diff options
| author |   Instrumental <jonathan.gathman@att.com> | 2018-07-02 09:40:49 -0500 |
|---|---|---|
| committer | Instrumental <jonathan.gathman@att.com> | 2018-07-02 09:41:03 -0500 |
| commit | c060284812fbbc18fcf22eb628c47c251505fe50 (patch) | |
| tree | 6f8b8bc7d58667fd711dc913c2fa4a9d111a75ba /auth | |
| parent | 2c0dd5c5136e249f63f1d3296063795cde30c399 (diff) | |
Update CM to us Local Intermediate Certs
Issue-ID: AAF-384
Change-Id: Iefd36c5b9ab8011ac696cb85e74c54edb63cb40a
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth')
21 files changed, 125 insertions, 75 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index ea726480..ac3e1a54 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -36,7 +36,8 @@ import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.auth.cm.cert.RDN; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Split; @@ -57,9 +58,9 @@ public abstract class CA { private final String env; private MessageDigest messageDigest; private final String permType; - private Set<String> caIssuerDNs; private final ArrayList<String> idDomains; private String[] trustedCAs; + private String[] caIssuerDNs; private List<RDN> rdns; @@ -71,7 +72,7 @@ public abstract class CA { if(permType==null) { throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } - caIssuerDNs = new HashSet<>(); + caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null)); String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; @@ -112,7 +113,12 @@ public abstract class CA { String trustCas = access.getProperty(CM_TRUST_CAS,null); if(trustCas!=null) { for(String fname : Split.splitTrim(',', trustCas)) { - File crt = new File(data,fname); + File crt; + if(fname.contains("/")) { + crt = new File(fname); + } else { + crt = new File(data,fname); + } if(crt.exists()) { access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath()); bytes = new byte[(int)crt.length()]; @@ -139,7 +145,19 @@ public abstract class CA { } protected void addCaIssuerDN(String issuerDN) { - caIssuerDNs.add(issuerDN); + boolean changed = true; + for(String id : caIssuerDNs) { + if(id.equals(issuerDN)) { + changed = false; + break; + } + } + if(changed) { + String[] newsa = new String[caIssuerDNs.length+1]; + newsa[0]=issuerDN; + System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length); + caIssuerDNs = newsa; + } } protected synchronized void addTrustedCA(final String crtString) { @@ -161,7 +179,7 @@ public abstract class CA { trustedCAs = temp; } - public Set<String> getCaIssuerDNs() { + public String[] getCaIssuerDNs() { return caIssuerDNs; } @@ -211,4 +229,5 @@ public abstract class CA { public CSRMeta newCSRMeta() { return new CSRMeta(rdns); } + } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index ee73dbdc..3f398381 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -48,7 +48,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.Locator.Item; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.locator.HotPeerLocator; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index e2287c3b..af2d2f6b 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -39,6 +39,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.GregorianCalendar; import java.util.List; @@ -64,28 +65,33 @@ import org.onap.aaf.auth.cm.cert.RDN; import org.onap.aaf.auth.env.NullTrans; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; public class LocalCA extends CA { + private final static BigInteger ONE = new BigInteger("1"); // Extensions private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, // WebServer - KeyPurposeId.id_kp_clientAuth};// WebClient - + KeyPurposeId.id_kp_clientAuth // WebClient + }; + private final PrivateKey caKey; private final X500Name issuer; private final SecureRandom random = new SecureRandom(); - private byte[] serialish; + private BigInteger serial; private final X509ChainWithIssuer x509cwi; // "Cert" is CACert - + + public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException { super(access, name, env); - serialish = new byte[24]; + + serial = new BigInteger(64,random); + if(params.length<1 || params[0].length<2) { throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+"); } @@ -180,7 +186,9 @@ public class LocalCA extends CA { } X500NameBuilder xnb = new X500NameBuilder(); - for(RDN rnd : RDN.parse(',', x509cwi.getIssuerDN())) { + List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN()); + Collections.reverse(rp); + for(RDN rnd : rp) { xnb.addRDN(rnd.aoi,rnd.value); } issuer = xnb.build(); @@ -201,9 +209,10 @@ public class LocalCA extends CA { TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB); try { BigInteger bi; - synchronized(serialish) { - random.nextBytes(serialish); - bi = new BigInteger(serialish); + + synchronized(ONE) { + bi = serial; + serial = serial.add(ONE); } RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic(); @@ -225,20 +234,23 @@ public class LocalCA extends CA { JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); xcb.addExtension(Extension.basicConstraints, - false, new BasicConstraints(false)) + false, new BasicConstraints(false + )) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature - | KeyUsage.keyEncipherment)) + | KeyUsage.keyEncipherment + | KeyUsage.nonRepudiation)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(ASN_WebUsage)) - .addExtension(Extension.authorityKeyIdentifier, - false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert)) - .addExtension(Extension.subjectKeyIdentifier, - false, extUtils.createSubjectKeyIdentifier(x509cwi.cert.getPublicKey())) + false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert)) + .addExtension(Extension.subjectKeyIdentifier, + false, extUtils.createSubjectKeyIdentifier(rpk)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames(sans)) - ; +// .