diff options
43 files changed, 1615 insertions, 186 deletions
@@ -3,3 +3,4 @@ /target/ /temp/ .metadata/ +/cadisample/ diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 4c03f313..95041ea3 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -351,9 +351,9 @@ public class Question { * * Given a Child Namespace, figure out what the best Namespace parent is. * - * For instance, if in the NS table, the parent "com.att" exists, but not + * For instance, if in the NS table, the parent "org.osaaf" exists, but not * "org.osaaf.child" or "org.osaaf.a.b.c", then passing in either - * "org.osaaf.child" or "org.osaaf.a.b.c" will return "com.att" + * "org.osaaf.child" or "org.osaaf.a.b.c" will return "org.osaaf" * * Uses recursive search on Cached DAO data * diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java index 24416c92..46a6393a 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java @@ -33,7 +33,7 @@ import org.onap.aaf.cadi.cm.Factory; * Have to put the Cert and resulting Trust Chain together. * Treating them separately has caused issues * - * @author jg1555 + * @author JonathanGathman * */ public class X509andChain { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java index 4fdac6a6..7f4590f3 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java @@ -48,7 +48,7 @@ import org.onap.aaf.misc.env.Trans; * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory * utilizes only Java abstractions, and is useful in Client code. * - * @author jg1555 + * @author JonathanGathman * */ public class BCFactory extends Factory { diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java index 3faa5bbf..7d3f25ca 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java @@ -120,8 +120,8 @@ public class CertmanTest { // @Override // public Void code(Rcli<?> client) throws APIException, CadiException { // CertificateRequest cr = new CertificateRequest(); -// cr.setMechid("m12345@aaf.att.com"); -// cr.setSponsor("jg1555"); +// cr.setMechid("a12345@org.osaaf.org"); +// cr.setSponsor("something"); // cr.getFqdns().add("mithrilcsp.sbc.com"); // cr.getFqdns().add("zld01907.vci.att.com"); // cr.getFqdns().add("aaftest.test.att.com"); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java index 896cbb30..7f41650d 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java @@ -228,7 +228,7 @@ public abstract class Cmd { } else if(desc.startsWith("{")) { StringReader sr = new StringReader(desc); try { - // Note: 11-18-2013, JG1555. This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices. + // Note: 11-18-2013, JonathanGathman. This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices. Error err = getDF(Error.class).newData().in(TYPE.JSON).load(sr).asObject(); sb.append(" ["); sb.append(err.getMessageId()); diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_List.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_List.java index 9eb4b75b..a5b58ef0 100644 --- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_List.java +++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_List.java @@ -150,12 +150,13 @@ public class JU_List { pkey.setAction("test"); pkey.setInstance("test"); pkey.setType("test"); - - list.report(roles, perms , urs , "test"); + role.addPerms(pkey); list.report(roles, perms , null , "test"); - cli.eval("DETAILS @[ 123"); + list.report(roles, perms , urs , "test"); + + aafcli.eval("DETAILS @[ 123"); role.setName("test"); - role.addPerms(pkey); + list.report(roles, perms , urs , "test"); } diff --git a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java new file mode 100644 index 00000000..9368d4d7 --- /dev/null +++ b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java @@ -0,0 +1,91 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.fs.test; + +import static org.junit.Assert.*; + +import org.onap.aaf.auth.env.AuthzEnv; +import org.onap.aaf.auth.fs.AAF_FS; +import org.onap.aaf.auth.rserv.CachingFileAccess; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.Slot; +import org.onap.aaf.misc.env.StaticSlot; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import static org.mockito.Mockito.*; + +import java.io.File; +import java.io.IOException; + +import org.junit.Test; + +public class JU_AAF_FS { + AuthzEnv aEnv; + AAF_FS aafFs; + File fService; + File fEtc; + String value; + File d; + private static final String testDir = "src/test/resources/logs"; + + @Before + public void setUp() throws APIException, IOException, CadiException { + value = System.setProperty(Config.CADI_LOGDIR, testDir); + System.setProperty(Config.CADI_ETCDIR, testDir); + System.out.println(ClassLoader.getSystemResource("org.osaaf.log4j.props")); + d = new File(testDir); + d.mkdirs(); + fService = new File(d +"/fs-serviceTEST.log"); + fService.createNewFile(); + fEtc = new File(d + "/org.osaaf.log4j.props"); + fEtc.createNewFile(); + + aEnv = new AuthzEnv(); + aEnv.staticSlot("test"); + aEnv.access().setProperty("aaf_public_dir", "test"); + aEnv.access().setProperty(Config.AAF_COMPONENT, "aaf_com:po.nent"); + aafFs = new AAF_FS(aEnv); + + } + + @Test + public void testMain() { + String[] strArr = {"AAF_LOG4J_PREFIX"}; + + aafFs.main(strArr); + } + + @After + public void cleanUp() { + for(File f : d.listFiles()) { + f.delete(); + } + d.delete(); + } + +} diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index 7d2a0172..23713d82 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -122,8 +122,6 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E sTheme = env.staticSlot(CachingFileAccess.CFA_WEB_PATH,access.getProperty(CachingFileAccess.CFA_WEB_PATH,null)==null?AAF_GUI_THEME:CachingFileAccess.CFA_WEB_PATH); theme = env.getProperty(AAF_GUI_THEME); - //OrganizationFactory.setDefaultOrg(env, "org.osaaf.authz.org.att.ATT"); - slot_httpServletRequest = env.slot(HTTP_SERVLET_REQUEST); String[] component = Split.split(':', access.getProperty(Config.AAF_COMPONENT, "N/A:2.x")); if(component.length>1) { diff --git a/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/JU_BasicAuthCodeTest.java b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/JU_BasicAuthCodeTest.java new file mode 100644 index 00000000..eea60eb0 --- /dev/null +++ b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/JU_BasicAuthCodeTest.java @@ -0,0 +1,115 @@ +/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.locate;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.http.HttpStatus;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.locate.facade.LocateFacade;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.principal.BasicPrincipal;
+import org.onap.aaf.cadi.principal.X509Principal;
+import org.onap.aaf.misc.env.LogTarget;
+
+public class JU_BasicAuthCodeTest {
+
+ @Mock
+ AAFAuthn authn;
+
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ AuthzTrans trans;
+
+ @Mock
+ HttpServletRequest req;
+
+ @Mock
+ HttpServletResponse resp;
+
+ @Mock
+ LogTarget error;
+
+ @Mock
+ LocateFacade facade;
+
+ @Mock
+ BasicPrincipal basicPrincipal;
+ @Mock
+ X509Principal x509Principal;
+
+ @Before
+ public void setUp() throws Exception {
+ initMocks(this);
+ }
+
+ @Test
+ public void testWithNullUserPrincipal() throws Exception {
+ BasicAuthCode basicAuthCode = new BasicAuthCode(authn, facade);
+ LocateCode locateCode = basicAuthCode.clone(facade, false);
+
+ assertEquals(locateCode.desc(), basicAuthCode.desc());
+
+ when(trans.getUserPrincipal()).thenReturn(null);
+ when(trans.error()).thenReturn(error);
+
+ basicAuthCode.handle(trans, req, resp);
+ }
+
+ @Test
+ public void testWithBasicUserPrincipal() throws Exception {
+ BasicAuthCode basicAuthCode = new BasicAuthCode(authn, facade);
+ LocateCode locateCode = basicAuthCode.clone(facade, false);
+
+ assertEquals(locateCode.desc(), basicAuthCode.desc());
+
+ when(trans.getUserPrincipal()).thenReturn(basicPrincipal);
+
+ basicAuthCode.handle(trans, req, resp);
+
+ verify(resp).setStatus(HttpStatus.OK_200);
+ }
+
+ @Test
+ public void testWithX509UserPrincipal() throws Exception {
+ BasicAuthCode basicAuthCode = new BasicAuthCode(authn, facade);
+ LocateCode locateCode = basicAuthCode.clone(facade, false);
+
+ assertEquals(locateCode.desc(), basicAuthCode.desc());
+
+ when(trans.getUserPrincipal()).thenReturn(x509Principal);
+ when(req.getHeader("Authorization")).thenReturn("Basic 76//76");
+
+ basicAuthCode.handle(trans, req, resp);
+
+ verify(resp).setStatus(HttpStatus.FORBIDDEN_403);
+ }
+
+}
diff --git a/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/mapper/JU_Mapper_1_0Test.java b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/mapper/JU_Mapper_1_0Test.java new file mode 100644 index 00000000..93b39b2d --- /dev/null +++ b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/mapper/JU_Mapper_1_0Test.java @@ -0,0 +1,65 @@ +/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.locate.mapper;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onap.aaf.auth.locate.mapper.Mapper.API;
