Local CA to use Keystores

Issue-ID: AAF-204
Change-Id: I59491ffa26d5ea117a98470f38f090900b9e1b4e
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>

15 files changed, 98 insertions, 23 deletions

diff --git a/cadi/.gitignore b/cadi/.gitignore
new file mode 100644
index 00000000..58c32c89
--- /dev/null
+++ b/cadi/.gitignore
@@ -0,0 +1,2 @@
+/.project
+/.settings/
diff --git a/cadi/aaf/.gitignore b/cadi/aaf/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/aaf/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index 77b09641..7a8185c7 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -122,7 +122,6 @@
 				<plugin>
 				<groupId>org.sonatype.plugins</groupId>
 				<artifactId>nexus-staging-maven-plugin</artifactId>
-				<version>1.6.7</version>
 				<extensions>true</extensions>
 				<configuration>
 					<nexusUrl>${nexusproxy}</nexusUrl>
@@ -133,7 +132,6 @@
 			<plugin>
 				<groupId>org.jacoco</groupId>
 				<artifactId>jacoco-maven-plugin</artifactId>
-				<version>0.7.7.201606060606</version>
 				<configuration>
 					<dumpOnExit>true</dumpOnExit>
 					<includes>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
index 70111882..8933963d 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
@@ -34,6 +34,8 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
 import java.io.StringReader;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.KeyFactory;
@@ -41,8 +43,10 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.Certificate;
@@ -444,4 +448,39 @@ public class Factory {
 			tt.done();
 		}	
 	}
+
+	/**
+	 * Get the Security Provider, or, if not exists yet, attempt to load
+	 * 
+	 * @param providerType
+	 * @param params
+	 * @return
+	 * @throws CertException
+	 */
+	public static synchronized Provider getSecurityProvider(String providerType, String[][] params) throws CertException {
+		Provider p = Security.getProvider(providerType);
+		if(p!=null) {
+			switch(providerType) {
+				case "PKCS12":
+					
+					break;
+				case "PKCS11": // PKCS11 only known to be supported by Sun
+					try {
+						Class<?> clsSunPKCS11 = Class.forName("sun.security.pkcs11.SunPKCS11");
+						Constructor<?> cnst = clsSunPKCS11.getConstructor(String.class);
+						Object sunPKCS11 = cnst.newInstance(params[0][0]);
+						if (sunPKCS11==null) {
+							throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]);
+						}
+						Security.addProvider((Provider)sunPKCS11);
+					} catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+						throw new CertException(e);
+					}
+					break;
+				default:
+					throw new CertException(providerType + " is not a known Security Provider for your JDK.");
+			}
+		}
+		return p;
+	}
 }
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
index a4d095ea..9360e02f 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
@@ -41,12 +41,6 @@ import certman.v1_0.CertInfo;
 
 public class PlaceArtifactInKeystore extends ArtifactDir {
 	private String kst;
-	//TODO get ROOT DNs or Trusted DNs from Certificate Manager.
-//	private static String[] rootDNs = new String[]{			
-//			"CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", // Lab.  delete eventually
-//			"CN=ATT AAF CADI TEST CA, OU=CSO, O=ATT, C=US",
-//			"CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"
-//	};
 
 	public PlaceArtifactInKeystore(String kst) {
 		this.kst = kst;
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
index 5bea1981..d2971848 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
@@ -75,6 +75,7 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
 	}
 	//TODO broken JUNIT with MOCKITO
 	@Test
@@ -90,6 +91,7 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission1() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
 	}
 	//TODO broken JUNIT with MOCKITO
 	@Test
@@ -105,6 +107,8 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission2() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
+
 	}
 	//TODO broken JUNIT with MOCKITO
 	@Test
@@ -120,6 +124,8 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission3() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
+
 	}
 	//TODO broken JUNIT with MOCKITO
 	@Test
@@ -135,6 +141,8 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission4() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
+
 	}
 	//TODO broken JUNIT with MOCKITO
 	@Test
@@ -150,5 +158,7 @@ public class JU_AAFAuthnTest {
 	@Test
 	public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission5() throws Exception {
 		AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+		assertNotNull(auth);
+
 	}
 }
diff --git a/cadi/cass/.gitignore b/cadi/cass/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/cass/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/client/.gitignore b/cadi/client/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/client/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/core/.gitignore b/cadi/core/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/core/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index dda4b6cd..122996a6 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -347,23 +347,26 @@ public class Config {
 					if(AAF_TAF_CLASS_DEF.equals(aafTafClassName)) { 
 						try {
 							Class<?> aafTafClass = loadClass(access,aafTafClassName);
-		
-							Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
-							if(cstr!=null) {
-								if(lur instanceof AbsUserCache) {
-									aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);
-								} else {
-									cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
-									if(cstr!=null) {
-										aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn);
+							if(aafTafClass!=null) {
+								Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
+								if(cstr!=null) {
+									if(lur instanceof AbsUserCache) {
+										aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);
+									} else {
+										cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
+										if(cstr!=null) {
+											aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn);
+										}
+									}
+									if(aaftaf==null) {
+										access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured");
+									} else {
+										access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
+										// Note: will add later, after all others configured
 									}
 								}
-								if(aaftaf==null) {
-									access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured");
-								} else {
-									access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
-									// Note: will add later, after all others configured
-								}
+							} else {
+								access.log(Level.INIT, "There is no AAF TAF class available: %s. AAF TAF not configured.",aafTafClassName);
 							}
 						} catch(Exception e) {
 							access.log(Level.INIT,"ERROR! AAF TAF Failed construction.  NOT Configured",e);
diff --git a/cadi/core/target/classes/.gitignore b/cadi/core/target/classes/.gitignore
new file mode 100644
index 00000000..cf1db2ee
--- /dev/null
+++ b/cadi/core/target/classes/.gitignore
@@ -0,0 +1 @@
+/org/
diff --git a/cadi/core/target/test-classes/.gitignore b/cadi/core/target/test-classes/.gitignore
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/cadi/core/target/test-classes/.gitignore
diff --git a/cadi/oauth-enduser/.gitignore b/cadi/oauth-enduser/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/oauth-enduser/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/shiro/.gitignore b/cadi/shiro/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/shiro/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/target/.gitignore b/cadi/target/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/target/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project