diff options
-rw-r--r-- | auth/auth-cass/docker/dinstall.sh | 1 | ||||
-rw-r--r-- | auth/auth-cass/src/main/cql/osaaf.cql | 4 | ||||
-rw-r--r-- | auth/auth-cass/src/main/cql/temp_identity.cql | 2 | ||||
-rw-r--r-- | auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java | 2 | ||||
-rw-r--r-- | auth/docker/README.txt | 21 | ||||
-rw-r--r-- | auth/docker/agent.sh | 4 | ||||
-rw-r--r-- | auth/docker/d.props.init | 7 | ||||
-rw-r--r-- | auth/sample/bin/agent.sh | 52 | ||||
-rw-r--r-- | auth/sample/data/identities.dat | 2 | ||||
-rw-r--r-- | auth/sample/data/sample.identities.dat | 36 | ||||
-rw-r--r-- | auth/sample/local/.gitignore | 0 | ||||
-rw-r--r-- | auth/sample/local/aaf.props | 5 | ||||
-rw-r--r-- | auth/sample/local/initialConfig.props | 2 | ||||
-rw-r--r-- | auth/sample/local/org.osaaf.aaf.cm.ca.props | 4 | ||||
-rw-r--r-- | auth/sample/logs/clean | 1 | ||||
-rw-r--r-- | auth/sample/logs/taillog | 1 | ||||
-rw-r--r-- | cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java | 181 | ||||
-rw-r--r-- | cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java | 2 | ||||
-rw-r--r-- | cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java | 3 |
19 files changed, 198 insertions, 132 deletions
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index bdbadf68..d6fcb9f9 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -56,6 +56,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then echo " cqlsh -f keyspace.cql" echo " cqlsh -f init.cql" echo " cqlsh -f osaaf.cql" + echo " cqlsh -f temp_identity.cql" echo "" echo "The following will give you a temporary identity with which to start working, or emergency" echo " cqlsh -f temp_identity.cql" diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql index 40e79f10..b3d895b9 100644 --- a/auth/auth-cass/src/main/cql/osaaf.cql +++ b/auth/auth-cass/src/main/cql/osaaf.cql @@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description) // OSAAF Root INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('osaaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400; INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400; // ONAP Specific Entities diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql index b7415beb..3032372b 100644 --- a/auth/auth-cass/src/main/cql/temp_identity.cql +++ b/auth/auth-cass/src/main/cql/temp_identity.cql @@ -1,5 +1,5 @@ USE authz; // Create Root pass INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java index 695d80f7..1ddf022c 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java @@ -63,7 +63,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> { locate.patch = split.length>2?Integer.parseInt(split[2]):0; locate.minor = split.length>1?Integer.parseInt(split[1]):0; locate.major = split.length>0?Integer.parseInt(split[0]):0; - locate.hostname = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null); + locate.hostname = access.getProperty(Config.AAF_REGISTER_AS, null); if(locate.hostname==null) { locate.hostname = access.getProperty(Config.HOSTNAME, null); } diff --git a/auth/docker/README.txt b/auth/docker/README.txt index 32ed3489..3eb554b1 100644 --- a/auth/docker/README.txt +++ b/auth/docker/README.txt @@ -1,24 +1,33 @@ +# +# Edit the following in <your ONAP authz dir>/auth/sample/local +# +aaf.props +org.osaaf.aaf.cm.ca.props (leave out Password) + +# cd to main docker dir +cd ../../docker + # Start the container in bash mode, so it stays up sh agent.sh bash - # in another shell, find out your Container name docker container ls | grep aaf_agent +# CD to directory with CA info in it. +# (example) +cd /opt/app/osaaf/CA/intermediate_7 + # copy keystore for this AAF Env -docker container cp -L org.osaaf.aaf.p12 <Your Container>:/opt/app/osaaf/local +docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local # (in Agent Window) agent encrypt cadi_keystore_password # If you intend to use Certman to sign certs, it is a "local" CA # copy Signing Keystore into container -docker container cp -L org.osaaf.aaf.signer.p12 <Your Container>:/opt/app/osaaf/local +docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local # (in Agent Window) agent encrypt cm_ca.local -# Add in Cassandra Password -agent encrypt cassandra.clusters.password - # Check to make sure all