+
+import locate.v1_0.Endpoints;
+import locate.v1_0.MgmtEndpoints;
+import locate_local.v1_0.Error;
+import locate_local.v1_0.InRequest;
+import locate_local.v1_0.Out;
+
+public class JU_Mapper_1_0Test {
+
+ @Before
+ public void setUp() throws Exception {
+
+ }
+
+ @Test
+ public void testGetClasses() {
+ Mapper_1_0 mapper = new Mapper_1_0();
+ assertEquals(InRequest.class, mapper.getClass(API.IN_REQ));
+ assertEquals(Out.class, mapper.getClass(API.OUT));
+ assertEquals(Error.class, mapper.getClass(API.ERROR));
+ assertEquals(Void.class, mapper.getClass(API.VOID));
+ assertEquals(Endpoints.class, mapper.getClass(API.ENDPOINTS));
+ assertEquals(MgmtEndpoints.class, mapper.getClass(API.MGMT_ENDPOINTS));
+ }
+
+ @Test
+ public void testNewInstance() {
+ Mapper_1_0 mapper = new Mapper_1_0();
+ assertTrue(mapper.newInstance(API.IN_REQ) instanceof InRequest);
+ assertTrue(mapper.newInstance(API.OUT) instanceof Out);
+ assertTrue(mapper.newInstance(API.ERROR) instanceof Error);
+ assertTrue(mapper.newInstance(API.ENDPOINTS) instanceof Endpoints);
+ assertTrue(mapper.newInstance(API.MGMT_ENDPOINTS) instanceof MgmtEndpoints);
+ assertEquals(null, mapper.newInstance(API.VOID));
+ }
+
+}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index b5676372..b66516e0 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -1739,7 +1739,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS @Override public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action) { final Validator v = new ServiceValidator(); - if(v.permType(type,null) + if(v.permType(type) .permInstance(instance) .permAction(action) .err()) { diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index 3c40e500..358829ef 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -1,5 +1,5 @@ # -# Identities.dat +# Sample Identities.dat # This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with # out-of-the-box tire-kicking, or even for Small companies # @@ -16,36 +16,21 @@ # 5 - official email # 6 - employment status e=employee, c=contractor, a=application, n=no longer with company # 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) -jonathan|Jonathan C Gathman|Jonathan|Gathman|314-550-3312|jonathan.gathman@att.com|e| -clefevre|Catherine LeFevre|Catherine|LeFevre||catherine.lefevre@att.com|e| -ramkoya|Ram Koya|Ram|Koya||ram.koya@att.com|e|clefevre -chris|Chris Varner|Chris|Varner|469-375-0774|chris.varner@att.com|c|anne -ian|Ian Howell|Ian|Howell|314-450-2782|ian.howell@att.com|e|jonathan -gabe|Gabe B Maurer|Gabe|Maurer|314-962-9579|gabe.maurer@att.com|e|jonathan -sai|Sai Gandham|Sai|Gandham|424-265-9959|sai.gandham@att.com|c|anne -anne|Anne E Kopp|Anne|Kopp|512-244-4280|anne.e.kopp@att.com|e|jonathan -aaf|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan -a2345z|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan -aaf_authz|AAF App|AAF|Application||jonathan.gathman@att.com|a|jonathan -kirank|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|e|ramkoya -aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirank -djtimoney|Dan Timoney|Dan|Timoney|+1 (732) 420-3226|dt5972@att.com|e|ramkoya -xuegao|Xue Gao|Xue|Gao|0032479670327|xg353y@att.com|e|clefevre -clamp|Clamp Application|clamp|Application||xg353y@att.com|a|xuegao -dmaapbc|DMaap Bus Controller|DMaap|Bus Controller||dgl@research.att.com|a|dgfromatt -dglfromatt|Dominic Lunanuova|Dominic|Lunanuova|732-420-9618|dgl@research.att.com|e|ramokoya -puthenpura|Sarat Puthenpura|Sarat|Puthenpura|||e|clefevre -ruoyu|Ruoyu Ying|Ruoyu|Ying|13661960772|ruoyu.ying@intel.com|e|puthenpura -sunilu|Sunil Unnava|Sunil|Unnava|6094541858|sunil.unnava@att.com|e|ramkoya -dmaapmr|DMaap Message Router|DMaap MR|Message Router||su622b@att.com|a|sunilu -oof|OOF|OOF|OOF||sarat@research.att.com|a|saratp -saratp|Sarat Puthenpura|Sarat|Puthenpura|9089012067|sarat@research.att.com|e|clefevre +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl # ONAP default Users -demo|PORTAL DEMO|PORTAL|DEMO|||e|jonathan -jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|jonathan -cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|jonathan -jm0007|PORTAL TESTER|PORTAL|TESTER|||e|jonathan -op0001|PORTAL OPS|PORTAL|OPS|||e|jonathan -gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|jonathan +demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager +op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat index 39d18a12..358829ef 100644 --- a/auth/sample/data/sample.identities.dat +++ b/auth/sample/data/sample.identities.dat @@ -25,3 +25,12 @@ mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e| ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager osaaf|ID of AAF|||||a|bdevl +# ONAP default Users +demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager +op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager + + diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12 Binary files differindex e4d33924..f40a7556 100644 --- a/auth/sample/local/org.osaaf.aaf.p12 +++ b/auth/sample/local/org.osaaf.aaf.p12 diff --git a/auth/sample/local/org.osaaf.aaf.props b/auth/sample/local/org.osaaf.aaf.props index f5970b01..975f80cc 100644 --- a/auth/sample/local/org.osaaf.aaf.props +++ b/auth/sample/local/org.osaaf.aaf.props @@ -10,8 +10,8 @@ aaf_env=DEV cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 -cadi_keystore_password=enc:4L1xY_7mYTuk57SPWZetza5WlgBUYBe8pbT1-AWKO1-5PAbSTynQEc5TU7ZeomfN +cadi_keystore_password=enc:3O7HDzEzdYatFYb83-jV69MNzN8qIW975SS70qCs7xri0b1n4r5viHo1lrM6K8om #cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> -cadi_alias=aaf@aaf.osaaf.org +cadi_alias=aaf-authz@aaf.osaaf.org cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java index 37fb859e..e586d991 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java @@ -71,7 +71,6 @@ public class AAFPermission implements Permission { * If you want a simple field comparison, it is faster without REGEX */ public boolean match(Permission p) { - boolean rv; String aafType; String aafInstance; String aafAction; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java index 4f60edaf..e7e3ef35 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java @@ -79,15 +79,16 @@ public class AAFLocator extends AbsAAFLocator<BasicTrans> { int slash = aaf_locator_host.lastIndexOf("//"); host = aaf_locator_host.substring(slash+2); } - client = new HClient(ss, new URI( - locatorURI.getScheme(), - locatorURI.getUserInfo(), - host, - locatorURI.getPort(), - "/locate/"+name + '/' + version, - null, - null - ), connectTimeout); + URI uri = new URI( + locatorURI.getScheme(), + locatorURI.getUserInfo(), + host, + locatorURI.getPort(), + "/locate/"+name + '/' + version, + null, + null + ); + client = createClient(ss, uri, connectTimeout); } else { client = new HClient(ss, locatorURI, connectTimeout); } @@ -129,4 +130,8 @@ public class AAFLocator extends AbsAAFLocator<BasicTrans> { protected URI getURI() { return client.getURI(); } + + protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException { + return new HClient(ss, uri, connectTimeout); + } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java index ab0f595c..fc297606 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java @@ -82,21 +82,8 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> this.version = Config.AAF_DEFAULT_VERSION; } else { String[] split = Split.split(':', name); - - switch(split.length) { - case 1: - this.name = split[0]; - this.version = Config.AAF_DEFAULT_VERSION; - break; - case 0: - this.name = name; - this.version = Config.AAF_DEFAULT_VERSION; - break; - default: - this.version = split[1]; - this.name = split[0]; - - } + this.name = split[0]; + this.version = (split.length > 1) ? split[1] : Config.AAF_DEFAULT_VERSION; } } @@ -138,13 +125,11 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> if(key.startsWith("http")) { if(name!=null) { if(locatorCreator != null) { - if(name!=null) { - AbsAAFLocator<?> aal = locatorCreator.create(name, version); - if(pathInfo!=null) { - aal.setPathInfo(pathInfo); - } - return aal; + AbsAAFLocator<?> aal = locatorCreator.create(name, version); + if(pathInfo!=null) { + aal.setPathInfo(pathInfo); } + return aal; } } else { return new PropertyLocator(key); @@ -491,7 +476,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> try { return new URI(rv.getScheme(),rv.getUserInfo(),rv.getHost(),rv.getPort(),pathInfo,query,fragment); } catch (URISyntaxException e) { - throw new LocatorException("Error coping URL"); + throw new LocatorException("Error copying URL"); } } return rv; diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java new file mode 100644 index 00000000..f2d91b02 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java @@ -0,0 +1,177 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.cert.test; + +import static org.mockito.Mockito.*; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; + +import org.junit.*; +import org.mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.cert.AAFListedCertIdentity; +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.util.Chrono; +import org.onap.aaf.misc.rosetta.env.RosettaDF; + +import aaf.v2_0.Certs; +import aaf.v2_0.Certs.Cert; +import aaf.v2_0.Users; +import aaf.v2_0.Users.User; + +public class JU_AAFListedCertIdentity { + + @Mock private AAFCon<?> conMock; + @Mock private Rcli<Object> rcliMock; + @Mock private RosettaDF<Users> userDFMock; + @Mock private RosettaDF<Certs> certDFMock; + @Mock private Future<Users> futureUsersMock; + @Mock private Future<Certs> futureCertsMock; + + @Mock private Users usersMock; + @Mock private User userMock1; + @Mock private User userMock2; + @Mock private User userMock3; + + @Mock private Certs certsMock; + @Mock private Cert certMock1; + @Mock private Cert certMock2; + @Mock private Cert certMock3; + + @Mock private HttpServletRequest reqMock; + @Mock private X509Certificate x509Mock; + + private List<User> usersList; + private List<Cert> certsList; + + private PropAccess access; + + private ByteArrayOutputStream outStream; + + private static final String USERS = "user1,user2,user3"; + private static final String ID = "id"; + private static final String FINGERPRINT = "fingerprint"; + + private static final byte[] certBytes = "certificate".getBytes(); + + @Before + public void setup() throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { + MockitoAnnotations.initMocks(this); + + certsList = new ArrayList<>(); + certsList.add(certMock1); + certsList.add(certMock2); + certsList.add(certMock3); + + usersList = new ArrayList<>(); + usersList.add(userMock1); + usersList.add(userMock2); + usersList.add(userMock3); + + outStream = new ByteArrayOutputStream(); + access = new PropAccess(new PrintStream(outStream), new String[0]); + outStream.reset(); + access.setProperty(Config.AAF_CERT_IDS, USERS); + setFinal(conMock, conMock.getClass().getField("usersDF"), userDFMock); + setFinal(conMock, conMock.getClass().getField("certsDF"), certDFMock); + setFinal(conMock, conMock.getClass().getField("access"), access); + } + + @Test + public void test() throws APIException, CadiException, CertificateException { + doReturn(rcliMock).when(conMock).client(Config.AAF_DEFAULT_VERSION); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/tguard/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/basicAuth/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/csp/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + + when(futureUsersMock.get(5000)).thenReturn(true); + futureUsersMock.value = usersMock; + when(usersMock.getUser()).thenReturn(usersList); + + when(rcliMock.read("/authn/cert/id/user1", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + when(rcliMock.read("/authn/cert/id/user2", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + when(rcliMock.read("/authn/cert/id/user3", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + + when(futureCertsMock.get(5000)).thenReturn(true); + futureCertsMock.value = certsMock; + when(certsMock.getCert()).thenReturn(certsList); + + when(userMock1.getId()).thenReturn("user1"); + when(userMock2.getId()).thenReturn("user2"); + when(userMock3.getId()).thenReturn("user3"); + + prepareCert(certMock1); + prepareCert(certMock2); + prepareCert(certMock3); + + AAFListedCertIdentity certID = new AAFListedCertIdentity(access, conMock); + + when(x509Mock.getEncoded()).thenReturn(certBytes); + certID.identity(reqMock, null, null); + certID.identity(reqMock, null, certBytes); + certID.identity(reqMock, x509Mock, null); + certID.identity(reqMock, x509Mock, certBytes); + + Set<String> hashSetOfUsers = AAFListedCertIdentity.trusted("basicAuth"); + assertThat(hashSetOfUsers.contains("user1"), is(true)); + assertThat(hashSetOfUsers.contains("user2"), is(true)); + assertThat(hashSetOfUsers.contains("user3"), is(true)); + + } + + private void setFinal(Object object, Field field, Object newValue) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { + field.setAccessible(true); + + Field modifiersField = Field.class.getDeclaredField("modifiers"); + modifiersField.setAccessible(true); + modifiersField.setInt(field, field.getModifiers() & Modifier.FINAL); + + field.set(object, newValue); + } + + private void prepareCert(Cert cert) { + Date date = new Date(); + when(cert.getExpires()).thenReturn(Chrono.timeStamp(new Date(date.getTime() + (60 * 60 * 24)))); + when(cert.getId()).thenReturn(ID); + when(cert.getFingerprint()).thenReturn(FINGERPRINT.getBytes()); + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFLocator.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFLocator.java index 4c5af016..5388f75b 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFLocator.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFLocator.java @@ -21,59 +21,103 @@ package org.onap.aaf.cadi.aaf.v2_0.test; +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import org.junit.*; +import org.mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.lang.reflect.Field; import java.net.HttpURLConnection; import java.net.URI; -import static org.junit.Assert.*; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.Locator.Item; +import org.onap.aaf.cadi.SecuritySetter; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.aaf.v2_0.AAFLocator; import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator; +import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.config.SecurityInfoC; +import org.onap.aaf.cadi.http.HClient; +import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.impl.BasicTrans; -import org.onap.aaf.misc.rosetta.env.RosettaEnv; +import org.onap.aaf.misc.rosetta.env.RosettaDF; -public class JU_AAFLocator { +import locate.v1_0.Endpoint; +import locate.v1_0.Endpoints; - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } +public class JU_AAFLocator { + + @Mock private HClient clientMock; + @Mock private Future<Endpoints> futureMock; + @Mock private Endpoints endpointsMock; + + private PropAccess access; + + private ByteArrayOutputStream errStream; + + private static final String uriString = "https://example.com"; @Before public void setUp() throws Exception { - } + MockitoAnnotations.initMocks(this); + + doReturn(futureMock).when(clientMock).futureRead((RosettaDF<?>)any(), eq(TYPE.JSON)); + when(clientMock.timeout()).thenReturn(1); + when(clientMock.getURI()).thenReturn(new URI(uriString)); + when(futureMock.get(1)).thenReturn(true); + + futureMock.value = endpointsMock; + List<Endpoint> endpoints = new ArrayList<>(); + endpoints.add(new Endpoint()); + when(endpointsMock.getEndpoint()).thenReturn(endpoints); + + access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]); + + errStream = new ByteArrayOutputStream(); + System.setErr(new PrintStream(errStream)); + } + @After - public void tearDown() throws Exception { + public void tearDown() { + System.setErr(System.err); + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + Field field = SecurityInfoC.class.getDeclaredField("sicMap"); + field.setAccessible(true); + field.set(null, new HashMap<Class<?>,SecurityInfoC<?>>()); } @Test - public void test() { - // TODO: Ian [JUnit] This fails because these files don't exist - assertTrue(true); - // try { - // PropAccess propAccess = new PropAccess("cadi_prop_files=/opt/app/aaf/common/com.att.aaf.common.props:/opt/app/aaf/common/com.att.aaf.props"); - // SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(propAccess, HttpURLConnection.class); - // String alu = propAccess.getProperty(Config.AAF_LOCATE_URL,"https://mithrilcsp.sbc.com:8095/locate"); - // URI locatorURI = new URI(alu+"/com.att.aaf.service/2.0"); - // AbsAAFLocator<BasicTrans> al = new AAFLocator(si, locatorURI); - // Assert.assertTrue(al.refresh()); - // Item i = al.first(); - // i = al.next(i); - // i = al.best(); - // } catch (Exception e) { - // Assert.fail(); - // } + public void test() throws CadiException, URISyntaxException, LocatorException { + access.setProperty(Config.CADI_LATITUDE, "38.62"); // St Louis approx lat + access.setProperty(Config.CADI_LONGITUDE, "90.19"); // St Louis approx lon + SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class); + String alu = access.getProperty(Config.AAF_LOCATE_URL,"https://mithrilcsp.sbc.com:8095/locate"); + URI locatorURI = new URI(alu+"/com.att.aaf.service/2.0"); + AbsAAFLocator<BasicTrans> al = new AAFLocator(si, locatorURI) { + @Override + protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException { + return clientMock; + } + }; + assertThat(al.refresh(), is(true)); + when(futureMock.get(1)).thenReturn(false); + assertThat(al.refresh(), is(false)); + String errorMessage = errStream.toString().split(": ", 2)[1]; + assertThat(errorMessage, is("Error reading location information from " + uriString + ": 0 null\n \n")); } } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java new file mode 100644 index 00000000..e9c74cbf --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AbsAAFLocator.java @@ -0,0 +1,193 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.v2_0.