties
+++ b/cadi/aaf/src/test/resources/cadi.properties
@@ -23,7 +23,7 @@
AFT_LATITUDE=32.780140
AFT_LONGITUDE=-96.800451
AFT_ENVIRONMENT=AFTUAT
-DEPLOYED_VERSION=2.0.MITHRIL
+aaf_deployed_version=2.0.MITHRIL
cadi_prop_files=/opt/app/aaf/common/com.att.aaf.props
#cadi_keystore=/Volumes/Data/src/authz/common/cadiaaf.jks
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 66fbe847..38afa629 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -157,6 +157,7 @@ public class Config {
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
public static final String AAF_DEFAULT_API_VERSION = "2.1";
+ public static final String AAF_DEPLOYED_VERSION="aaf_deployed_version";
public static final String AAF_API_VERSION = "aaf_api_version";
public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
@@ -219,8 +220,8 @@ public class Config {
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
- public static final String AAF_RELEASE = "aaf_release";
+ public static final String AAF_URL_OAUTH = "aaf_url_oauth";
public static final String AAF_URL_GUI="aaf_url_gui";
public static final String AAF_URL_FS="aaf_url_fs";
public static final String AAF_URL_CM = "aaf_url_cm";
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
index 285c45ec..5d1d23fa 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
@@ -91,12 +91,6 @@ public class SecurityInfo {
this.access = access;
// reuse DME2 Properties for convenience if specific Properties don't exist
- msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, ""));
- initializeKeyManager();
-
- msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, ""));
- initializeTrustManager();
-
String str = access.getProperty(Config.CADI_ALIAS, null);
if(str==null || str.isEmpty()) {
defaultAlias = null;
@@ -113,7 +107,14 @@ public class SecurityInfo {
} else {
defaultClientAlias = str;
}
+
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, ""));
+ initializeKeyManager();
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, ""));
+ initializeTrustManager();
+
+
msgHelp = String.format(INITIALIZING_ERR_FMT,"Trustmasks", access.getProperty(Config.CADI_TRUST_MASKS, ""));
initializeTrustMasks();
@@ -239,13 +240,51 @@ public class SecurityInfo {
}
}
}
+
+ StringBuilder sb = null;
for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
if (keyManager instanceof X509KeyManager) {
- keyManagers.add((X509KeyManager)keyManager);
+ X509KeyManager xkm = (X509KeyManager)keyManager;
+ keyManagers.add(xkm);
+ if(defaultAlias!=null) {
+ sb=new StringBuilder("X509 Chain\n");
+ x509Info(sb,xkm.getCertificateChain(defaultAlias));
+ }
+ if(defaultClientAlias!=null && !defaultClientAlias.equals(defaultAlias)) {
+ if(sb==null) {
+ sb = new StringBuilder();
+ } else {
+ sb.append('\n');
+ }
+ sb.append("X509 Client Chain\n");
+ x509Info(sb,xkm.getCertificateChain(defaultAlias));
+ }
}
}
x509KeyManager = new X509KeyManager[keyManagers.size()];
keyManagers.toArray(x509KeyManager);
+
+ if(sb!=null) {
+ access.log(Level.INIT, sb);
+ }
+ }
+
+ private void x509Info(StringBuilder sb, X509Certificate[] chain) {
+ if(chain!=null) {
+ int i=0;
+ for(X509Certificate x : chain) {
+ sb.append(" ");
+ sb.append(i++);
+ sb.append(')');
+ sb.append("\n Subject: ");
+ sb.append(x.getSubjectDN());
+ sb.append("\n Issuer : ");
+ sb.append(x.getIssuerDN());
+ sb.append("\n Expires: ");
+ sb.append(x.getNotAfter());
+ sb.append('\n');
+ }
+ }
}
protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException {