diff options
-rw-r--r-- | auth/auth-cass/docker/dbash.sh | 2 | ||||
-rw-r--r-- | auth/auth-cass/docker/dinstall.sh | 1 | ||||
-rw-r--r-- | auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java | 12 | ||||
-rw-r--r-- | auth/docker/dbash.sh | 1 | ||||
-rwxr-xr-x | auth/docker/dbuild.sh | 2 | ||||
-rw-r--r-- | auth/docker/dclean.sh | 2 | ||||
-rw-r--r-- | auth/docker/drun.sh | 2 | ||||
-rw-r--r-- | auth/docker/dstart.sh | 2 | ||||
-rw-r--r-- | auth/docker/dstop.sh | 2 | ||||
-rw-r--r-- | auth/sample/data/identities.dat | 9 | ||||
-rw-r--r-- | conf/CA/manual.sh | 22 |
11 files changed, 37 insertions, 20 deletions
diff --git a/auth/auth-cass/docker/dbash.sh b/auth/auth-cass/docker/dbash.sh index e10afcc0..38e43dd0 100644 --- a/auth/auth-cass/docker/dbash.sh +++ b/auth/auth-cass/docker/dbash.sh @@ -1,3 +1,3 @@ -#!/bin/bash dbash +#!/bin/bash docker exec -it aaf_cass bash diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index 7a3009db..c3e07d59 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -1,3 +1,4 @@ +#!/bin/bash if [ "`docker ps -a | grep aaf_cass`" == "" ]; then docker run --name aaf_cass -d cassandra:3.11 echo "Check for running Docker Container aaf_cass, then run again." diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 935f99bf..ac2105f6 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -680,7 +680,17 @@ public class DefaultOrg implements Organization { } @Override public boolean supportsRealm(final String r) { - return supportedRealms.contains(extractRealm(r)) || r.endsWith(realm); + if(r.endsWith(realm)) { + return true; + } else { + String erealm = extractRealm(r); + for(String sr : supportedRealms) { + if(erealm.startsWith(sr)) { + return true; + } + } + } + return false; } @Override diff --git a/auth/docker/dbash.sh b/auth/docker/dbash.sh index 642cba40..42caa592 100644 --- a/auth/docker/dbash.sh +++ b/auth/docker/dbash.sh @@ -1 +1,2 @@ +#!/bin/bash docker exec -it aaf_$1 bash diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 23fa72f5..ed99ec99 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -1,4 +1,4 @@ -#!/bin/bash dbuild.sh +#!/bin/bash # # Docker Building Script. Reads all the components generated by install, on per-version basis # diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index d83f61c8..7887b677 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -1,4 +1,4 @@ -#!/bin/bash dclean.sh +#!/bin/bash # Pull in Variables from d.props . ./d.props diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index e9805887..7aee605c 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -1,4 +1,4 @@ -#!/bin/bash drun.sh +#!/bin/bash # Pull in Variables from d.props . ./d.props diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh index 41aa6a45..0fb993ae 100644 --- a/auth/docker/dstart.sh +++ b/auth/docker/dstart.sh @@ -1,4 +1,4 @@ -#!/bin/bash dstop.sh +#!/bin/bash # Pull in Props . ./d.props diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index 58ac0bf7..4c8d4425 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -1,4 +1,4 @@ -#!/bin/bash dstop.sh +#!/bin/bash # Pull in Properties . ./d.props diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index fdd704bc..dd4dbb1d 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -27,8 +27,8 @@ anne|Anne E Kopp|Anne|Kopp|512-244-4280|anne.e.kopp@att.com|e|jonathan aaf|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan a2345z|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan aaf_authz|AAF App|AAF|Application||jonathan.gathman@att.com|a|jonathan -kirankamieni|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|ramkoya -aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirankamieni +kirank|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|e|ramkoya +aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirank djtimoney|Dan Timoney|Dan|Timoney|+1 (732) 420-3226|dt5972@att.com|e|ramkoya xuegao|Xue Gao|Xue|Gao|0032479670327|xg353y@att.com|e|clefevre clamp|Clamp Application|clamp|Application||xg353y@att.com|a|xuegao @@ -36,4 +36,7 @@ dmaapbc|DMaap Bus Controller|DMaap|Bus Controller||dgl@research.att.com|a|dgfrom dglfromatt|Dominic Lunanuova|Dominic|Lunanuova|732-420-9618|dgl@research.att.com|e|ramokoya puthenpura|Sarat Puthenpura|Sarat|Puthenpura|||e|clefevre ruoyu|Ruoyu Ying|Ruoyu|Ying|13661960772|ruoyu.ying@intel.com|e|puthenpura - +sunilu|Sunil Unnava|Sunil|Unnava|6094541858|sunil.unnava@att.com|e|ramkoya +dmaapmr|DMaap Message Router|DMaap MR|Message Router||su622b@att.com|a|sunilu +oof|OOF|OOF|OOF||sarat@research.att.com|a|saratp +saratp|Sarat Puthenpura|Sarat|Puthenpura|9089012067|sarat@research.att.com|e|clefevre diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index eb391591..7b75fbc9 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -6,10 +6,12 @@ read FQI if [ "$1" = "" -o "$1" = "-local" ]; then echo "Personal Certificate" SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" + NAME=$FQI else echo "Application Certificate" SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" - FQI=$1 + FQDN=$1 + NAME=$FQDN shift fi echo $SUBJECT @@ -25,30 +27,30 @@ else `stty echo` # remove any previous Private key - rm private/$FQI.key + rm private/$NAME.key # Create j regaular rsa encrypted key - openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ - -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \ + -out $NAME.csr -outform PEM -subj "$SUBJECT" \ -passout stdin << EOF $PASSPHRASE EOF - chmod 400 private/$FQI.key + chmod 400 private/$NAME.key SIGN_IT=true else - echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' - echo chmod 400 $FQI.key + echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $NAME.key echo "# All done, print result" - echo openssl req -verify -text -noout -in $FQI.csr + echo openssl req -verify -text -noout -in $NAME.csr fi fi if [ "$SIGN_IT" = "true" ]; then # Sign it - openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ -cert certs/ca.crt -keyfile private/ca.key \ -policy policy_loose \ -days 360 \ - -infiles $FQI.csr + -infiles $NAME.csr fi |