diff options
| author |   Instrumental <jonathan.gathman@att.com> | 2019-10-15 08:19:50 -0500 |
|---|---|---|
| committer | Instrumental <jonathan.gathman@att.com> | 2019-10-15 08:35:35 -0500 |
| commit | 1296352d8eafee57f982a4342ad79ada4aa56d28 (patch) | |
| tree | 355cdb89d85530a861319f892b0f24236e6adc50 /auth/auth-certman/src/main/java | |
| parent | bdce7667a6e272e2fa32e298d957a0d9090c5bc9 (diff) | |
Sonar Fixes, Formatting
Issue-ID: AAF-1019
Change-Id: Ica49d9e7323aad9622ff9d95cc21b87430c22c54
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-certman/src/main/java')
26 files changed, 308 insertions, 308 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java index aadb165e..d7571ab5 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java @@ -8,9 +8,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -92,12 +92,12 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { } /** * Construct AuthzAPI with all the Context Supporting Routes that Authz needs - * + * * @param env - * @param si - * @param dm - * @param decryptor - * @throws APIException + * @param si + * @param dm + * @param decryptor + * @throws APIException */ public AAF_CM(AuthzEnv env) throws Exception { super(env.access(),env); @@ -109,7 +109,7 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { if (aafEnv==null) { throw new APIException("aaf_env needs to be set"); } - + // Check for allowing /tmp in Properties String allowTmp = env.getProperty(CM_ALLOW_TMP); if("true".equalsIgnoreCase(allowTmp)) { @@ -132,7 +132,7 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { String key = es.getKey().toString(); if (key.startsWith(CA.CM_CA_PREFIX)) { int idx = key.indexOf('.'); - if (idx==key.lastIndexOf('.')) { // else it's a regular property + if (idx==key.lastIndexOf('.')) { // else it's a regular property env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1)); String[] segs = Split.split(',', env.getProperty(key)); if (segs.length>0) { @@ -149,7 +149,7 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { pinst[0]=env; pinst[1]= key.substring(idx+1); pinst[2]= aafEnv; - pinst[3] = multiParams; + pinst[3] = multiParams; try { CA ca = cons.newInstance(pinst); certAuths.put(ca.getName(),ca); @@ -170,7 +170,7 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { } // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade - facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); + facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); synchronized(env) { @@ -194,19 +194,19 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { public CA getCA(String key) { return certAuths.get(key); } - + /** * Setup XML and JSON implementations for each supported Version type - * + * * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties * to do Versions and Content switches - * + * */ public void route(HttpMethods meth, String path, API api, Code code) throws Exception { String version = "1.0"; // Get Correct API Class from Mapper - Class<?> respCls = facade1_0.mapper().getClass(api); + Class<?> respCls = facade1_0.mapper().getClass(api); if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); // setup Application API HTML ContentTypes for JSON and Route String application = applicationJSON(respCls, version); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/LocalCAImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/LocalCAImpl.java index d32b67a3..dbc63ad1 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/LocalCAImpl.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/LocalCAImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,7 +35,7 @@ public class LocalCAImpl extends CA { super(access, caName, env); // TODO Auto-generated constructor stub } - + public LocalCAImpl(Access access, final String name, final String env, final String[][] params) throws IOException, CertException { super(access, name, env); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java index a3a30607..8ba4b127 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,7 +34,7 @@ import org.onap.aaf.auth.rserv.HttpMethods; /** * API Deployment Artifact Apis.. using Redirect for mechanism - * + * * @author Jonathan * */ @@ -43,7 +43,7 @@ public class API_Artifact { private static final String CERT_ARTIFACTS = "/cert/artifacts"; /** * Normal Init level APIs - * + * * @param cmAPI * @throws Exception */ @@ -79,7 +79,7 @@ public class API_Artifact { cmAPI.route(HttpMethods.GET, "/cert/artifacts/:mechid/:machine", API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.readArtifacts(trans, resp, pathParam(req,":mechid"), pathParam(req,":machine")); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); @@ -88,8 +88,8 @@ public class API_Artifact { } } }); - - + + cmAPI.route(HttpMethods.PUT, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,"Update Artifacts") { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { @@ -105,7 +105,7 @@ public class API_Artifact { cmAPI.route(HttpMethods.DELETE, "/cert/artifacts/:mechid/:machine", API.VOID, new Code(cmAPI,"Delete Artifacts") { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result<Void> r = context.deleteArtifacts(trans, resp, + Result<Void> r = context.deleteArtifacts(trans, resp, pathParam(req, ":mechid"), pathParam(req,":machine")); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); @@ -114,7 +114,7 @@ public class API_Artifact { } } }); - + cmAPI.route(HttpMethods.DELETE, CERT_ARTIFACTS, API.VOID, new