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Matchers.*; +import static org.mockito.Mockito.*; +import org.junit.*; +import org.mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.net.URI; +import java.net.URISyntaxException; + +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Locator.Item; +import org.onap.aaf.cadi.LocatorException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator; +import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator.LocatorCreator; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.impl.BasicTrans; + +public class JU_AbsAAFLocator { + + @Mock private LocatorCreator locatorCreatorMock; + + private PropAccess access; + private URI uri; + + private static final String uriString = "example.com"; + + @Before + public void setup() throws URISyntaxException { + MockitoAnnotations.initMocks(this); + + access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]); + access.setProperty(Config.CADI_LATITUDE, "38.62"); // St Louis approx lat + access.setProperty(Config.CADI_LONGITUDE, "90.19"); // St Louis approx lon + + uri = new URI(uriString); + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + AbsAAFLocator.setCreator(null); + } + + @Test + public void test() throws LocatorException { + AAFLocatorStub loc; + + // Test with http + loc = new AAFLocatorStub(access, "httpname"); + assertThat(loc.getName(), is("httpname")); + assertThat(loc.getVersion(), is(Config.AAF_DEFAULT_VERSION)); + assertThat(loc.toString(), is("AAFLocator for " + "httpname" + " on " + loc.getURI())); + + loc = new AAFLocatorStub(access, "name"); + assertThat(loc.getName(), is("name")); + assertThat(loc.getVersion(), is(Config.AAF_DEFAULT_VERSION)); + loc = new AAFLocatorStub(access, "name:v2.0"); + assertThat(loc.getName(), is("name")); + assertThat(loc.getVersion(), is("v2.0")); + } + + @Test + public void createTest() throws LocatorException { + AbsAAFLocator.setCreator(locatorCreatorMock); + + assertThat(AbsAAFLocator.create("nonsense"), is(nullValue())); + assertThat(AbsAAFLocator.create("nonsense/locate"), is(nullValue())); + assertThat(AbsAAFLocator.create("nonsense/locate/"), is(nullValue())); + assertThat(AbsAAFLocator.create("nonsense/locate//"), is(nullValue())); + assertThat(AbsAAFLocator.create("nonsense/locate/name:v2.0"), is(nullValue())); + + assertThat(AbsAAFLocator.create("http/locate/name:v2.0"), is(nullValue())); + + doReturn(mock(AbsAAFLocator.class)).when(locatorCreatorMock).create(anyString(), anyString()); + assertThat(AbsAAFLocator.create("http/locate/name:v2.0/path"), is(not(nullValue()))); + + AbsAAFLocator.setCreator(null); + assertThat(AbsAAFLocator.create("http/locate/name:v2.0"), is(nullValue())); + + assertThat(AbsAAFLocator.create("http"), is(not(nullValue()))); + + AbsAAFLocator.setCreator(locatorCreatorMock); + assertThat(AbsAAFLocator.create("first", "second"), is(not(nullValue()))); + } + + @Test + public void nameFromLocatorURITest() throws LocatorException, URISyntaxException { + AAFLocatorStub loc = new AAFLocatorStub(access, "name:v2.0"); + assertThat(loc.getNameFromURI(new URI("example.com")), is("example.com")); + assertThat(loc.getNameFromURI(new URI("example.com/extra/stuff")), is("example.com/extra/stuff")); + assertThat(loc.getNameFromURI(new URI("example.com/locate/stuff")), is("stuff")); // n' stuff + } + + @Test + public void setSelfTest() throws LocatorException { + AbsAAFLocator.setCreatorSelf("host", 8000); + AbsAAFLocator.setCreator(null); + AbsAAFLocator.setCreatorSelf("host", 8000); + (new AAFLocatorStub(access, "name:v2.0")).setSelf("host", 8000); // oof + } + + @Test + public void coverage() throws LocatorException { + AAFLocatorStub loc = new AAFLocatorStub(access, "name:v2.0"); + assertThat(loc.get(null), is(nullValue())); + + try { + loc.get(mock(Item.class)); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + + try { + loc.invalidate(mock(Item.class)); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + + try { + loc.best(); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + + assertThat(loc.first(), is(nullValue())); + + assertThat(loc.hasItems(), is(false)); + assertThat(loc.next(null), is(nullValue())); + + try { + loc.next(mock(Item.class)); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + + loc.destroy(); + + + assertThat(loc.exposeGetURI(uri), is(uri)); + + assertThat(loc.setPathInfo("pathInfo"), is(not(nullValue()))); + assertThat(loc.setQuery("query"), is(not(nullValue()))); + assertThat(loc.setFragment("fragment"), is(not(nullValue()))); + + assertThat(loc.exposeGetURI(uri), is(not(uri))); + } + + + @Test(expected = LocatorException.class) + public void throwsTest() throws LocatorException { + @SuppressWarnings("unused") + AAFLocatorStub loc = new AAFLocatorStub(new PropAccess(), "name"); + } + + private class AAFLocatorStub extends AbsAAFLocator<BasicTrans> { + public AAFLocatorStub(Access access, String name) throws LocatorException { + super(access, name, 10000L); + } + @Override public boolean refresh() { return false; } + @Override protected URI getURI() { return uri; } + public String getName() { return name; } + public String getVersion() { return version; } + public String getNameFromURI(URI uri) { return nameFromLocatorURI(uri); } + public URI exposeGetURI(URI uri) throws LocatorException { return super.getURI(uri); } + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java new file mode 100644 index 00000000..855c26f3 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java @@ -0,0 +1,163 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.cm.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import java.io.File; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import org.junit.*; +import org.mockito.*; + +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.cm.ArtifactDir; +import org.onap.aaf.cadi.util.Chmod; +import org.onap.aaf.misc.env.Trans; + +import certman.v1_0.Artifacts.Artifact; +import certman.v1_0.CertInfo; + +public class JU_ArtifactDir { + + @Mock private Trans transMock; + @Mock private CertInfo certInfoMock; + @Mock private Artifact artiMock; + + private static final String dirName = "src/test/resources/artifacts"; + private static final String nsName = "org.onap.test"; + private static final String luggagePassword = "12345"; // That's the stupidest combination I've ever heard in my life + + private List<String> issuers; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + + issuers = new ArrayList<>(); + issuers.add("issuer1"); + issuers.add("issuer2"); + } + + @AfterClass + public static void tearDownOnce() { + cleanup(); + ArtifactDir.clear(); + } + + @Test + public void test() throws CadiException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + ArtifactDirStud artiDir = new ArtifactDirStud(); + + try { + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + fail("Should've thrown an exception"); + } catch (CadiException e) { + assertThat(e.getMessage(), is("File Artifacts require a path\nFile Artifacts require an AAF Namespace")); + } + + when(artiMock.getDir()).thenReturn(dirName); + try { + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + fail("Should've thrown an exception"); + } catch (CadiException e) { + assertThat(e.getMessage(), is("File Artifacts require an AAF Namespace")); + } + + when(artiMock.getNs()).thenReturn(nsName); + when(certInfoMock.getCaIssuerDNs()).thenReturn(issuers); + when(certInfoMock.getChallenge()).thenReturn(luggagePassword); + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + + File writableFile = new File(dirName + '/' + nsName + "writable.txt"); + artiDir.write(writableFile, Chmod.to755, "first data point", "second data point"); + try { + artiDir.write(writableFile, Chmod.to755, (String[])null); + fail("Should've thrown an exception"); + } catch(NullPointerException e) { + } + + KeyStore ks = KeyStore.getInstance("pkcs12"); + try { + artiDir.write(writableFile, Chmod.to755, ks, luggagePassword.toCharArray()); + fail("Should've thrown an exception"); + } catch(CadiException e) { + } + + ks.load(null, null); + artiDir.write(writableFile, Chmod.to755, ks, luggagePassword.toCharArray()); + + ArtifactDirStud artiDir2 = new ArtifactDirStud(); + artiDir2.place(transMock, certInfoMock, artiMock, "machine"); + + // coverage + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + + ArtifactDir.clear(); + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + + } + + @Test(expected = CadiException.class) + public void throwsTest() throws CadiException { + ArtifactDirStud artiDir = new ArtifactDirStud(); + when(artiMock.getDir()).thenReturn(dirName); + when(artiMock.getNs()).thenReturn(nsName); + artiDir.place(transMock, certInfoMock, artiMock, "machine"); + } + + private class ArtifactDirStud extends ArtifactDir { + @Override + protected boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { + // This is only here so that we have a concrete class to test + return false; + } + + // Expose the protected methods + + public void write(File f, Chmod c, String ... data) throws IOException { + super.write(f, c, data); + } + public void write(File f, Chmod c, KeyStore ks, char[] pass ) throws IOException, CadiException { + super.write(f, c, ks, pass); + } + } + + private static void cleanup() { + File dir = new File(dirName); + if (dir.exists()) { + for (File f : dir.listFiles()) { + f.delete(); + } + dir.delete(); + } + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java new file mode 100644 index 00000000..3c83112c --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java @@ -0,0 +1,100 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.cm.