passwords are set grep "enc:" *.props diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index f734c629..8636cdd1 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -7,6 +7,10 @@ docker run \ --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \ --add-host="$HOSTNAME:$HOST_IP" \ --add-host="aaf.osaaf.org:$HOST_IP" \ + --env AAF_ENV=${AAF_ENV} \ + --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \ + --env LATITUDE=${LATITUDE} \ + --env LONGITUDE=${LONGITUDE} \ --name aaf_agent_$USER \ ${ORG}/${PROJECT}/aaf_config:${VERSION} \ /bin/bash "$@" diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index d65c11bb..8691591c 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -8,5 +8,10 @@ CONF_ROOT_DIR=/opt/app/osaaf # Local Env info HOSTNAME= HOST_IP= -CASS_HOST= +CASS_HOST=<cass FQDN>:<cass IP> +# AAF Machine info +aaf_env=DEV +aaf_register_as=$HOSTNAME +cadi_latitude= +cadi_longitude= diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh index 5d34a8a9..15c3714d 100644 --- a/auth/sample/bin/agent.sh +++ b/auth/sample/bin/agent.sh @@ -16,11 +16,21 @@ if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then for D in public etc logs; do rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D done - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \ + + TMP=$(mktemp) + echo aaf_env=${AAF_ENV} >> ${TMP} + echo cadi_latitude=${LATITUDE} >> ${TMP} + echo cadi_longitude=${LONGITUDE} >> ${TMP} + echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} + echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP} + + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ cadi_etc_dir=/opt/app/osaaf/local \ - cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \ - cadi_latitude=38.4329 \ - cadi_longitude=-90.43248 + cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP} + rm ${TMP} + # Default Password for Default Cass + CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props fi # Now run a command @@ -69,12 +79,30 @@ if [ ! "$CMD" = "" ]; then cd /opt/app/osaaf/local || exit /bin/bash "$@" ;; + setProp) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES="$3" + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$ADD" = "Y" ]; then + echo $2 >> $F + else + sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F + fi + cat $F + done + ;; encrypt) cd /opt/app/osaaf/local || exit + echo $1 FILES=$(grep -l "$1" ./*.props) - if [ "$FILES" = "" ]; then - FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props - echo "$1=enc:" >>FILES + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props + ADD=Y fi for F in $FILES; do echo "Changing $1 in $F" @@ -89,10 +117,17 @@ if [ ! "$CMD" = "" ]; then ORIG_PW="$2" fi PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) - sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + if [ "$ADD" = "Y" ]; then + echo "$1=enc:$PWD" >> $F + else + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + fi cat $F done ;; + taillog) + sh /opt/app/osaaf/logs/taillog + ;; --help | -?) case "$1" in "") @@ -100,6 +135,7 @@ if [ ! "$CMD" = "" ]; then echo " ls - Lists all files in Configuration" echo " cat <file.props>> - Shows the contents (Prop files only)" echo " validate - Runs a test using Configuration" + echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)" echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)" echo " bash - run bash in Container" echo " Note: the following aliases are preset" diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index 358829ef..b5c6ce5a 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -24,7 +24,7 @@ bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e| mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl +osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl # ONAP default Users demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat index 358829ef..13e94b13 100644 --- a/auth/sample/data/sample.identities.dat +++ b/auth/sample/data/sample.identities.dat @@ -18,19 +18,29 @@ # 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) # -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager # ONAP default Users -demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager -jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager -cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager -jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager -op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager -gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager +demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf +op0001|PORTAL OPS|PORTAL|OPS|||e|aaf +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf +# ONAP App IDs +aaf|AAF Application|AAF|Application|||a|bdevl +aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf +clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf +aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf +appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf +dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf +dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf +oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf +sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore deleted file mode 100644 index e69de29b..00000000 --- a/auth/sample/local/.gitignore +++ /dev/null diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props index 8237c4e9..c9fb8f98 100644 --- a/auth/sample/local/aaf.props +++ b/auth/sample/local/aaf.props @@ -11,12 +11,11 @@ aaf_default_realm=people.osaaf.org # Initial Passwords and such aaf_password=startup -cadi_alias=osaaf@aaf.osaaf.org +cadi_alias=aaf@aaf.osaaf.org cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 -cadi_keystore_password=kumquat cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks cadi_truststore_password=changeit +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US # Other aaf_data_dir=/opt/app/osaaf/data -cadi_registration_hostname=meriadoc.mithril.sbc.com diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index f9ad077a..13704244 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -1,10 +1,8 @@ -aaf_env=DEV
aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
cadi_protocols=TLSv1.1,TLSv1.2
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props index 92d55f92..5c692f4b 100644 --- a/auth/sample/local/org.osaaf.aaf.cm.ca.props +++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props @@ -1,10 +1,10 @@ ## ## org.osaaf.cm.ca.props -## Properties to access Certifiate Authority +## Properties to access Certificate Authority ## #Certman -cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/aaf_intermediate_1.p12;aaf_intermediate_1;enc: +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc: cm_ca.local.idDomains=org.osaaf cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US cm_ca.local.perm_type=org.osaaf.aaf.ca diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean index e92e1bd3..7d5152b9 100644 --- a/auth/sample/logs/clean +++ b/auth/sample/logs/clean @@ -1,3 +1,4 @@ +cd /opt/app/osaaf/logs for D in `find . -type d`; do if [ "$D" != "./" ]; then rm -f $D/*.log diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog index b4482d09..2b3de6e5 100644 --- a/auth/sample/logs/taillog +++ b/auth/sample/logs/taillog @@ -1 +1,2 @@ +cd /opt/app/osaaf/logs tail -f `find . -name *service*.log -ctime 0` diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index a86649db..7f1b0cf6 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -35,14 +35,17 @@ import java.security.KeyPair; import java.security.KeyStore; import java.security.cert.X509Certificate; import java.util.ArrayDeque; +import java.util.Arrays; import java.util.Date; import java.util.Deque; import java.util.GregorianCalendar; import java.util.HashMap; import java.util.Iterator; +import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Properties; +import java.util.TreeMap; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CmdLine; @@ -754,7 +757,7 @@ public class Agent { psProps.print("# Configuration File generated on "); psProps.println(new Date().toString()); psProps.println(HASHES); - for(String tag : new String[] {Config.CADI_LATITUDE,Config.CADI_LONGITUDE}) { + for(String tag : LOC_TAGS) { psProps.print(tag); psProps.print('='); psProps.println(getProperty(pa, trans, false, tag, "%s: ",tag)); @@ -788,19 +791,14 @@ public class Agent { if(!fkf.exists()) { CmdLine.main(new String[] {"keygen",fkf.toString()}); } - psCredProps.print("cadi_keyfile="); - psCredProps.println(fkf.getCanonicalPath()); - - psCredProps.print(Config.AAF_APPID); - psCredProps.print('='); - psCredProps.println(fqi); - Symm