Code(cmAPI,"Delete Artifacts") { @Override @@ -127,7 +127,7 @@ public class API_Artifact { } } }); - + } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java index 68354413..0f239ada 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,7 +36,7 @@ import org.onap.aaf.misc.env.Slot; /** * API Apis.. using Redirect for mechanism - * + * * @author Jonathan * */ @@ -46,7 +46,7 @@ public class API_Cert { /** * Normal Init level APIs - * + * * @param aafCM * @param facade * @throws Exception @@ -54,7 +54,7 @@ public class API_Cert { public static void init(final AAF_CM aafCM) throws Exception { // Check for Created Certificate Authorities in TRANS sCertAuth = aafCM.env.slot(CERT_AUTH); - + //////// // Overall APIs /////// @@ -76,7 +76,7 @@ public class API_Cert { } } }); - + aafCM.route(HttpMethods.GET,"/cert/:ca/personal",API.CERT,new Code(aafCM,"Request Personal Certificate") { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { @@ -96,9 +96,9 @@ public class API_Cert { } }); - + /** - * + * */ aafCM.route(HttpMethods.GET, "/cert/may/:perm", API.VOID, new Code(aafCM,"Check Permission") { @Override @@ -114,10 +114,10 @@ public class API_Cert { }); /** - * Get Cert by ID and Machine + * Get Cert by ID and Machine */ - + /** * Get Certs by ID */ @@ -133,10 +133,10 @@ public class API_Cert { } }); - + /** * Get Certs by Machine */ - + } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index ab304629..13876b14 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -54,11 +54,11 @@ public abstract class CA { public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<>()); - + private final String name; private final String env; private MessageDigest messageDigest; - private final String permNS; + private final String permNS; private final String permType; private final ArrayList<String> idDomains; private String[] trustedCAs; @@ -71,7 +71,7 @@ public abstract class CA { trustedCAs = new String[4]; // starting array this.name = caName; this.env = env; - this.env_tag = env==null || env.isEmpty()?false: + this.env_tag = env==null || env.isEmpty()?false: Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString())); permNS=null; String prefix = CM_CA_PREFIX + name; @@ -80,9 +80,9 @@ public abstract class CA { throw new CertException(prefix + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null)); - + String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; - + String fields = access.getProperty(tag, null); if (fields==null) { throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); @@ -94,7 +94,7 @@ public abstract class CA { throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT); } } - + idDomains = new ArrayList<>(); StringBuilder sb = null; for (String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) { @@ -111,7 +111,7 @@ public abstract class CA { if (sb!=null) { access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb); } - + String dataDir = access.getProperty(CM_PUBLIC_DIR,null); if (dataDir!=null) { File data = new File(dataDir); @@ -132,7 +132,7 @@ public abstract class CA { FileInputStream fis = new FileInputStream(crt); try { int read = fis.read(bytes); - if (read>0) { + if (read>0) { addTrustedCA(new String(bytes)); } } finally { @@ -166,7 +166,7 @@ public abstract class CA { caIssuerDNs = newsa; } } - + protected synchronized void addTrustedCA(final String crtString) { String crt; if (crtString.endsWith("\n")) { @@ -185,19 +185,19 @@ public abstract class CA { temp[trustedCAs.length]=crt; trustedCAs = temp; } - + public String[] getCaIssuerDNs() { return caIssuerDNs; } - + public String[] getTrustedCAs() { return trustedCAs; } - + public boolean shouldAddEnvTag() { - return env_tag; + return env_tag; } - + public String getEnv() { return env; } @@ -213,16 +213,16 @@ public abstract class CA { public String getName() { return name; } - - + + public String getPermNS() { return permNS; } - + public String getPermType() { return permType; } - + public abstract X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException; /* (non-Javadoc) diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index 4dd49199..51b962c8 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -71,20 +71,20 @@ public class JscepCA extends CA { super(access, name, env); mxcwiS = new ConcurrentHashMap<>(); mxcwiC = new ConcurrentHashMap<>(); - + if (params.length<2) { throw new CertException("No Trust Chain parameters are included"); - } + } if (params[0].length<2) { throw new CertException("User/Password required for JSCEP"); } final String id = params[0][0]; - final String pw = params[0][1]; - + final String pw = params[0][1]; + // Set this for NTLM password Microsoft Authenticator.setDefault(new Authenticator() { - @Override - public PasswordAuthentication getPasswordAuthentication () { + @Override + public PasswordAuthentication getPasswordAuthentication () { try { return new PasswordAuthentication (id,access.decrypt(pw,true).toCharArray()); } catch (IOException e) { @@ -93,16 +93,16 @@ public class JscepCA extends CA { return null; } }); - + StringBuilder urlstr = new StringBuilder(); for (int i=1;i<params.length;++i) { // skip first section, which is user/pass - // Work + // Work if (i>1) { urlstr.append(','); // delimiter } urlstr.append(params[i][0]); - + String dir = access.getProperty(CM_PUBLIC_DIR, ""); if (!"".equals(dir) && !dir.endsWith("/")) { dir = dir + '/'; @@ -125,12 +125,12 @@ public