summaryrefslogtreecommitdiffstats
path: root/cadi
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-03-29 09:58:42 -0500
committerInstrumental <jcgmisc@stl.gathman.org>2018-03-29 09:58:52 -0500
commit3635fc5c8d8409d1c5e0f521469a6aaca4d19ffe (patch)
tree11ca165582a9b040923e475e1528afa6fcbde425 /cadi
parent52f34cd975401f918169fe9373b0b4576f6b36ef (diff)
Local CA to use Keystores
Issue-ID: AAF-204 Change-Id: I59491ffa26d5ea117a98470f38f090900b9e1b4e Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'cadi')
-rw-r--r--cadi/.gitignore2
-rw-r--r--cadi/aaf/.gitignore4
-rw-r--r--cadi/aaf/pom.xml2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java39
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java6
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java10
-rw-r--r--cadi/cass/.gitignore4
-rw-r--r--cadi/client/.gitignore4
-rw-r--r--cadi/core/.gitignore4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java33
-rw-r--r--cadi/core/target/classes/.gitignore1
-rw-r--r--cadi/core/target/test-classes/.gitignore0
-rw-r--r--cadi/oauth-enduser/.gitignore4
-rw-r--r--cadi/shiro/.gitignore4
-rw-r--r--cadi/target/.gitignore4
15 files changed, 98 insertions, 23 deletions
diff --git a/cadi/.gitignore b/cadi/.gitignore
new file mode 100644
index 00000000..58c32c89
--- /dev/null
+++ b/cadi/.gitignore
@@ -0,0 +1,2 @@
+/.project
+/.settings/
diff --git a/cadi/aaf/.gitignore b/cadi/aaf/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/aaf/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index 77b09641..7a8185c7 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -122,7 +122,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -133,7 +132,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>0.7.7.201606060606</version>
<configuration>
<dumpOnExit>true</dumpOnExit>
<includes>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
index 70111882..8933963d 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java
@@ -34,6 +34,8 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringReader;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
@@ -41,8 +43,10 @@ import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
+import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
@@ -444,4 +448,39 @@ public class Factory {
tt.done();
}
}
+
+ /**
+ * Get the Security Provider, or, if not exists yet, attempt to load
+ *
+ * @param providerType
+ * @param params
+ * @return
+ * @throws CertException
+ */
+ public static synchronized Provider getSecurityProvider(String providerType, String[][] params) throws CertException {
+ Provider p = Security.getProvider(providerType);
+ if(p!=null) {
+ switch(providerType) {
+ case "PKCS12":
+
+ break;
+ case "PKCS11": // PKCS11 only known to be supported by Sun
+ try {
+ Class<?> clsSunPKCS11 = Class.forName("sun.security.pkcs11.SunPKCS11");
+ Constructor<?> cnst = clsSunPKCS11.getConstructor(String.class);
+ Object sunPKCS11 = cnst.newInstance(params[0][0]);
+ if (sunPKCS11==null) {
+ throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]);
+ }
+ Security.addProvider((Provider)sunPKCS11);
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new CertException(e);
+ }
+ break;
+ default:
+ throw new CertException(providerType + " is not a known Security Provider for your JDK.");
+ }
+ }
+ return p;
+ }
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
index a4d095ea..9360e02f 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java
@@ -41,12 +41,6 @@ import certman.v1_0.CertInfo;
public class PlaceArtifactInKeystore extends ArtifactDir {
private String kst;
- //TODO get ROOT DNs or Trusted DNs from Certificate Manager.
-// private static String[] rootDNs = new String[]{
-// "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", // Lab. delete eventually
-// "CN=ATT AAF CADI TEST CA, OU=CSO, O=ATT, C=US",
-// "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"
-// };
public PlaceArtifactInKeystore(String kst) {
this.kst = kst;
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
index 5bea1981..d2971848 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/JU_AAFAuthnTest.java
@@ -75,6 +75,7 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
}
//TODO broken JUNIT with MOCKITO
@Test
@@ -90,6 +91,7 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission1() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
}
//TODO broken JUNIT with MOCKITO
@Test
@@ -105,6 +107,8 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission2() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
+
}
//TODO broken JUNIT with MOCKITO
@Test
@@ -120,6 +124,8 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission3() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
+
}
//TODO broken JUNIT with MOCKITO
@Test
@@ -135,6 +141,8 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission4() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
+
}
//TODO broken JUNIT with MOCKITO
@Test
@@ -150,5 +158,7 @@ public class JU_AAFAuthnTest {
@Test
public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission5() throws Exception {
AAFAuthn<HttpsURLConnection> auth = con.newAuthn(cache);
+ assertNotNull(auth);
+
}
}
diff --git a/cadi/cass/.gitignore b/cadi/cass/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/cass/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/client/.gitignore b/cadi/client/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/client/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/core/.gitignore b/cadi/core/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/core/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index dda4b6cd..122996a6 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -347,23 +347,26 @@ public class Config {
if(AAF_TAF_CLASS_DEF.equals(aafTafClassName)) {
try {
Class<?> aafTafClass = loadClass(access,aafTafClassName);
-
- Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
- if(cstr!=null) {
- if(lur instanceof AbsUserCache) {
- aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);
- } else {
- cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
- if(cstr!=null) {
- aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn);
+ if(aafTafClass!=null) {
+ Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
+ if(cstr!=null) {
+ if(lur instanceof AbsUserCache) {
+ aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);
+ } else {
+ cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
+ if(cstr!=null) {
+ aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn);
+ }
+ }
+ if(aaftaf==null) {
+ access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured");
+ } else {
+ access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
+ // Note: will add later, after all others configured
}
}
- if(aaftaf==null) {
- access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured");
- } else {
- access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
- // Note: will add later, after all others configured
- }
+ } else {
+ access.log(Level.INIT, "There is no AAF TAF class available: %s. AAF TAF not configured.",aafTafClassName);
}
} catch(Exception e) {
access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured",e);
diff --git a/cadi/core/target/classes/.gitignore b/cadi/core/target/classes/.gitignore
new file mode 100644
index 00000000..cf1db2ee
--- /dev/null
+++ b/cadi/core/target/classes/.gitignore
@@ -0,0 +1 @@
+/org/
diff --git a/cadi/core/target/test-classes/.gitignore b/cadi/core/target/test-classes/.gitignore
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/cadi/core/target/test-classes/.gitignore
diff --git a/cadi/oauth-enduser/.gitignore b/cadi/oauth-enduser/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/oauth-enduser/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/shiro/.gitignore b/cadi/shiro/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/shiro/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project
diff --git a/cadi/target/.gitignore b/cadi/target/.gitignore
new file mode 100644
index 00000000..6028f0a5
--- /dev/null
+++ b/cadi/target/.gitignore
@@ -0,0 +1,4 @@
+/.classpath
+/.settings/
+/target/
+/.project