diff options
author | Instrumental <jonathan.gathman@att.com> | 2018-11-08 16:29:04 -0600 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2018-11-08 16:29:10 -0600 |
commit | b2925aafd63f031392a4a5d44e105d047af7eed2 (patch) | |
tree | 5be791b54c270cee2116b48578e6cd1088e1c1e6 /cadi | |
parent | 07c721465a0cc40d8e215cf5411bfd825b2c6b13 (diff) |
Improve nonContainer Agent Config2.1.7
Issue-ID: AAF-619
Change-Id: I9ea4a5a7fb1d5006d50ffc70f0bc0f98812d1513
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'cadi')
12 files changed, 155 insertions, 96 deletions
diff --git a/cadi/aaf/.gitignore b/cadi/aaf/.gitignore index 6028f0a5..1bcf2ef5 100644 --- a/cadi/aaf/.gitignore +++ b/cadi/aaf/.gitignore @@ -2,3 +2,4 @@ /.settings/ /target/ /.project +/tokens/ diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java index 43709ccc..0dc51106 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java @@ -23,7 +23,8 @@ package org.onap.aaf.cadi.aaf; public interface Defaults { public final static String AAF_VERSION = "2.1"; public final static String AAF_NS = "AAF_NS"; - public final static String AAF_ROOT = "https://AAF_LOCATE_URL/" + AAF_NS; + public final static String AAF_LOCATE_CONST="https://AAF_LOCATE_URL"; + public final static String AAF_ROOT = AAF_LOCATE_CONST + '/' + AAF_NS; public final static String AAF_URL = AAF_ROOT + ".service:" + AAF_VERSION; public final static String GUI_URL = AAF_ROOT + ".gui:" + AAF_VERSION; public final static String CM_URL = AAF_ROOT + ".cm:" + AAF_VERSION; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java index ccba7c1a..08ee900f 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java @@ -27,6 +27,7 @@ import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.Socket; import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -79,16 +80,16 @@ public class TestConnectivity { List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si); ///////// print(true,"Test Connections driven by AAFLocator"); - URI serviceURI = new URI(Defaults.AAF_URL); + URI serviceURI = uri(access,"service"); for (URI uri : new URI[] { serviceURI, - new URI(Defaults.OAUTH2_TOKEN_URL), - new URI(Defaults.OAUTH2_INTROSPECT_URL), - new URI(Defaults.CM_URL), - new URI(Defaults.GUI_URL), - new URI(Defaults.FS_URL), - new URI(Defaults.HELLO_URL) + uri(access,"token"), + uri(access,"introspect"), + uri(access,"cm"), + uri(access,"gui"), + uri(access,"fs"), + uri(access,"hello") }) { Locator<URI> locator = new AAFLocator(si, uri); try { @@ -108,11 +109,16 @@ public class TestConnectivity { ////////// print(true,"Test essential BasicAuth Service call, driven by AAFLocator"); + boolean hasBath=false; for (SecuritySetter<HttpURLConnection> ss : lss) { if (ss instanceof HBasicAuthSS) { + hasBath=true; basicAuthTest(new AAFLocator(si, serviceURI),ss); } } + if(!hasBath) { + System.out.println("No User/Password to test"); + } } catch (Exception e) { e.printStackTrace(System.err); @@ -122,7 +128,17 @@ public class TestConnectivity { } } - private static List<SecuritySetter<HttpURLConnection>> loadSetters(PropAccess access, SecurityInfoC<HttpURLConnection> si) { + private static URI uri(PropAccess access, String ms) throws URISyntaxException { + String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS,"AAF_NS"); + String aaf_api_version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION); + String aaf_locate_url = access.getProperty(Config.AAF_LOCATE_URL,Defaults.AAF_LOCATE_CONST); + if("cm".equals(ms) && "2.0".equals(aaf_api_version)) { + ms = "certman"; + } + return new URI(aaf_locate_url + "/locate/" + aaf_root_ns + '.' + ms + ':' + aaf_api_version); + } + + private static List<SecuritySetter<HttpURLConnection>> loadSetters(PropAccess access, SecurityInfoC<HttpURLConnection> si) { print(true,"Load Security Setters from Configuration Information"); String user = access.getProperty(Config.AAF_APPID); @@ -253,9 +269,7 @@ public class TestConnectivity { HClient client = new HClient(ss, uri, 3000); client.setMethod("GET"); String user = ss.getID(); - if (user.indexOf('@')<0) { - user+="@isam.att.com"; - } + client.setPathInfo("/authz/perms/user/"+user); client.send(); Future<String> future = client.futureReadString(); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java index c7246466..9f617136 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java @@ -168,8 +168,10 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> protected static String nameFromLocatorURI(URI locatorURI) { String[] path = Split.split('/', locatorURI.getPath()); - if (path.length>2 && "locate".equals(path[1])) { - return path[2]; + if (path.length>1 && "locate".equals(path[1])) { + return path[2]; + } else if(path.length>1) { + return path[1]; } else { return locatorURI.toString(); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index 4a5fbd45..18430ef3 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -44,6 +44,7 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; +import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CmdLine; import org.onap.aaf.cadi.LocatorException; @@ -163,10 +164,13 @@ public class Agent { env = new RosettaEnv(access.getProperties()); Deque<String> cmds = new ArrayDeque<String>(); for (String p : args) { + int eq; if ("-noexit".equalsIgnoreCase(p)) { doExit = false; - } else if (p.indexOf('=') < 0) { + } else if ((eq=p.indexOf('=')) < 0) { cmds.add(p); + } else { + access.setProperty(p.substring(0,eq), p.substring(eq+1)); } } @@ -261,13 +265,7 @@ public class Agent { keypairGen(trans, access, cmds); break; case "config": - if (access.getProperty(Config.CADI_PROP_FILES)!=null) { - // Get Properties from initialization Prop Files - config(trans,access,null,cmds); - } else { - // Get Properties from existing AAF Instance - config(trans,access,aafcon(access),cmds); - } + config(trans,access,args,cmds); break; case "validate": validate(access); @@ -303,7 +301,7 @@ public class Agent { } } - private static synchronized AAFCon<?> aafcon(PropAccess access) throws APIException, CadiException, LocatorException { + private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException { if (aafcon==null) { aafcon = new AAFConHttp(access,Config.CM_URL); } @@ -739,37 +737,51 @@ public class Agent { System.out.printf("Wrote %s\n", f.getCanonicalFile()); } - private static void config(Trans trans, PropAccess pa, AAFCon<?> aafcon, Deque<String> cmds) throws Exception { - + private static void config(Trans trans, PropAccess propAccess, String[] args, Deque<String> cmds) throws Exception { TimeTaken tt = trans.start("Get Configuration", Env.REMOTE); try { final String fqi = fqi(cmds); Artifact arti = new Artifact(); - arti.setDir(pa.getProperty(Config.CADI_ETCDIR, ".")); + arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, ".")); arti.setNs(FQI.reverseDomain(fqi)); PropHolder loc = PropHolder.get(arti, "location.props"); PropHolder cred = PropHolder.get(arti,"cred.props"); PropHolder app= PropHolder.get(arti,"props"); + for(String c : args) { + int idx = c.indexOf('='); + if(idx>0) { + app.add(c.substring(0,idx), c.substring(idx+1)); + } + } app.add(Config.CADI_PROP_FILES, loc.getPath()+':'+cred.getPath()); for (String tag : LOC_TAGS) { - loc.add(tag, getProperty(pa, trans, false, tag, "%s: ",tag)); + loc.add(tag, getProperty(propAccess, trans, false, tag, "%s: ",tag)); } cred.add(Config.CADI_KEYFILE, cred.getKeyPath()); - cred.addEnc(Config.AAF_APPPASS, pa, null); + final String ssoAppID = propAccess.getProperty(Config.AAF_APPID); + if(fqi.equals(ssoAppID)) { + cred.addEnc(Config.AAF_APPPASS, propAccess, null); + // only Ask for Password when starting scratch + } else if(propAccess.getProperty(Config.CADI_PROP_FILES)==null) { + char[] pwd = AAFSSO.cons.readPassword("Password for %s: ", fqi); + if(pwd.length>0) { + cred.addEnc(Config.AAF_APPPASS, new String(pwd)); + } + } - app.add(Config.AAF_LOCATE_URL, pa, null); + app.add(Config.AAF_LOCATE_URL, propAccess, null); app.add(Config.AAF_APPID, fqi); - app.add(Config.AAF_URL, pa, Defaults.AAF_URL); + app.add(Config.AAF_URL, propAccess, Defaults.AAF_URL); - String cts = pa.getProperty(Config.CADI_TRUSTSTORE); + String cts = propAccess.getProperty(Config.CADI_TRUSTSTORE); if (cts!=null) { File origTruststore = new File(cts); if (!origTruststore.exists()) { // Try same directory as cadi_prop_files - String cpf = pa.getProperty(Config.CADI_PROP_FILES); + String cpf = propAccess.getProperty(Config.CADI_PROP_FILES); if (cpf!=null) { for (String f : Split.split(File.pathSeparatorChar, cpf)) { File fcpf = new File(f); @@ -792,57 +804,60 @@ public class Agent { Files.copy(origTruststore.toPath(), newTruststore.toPath()); } - cred.add(Config.CADI_TRUSTSTORE, pa, newTruststore.getCanonicalPath()); - cred.add(Config.CADI_TRUSTSTORE_PASSWORD, pa, "changeit" /* Java default */); + cred.add(Config.CADI_TRUSTSTORE, propAccess, newTruststore.getCanonicalPath()); + cred.addEnc(Config.CADI_TRUSTSTORE_PASSWORD, propAccess, "changeit" /* Java default */); - if (aafcon!