class JscepCA extends CA { } } } - } + } clients = new JscepClientLocator(access,urlstr.toString()); } // package on purpose - + @Override public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException { TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB); @@ -139,14 +139,14 @@ public class JscepCA extends CA { csr = csrmeta.generateCSR(trans); if (trans.info().isLoggable()) { trans.info().log(BCFactory.toString(csr)); - } + } if (trans.info().isLoggable()) { trans.info().log(csr); } } finally { tt.done(); } - + tt = trans.start("Enroll CSR", Env.SUB); Client client = null; Item item = null; @@ -154,13 +154,13 @@ public class JscepCA extends CA { try { item = clients.best(); client = clients.get(item); - + EnrollmentResponse er = client.enrol( csrmeta.initialConversationCert(trans), csrmeta.keypair(trans).getPrivate(), csr, MS_PROFILE /* profile... MS can't deal with blanks*/); - + while (true) { if (er.isSuccess()) { trans.checkpoint("Cert from " + clients.info(item)); @@ -186,7 +186,7 @@ public class JscepCA extends CA { i=MAX_RETRY; } catch (ClientException e) { trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client: " + clients.info(item)); - try { + try { clients.invalidate(client); if (!clients.hasItems()) { clients.refresh(); @@ -202,13 +202,13 @@ public class JscepCA extends CA { tt.done(); } } - + return null; } - + /** * Locator specifically for Jscep Clients. - * + * * Class based client for access to common Map */ private class JscepClientLocator extends HotPeerLocator<Client> { @@ -247,7 +247,7 @@ public class JscepCA extends CA { protected void _destroy(Client client) { mxcwiC.remove(client); } - - + + } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index c51ddbde..c2d6701a 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -79,22 +79,22 @@ public class LocalCA extends CA { KeyPurposeId.id_kp_serverAuth, // WebServer KeyPurposeId.id_kp_clientAuth // WebClient }; - + private final PrivateKey caKey; private final X500Name issuer; private BigInteger serial; private final X509ChainWithIssuer x509cwi; // "Cert" is CACert - - + + public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException { super(access, name, env); - + serial = new BigInteger(64,new SecureRandom()); if (params.length<1 || params[0].length<2) { throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+"); } - + // Read in the Private Key String configured; File f = new File(params[0][0]); @@ -145,7 +145,7 @@ public class LocalCA extends CA { } else { throw new CertException("Unknown Keystore type from filename " + fileName); } - + KeyStore.ProtectionParameter keyPass; try { @@ -174,7 +174,7 @@ public class LocalCA extends CA { } PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry)entry; caKey = privateKeyEntry.getPrivateKey(); - + x509cwi = new X509ChainWithIssuer(privateKeyEntry.getCertificateChain()); configured = "keystore \"" + fileName + "\", alias " + params[0][1]; } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException e) { @@ -184,7 +184,7 @@ public class LocalCA extends CA { } else { throw new CertException("Private Key, " + f.getPath() + ", does not exist"); } - + X500NameBuilder xnb = new X500NameBuilder(); List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN()); Collections.reverse(rp); @@ -209,12 +209,12 @@ public class LocalCA extends CA { TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB); try { BigInteger bi; - + synchronized(ONE) { bi = serial; serial = serial.add(ONE); } - + RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic(); X509v3CertificateBuilder xcb = new X509v3CertificateBuilder( issuer, @@ -238,7 +238,7 @@ public class LocalCA extends CA { )) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature - | KeyUsage.keyEncipherment + | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(ASN_WebUsage)) @@ -250,8 +250,8 @@ public class LocalCA extends CA { false, new GeneralNames(sans)) // .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType( // NetscapeCertType.sslClient|NetscapeCertType.sslClient)) - ; - + ; + x509 = new JcaX509CertificateConverter().getCertificate( xcb.build(BCFactory.contentSigner(caKey))); } catch (GeneralSecurityException|OperatorCreationException e) { @@ -259,7 +259,7 @@ public class LocalCA extends CA { } finally { tt.done(); } - + return new X509andChain(x509,x509cwi.trustChain); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 30495d08..fde94b42 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,9 +38,9 @@ public class X509ChainWithIssuer extends X509andChain { public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) { super(x509,orig.trustChain); - issuerDN=orig.issuerDN; + issuerDN=orig.issuerDN; } - + public X509ChainWithIssuer(final List<? extends Reader> rdrs) throws IOException, CertException { // Trust Chain. Last one should be the CA Collection<? extends Certificate> certs; @@ -49,7 +49,7 @@ public class X509ChainWithIssuer extends X509andChain { if (rdr==null) { // cover for badly formed array continue; } - + byte[] bytes = Factory.decode(rdr,null); try { certs = Factory.toX509Certificate(bytes); @@ -70,7 +70,7 @@ public class X509ChainWithIssuer extends X509andChain { } } } - + public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException { X509Certificate x509; for (int i=certs.length-1; i>=0; --i) { @@ -79,8 +79,8 @@ public class X509ChainWithIssuer extends X509andChain { if (subject!