filesymm = Symm.obtain(fkf); - psCredProps.print(Config.AAF_APPPASS); - psCredProps.print("=enc:"); - String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false); - ps = filesymm.enpass(ps); - psCredProps.println(ps); + Map<String,String> normal = new TreeMap<>(); + Map<String,String> creds = new TreeMap<>(); + + directedPut(pa, filesymm, normal,creds, Config.CADI_KEYFILE, fkf.getCanonicalPath()); + directedPut(pa, filesymm, normal,creds, Config.AAF_APPID,fqi); + directedPut(pa, filesymm, normal,creds, Config.AAF_APPPASS,null); + String cts = pa.getProperty(Config.CADI_TRUSTSTORE); if(cts!=null) { @@ -820,7 +818,7 @@ public class Agent { } } if(!origTruststore.exists()) { - throw new CadiException(cts + "does not exist"); + throw new CadiException(cts + " does not exist"); } } @@ -829,97 +827,73 @@ public class Agent { if(!newTruststore.exists()) { Files.copy(origTruststore.toPath(), newTruststore.toPath()); } - psCredProps.print(Config.CADI_TRUSTSTORE); - psCredProps.print("="); - psCredProps.println(newTruststore.getCanonicalPath()); - - psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD); - psCredProps.print("=enc:"); - ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); - ps = filesymm.enpass(ps); - psCredProps.println(ps); + + directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE,newTruststore.getCanonicalPath()); + directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE_PASSWORD,null); } -// String cadi_x509_issuers = pa.getProperty(Config.CADI_X509_ISSUERS); -// if(cadi_x509_issuers!=null) { -// psCredProps.print(Config.CADI_X509_ISSUERS); -// psCredProps.print('='); -// psCredProps.println(cadi_x509_issuers); -// } + if(aafcon!=null) { // get Properties from Remote AAF + final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); - - try { - if(aafcon!=null) { // get Properties from Remote AAF - final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); - - Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator)) - .read("/configure/"+fqi+"/aaf", configDF); - if(acf.get(TIMEOUT)) { - PrintStream pstemp; - for(Props props : acf.value.getProps()) { - if(Config.CADI_X509_ISSUERS.equals(props.getTag())) { - pstemp=psCredProps; - } else { - pstemp = psProps; - } - pstemp.print(props.getTag()); - pstemp.print('='); - pstemp.println(props.getValue()); - } - ok = true; - } else if(acf.code()==401){ - trans.error().log("Bad Password sent to AAF"); - } else { - trans.error().log(errMsg.toMsg(acf)); + Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator)) + .read("/configure/"+fqi+"/aaf", configDF); + if(acf.get(TIMEOUT)) { + for(Props props : acf.value.getProps()) { + directedPut(pa, filesymm, normal,creds, props.getTag(),props.getValue()); } + ok = true; + } else if(acf.code()==401){ + trans.error().log("Bad Password sent to AAF"); } else { - String cpf = pa.getProperty(Config.CADI_PROP_FILES); - if(cpf!=null){ - for(String f : Split.split(File.pathSeparatorChar, cpf)) { - System.out.format("Reading %s\n",f); - FileInputStream fis = new FileInputStream(f); - try { - Properties props = new Properties(); - props.load(fis); - PrintStream pstemp; - String key,value; - for(Entry<Object, Object> prop : props.entrySet()) { - key = prop.getKey().toString(); - if(Config.CADI_X509_ISSUERS.equals(key)) { - pstemp=psCredProps; - value = prop.getValue().toString(); - } else if(key.endsWith("_password")){ - if(Config.AAF_APPPASS.equals(key) || Config.CADI_TRUSTSTORE_PASSWORD.equals(key)) { - continue; - } - value = "enc:" + filesymm.enpass(prop.getValue().toString()); - pstemp = psCredProps; - } else if(Config.CADI_TRUSTSTORE.equals(key)) { - continue; - } else { - value = prop.getValue().toString(); - pstemp = psProps; - } - pstemp.print(key); - pstemp.print('='); - pstemp.println(value); - } - } finally { - fis.close(); + trans.error().log(errMsg.toMsg(acf)); + } + } else { + String cpf = pa.getProperty(Config.CADI_PROP_FILES); + if(cpf!