=null) { // get Properties from Remote AAF - final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); - - Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator)) - .read("/configure/"+fqi+"/aaf", configDF); - if (acf.get(TIMEOUT)) { - for (Props props : acf.value.getProps()) { - PropHolder ph = CRED_TAGS.contains(props.getTag())?cred:app; - if(props.getTag().endsWith("_password")) { - ph.addEnc(props.getTag(), props.getValue()); - } else { - ph.add(props.getTag(), props.getValue()); - } + String cpf = propAccess.getProperty(Config.CADI_PROP_FILES); + if (cpf!=null){ + for (String f : Split.split(File.pathSeparatorChar, cpf)) { + System.out.format("Reading %s\n",f); + FileInputStream fis = new FileInputStream(f); + try { + Properties props = new Properties(); + props.load(fis); + for (Entry<Object, Object> prop : props.entrySet()) { + boolean lower = true; + String key = prop.getKey().toString(); + for(int i=0;lower && i<key.length();++i) { + if(Character.isUpperCase(key.charAt(i))) { + lower = false; + } + } + if(lower) { + PropHolder ph = CRED_TAGS.contains(key)?cred:app; + if(key.endsWith("_password")) { + ph.addEnc(key, prop.getValue().toString()); + } else { + ph.add(key, prop.getValue().toString()); + } + } + } + } finally { + fis.close(); } - } else if (acf.code()==401){ - trans.error().log("Bad Password sent to AAF"); - } else { - trans.error().log(errMsg.toMsg(acf)); } } else { - String cpf = pa.getProperty(Config.CADI_PROP_FILES); - if (cpf!=null){ - for (String f : Split.split(File.pathSeparatorChar, cpf)) { - System.out.format("Reading %s\n",f); - FileInputStream fis = new FileInputStream(f); - try { - Properties props = new Properties(); - props.load(fis); - for (Entry<Object, Object> prop : props.entrySet()) { - boolean lower = true; - String key = prop.getKey().toString(); - for(int i=0;lower && i<key.length();++i) { - if(Character.isUpperCase(key.charAt(i))) { - lower = false; - } - } - if(lower) { - PropHolder ph = CRED_TAGS.contains(key)?cred:app; - if(key.endsWith("_password")) { - ph.addEnc(key, prop.getValue().toString()); - } else { - ph.add(key, prop.getValue().toString()); - } - } - } - } finally { - fis.close(); + aafcon = aafcon(propAccess); + if (aafcon!=null) { // get Properties from Remote AAF + final String locator = getProperty(propAccess,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); + + Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator)) + .read("/configure/"+fqi+"/aaf", configDF); + if (acf.get(TIMEOUT)) { + for (Props props : acf.value.getProps()) { + PropHolder ph = CRED_TAGS.contains(props.getTag())?cred:app; + if(props.getTag().endsWith("_password")) { + ph.addEnc(props.getTag(), props.getValue()); + } else { + ph.add(props.getTag(), props.getValue()); + } } + } else if (acf.code()==401){ + trans.error().log("Bad Password sent to AAF"); + } else if (acf.code()==404){ + trans.error().log("This version of AAF does not support remote Properties"); + } else { + trans.error().log(errMsg.toMsg(acf)); } } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PropHolder.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PropHolder.java index 0f9666ca..d066d97a 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PropHolder.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PropHolder.java @@ -117,7 +117,13 @@ public class PropHolder { } public void addEnc(final String tag, Access orig, final String def) throws IOException { - addEnc(tag,orig.getProperty(tag, def)); + String pwd = orig.getProperty(tag, def); + if(pwd==null) { + return; + } else if(pwd.startsWith("enc:")) { + pwd = orig.decrypt(pwd, true); + } + addEnc(tag,pwd); } public void write() throws IOException { diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java index 9552d397..66f1af0c 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java @@ -179,11 +179,16 @@ public class AAFSSO { appID=null; } - if (appID!=null && access.getProperty(Config.AAF_APPPASS)==null) { - char[] password = cons.readPassword("Password for %s: ", appID); - String app_pass = access.encrypt(new String(password)); - access.setProperty(Config.AAF_APPPASS,app_pass); - diskprops.setProperty(Config.AAF_APPPASS, app_pass); + if (appID!