=null) { addTrustChainEntry(x509); if (i==0) { // last one is signer - cert=x509; - issuerDN= subject.toString(); + cert=x509; + issuerDN= subject.toString(); } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java index 9a0e1c0d..b05747b6 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,21 +30,21 @@ import org.onap.aaf.cadi.configure.Factory; /** - * Have to put the Cert and resulting Trust Chain together. + * Have to put the Cert and resulting Trust Chain together. * Treating them separately has caused issues - * + * * @author JonathanGathman * */ public class X509andChain { protected X509Certificate cert; protected String[] trustChain; - + public X509andChain() { cert = null; trustChain = null; } - + public X509andChain(X509Certificate cert, String[] tc) { this.cert = cert; trustChain=tc; @@ -55,8 +55,8 @@ public class X509andChain { trustChain = new String[chain.size()+1]; chain.toArray(trustChain); } - - + + public void addTrustChainEntry(X509Certificate x509) throws IOException, CertException { if (trustChain==null) { trustChain = new String[] {Factory.toString(NullTrans.singleton(),x509)}; @@ -67,14 +67,14 @@ public class X509andChain { trustChain=temp; } } - + public X509Certificate getX509() { return cert; } - + public String[] getTrustChain() { return trustChain; } - + } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java index b84816ab..9715422d 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,7 +47,7 @@ import org.onap.aaf.misc.env.Trans; /** * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory * utilizes only Java abstractions, and is useful in Client code. - * + * * @author JonathanGathman * */ @@ -59,11 +59,11 @@ public class BCFactory extends Factory { // Bouncy jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO); } - + public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException { return jcsb.build(pk); } - + public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException { if (csr==null) { throw new CertException("x509 Certificate Request not built"); @@ -89,7 +89,7 @@ public class BCFactory extends Factory { tt.done(); } } - + public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException { CSRMeta csr = ca.newCSRMeta(); boolean first = true; @@ -99,9 +99,9 @@ public class BCFactory extends Factory { first = false; csr.cn(fqdn); } - csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 + csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 } - + csr.challenge(new String(Symm.randomGen(24))); csr.mechID(mechid); csr.email(sponsorEmail); @@ -111,7 +111,7 @@ public class BCFactory extends Factory { } return csr; } - + private static String validateApp(CSRMeta csr) { CertmanValidator v = new CertmanValidator(); if (v.nullOrBlank("cn", csr.cn()) @@ -146,6 +146,6 @@ public class BCFactory extends Factory { return null; } } - + } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index f67f445f..04ba0b89 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -90,15 +90,15 @@ public class CSRMeta { } return name; } - - + + public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException { PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic()); if (challenge!=null) { DERPrintableString password = new DERPrintableString(challenge); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password); } - + int plus = email==null?0:1; if (!sanList.isEmpty()) { GeneralName[] gna = new GeneralName[sanList.size()+plus]; @@ -107,7 +107,7 @@ public class CSRMeta { gna[++i]=new GeneralName(GeneralName.dNSName,s); } gna[++i]=new GeneralName(GeneralName.rfc822Name,email); - + builder.addAttribute( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(new Extension[] { @@ -122,7 +122,7 @@ public class CSRMeta { throw new CertException(e); } } - + @SuppressWarnings("deprecation") public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); @@ -152,7 +152,7 @@ public class CSRMeta { } } } - + public X509Certificate initialConversationCert(Trans trans) throws CertificateException, OperatorCreationException { GregorianCalendar gc = new GregorianCalendar(); Date start = gc.getTime(); @@ -209,15 +209,15 @@ public class CSRMeta { public void environment(String env) { environment = env; } - + /** - * + * * @return */ public String environment() { return environment; } - + /** * @return the mechID */ @@ -263,5 +263,5 @@ public class CSRMeta { public void challenge(String challenge) { this.challenge = challenge; } - + } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java index fe4e20ff..c43e614c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,7 +35,7 @@ public class RDN { public RDN(final String tagValue) throws CertException { String[] tv = Split.splitTrim('=',tagValue); switch(tv[0]) { - case "cn":case "CN": aoi = BCStyle.CN; + case "cn":case "CN": aoi = BCStyle.CN; break; case "c":case "C": aoi = BCStyle.C; break; @@ -49,21 +49,21 @@ public class RDN { break; case "dc":case "DC": aoi = BCStyle.DC; break; - case "gn":case "GN": aoi = BCStyle.GIVENNAME; + case "gn":case "GN": aoi = BCStyle.GIVENNAME; break; - case "sn":case "SN": aoi = BCStyle.SN; + case "sn":case "SN": aoi = BCStyle.SN; break; // surname case "email":case "EMAIL": case "emailaddress": case "EMAILADDRESS": aoi = BCStyle.EmailAddress; break; // should be SAN extension - case "initials": aoi = BCStyle.INITIALS; - break; - case "pseudonym": aoi = BCStyle.PSEUDONYM; + case "initials": aoi = BCStyle.INITIALS; + break; + case "pseudonym": aoi = BCStyle.PSEUDONYM; break; - case "generationQualifier": aoi = BCStyle.GENERATION; + case "generationQualifier": aoi = BCStyle.GENERATION; break; - case "serialNumber": aoi = BCStyle.SERIALNUMBER; + case "serialNumber": aoi = BCStyle.SERIALNUMBER; break; default: throw new CertException("Unknown ASN1ObjectIdentifier for " + tv[0] + " in " + tagValue); @@ -71,7 +71,7 @@ public class RDN { tag = tv[0]; value = tv[1]; } - + /** * Parse various forms of DNs into appropriate RDNs, which have the ASN1ObjectIdentifier * @param delim @@ -109,7 +109,7 @@ public class RDN { } return lrnd; } - + @Override public String toString() { return tag + '=' + value; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertDrop.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertDrop.java index 0a9d7661..e9e5d446 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertDrop.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertDrop.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertRenew.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertRenew.java index 242a18ac..55e5a573 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertRenew.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertRenew.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java index 3e2fb816..7de19944 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -37,13 +37,13 @@ public class CertReq { public List<String> fqdns; // Notify public List<String> emails; - - + + // These may be null public String sponsor; public XMLGregorianCalendar start; public XMLGregorianCalendar end; - + public CSRMeta getCSRMeta() throws CertException { return BCFactory.createCSRMeta(certAuthority, mechid, sponsor,fqdns); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java index 9017763a..be0c251c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -37,12 +37,12 @@ public class CertResp { private CA ca; private KeyPair keyPair; private String challenge; - + private String privateKey; private String certString; private String[] trustChain; private String[] notes; - + public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, CertException { keyPair = csrMeta.keypair(trans); privateKey = Factory.toString(trans, keyPair.getPrivate()); @@ -58,35 +58,35 @@ public class CertResp { certString = cert; } - + public String asCertString() { return certString; } - + public String privateString() { return privateKey; } - + public String challenge() { return challenge==null?"":challenge; } - + public String[] notes() { return notes; } - + public String[] caIssuerDNs() { return ca.getCaIssuerDNs(); } - + public String env() { return ca.getEnv(); } - + public String[] trustChain() { return trustChain; } - + public String[] trustCAs() { return ca.getTrustedCAs(); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java index 2a49d3cd..3926422a 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,14 +33,14 @@ import org.onap.aaf.auth.layer.Result; /** - * + * * @author Jonathan * */ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { ///////////////////// STANDARD ELEMENTS ////////////////// - /** + /** * @param trans * @param response * @param result @@ -48,7 +48,7 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { void error(AuthzTrans trans, HttpServletResponse response, Result<?> result); /** - * + * * @param trans * @param response * @param status @@ -62,20 +62,20 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { * @param resp * @param perm * @return - * @throws IOException + * @throws IOException */ Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException; /** - * + * * @return */ public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper(); ///////////////////// STANDARD ELEMENTS ////////////////// - + /** - * + * * @param trans * @param resp * @param rservlet @@ -84,7 +84,7 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { public abstract Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca); /** - * + * * @param trans * @param resp * @param rservlet @@ -94,7 +94,7 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { /** - * + * * @param trans * @param req * @param resp @@ -103,36 +103,36 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { public abstract Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust); /** - * + * * @param trans * @param req * @param resp * @return */ public abstract Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + /** - * + * * @param trans * @param resp * @param pathParam * @return */ public Result<Void> readCertsByMechID(AuthzTrans trans, HttpServletResponse resp, String mechID); - + /** - * + * * @param trans * @param req * @param resp * @return */ Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + /** - * + * * @param trans * @param req * @param resp @@ -141,7 +141,7 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); /** - * + * * @param trans * @param resp * @param mechid @@ -151,16 +151,16 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine); /** - * + * * @param trans * @param req * @param resp * @return */ Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + /** - * + * * @param trans * @param req * @param resp @@ -169,7 +169,7 @@ public interface Facade<REQ,CERT,ARTIFACTS,ERROR> { Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); /** - * + * * @param trans * @param resp * @param mechid diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java index 