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType( +// NetscapeCertType.sslClient|NetscapeCertType.sslClient)) + ; x509 = new JcaX509CertificateConverter().getCertificate( xcb.build(BCFactory.contentSigner(caKey))); @@ -248,7 +260,7 @@ public class LocalCA extends CA { tt.done(); } - return new X509ChainWithIssuer(x509cwi,x509); + return new X509andChain(x509,x509cwi.trustChain); } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 6ba5a37f..e31b9988 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -29,13 +29,14 @@ import java.security.cert.X509Certificate; import java.util.Collection; import java.util.List; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; public class X509ChainWithIssuer extends X509andChain { private String issuerDN; + public X509Certificate caX509; - public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) { + public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) throws IOException, CertException { super(x509,orig.trustChain); issuerDN=orig.issuerDN; } @@ -48,7 +49,8 @@ public class X509ChainWithIssuer extends X509andChain { if(rdr==null) { // cover for badly formed array continue; } - byte[] bytes = Factory.decode(rdr); + + byte[] bytes = Factory.decode(rdr,null); try { certs = Factory.toX509Certificate(bytes); } catch (CertificateException e) { @@ -62,24 +64,24 @@ public class X509ChainWithIssuer extends X509andChain { } if(cert==null) { // first in Trust Chain issuerDN = subject.toString(); + cert=x509; // adding each time makes sure last one is signer. } addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. } } } public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException { X509Certificate x509; - for(Certificate c : certs) { - x509=(X509Certificate)c; + for(int i=certs.length-1; i>=0; --i) { + x509=(X509Certificate)certs[i]; Principal subject = x509.getSubjectDN(); if(subject!=null) { - if(cert==null) { // first in Trust Chain - issuerDN= subject.toString(); - } addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. + if(i==0) { // last one is signer + cert=x509; + issuerDN= subject.toString(); + } } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java index 46a6393a..5141cc62 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java @@ -25,8 +25,8 @@ import java.security.cert.X509Certificate; import java.util.List; import org.onap.aaf.auth.env.NullTrans; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; /** @@ -45,14 +45,14 @@ public class X509andChain { trustChain = null; } - public X509andChain(X509Certificate cert, String[] trustChain) { + public X509andChain(X509Certificate cert, String[] tc) throws IOException, CertException { this.cert = cert; - this.trustChain = trustChain; + trustChain=tc; } - public X509andChain(X509Certificate cert, List<String> chain) { + public X509andChain(X509Certificate cert, List<String> chain) throws IOException, CertException { this.cert = cert; - trustChain = new String[chain.size()]; + trustChain = new String[chain.size()+1]; chain.toArray(trustChain); } @@ -67,6 +67,7 @@ public class X509andChain { trustChain=temp; } } + public X509Certificate getX509() { return cert; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java index 7f4590f3..70ddd438 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java @@ -37,8 +37,8 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 2b763f7f..7d417d5f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -49,8 +49,8 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Trans; public class CSRMeta { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java index 5b55f1ca..564a4b5d 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java @@ -25,7 +25,7 @@ import java.util.List; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x500.style.BCStyle; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.util.Split; public class RDN { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java index aa0b9c26..d960945c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java @@ -28,7 +28,7 @@ import javax.xml.datatype.XMLGregorianCalendar; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.BCFactory; import org.onap.aaf.auth.cm.cert.CSRMeta; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; public class CertReq { // These cannot be null diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java index 595025e7..970bfb85 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java @@ -25,12 +25,11 @@ import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.cert.X509Certificate; -import java.util.Set; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.CSRMeta; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Trans; public class CertResp { @@ -40,17 +39,15 @@ public class CertResp { private String privateKey, certString; private String[] trustChain; - private String[] trustCAs; private String[] notes; - public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] trustCAs, String[] notes) throws IOException, GeneralSecurityException, CertException { + public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, GeneralSecurityException, CertException { keyPair = csrMeta.keypair(trans); privateKey = Factory.toString(trans, keyPair.getPrivate()); certString = Factory.toString(trans,x509); challenge=csrMeta.challenge(); this.ca = ca; this.trustChain = trustChain; - this.trustCAs = trustCAs; this.notes = notes; } @@ -76,7 +73,7 @@ public class CertResp { return notes; } - public Set<String> caIssuerDNs() { + public String[] caIssuerDNs() { return ca.getCaIssuerDNs(); } @@ -89,6 +86,6 @@ public class CertResp { } public String[] trustCAs() { - return trustCAs; + return ca.getTrustedCAs(); } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java index 0598ee60..51a905a4 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java @@ -58,8 +58,8 @@ import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Data; import org.onap.aaf.misc.env.Env; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index 16517c95..c06734f4 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -31,8 +31,8 @@ import org.onap.aaf.auth.cm.data.CertReq; import org.onap.aaf.auth.cm.data.CertResp; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.auth.dao.cass.ArtiDAO; -import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.dao.cass.ArtiDAO.Data; +import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.util.FQI; @@ -108,7 +108,9 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { if((value=cin.challenge())!