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import java.io.File; +import java.util.ArrayList; +import java.util.List; + +import org.junit.*; +import org.mockito.*; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.cm.PlaceArtifactInFiles; +import org.onap.aaf.misc.env.Trans; + +import certman.v1_0.Artifacts.Artifact; +import certman.v1_0.CertInfo; + +public class JU_PlaceArtifactInFiles { + + @Mock private Trans transMock; + @Mock private CertInfo certInfoMock; + @Mock private Artifact artiMock; + + private static final String dirName = "src/test/resources/artifacts"; + private static final String nsName = "org.onap.test"; + private static final String luggagePassword = "12345"; // That's the stupidest combination I've ever heard in my life + + private List<String> certs; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + + certs = new ArrayList<>(); + certs.add("cert1"); + certs.add("cert2"); + + when(certInfoMock.getChallenge()).thenReturn(luggagePassword); + when(certInfoMock.getCerts()).thenReturn(certs); + + when(artiMock.getDir()).thenReturn(dirName); + when(artiMock.getNs()).thenReturn(nsName); + } + + @AfterClass + public static void tearDownOnce() { + cleanup(); + PlaceArtifactInFiles.clear(); + } + + @Test + public void test() throws CadiException { + PlaceArtifactInFiles placer = new PlaceArtifactInFiles(); + placer.place(transMock, certInfoMock, artiMock, "machine"); + assertThat(placer._place(transMock, certInfoMock, artiMock), is(true)); + assertThat(new File(dirName + '/' + nsName + ".crt").exists(), is(true)); + assertThat(new File(dirName + '/' + nsName + ".key").exists(), is(true)); + + when(certInfoMock.getCerts()).thenReturn(null); + try { + placer._place(transMock, certInfoMock, artiMock); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + } + + private static void cleanup() { + File dir = new File(dirName); + if (dir.exists()) { + for (File f : dir.listFiles()) { + f.delete(); + } + dir.delete(); + } + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java new file mode 100644 index 00000000..02054cbf --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java @@ -0,0 +1,144 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.cm.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import java.security.cert.CertificateException; + +import org.junit.*; +import org.mockito.*; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.cm.PlaceArtifactInKeystore; +import org.onap.aaf.misc.env.Env; +import org.onap.aaf.misc.env.TimeTaken; +import org.onap.aaf.misc.env.Trans; + +import certman.v1_0.Artifacts.Artifact; +import certman.v1_0.CertInfo; + +public class JU_PlaceArtifactInKeystore { + + @Mock private Trans transMock; + @Mock private CertInfo certInfoMock; + @Mock private Artifact artiMock; + + private static final String dirName = "src/test/resources/artifacts"; + private static final String nsName = "org.onap.test"; + private static final String mechID = "m12345"; + private static final String luggagePassword = "12345"; // That's the stupidest combination I've ever heard in my life + + private static String privateKeyString; + private static String x509Chain; + private static String x509String; + + private List<String> certs; + + @Before + public void setup() throws FileNotFoundException, IOException, CertificateException { + MockitoAnnotations.initMocks(this); + + x509Chain = fromFile(new File("src/test/resources/cert.pem")); + x509String = fromFile(new File("src/test/resources/exampleCertificate.cer")); + privateKeyString = fromFile(new File("src/test/resources/key.pem")); + + certs = new ArrayList<>(); + + when(certInfoMock.getChallenge()).thenReturn(luggagePassword); + when(certInfoMock.getCerts()).thenReturn(certs); + + when(artiMock.getDir()).thenReturn(dirName); + when(artiMock.getNs()).thenReturn(nsName); + when(artiMock.getMechid()).thenReturn(mechID); + + when(certInfoMock.getPrivatekey()).thenReturn(privateKeyString); + + when(transMock.start("Reconstitute Private Key", Env.SUB)).thenReturn(mock(TimeTaken.class)); + } + + @AfterClass + public static void tearDownOnce() { + cleanup(); + PlaceArtifactInKeystore.clear(); + } + + @Test + public void test() throws CadiException { + PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore("pkcs12"); + + certs.add(x509String); + certs.add(x509Chain); + assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true)); + for (String ext : new String[] {"chal", "keyfile", "pkcs12", "props", "trust.pkcs12"}) { + assertThat(new File(dirName + '/' + nsName + '.' + ext).exists(), is(true)); + } + + // coverage + assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true)); + + when(certInfoMock.getCerts()).thenReturn(null); + try { + placer._place(transMock, certInfoMock, artiMock); + fail("Should've thrown an exception"); + } catch (Exception e) { + } + + } + + private static void cleanup() { + File dir = new File(dirName); + if (dir.exists()) { + for (File f : dir.listFiles()) { + f.delete(); + } + dir.delete(); + } + } + + public String fromFile(File file) throws IOException { + BufferedReader br = new BufferedReader(new FileReader(file)); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + String line; + baos.write(br.readLine().getBytes()); + // Here comes the hacky part + baos.write("\n".getBytes()); + while((line=br.readLine())!=null) { + if(line.length()>0) { + baos.write(line.getBytes()); + baos.write("\n".getBytes()); + } + } + br.close(); + return baos.toString(); + } +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java new file mode 100644 index 00000000..6e390bed --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java @@ -0,0 +1,101 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.cm.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.util.ArrayList; +import java.util.List; + +import org.junit.*; +import org.mockito.*; + +import org.onap.aaf.cadi.cm.PlaceArtifactOnStream; +import org.onap.aaf.misc.env.LogTarget; +import org.onap.aaf.misc.env.Trans; + +import certman.v1_0.Artifacts.Artifact; +import certman.v1_0.CertInfo; + +public class JU_PlaceArtifactOnStream { + + @Mock private Trans transMock; + @Mock private CertInfo certInfoMock; + @Mock private Artifact artiMock; + + private static final String luggagePassword = "12345"; // That's the stupidest combination I've ever heard in my life + private static final String privateKeyString = "I'm a private key!"; + + private ByteArrayOutputStream outStream; + + private List<String> certs; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + + certs = new ArrayList<>(); + certs.add("cert1"); + certs.add("cert2"); + + when(certInfoMock.getChallenge()).thenReturn(luggagePassword); + when(certInfoMock.getCerts()).thenReturn(certs); + when(certInfoMock.getPrivatekey()).thenReturn(privateKeyString); + + outStream = new ByteArrayOutputStream(); + } + + @Test + public void test() { + PlaceArtifactOnStream placer = new PlaceArtifactOnStream(new PrintStream(outStream)); + placer.place(transMock, certInfoMock, artiMock, "machine"); + + String[] output = outStream.toString().split("\n", 0); + + String[] expected = { + "Challenge: " + luggagePassword, + "PrivateKey:", + privateKeyString, + "Certificate Chain:", + "cert1", + "cert2" + }; + + assertThat(output.length, is(expected.length)); + for (int i = 0; i < output.length; i++) { + assertThat(output[i], is(expected[i])); + } + + // coverage + when(certInfoMock.getNotes()).thenReturn(""); + placer.place(transMock, certInfoMock, artiMock, "machine"); + + when(certInfoMock.getNotes()).thenReturn("Some Notes"); + when(transMock.info()).thenReturn(mock(LogTarget.class)); + placer.place(transMock, certInfoMock, artiMock, "machine"); + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java new file mode 100644 index 00000000..0ed29e10 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java @@ -0,0 +1,92 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.cm.