4a3b5cbe..63859656 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -37,9 +37,9 @@ import certman.v1_0.CertInfo; * */ public class Facade1_0 extends FacadeImpl<BaseRequest,CertInfo, Artifacts, Error> { - public Facade1_0(AAF_CM certman, - CMService service, - Mapper<BaseRequest,CertInfo,Artifacts,Error> mapper, + public Facade1_0(AAF_CM certman, + CMService service, + Mapper<BaseRequest,CertInfo,Artifacts,Error> mapper, Data.TYPE type) throws APIException { super(certman, service, mapper, type); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java index e9ffb908..1519de14 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,7 +35,7 @@ public class FacadeFactory { certman, service, new Mapper1_0(), - type); + type); } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java index f381a9e8..513b8ea5 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java @@ -8,9 +8,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -59,7 +59,7 @@ import org.onap.aaf.misc.rosetta.env.RosettaData; /** * AuthzFacade - * + * * This Service Facade encapsulates the essence of the API Service can do, and provides * a single created object for elements such as RosettaDF. * @@ -70,14 +70,14 @@ import org.onap.aaf.misc.rosetta.env.RosettaData; * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request. * 4) Log Service info, warnings and exceptions as necessary * 5) When asked by the API layer, this will create and write Error content to the OutputStream - * - * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be + * + * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be * clearly coordinated with the API Documentation - * + * * @author Jonathan * */ -public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf.auth.layer.FacadeImpl implements Facade<REQ,CERT,ARTIFACTS,ERROR> +public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf.auth.layer.FacadeImpl implements Facade<REQ,CERT,ARTIFACTS,ERROR> { private static final String TRUE = "TRUE"; private static final String REQUEST_CERT = "Request New Certificate"; @@ -100,8 +100,8 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. private final String voidResp; public FacadeImpl(AAF_CM certman, - CMService service, - Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper, + CMService service, + Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper, Data.TYPE dataType) throws APIException { this.service = service; this.mapper = mapper; @@ -120,14 +120,14 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. voidResp = "application/Void+json;charset=utf-8;version=1.0,application/json;version=1.0,*/*"; } } - + public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper() { return mapper; } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int) - * + * * Note: Conforms to AT&T TSS RESTful Error Structure */ @Override @@ -136,7 +136,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. result.details==null?"":result.details.trim(), result.variables==null?Result.EMPTY_VARS:result.variables); } - + @Override public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final Object ... _detail) { String msgId; @@ -158,7 +158,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. prefix = "Forbidden"; response.setStatus(/*httpstatus=*/403); break; - + case 404: case ERR_NotFound: msgId = "SVC1404"; @@ -172,21 +172,21 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. prefix = "Not Acceptable"; response.setStatus(/*httpstatus=*/406); break; - + case 409: case ERR_ConflictAlreadyExists: msgId = "SVC1409"; prefix = "Conflict Already Exists"; response.setStatus(/*httpstatus=*/409); break; - + case 501: case ERR_NotImplemented: msgId = "SVC1501"; - prefix = "Not Implemented"; + prefix = "Not Implemented"; response.setStatus(/*httpstatus=*/501); break; - + default: msgId = "SVC1500"; @@ -200,7 +200,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. StringBuilder holder = new StringBuilder(); ERROR em = mapper().errorFromMessage(holder, msgId,prefix + ": " + _msg,_detail); trans.checkpoint( - "ErrResp [" + + "ErrResp [" + msgId + "] " + holder.toString(), @@ -210,7 +210,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. em = mapper().errorFromMessage(holder, msgId, "Server had an issue processing this request"); } errDF.newData(trans).load(em).to(response.getOutputStream()); - + } catch (Exception e) { trans.error().log(e,"unable to send response for",_msg); } @@ -256,12 +256,12 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,REQUEST_CERT); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + Result<CertResp> rcr = service.requestCert(trans,mapper.toReq(trans,request), ca); if (rcr.notOK()) { return Result.err(rcr); } - + Result<CERT> rc = mapper.toCert(trans, rcr, withTrust); if (rc.status == OK) { RosettaData<CERT> data = certDF.newData(trans).load(rc.value); @@ -279,7 +279,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. tt.done(); } } - + /* (non-Javadoc) * @see org.onap.aaf.auth.cm.facade.Facade#requestPersonalCert(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean) */ @@ -300,7 +300,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,RENEW_CERT); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + Result<CertResp> rcr = service.renewCert(trans,mapper.toRenew(trans,request)); Result<CERT> rc = mapper.toCert(trans, rcr, withTrust); @@ -333,7 +333,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,DROP_CERT); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + Result<Void> rv = service.dropCert(trans,mapper.toDrop(trans, request)); if (rv.status == OK) { setContentType(resp, certRequestDF.getOutType()); @@ -387,7 +387,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,CREATE_ARTIFACTS); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + return service.createArtifact(trans,mapper.toArtifact(trans,arti)); } catch (Exception e) { @@ -405,7 +405,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. String mechid = req.getParameter("mechid"); String machine = req.getParameter("machine"); String ns = req.getParameter("ns"); - + Result<ARTIFACTS> ra; if ( machine !