=null) { cout.setChallenge(value); } + // In Version 1, Cert is always first cout.getCerts().add(cin.asCertString()); + // Follow with Trust Chain if(cin.trustChain()!=null) { for(String c : cin.trustChain()) { if(c!=null) { @@ -116,12 +118,15 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { } } } + // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup // Certs in keystore versus Truststore. Separate in Version 2_0 if(cin.trustCAs()!=null) { for(String c : cin.trustCAs()) { if(c!=null) { - cout.getCerts().add(c); + if(!cout.getCerts().contains(c)) { + cout.getCerts().add(c); + } } } } @@ -138,7 +143,10 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { } cout.setNotes(sb.toString()); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + List<String> caIssuerDNs = cout.getCaIssuerDNs(); + for(String s : cin.caIssuerDNs()) { + caIssuerDNs.add(s); + } cout.setEnv(cin.env()); return Result.ok(cout); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java index 13123bdf..76f7d9be 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java @@ -127,7 +127,12 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { } cout.setNotes(sb.toString()); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + + List<String> caIssuerDNs = cout.getCaIssuerDNs(); + for(String s : cin.caIssuerDNs()) { + caIssuerDNs.add(s); + } + cout.setEnv(cin.env()); return Result.ok(cout); } else { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 4ef5472a..8d39f540 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -59,7 +59,7 @@ import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.Hash; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.util.Chrono; @@ -317,7 +317,7 @@ public class CMService { crdd.type = CredDAO.CERT_SHA256_RSA; credDAO.create(trans, crdd); - CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes)); + CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes)); return Result.ok(cr); } catch (Exception e) { trans.error().log(e); @@ -398,7 +398,7 @@ public class CMService { cdd.x509=Factory.toString(trans, x509); certDAO.create(trans, cdd); - CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null)); + CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null)); return Result.ok(cr); } catch (Exception e) { trans.error().log(e); diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java index f6d5cab1..d81ea9bc 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java @@ -52,10 +52,9 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.auth.dao.cached.CachedCertDAO; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.Trans; //TODO: Gabe [JUnit] Import does not exist diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java index 856d09c2..337bc9ed 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java @@ -41,7 +41,7 @@ import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java index 7d3f25ca..5ec96f25 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java @@ -41,8 +41,8 @@ import org.onap.aaf.cadi.Locator.Item; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.cm.Factory; import org.onap.aaf.cadi.config.SecurityInfoC; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.http.HBasicAuthSS; import org.onap.aaf.cadi.http.HMangr; import org.onap.aaf.cadi.locator.DNSLocator; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index cbc0737c..531e40ab 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.onap.aaf.auth.rserv.TransFilter; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.principal.TaggedPrincipal; import org.onap.aaf.cadi.principal.TrustPrincipal; @@ -48,7 +49,7 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> { public static final int BUCKETSIZE = 2; - public AuthzTransFilter(AuthzEnv env, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { + public AuthzTransFilter(AuthzEnv env, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { super(env.access(),con, tc, additionalTafLurs); this.env = env; serviceMetric = new Metric(); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java index 400c539c..c286e507 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java @@ -37,6 +37,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.config.Config; @@ -66,7 +67,7 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter { private final String[] no_authn; - public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { + public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); String no = access.getProperty(Config.CADI_NOAUTHN, null); if(no!=null) { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index 4b2ca32c..cefc7a23 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -231,11 +231,16 @@ public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> ex try { register(service.registrants(port)); access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port); + server.join(); } catch(Exception e) { access().log(e,"Error registering " + service.app_name); - // Question: Should Registered Services terminate? + String doExit = access().getProperty("cadi_exitOnFailure", "true"); + if (doExit == "true") { + System.exit(1); + } else { + throw e; + } } - server.join(); } private FilterChain buildFilterChain(final AbsService<?,?> as, final FilterChain doLast) throws CadiException, LocatorException { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java index 0ad73649..296e41e1 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java @@ -47,7 +47,7 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; |