=null) { + diskprops.setProperty(Config.AAF_APPID,appID); + if( access.getProperty(Config.AAF_APPPASS)==null) { + char[] password = cons.readPassword("Password for %s: ", appID); + if(password.length>0) { + String app_pass = access.encrypt(new String(password)); + access.setProperty(Config.AAF_APPPASS,app_pass); + diskprops.setProperty(Config.AAF_APPPASS,app_pass); + } + } } String keystore=access.getProperty(Config.CADI_KEYSTORE); @@ -308,12 +313,20 @@ public class AAFSSO { addProp(Config.AAF_LOCATE_URL, locateUrl); } - final String apiVersion = access.getProperty(Config.AAF_API_VERSION); + final String apiVersion = access.getProperty(Config.AAF_API_VERSION, Config.AAF_DEFAULT_API_VERSION); + final String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS); + String locateRoot; + if(aaf_root_ns==null) { + locateRoot=Defaults.AAF_ROOT; + } else { + locateRoot = Defaults.AAF_LOCATE_CONST + '/' + aaf_root_ns; + } if(access.getProperty(Config.AAF_URL)==null) { - access.setProperty(Config.AAF_URL, apiVersion==null?Defaults.AAF_URL:Defaults.AAF_ROOT+".service:"+apiVersion); + + access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion); } if(access.getProperty(Config.CM_URL)==null) { - access.setProperty(Config.CM_URL, apiVersion==null?Defaults.CM_URL:Defaults.AAF_ROOT+".cm:"+apiVersion); + access.setProperty(Config.CM_URL, locateRoot+".cm:"+apiVersion); } String cadiLatitude = access.getProperty(Config.CADI_LATITUDE); if (cadiLatitude==null) { diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java index 14f96733..64e9572e 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java @@ -90,7 +90,7 @@ public class JU_AbsAAFLocator { public void nameFromLocatorURITest() throws LocatorException, URISyntaxException { AAFLocatorStub loc = new AAFLocatorStub(access, "name:v2.0"); assertThat(loc.getNameFromURI(new URI("example.com")), is("example.com")); - assertThat(loc.getNameFromURI(new URI("example.com/extra/stuff")), is("example.com/extra/stuff")); + assertThat(loc.getNameFromURI(new URI("example.com/extra/stuff")), is("extra")); assertThat(loc.getNameFromURI(new URI("example.com/locate/stuff")), is("stuff")); // n' stuff } diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HBasicAuthSS.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HBasicAuthSS.java index 7e5cbd3b..30673f75 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HBasicAuthSS.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HBasicAuthSS.java @@ -33,6 +33,9 @@ import org.onap.aaf.cadi.principal.BasicPrincipal; public class HBasicAuthSS extends HAuthorizationHeader implements BasicAuth { public HBasicAuthSS(SecurityInfoC<HttpURLConnection> si, String user, String password) throws IOException { super(si, user, "Basic " + Symm.base64noSplit.encode(user + ':' + password)); + if(password==null) { + throw new IOException("No password passed for " + user); + } } public HBasicAuthSS(SecurityInfoC<HttpURLConnection> si) throws IOException { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index 8467c7c6..97984b03 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -398,4 +398,8 @@ public class PropAccess implements Access { public void set(LogIt logit) { logIt = logit; } + + public String toString() { + return props.toString(); + } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 2f9de6cf..3d668c42 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -774,7 +774,7 @@ public class Config { Method meth = lcls.getMethod("create",String.class); locator = (Locator<URI>)meth.invoke(null,url); } catch (Exception e) { - access.log(Level.INIT, e); + access.log(Level.DEBUG, "(Not fatal) Cannot load by create(String)", e); } if (locator==null) { URI locatorURI = new URI(url); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java index bb9981bf..e3eb34be 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java @@ -152,7 +152,9 @@ public class SecurityInfo { protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException { String keyStore = access.getProperty(Config.CADI_KEYSTORE, null); - if (keyStore != null && !new File(keyStore).exists()) { + if(keyStore==null) { + return; + } else if (!new File(keyStore).exists()) { throw new CadiException(keyStore + " does not exist"); } @@ -201,16 +203,14 @@ public class SecurityInfo { protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException { String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null); - if (trustStore != null && !new File(trustStore).exists()) { + if(trustStore==null) { + return; + } else if(!new File(trustStore).exists()) { throw new CadiException(trustStore + " does not exist"); } - if (trustStore == null) { - return; - } - String trustStorePasswd = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null); - trustStorePasswd = (trustStorePasswd == null) ? "changeit"/*defacto Java Trust Pass*/ : access.decrypt(trustStorePasswd, false); + trustStorePasswd = (trustStorePasswd == null ) ? "changeit"/*defacto Java Trust Pass*/ : access.decrypt(trustStorePasswd, false); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM); File file; |