=null){ + for(String f : Split.split(File.pathSeparatorChar, cpf)) { + System.out.format("Reading %s\n",f); + FileInputStream fis = new FileInputStream(f); + try { + Properties props = new Properties(); + props.load(fis); + for(Entry<Object, Object> prop : props.entrySet()) { + directedPut(pa, filesymm, normal,creds, prop.getKey().toString(),prop.getValue().toString()); } + } finally { + fis.close(); } } - ok = true; } - } finally { - psProps.close(); + ok = true; } if(ok) { + for(Entry<String, String> es : normal.entrySet()) { + psProps.print(es.getKey()); + psProps.print('='); + psProps.println(es.getValue()); + } + + for(Entry<String, String> es : creds.entrySet()) { + psCredProps.print(es.getKey()); + psCredProps.print('='); + psCredProps.println(es.getValue()); + } + File newFile = new File(dir,rootFile+".props"); + if(newFile.exists()) { + File backup = new File(dir,rootFile+".props.backup"); + newFile.renameTo(backup); + System.out.println("Backed up to " + backup.getCanonicalPath()); + } fProps.renameTo(newFile); System.out.println("Created " + newFile.getCanonicalPath()); fProps = newFile; + if(fSecureProps.exists()) { + File backup = new File(dir,fSecureProps.getName()+".backup"); + fSecureProps.renameTo(backup); + System.out.println("Backed up to " + backup.getCanonicalPath()); + } fSecureTempProps.renameTo(fSecureProps); System.out.println("Created " + fSecureProps.getCanonicalPath()); fProps = newFile; @@ -937,7 +911,36 @@ public class Agent { tt.done(); } } + + private static List<String> CRED_TAGS = Arrays.asList(new String[] { + Config.CADI_KEYFILE, + Config.AAF_APPID, Config.AAF_APPPASS, + Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD, Config.CADI_KEY_PASSWORD, + Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD, + Config.CADI_ALIAS, Config.CADI_X509_ISSUERS + }); + + private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE}); + private static void directedPut(final PropAccess orig, final Symm symm, final Map<String,String> main, final Map<String,String> secured, final String tag, final String value) throws IOException { + if(!LOC_TAGS.contains(tag)) { // Location already covered + String val = value==null?orig.getProperty(tag):value; + if(tag.endsWith("_password")) { + if(val.length()>4) { + if(val.startsWith("enc:")) { + val = orig.decrypt(value, true); + } + val = "enc:" + symm.enpass(val); + } + } + if(CRED_TAGS.contains(tag)) { + secured.put(tag, val); + } else { + main.put(tag, val); + } + } + } + private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException { System.out.println("Validating Configuration..."); final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa)); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java index bed201aa..b21f8975 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java @@ -87,7 +87,7 @@ public class RemoteRegistrant<ENV extends BasicEnv> implements Registrant<ENV> { mep.setPort(port); try { - String hostnameToRegister = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null); + String hostnameToRegister = access.getProperty(Config.AAF_REGISTER_AS, null); if(hostnameToRegister==null) { hostnameToRegister = access.getProperty(Config.HOSTNAME, null); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index b4e31f2f..42c38896 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -74,14 +74,12 @@ public class Config { private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr"; private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf"; private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF"; - public static final String UTF_8 = "UTF-8"; // Property Names associated with configurations. // As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style // configurations as well as property list style. public static final String HOSTNAME = "hostname"; - public static final String CADI_REGISTRATION_HOSTNAME = "cadi_registration_hostname"; public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;) public static final String CADI_LOGLEVEL = "cadi_loglevel"; public static final String CADI_LOGDIR = "cadi_log_dir"; @@ -142,6 +140,7 @@ public class Config { public static final String AAF_ROOT_COMPANY = "aaf_root_company"; public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables. + public static final String AAF_REGISTER_AS = "aaf_register_as"; public static final String AAF_APPID = "aaf_id"; public static final String AAF_APPPASS = "aaf_password"; public static final String AAF_LUR_CLASS = "aaf_lur_class"; |