=null && mechid == null) { ra = mapper.fromArtifacts(service.readArtifactsByMachine(trans, machine)); @@ -422,7 +422,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. } else { ra = Result.err(Status.ERR_BadData,"Invalid request inputs"); } - + if (ra.isOK()) { RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value); data.to(resp.getOutputStream()); @@ -477,7 +477,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,UPDATE_ARTIFACTS); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + return service.updateArtifact(trans,mapper.toArtifact(trans,arti)); } catch (Exception e) { trans.error().log(e,IN,UPDATE_ARTIFACTS); @@ -499,7 +499,7 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf. trans.error().log("Invalid Input",IN,DELETE_ARTIFACTS); return Result.err(Result.ERR_BadData,"Invalid Input"); } - + Result<Void> rv = service.deleteArtifact(trans,mapper.toArtifact(trans,arti)); if (rv.status == OK) { setContentType(resp, artiDF.getOutType()); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java index 4a7019dd..90d1cf32 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,19 +36,19 @@ import org.onap.aaf.auth.layer.Result; public interface Mapper<REQ,CERT,ARTIFACTS,ERROR> { public enum API{ERROR,VOID,CERT,CERT_REQ,CERT_RENEW,CERT_DROP,ARTIFACTS}; - + public Class<?> getClass(API api); public<A> A newInstance(API api); public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, Object ... detail); - + public Result<CERT> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException; public Result<CERT> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in); public Result<CertReq> toReq(AuthzTrans trans, REQ req); public Result<CertRenew> toRenew(AuthzTrans trans, REQ req); public Result<CertDrop> toDrop(AuthzTrans trans, REQ req); - + public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, ARTIFACTS arti); public Result<ARTIFACTS> fromArtifacts(Result<List<ArtiDAO.Data>> readArtifactsByMachine); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index bce7eccd..bf5665af 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -8,9 +8,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -50,7 +50,7 @@ import certman.v1_0.CertificateRequest; public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { - + @Override public Class<?> getClass(API api) { switch(api) { @@ -233,7 +233,7 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { data.ns = trim(arti.getNs()); data.renewDays = arti.getRenewDays(); data.notify = trim(arti.getNotification()); - + // Ignored on way in for create/update data.sponsor = (arti.getSponsor()); if(arti.getSans()!=null) { @@ -279,8 +279,8 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { return Result.err(lArtiDAO); } } - - + + private String trim(String s) { if(s==null) { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java index 283c828a..501fbcfe 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -49,7 +49,7 @@ import certman.v1_0.CertificateRequest; public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { - + @Override public Class<?> getClass(API api) { switch(api) { @@ -127,7 +127,7 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { } cout.setNotes(sb.toString()); } - + List<String> caIssuerDNs = cout.getCaIssuerDNs(); for (String s : cin.caIssuerDNs()) { caIssuerDNs.add(s); @@ -224,7 +224,7 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { data.ns = trim(arti.getNs()); data.renewDays = arti.getRenewDays(); data.notify = trim(arti.getNotification()); - + // Ignored on way in for create/update data.sponsor = trim(arti.getSponsor()); data.expires = null; @@ -274,7 +274,7 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { return Result.err(lArtiDAO); } } - - + + }
\ No newline at end of file diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index aa145f1c..88109437 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -80,7 +80,7 @@ public class CMService { // Limit total requests private static final int MAX_X509s = 200; // Need a "LIMIT Exception" DB. private static final String MAX_X509S_TAG = "cm_max_x509s"; // be able to adjust limit in future - + public static final String REQUEST = "request"; public static final String IGNORE_IPS = "ignoreIPs"; public static final String RENEW = "renew"; @@ -153,25 +153,25 @@ public class CMService { boolean dynamic_sans = false; if(req.value.fqdns.isEmpty()) { - fqdns = new ArrayList<>(); + fqdns = new ArrayList<>(); } else { - // Only Template or Dynamic permitted to pass in FQDNs - if (req.value.fqdns.get(0).startsWith("*")) { // Domain set + // Only Template or Dynamic permitted to pass in FQDNs + if (req.value.fqdns.get(0).startsWith("*")) { // Domain set if (trans.fish(new AAFPermission(null,ca.getPermType(), ca.getName(), DOMAIN))) { - domain_based = true; + domain_based = true; } else { return Result.err(Result.ERR_Denied, "Domain based Authorizations (" + req.value.fqdns.get(0) + ") requires Exception"); } - } else { - if(trans.fish(new AAFPermission(null, ca.getPermType(), ca.getName(),DYNAMIC_SANS))) { - dynamic_sans = true; - } else { + } else { + if(trans.fish(new AAFPermission(null, ca.getPermType(), ca.getName(),DYNAMIC_SANS))) { + dynamic_sans = true; + } else { return Result.err(Result.ERR_Denied, - "Dynamic SANs for (" + req.value.mechid + ") requires Permission"); - } - } - fqdns = new ArrayList<>(req.value.fqdns); + "Dynamic SANs for (" + req.value.mechid + ") requires Permission"); + } + } + fqdns = new ArrayList<>(req.value.fqdns); } String email = null; @@ -185,7 +185,7 @@ public class CMService { } else { ignoreIPs = false; } - + InetAddress primary = null; // Organize incoming information to get to appropriate Artifact @@ -197,8 +197,8 @@ public class CMService { String domain = fqdns.get(0).substring(1); // starts with *, see above fqdns.remove(0); if (fqdns.isEmpty()) { - return Result.err(Result.ERR_Denied, - "Requests using domain require machine declaration"); + return Result.err(Result.ERR_Denied, + "Requests using domain require machine declaration"); } if (!ignoreIPs) { @@ -212,7 +212,7 @@ public class CMService { } } else { - // Passed in FQDNs, but not starting with * + // Passed in FQDNs, but not starting with * if (!ignoreIPs) { for (String cn : req.value.fqdns) { try { @@ -254,37 +254,37 @@ public class CMService { return Result.err(Result.ERR_Denied,"Authorization must not include SANS when doing Dynamic SANS (%s, %s)", req.value.mechid, key); } } else { - if(domain_based) { - ra = artiDAO.read(trans, req.value.mechid, key); - if (ra.isOKhasData()) { // is the Template available? - add = ra.value.get(0); - add.machine = host; - for (String s : fqdns) { - if (!s.equals(add.machine)) { - add.sans(true).add(s); - } - } - Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template - if (rc.notOK()) { - return Result.err(rc); - } - } else { - return Result.err(Result.ERR_Denied,"No Authorization Template for %s, %s", req.value.mechid, key); - } - } else { + if(domain_based) { + ra = artiDAO.read(trans, req.value.mechid, key); + if (ra.isOKhasData()) { // is the Template available? + add = ra.value.get(0); + add.machine = host; + for (String s : fqdns) { + if (!s.equals(add.machine)) { + add.sans(true).add(s); + } + } + Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template + if (rc.notOK()) { + return Result.err(rc); + } + } else { + return Result.err(Result.ERR_Denied,"No Authorization Template for %s, %s", req.value.mechid, key); + } + } else { return Result.err(Result.ERR_Denied,"No Authorization found for %s, %s", req.value.mechid, key); - } + } } // Add Artifact listed FQDNs if(!dynamic_sans) { - if (add.sans != null) { - for (String s : add.sans) { - if (!fqdns.contains(s)) { - fqdns.add(s); - } - } - } + if (add.sans != null) { + for (String s : add.sans) { + if (!fqdns.contains(s)) { + fqdns.add(s); + } + } + } } // Policy 2: If Config marked as Expired, do not create or renew @@ -354,7 +354,7 @@ public class CMService { try { csrMeta = BCFactory.createCSRMeta(ca, req.value.mechid, email, fqdns); csrMeta.environment(ca.getEnv()); - + // Before creating, make sure they don't have too many if(!trans.fish(limitOverridePerm)) { Result<List<CertDAO.Data>> existing = certDAO.readID(trans, req.value.mechid); @@ -392,7 +392,7 @@ public class CMService { cdd.id = req.value.mechid; cdd.x500 = x509.getSubjectDN().getName(); cdd.x509 = Factory.toString(trans, x509); - + certDAO.create(trans, cdd); CredDAO.Data crdd = new CredDAO.Data(); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java index fdf2447d..0a4a4abb 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,7 +33,7 @@ public abstract class Code extends HttpCode<AuthzTrans,Facade1_0> implements Clo // Note, the first "Code" will be created with default Facade, "JSON". // use clone for another Code with XML } - + public <D extends Code> D clone(Facade1_0 facade) throws Exception { @SuppressWarnings("unchecked") diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java index cdd501ce..eaee6dc5 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -31,9 +31,9 @@ import org.onap.aaf.auth.validation.Validator; /** * Validator * Consistently apply content rules for content (incoming) - * - * Note: We restrict content for usability in URLs (because RESTful service), and avoid - * issues with Regular Expressions, and other enabling technologies. + * + * Note: We restrict content for usability in URLs (because RESTful service), and avoid + * issues with Regular Expressions, and other enabling technologies. * @author Jonathan * */ @@ -49,12 +49,12 @@ public class CertmanValidator extends Validator{ private static final String IS_NULL = " is null."; private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least "; private static final Pattern ALPHA_NUM = Pattern.compile("[a-zA-Z0-9]*"); - + private static boolean disallowTmp = true; public static void allowTmp() { disallowTmp=false; } - + public CertmanValidator nullBlankMin(String name, List<String> list, int min) { if (list==null) { msg(name + IS_NULL); @@ -97,7 +97,7 @@ public class CertmanValidator extends Validator{ } return this; } - + private CertmanValidator allRequired(Data a) { if (a==null) { msg("Artifact is null."); |