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; +import static org.mockito.Mockito.*; + +import java.io.File; + +import org.junit.*; +import org.mockito.*; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.cm.PlaceArtifactScripts; +import org.onap.aaf.misc.env.Trans; + +import certman.v1_0.Artifacts.Artifact; +import certman.v1_0.CertInfo; + +public class JU_PlaceArtifactScripts { + + @Mock private Trans transMock; + @Mock private CertInfo certInfoMock; + @Mock private Artifact artiMock; + + private static final String dirName = "src/test/resources/artifacts"; + private static final String nsName = "org.onap.test"; + private static final String luggagePassword = "12345"; // That's the stupidest combination I've ever heard in my life + private static final String notification = "A notification"; + private static final String osUser = "user"; // That's the stupidest combination I've ever heard in my life + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + + when(artiMock.getDir()).thenReturn(dirName); + when(artiMock.getNs()).thenReturn(nsName); + when(artiMock.getNotification()).thenReturn(notification); + when(artiMock.getOsUser()).thenReturn(osUser); + + when(certInfoMock.getChallenge()).thenReturn(luggagePassword); + } + + @AfterClass + public static void tearDownOnce() { + cleanup(); + PlaceArtifactScripts.clear(); + } + + @Test + public void test() throws CadiException { + PlaceArtifactScripts placer = new PlaceArtifactScripts(); + placer.place(transMock, certInfoMock, artiMock, "machine"); + + assertThat(new File(dirName + '/' + nsName + ".crontab.sh").exists(), is(true)); + assertThat(new File(dirName + '/' + nsName + ".check.sh").exists(), is(true)); + + //coverage + when(artiMock.getNotification()).thenReturn("mailto: " + notification); + placer.place(transMock, certInfoMock, artiMock, "machine"); + } + + private static void cleanup() { + File dir = new File(dirName); + if (dir.exists()) { + for (File f : dir.listFiles()) { + f.delete(); + } + dir.delete(); + } + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test/JU_JMeter.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test/JU_JMeter.java index 13df1ac5..a4fb20f9 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test/JU_JMeter.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test/JU_JMeter.java @@ -30,9 +30,11 @@ import java.io.FileReader; import java.io.PrintStream; import java.io.PrintWriter; import java.io.StringWriter; +import java.lang.reflect.Field; import java.net.HttpURLConnection; import java.security.Principal; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Properties; @@ -43,6 +45,7 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.aaf.v2_0.AAFTaf; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.SecurityInfoC; import org.onap.aaf.cadi.locator.DNSLocator; import org.onap.aaf.cadi.principal.CachedBasicPrincipal; @@ -143,6 +146,13 @@ public class JU_JMeter { }; + @AfterClass + public static void tearDownAfterClass() throws Exception { + Field field = SecurityInfoC.class.getDeclaredField("sicMap"); + field.setAccessible(true); + field.set(null, new HashMap<Class<?>,SecurityInfoC<?>>()); + } + private static int index = -1; private synchronized Principal getIndex() { diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java index 8d43c1b5..a30f274f 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java @@ -23,9 +23,11 @@ package org.onap.aaf.cadi.oauth.test; import java.io.ByteArrayOutputStream; import java.io.PrintStream; +import java.lang.reflect.Field; import java.net.ConnectException; import java.util.Date; import java.util.GregorianCalendar; +import java.util.HashMap; import org.junit.After; import org.junit.AfterClass; @@ -39,6 +41,7 @@ import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Result; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.SecurityInfoC; import org.onap.aaf.cadi.oauth.TimedToken; import org.onap.aaf.cadi.oauth.TokenClient; import org.onap.aaf.cadi.oauth.TokenClientFactory; @@ -74,6 +77,9 @@ public class JU_OAuthTest { @AfterClass public static void tearDownAfterClass() throws Exception { + Field field = SecurityInfoC.class.getDeclaredField("sicMap"); + field.setAccessible(true); + field.set(null, new HashMap<Class<?>,SecurityInfoC<?>>()); } @Before diff --git a/cadi/aaf/src/test/java/org/onap/aaf/content/JU_Content.java b/cadi/aaf/src/test/java/org/onap/aaf/content/JU_Content.java index 21012e68..e997378d 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/content/JU_Content.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/content/JU_Content.java @@ -23,25 +23,16 @@ package org.onap.aaf.content; import java.io.StringReader; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; +import org.junit.*; import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaData; import org.onap.aaf.misc.rosetta.env.RosettaEnv; import aaf.v2_0.Error; -public class JU_Content { - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } +// TODO: This test doesn't really do anything. It should be deleted as soon as coverage is above 50% +public class JU_Content { @Test public void parseErrorJSON() throws Exception { @@ -70,11 +61,15 @@ public class JU_Content { errDF.out(RosettaData.TYPE.JSON); RosettaData<Error> data = errDF.newData(); data.load(err); - System.out.println(data.asString()); + + @SuppressWarnings("unused") + String output = data.asString(); +// System.out.println(output); data.load(new StringReader(msg)); err = data.asObject(); - System.out.println(err.getText()); + output = err.getText(); +// System.out.println(output); } diff --git a/cadi/aaf/src/test/resources/cert.pem b/cadi/aaf/src/test/resources/cert.pem new file mode 100644 index 00000000..175c949d --- /dev/null +++ b/cadi/aaf/src/test/resources/cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqzCCA5OgAwIBAgIJAKR74mLLmqGoMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhNaXNzb3VyaTERMA8GA1UEBwwIU3QgTG91aXMxETAP +BgNVBAoMCEZha2UgT3JnMREwDwYDVQQLDAhmYWtlLm9yZzERMA8GA1UEAwwISm9o +biBEb2UwHhcNMTgwNTAzMjEwMzEzWhcNMTgwNjAyMjEwMzEzWjBsMQswCQYDVQQG +EwJVUzERMA8GA1UECAwITWlzc291cmkxETAPBgNVBAcMCFN0IExvdWlzMREwDwYD +VQQKDAhGYWtlIE9yZzERMA8GA1UECwwIZmFrZS5vcmcxETAPBgNVBAMMCEpvaG4g +RG9lMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvfadEz8rdI3Q6LsA +3e4cPYGkYkty7gyVmD52DYxQYsrykJewI4iqJ+jZb2kfEYjz5Tw3hAi1cw2Db5Vr +2yB3GLR9lk6Eryj1/tDEVXrWDJpXPSEKcyLDzvsLEXi6ZabVZbSzX41/YSct1Hn/ +ucHo2oFtKz6GLVQ0Jb5dp5sQiV8KDdrj2+KDRkQR6WeEY5a89wAwcoYEOlIXx6+4 +jurhUzdvyRiXFxEl2B20IGDQ0byEUnbXEgcCDBJVNyU+dxXMSLHcxFNKEjhaYcn1 +29nEzStfEV8NuxqiE7TCZNUCy2BAMxd9k4kmZ4Tb6tOyza+fEUBu4BLBywusyeVb +D/mupHyG6K/xyMAVmSqGYVjweEFX+UkITHsvkZS2+Iizjt1x658RuLcI8YvEHPbm +lU+wirNoc/1wOxR3V53ZSjqnghLql8TUDVH7ysp+khthiJnr26fRSZNSkNBbNhax +FkC9UYuVuoHscUjsRzX0RkELo4OJG6n11SUyB0K9WLI6b33yfBXFOpOXByavvjkS +BZM7pNOG77GSz/uCaQ/glE7PSnDx1AzGWGdv9YqKAFU6lEMdw2HCozzc2aX/GXPW +hvh2Hjvt2ZKJc87DVvLsdySQwsJ05YF71kxMmxqnwqnD5/h0pMjxThyDm7DfaGek +9gAw7nqCOQJbvafl8ZnKFKnAI/0CAwEAAaNQME4wHQYDVR0OBBYEFFn1zEUXwHY2 +odqzPA0BTkoBqTzWMB8GA1UdIwQYMBaAFFn1zEUXwHY2odqzPA0BTkoBqTzWMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADWOO+YOdwIL0Wdws89s2h1I +TAN2glpQNDcwiMlT5VISqrb4R5oGYQuc7eR3X6fUArZwo38QW2C5+A4gXCUmy+UE +Hyneac+RXTxD29Glxn14dt174VsJ7mlFxkOd7ft8beaRhga5DAot6HyjJwS2K8GP +cNoM9zJFbJcRjs4oO93fOdp5M3mOOcwMbfQLZIFUx93Y7cn3Uoyz/Yfws/KKuY9r +faUGNB9bSSZc+aM7ZLorMwDb45Beu443czUfzOhWLxiDK9pqwY9k7DV4x4ahvPhx +OiRl31ksL/esCc4G2oOe9wATh1gwnIDJWE1bgNepKwjqinlWRQqq7JcRbpXyQ2t0 +0v0P60cVcIMO6iCuCvKO4wZh5nUrHQlTfHfWDyH5UN2nUa12BpOidvgp5AzuVG6e +pIYbRViwdOzEOAKOlHCuZN/rFkQAmi6baz4/7JV9GeW92xZyDc9GGM/JQY3lMRfw +ablgXEuJFJGVQkO6/LkqcEvFpLVcdTeJeWxJvR9lwJJX1NXTQN91aFqLznc50idK +UiKjE+3eBG/S64htp48+a6xi2r6uujRl/VAOoTjunGuSvDdmThlwnnlnp4iqcm7k +m4nB2/4SvSzQ8r4cUl0sFCZ7OLW8WM4dpZcfklk7ApZ4TFTMzUi4zUtCk4Vfdxbm +MX+3SmP+Pjf0p+1DtdhM +-----END CERTIFICATE----- diff --git a/cadi/aaf/src/test/resources/key.pem b/cadi/aaf/src/test/resources/key.pem new file mode 100644 index 00000000..a5818db0 --- /dev/null +++ b/cadi/aaf/src/test/resources/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC99p0TPyt0jdDo +uwDd7hw9gaRiS3LuDJWYPnYNjFBiyvKQl7AjiKon6NlvaR8RiPPlPDeECLVzDYNv +lWvbIHcYtH2WToSvKPX+0MRVetYMmlc9IQpzIsPO+wsReLplptVltLNfjX9hJy3U +ef+5wejagW0rPoYtVDQlvl2nmxCJXwoN2uPb4oNGRBHpZ4Rjlrz3ADByhgQ6UhfH +r7iO6uFTN2/JGJcXESXYHbQgYNDRvIRSdtcSBwIMElU3JT53FcxIsdzEU0oSOFph +yfXb2cTNK18RXw27GqITtMJk1QLLYEAzF32TiSZnhNvq07LNr58RQG7gEsHLC6zJ +5VsP+a6kfIbor/HIwBWZKoZhWPB4QVf5SQhMey+RlLb4iLOO3XHrnxG4twjxi8Qc +9uaVT7CKs2hz/XA7FHdXndlKOqeCEuqXxNQNUfvKyn6SG2GImevbp9FJk1KQ0Fs2 +FrEWQL1Ri5W6gexxSOxHNfRGQQujg4kbqfXVJTIHQr1YsjpvffJ8FcU6k5cHJq++ +ORIFkzuk04bvsZLP+4JpD+CUTs9KcPHUDMZYZ2/1iooAVTqUQx3DYcKjPNzZpf8Z +c9aG+HYeO+3ZkolzzsNW8ux3JJDCwnTlgXvWTEybGqfCqcPn+HSkyPFOHIObsN9o +Z6T2ADDueoI5Alu9p+XxmcoUqcAj/QIDAQABAoICADRkPuAfDQIhVtvJL60Fzd4c +0lSV0IXdDKknmPGVoFoO9SVx4I98UsmdC9MRYBM6/WFc4UbWDA1GTdjJkiymYJJ8 +vSJmV2vj1SzJMU0OCtkA/EyMv1AP54c/b8cK0AXXJIXfd5VD9jy6TIaMez4lP+57 +wbsqjGEWFyfNwBDI0J/CiYhWtX9gkqofff0sorPA0C8jazk6wxG+sHZPfYxVNX35 +DSieUpV3EkPvtU00xoMCBlCkHB8JtcPUjpIeAINhjK0D+Qpgmk46IptT0y4meoPH +kXm+CJBxAQCEWxTqNtIWor40nVrCecgVOX4jku3toOZmKe483hv9BVPNoPbf+w1C +5PI8eLCVeKp10dhSP9+HsKhwENqac/pF4RISnf5St0hccdyzHlwyRXVY2UJDd8Ik +Hv4zh3iSzuhd5ar4Pgpwvl/9dsJBDQtxf2RgBMLlf9TbIaFTA+Q55Ir/+BsaCxkr +Uz+bk00cF2nrUU7cqu0TXzsOCmCq02Oc4ELZ3zXGu1t2EjeIkAatbrCTigdiGimj +gpB5bSRUNKyu9lQgHP/XIiWeiYmRb1I9j2ICxbvdZm5Kj5o2/6i9vy4ouCvd9qF3 +IdK2/U+sBF6XFKvGMzRC3giID+PYSqMcoBybuUzWgfKLu3WMpuhnPKPtorokc7d7 +M3+Wc7UfSbQUn2JY/2wBAoIBAQDjLLIaFLkbfg6HMQu/JPspLibYzAXbGRw+SJj5 +vkqVmlPFj2pNpEFHLHdN7gmmKxmq3crTL47g3XoOAI4vk5obpO5ICtrsXF/OSL4a +MAm63wvY+KiIUAhRTNzu53xjQ+PwaG1A7VghkPeAtk/HCI2vqJH7UoLWUcR7abUL +gCILuGnxk7QnjJNWoD6pJ6RV4vnkRx/2cZO+rYE6Wm2kBeaNoW/aEKXYYBsAty2E +/dJ1GkEm4x59+R43Lu665GTaDKJPItxTyv7QpKvWbdPUab8g5YdA12p2//HrLCb3 +yMBedxys2VDpaIBSN6INi/6BMCRMtoDdol1gzHm2/dlMWuD9AoIBAQDWES+VNosh +MkLsPcAp1Psq0+ucQCWpyAMgpgkN0SbBJDcMR+xqrmrxunOWuFeWg5A48xiCQNdW +uA8X6X3TWGsFaNyFD5BNPl1WncmzwtqTCjqgn/EDdTWS40eLFZJMxBf0infjPMFS +dkrIcbLOHb56miBf+CnMZ1uEmwo0h2epwkaU6Kk1wm3X8bojUVGzY5O5x8AJzDeP +EC4hmC34FnPu19LRNT/29vzX5X8mLuy7RYcdzCy9ut//G+m+OVoMImvTI6cxLN0v +zcJyJmrYoR9yVfHjcUA43CgkCSqIlVPSYIvBFLL/O9ZZspfZqAERYcCFT38uAtF/ +nPfuTk6mUz8BAoIBABGkzQhdh6rs9W/mjUUBOEiQfw/jeKj1oE3uEYOEFgLcg5ka +dGUnVrKSb4mr7S/stQeiRjh0vyIT0YD45hIn4pY3DxKlVS96VS6OU8Vw6bCL1j25 +wk0j+iFmWNptPCnxgeiQE7wxMuEYg0CJ6FRLA8Yaz4u3ctX2b84t/ZOxFfPXFNNg +Z2OS9XaK55L3sznAcSwbog3f8Fuk2h6QG2fb1XY2jZtgI6FUhYRetbhYhln1+g1t +IlciXAhpKr11M6gDxy9iQ752S6gkwfvbd9JNjDyf1wtgL7KiWkWrnjMsclRj5+Q8 +1J3sMdsw2vM2ZkPeW1Nh8UxFaf80oldmC9R0UnkCggEAbmLwWY6F0jl73xy8shWc +62najnlZsqJsUnKsKo7W4DQPmuqf1CdbCInwPyGSMRBo16Ur10cehB5n0hnag5iN +n32Cca8j52EoepjlQShS1A4rS1cOzoyrcrJ22xblmWZpP/YDeo+C1UYgrBpNbRJT +fh9qYHK1Ay2tOMVGTu4gG58ODI2pbAp14CxLoxi0+792lw+VTLgdUk2yrCowUkUp +xVlP4ggGkxCsM5ypo4QBGVTyJwB5deEezwuSzj/+2lEJrxgsiCQtbxA4m+qJoGn9 +sFT3ZiSpTGji3ipH36S5U7vrdUZ6QzmVAC4jNd73pgH1aAkleRGE/Lxx8VY6InS9 +AQKCAQEAjUxVkW7ei0XOvz3hzEM8s84StZAzz/OOchxxLIDwWtmrnTRlDCDFNgfn +kjWggY8ySvEGeeh/Bq1UjZn46yJEnbBaluSlwtpB9/QNlvVESfi72F6qXxPrAb7w +wvMLFk2abUQk1MUursiC4Xch5Br9wGAQqzPIFNQRlhH3t47ZGyQn9Sc0FONLfPpO +NR+A0BBvfQG7/fg1JLNcmh9AdQr0gxTUJyR4a32An4IcSQZqCyF7Zzr3ERJ3n2tR +0S0NaYmQEs7sqULnG2f8USc53z5/skAo2OXeOZXmCpY7PH7Zfq85ojnsB/d9rAfm +43jbRd3vVTO310fh3QIgNQ3tg+u3mg== +-----END PRIVATE KEY----- diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 8525ac59..d7c7526f 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -65,7 +65,14 @@ import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf; */ public class Config { - + private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0"; + private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon"; + private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm"; + private static final String OAUTH = "org.onap.auth.oauth"; + private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr"; + private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf"; + private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF"; + public static final String UTF_8 = "UTF-8"; // Property Names associated with configurations. @@ -191,7 +198,7 @@ public class Config { private static String defaultRealm="none"; public static final String AAF_DOMAIN_SUPPORT = "aaf_domain_support"; - public static final String AAF_DOMAIN_SUPPORT_DEF = ".com"; + public static final String AAF_DOMAIN_SUPPORT_DEF = ".com:.org"; // OAUTH2 public static final String AAF_OAUTH2_TOKEN_URL = "aaf_oauth2_token_url"; @@ -207,19 +214,11 @@ public class Config { public static void setDefaultRealm(Access access) throws CadiException { try { - boolean hasCSP; - try { - Class.forName("org.osaaf.cadi.taf.csp.CSPTaf"); - hasCSP=true; - } catch(ClassNotFoundException e) { - hasCSP = logProp(access,Config.CSP_DOMAIN, null)!=null; - } defaultRealm = logProp(access,Config.AAF_DEFAULT_REALM, - hasCSP?"csp.att.com": - logProp(access,Config.BASIC_REALM, - logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName()) - ) - ); + logProp(access,Config.BASIC_REALM, + logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName()) + ) + ); } catch (UnknownHostException e) { //defaultRealm="none"; } @@ -393,7 +392,7 @@ public class Config { String oauth_token_url = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null); Class<?> oadtClss; try { - oadtClss = Class.forName("org.osaaf.authz.oauth.OAuthDirectTAF"); + oadtClss = Class.forName(OAUTH_DIRECT_TAF); } catch (ClassNotFoundException e1) { oadtClss = null; } @@ -408,9 +407,9 @@ public class Config { } else if(oauth_token_url!=null) { String oauth_introspect_url = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null); @SuppressWarnings("unchecked") - Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,"org.osaaf.cadi.oauth.OAuth2HttpTaf"); + Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF); if(oaTCls!=null) { - Class<?> oaTTmgrCls = loadClass(access, "org.osaaf.cadi.oauth.TokenMgr"); + Class<?> oaTTmgrCls = loadClass(access, OAUTH_TOKEN_MGR); if(oaTTmgrCls!=null) { try { Method oaTTmgrGI = oaTTmgrCls.getMethod("getInstance",PropAccess.class,String.class,String.class); @@ -565,15 +564,15 @@ public class Config { if(aafURL==null) { access.log(Level.INIT,"No AAF LUR properties, AAF will not be loaded"); } else {// There's an AAF_URL... try to configure an AAF - String aafLurClassStr = logProp(access,AAF_LUR_CLASS,"org.osaaf.cadi.aaf.v2_0.AAFLurPerm"); + String aafLurClassStr = logProp(access,AAF_LUR_CLASS,AAF_V2_0_AAF_LUR_PERM); ////////////AAF Lur 2.0 ///////////// - if(aafLurClassStr!=null && aafLurClassStr.startsWith("org.osaaf.cadi.aaf.v2_0")) { + if(aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) { try { Object aafcon = loadAAFConnector(si, aafURL); if(aafcon==null) { access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object."); } else { - Class<?> aafAbsAAFCon = loadClass(access, "org.osaaf.cadi.aaf.v2_0.AAFCon"); + Class<?> aafAbsAAFCon = loadClass(access, AAF_V2_0_AAFCON); if(aafAbsAAFCon!=null) { Method mNewLur = aafAbsAAFCon.getMethod("newLur"); Object aaflur = mNewLur.invoke(aafcon); @@ -639,30 +638,31 @@ public class Config { return false; } - private static final String COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP = "org.osaaf.cadi.aaf.v2_0.AAFConHttp"; + private static final String AAF_V2_0_AAF_CON_HTTP = "org.onap.aaf.cadi.aaf.v2_0.AAFConHttp"; + public static Object loadAAFConnector(SecurityInfoC<HttpURLConnection> si, String aafURL) { Access access = si.access; Object aafcon = null; Class<?> aafConClass = null; try { - if(aafURL!=null) { - String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP); - if(COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) { - aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP); - if(aafConClass!=null) { - for(Constructor<?> c : aafConClass.getConstructors()) { + if (aafURL!=null) { + String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, AAF_V2_0_AAF_CON_HTTP); + if (AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) { + aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP); + if (aafConClass != null) { + for (Constructor<?> c : aafConClass.getConstructors()) { List<Object> lo = new ArrayList<Object>(); - for(Class<?> pc : c.getParameterTypes()) { - if(pc.equals(PropAccess.class)) { + for (Class<?> pc : c.getParameterTypes()) { + if (pc.equals(Access.class)) { lo.add(access); - } else if(pc.equals(Locator.class)) { + } else if (pc.equals(Locator.class)) { lo.add(loadLocator(si, aafURL)); } else { continue; } } - if(c.getParameterTypes().length!=lo.size()) { + if (c.getParameterTypes().length != lo.size()) { continue; // back to another Constructor } else { aafcon = c.newInstance(lo.toArray()); @@ -671,13 +671,13 @@ public class Config { } } } - if(aafcon!=null) { - String mechid = logProp(access,Config.AAF_APPID, null); + if (aafcon != null) { + String mechid = logProp(access, Config.AAF_APPID, null); String pass = access.getProperty(Config.AAF_APPPASS, null); - if(mechid!=null && pass!=null) { + if (mechid != null && pass != null) { try { Method basicAuth = aafConClass.getMethod("basicAuth", String.class, String.class); - basicAuth.invoke(aafcon, mechid,pass); + basicAuth.invoke(aafcon, mechid, pass); } catch (NoSuchMethodException nsme) { // it's ok, don't use } @@ -685,9 +685,9 @@ public class Config { } } } catch (Exception e) { - access.log(e,"AAF Connector could not be constructed with given Constructors."); + access.log(e, "AAF Connector could not be constructed with given Constructors."); } - + return aafcon; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java index d1c40b23..006d6b4e 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java @@ -100,6 +100,7 @@ public class CadiHTTPManip { } SecurityInfoC<HttpURLConnection> si; si = SecurityInfoC.instance(access, HttpURLConnection.class); + lur = Config.configLur(si, con, additionalTafLurs); tc.setLur(lur); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java index e575be14..cc283973 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java @@ -30,13 +30,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CachedPrincipal; +import org.onap.aaf.cadi.CachedPrincipal.Resp; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Locator; -import org.onap.aaf.cadi.TrustChecker; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.CachedPrincipal.Resp; import org.onap.aaf.cadi.Taf.LifeForm; +import org.onap.aaf.cadi.TrustChecker; /** * HttpEpiTaf @@ -153,18 +153,13 @@ public class HttpEpiTaf implements HttpTaf { private LifeForm tricorderScan(HttpServletRequest req) { // For simplicity's sake, we'll say Humans use FQDNs, not IPs. - String auth = req.getParameter("Authentication"); - if(auth!=null) { - if("BasicAuth".equals(auth)) { - return LifeForm.SBLF; - } - } // Current guess that only Browsers bother to set "Agent" codes that identify the kind of browser they are. // If mechanical frameworks are found that populate this, then more advanced analysis may be required // Jonathan 1/22/2013 String agent = req.getHeader("User-Agent"); - if(agent!=null && agent.startsWith("Mozilla")) // covers I.E./Firefox/Safari/probably any other "advanced" Browser see http://en.wikipedia.org/wiki/User_agent - return LifeForm.CBLF; + if(agent!=null && agent.startsWith("Mozilla")) { // covers I.E./Firefox/Safari/probably any other "advanced" Browser see http://en.wikipedia.org/wiki/User_agent + return LifeForm.CBLF; + } return LifeForm.SBLF; // notably skips "curl","wget", (which is desired behavior. We don't want to try CSP, etc on these) } diff --git a/cadi/core/src/test/resources/output_key b/cadi/core/src/test/resources/output_key new file mode 100644 index 00000000..9d94dcbd --- /dev/null +++ b/cadi/core/src/test/resources/output_key @@ -0,0 +1 @@ +QRSTUVWXYZabcdef
\ No newline at end of file diff --git a/cadi/core/test/output_key b/cadi/core/test/output_key new file mode 100644 index 00000000..353fabd2 --- /dev/null +++ b/cadi/core/test/output_key @@ -0,0 +1,27 @@ +g6wDq10CsnMUE0HB18N2UsrFri27TBG05Z1JzrvNSPUhIphFcv7gst-eHKvfbgffKF-rs9Zkjd5F +3FZDci9MlG4vhwrXHXLgo6DXEVH4FsfT5MP__E3yrnuGOcDI4kWUFdni3xG48PXNcT_xQoPb6JRO +dI3PiRRhgpvxuIL8O6iptFRoEilywvb8ySRFJA1XkRxCq-btzSpAHdMkBF-YnwMQYASveKXUddgo +Ab6Rvn6u8cDVWTIvmlEQe2el6dcKOOeMc5Ipc0AXsTLpGmhMVySEeyzKysHk0c1BiGxTulqZQcHP +L9uDFMxqL_GBwQOM4Xfu5wD_Dh1zNoKIpPta1AORjqlaUFOEsVWIn5oOKnimz4aNOjUku7tj3OKi +c-AsphXLIpmodQD4uZBynwhIjuNcJ3-SRZ3_SHnXqvf8gE-4jab2baMEX_QJ2GXumcOdZujDp8yz +3hCBlsToWXD-IatJ9dv_1gSn2_VOcXIhaNwe4YomaBVsQ4QqOkFWP9ZH3IfHrcCWZGt_HKg87NrJ +PASZ9yzlBLBTI7XFOg4rqU7l-b6-LpTLm36c0f5ImPzr-kHpE--y0cuTfdI4CEv3dJMGysKOfXax +N4tgR5t7ArQdFhLyo5mH-L5l973yuqJGVeRlTsYBYsHEb5vtIZxrYlebU9SSMmL9J-xI-hQV5tV7 +VR2C_zIKGL2nAq-tfVaiD1-M-SZW0S5VNmM-zXVxPT7jalCdHl6Dca47MhwQBVv_fxB5Nsahf10X +MT58fLLi7C2aCIAPqFyu0e3B_yuAnhDzdkS_TmtX9ke25BSZe8Ql0lni9USKxwykfoRpt7UtdAId +l8XxAgksLoDwxpL_EGz4I0jQN-4ziCVHpZNQmX08XUQ7Gx_xMtrIi21QRUhF04ZxLxlwTXjsr_Tj +jO2Y6xs-S0wShAXGA8qZWdUXqO-zg6pGQ51RWf1HZYvgCDy1E0LiBEdlGye0dFzy1jS2DRg-3ByC +oYtQmOmuyvOoCAH4B7C2fWSW8Kn2ps2VvHTmk7b7ZcWlteNWfjezaU4W2JQclBP8UzcfuuMohZgP +eYRTQ_vTxvwbVBESBNpcfW3Og5sru0FhHbKyL6UE5iOxAnnf06bMOCesDRDm4yTcCbCCya-norY9 +aWiFbXKyFUqZVbmCSRd1hv-FJazsfXgJneeTvzyRg1vPQhnmyngwm0H1S7YPAGPL2B6Ir-nMCzLR +oscgShrIPR7YnemaZxqwMES6iWqnnPNOJO3NRAs7iVw71sIh1BNoDdHYqETsGcmiFiZsNc-LEIFe +c3nmCZ9VufLaYPpYDyTqHjijc0p2gtZtxCyrtSKJO-7Y4rtv9vCOfub7Vn8na_-DtIKUL2Lzspne +dmS5_yetSJ-mNtzB__1jJk-Ke65mZ1BNJ4zMv839rC1rrb63kPZsdQp0w2hnNm-ttWXDN0nnyLOY +Vz6p9BLrVAg9kA4Y0DFsI3qqEA1Xhuc9LuKLIGiCuGfa6ydoIzDRvlDTJR-Kju1A8npgzQTxGFSo +P2A4f8E8doF9Lbt46yQQx0S14kS-1sPHUAc-Lqx5lnLcDxU1e4kgDrgbQ2Tly60tIhU_es9m1RZP +5c4-VyjgDXmKxCIaq53VihbPmGi626xfX0Ez5sosEDQSvEGsxRwEBsO1Mif2b2a1IERpUqCafAjo +rfN6DbKhWUINOGsDcRvZFWcR1dGuboopxpTxwXNhZxKb_0WPraLBkdzWC2rF7_JQc0o6LetalSUZ +HjbMIsyvME5sA0JF5dLXEdPmHKs4XQOQPYi6yMz78wz7qNwvGI_qAQEK3cAriBJx7mxZry7DRa7Z +UvmaESHb3j80InnqiEcC_gF-smViBsyxIZzGPdXD7mwa91829obATzs08769bXh_MlCYkVqrXM-A +Il2NI0ocRziAkRnyFk1NzL9sghQ_9EIarjTGJv8xQCHfUibksmk0pQJFt8Z8_gXPOprLZB3DZytT +6mNiawvv0H5phK9Fdm2seytkouSfmgDcY5wSeytgmtZSwGe12BoQUrtTJoOGV6BmYxOCMTC1
\ No newline at end of file diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 90935900..bfdc6bf1 100644 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -31,9 +31,9 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; /** - * We treate "roles" and "permissions" in a similar way for first pass. + * We treat "roles" and "permissions" in a similar way for first pass. * - * @author jg1555 + * @author JonathanGathman * */ public class AAFAuthorizationInfo implements AuthorizationInfo { diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index 7b75fbc9..00a23ec8 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -13,10 +13,30 @@ else FQDN=$1 NAME=$FQDN shift + + echo "Enter any SANS, delimited by spaces: " + read SANS +fi + +# Do SANs +if [ "$SANS" = "" ]; then + echo no SANS + if [ -e $NAME.san ]; then + rm $NAME.san + fi + else + echo some SANS + cp ../san.conf $NAME.san + NUM=1 + for D in $SANS; do + echo "DNS.$NUM = $D" >> $NAME.san + NUM=$((NUM+1)) + done fi + echo $SUBJECT -if [ -e $FQI.csr ]; then +if [ -e $NAME.csr ]; then SIGN_IT=true else if [ "$1" = "-local" ]; then @@ -46,13 +66,19 @@ fi if [ "$SIGN_IT" = "true" ]; then # Sign it - openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ + if [ -e $NAME.san ]; then + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ -cert certs/ca.crt -keyfile private/ca.key \ -policy policy_loose \ -days 360 \ + -extfile $NAME.san \ -infiles $NAME.csr + else + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ + -cert certs/ca.crt -keyfile private/ca.key \ + -policy policy_loose \ + -days 360 \ + -infiles $NAME.csr + fi fi - - - diff --git a/conf/CA/san.conf b/conf/CA/san.conf new file mode 100644 index 00000000..de9f62f9 --- /dev/null +++ b/conf/CA/san.conf @@ -0,0 +1,15 @@ +# SAN Extension +# Copy, then add DNS.1 = name, etc +# +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server, client +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = @alt_names + +[ alt_names ] diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java index cca3e68c..127eb154 100644 --- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java +++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java @@ -25,7 +25,7 @@ * Created on: Apr 10, 2009
* Created by: Jonathan
*
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman
*
* (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.
*******************************************************************
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java index 94e9ba80..74072aaf 100644 --- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java +++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java @@ -25,7 +25,7 @@ * Created on: Apr 10, 2009
* Created by: Jonathan
*
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman
*
* (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.
*******************************************************************
diff --git a/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java b/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java index 2a48edc4..080fc973 100644 --- a/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java +++ b/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java @@ -58,9 +58,9 @@ public class JU_JSON { go(jin, jout, "{\"id\":\"Me,[}[eg[)(:x,\\\" Myself\",\"date\":1353094689100}"); // TODO: Clean out AT&T specific data - go(jin,jout, "{\"userid\":\"jg1555\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}"); + go(jin,jout, "{\"userid\":\"xk3233\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}"); //go() - //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>jg1555</userid><timestamp>1353082669667</timestamp></vote>"); + //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>xk3233</userid><timestamp>1353082669667</timestamp></vote>"); // 3/11/2015 Jonathan found a case with missing comma go(jin,jout, "{\"start\":\"2015-03-11T18:18:05.580-05:00\",\"end\":\"2015-09-11-05:00\",\"force\":\"false\",\"perm\":{\"type\":\"org.osaaf.myns.mytype\",\"instance\":\"myInstance\",\"action\":\"myAction\"}" |